security.h (56756B)
1/* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2016 Mellanox Techonologies 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * Due to this file being licensed under the GPL there is controversy over 17 * whether this permits you to write a module that #includes this file 18 * without placing your module under the GPL. Please consult a lawyer for 19 * advice before doing this. 20 * 21 */ 22 23#ifndef __LINUX_SECURITY_H 24#define __LINUX_SECURITY_H 25 26#include <linux/kernel_read_file.h> 27#include <linux/key.h> 28#include <linux/capability.h> 29#include <linux/fs.h> 30#include <linux/slab.h> 31#include <linux/err.h> 32#include <linux/string.h> 33#include <linux/mm.h> 34 35struct linux_binprm; 36struct cred; 37struct rlimit; 38struct kernel_siginfo; 39struct sembuf; 40struct kern_ipc_perm; 41struct audit_context; 42struct super_block; 43struct inode; 44struct dentry; 45struct file; 46struct vfsmount; 47struct path; 48struct qstr; 49struct iattr; 50struct fown_struct; 51struct file_operations; 52struct msg_msg; 53struct xattr; 54struct kernfs_node; 55struct xfrm_sec_ctx; 56struct mm_struct; 57struct fs_context; 58struct fs_parameter; 59enum fs_value_type; 60struct watch; 61struct watch_notification; 62 63/* Default (no) options for the capable function */ 64#define CAP_OPT_NONE 0x0 65/* If capable should audit the security request */ 66#define CAP_OPT_NOAUDIT BIT(1) 67/* If capable is being called by a setid function */ 68#define CAP_OPT_INSETID BIT(2) 69 70/* LSM Agnostic defines for fs_context::lsm_flags */ 71#define SECURITY_LSM_NATIVE_LABELS 1 72 73struct ctl_table; 74struct audit_krule; 75struct user_namespace; 76struct timezone; 77 78enum lsm_event { 79 LSM_POLICY_CHANGE, 80}; 81 82/* 83 * These are reasons that can be passed to the security_locked_down() 84 * LSM hook. Lockdown reasons that protect kernel integrity (ie, the 85 * ability for userland to modify kernel code) are placed before 86 * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel 87 * confidentiality (ie, the ability for userland to extract 88 * information from the running kernel that would otherwise be 89 * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX. 90 * 91 * LSM authors should note that the semantics of any given lockdown 92 * reason are not guaranteed to be stable - the same reason may block 93 * one set of features in one kernel release, and a slightly different 94 * set of features in a later kernel release. LSMs that seek to expose 95 * lockdown policy at any level of granularity other than "none", 96 * "integrity" or "confidentiality" are responsible for either 97 * ensuring that they expose a consistent level of functionality to 98 * userland, or ensuring that userland is aware that this is 99 * potentially a moving target. It is easy to misuse this information 100 * in a way that could break userspace. Please be careful not to do 101 * so. 102 * 103 * If you add to this, remember to extend lockdown_reasons in 104 * security/lockdown/lockdown.c. 105 */ 106enum lockdown_reason { 107 LOCKDOWN_NONE, 108 LOCKDOWN_MODULE_SIGNATURE, 109 LOCKDOWN_DEV_MEM, 110 LOCKDOWN_EFI_TEST, 111 LOCKDOWN_KEXEC, 112 LOCKDOWN_HIBERNATION, 113 LOCKDOWN_PCI_ACCESS, 114 LOCKDOWN_IOPORT, 115 LOCKDOWN_MSR, 116 LOCKDOWN_ACPI_TABLES, 117 LOCKDOWN_PCMCIA_CIS, 118 LOCKDOWN_TIOCSSERIAL, 119 LOCKDOWN_MODULE_PARAMETERS, 120 LOCKDOWN_MMIOTRACE, 121 LOCKDOWN_DEBUGFS, 122 LOCKDOWN_XMON_WR, 123 LOCKDOWN_BPF_WRITE_USER, 124 LOCKDOWN_DBG_WRITE_KERNEL, 125 LOCKDOWN_INTEGRITY_MAX, 126 LOCKDOWN_KCORE, 127 LOCKDOWN_KPROBES, 128 LOCKDOWN_BPF_READ_KERNEL, 129 LOCKDOWN_DBG_READ_KERNEL, 130 LOCKDOWN_PERF, 131 LOCKDOWN_TRACEFS, 132 LOCKDOWN_XMON_RW, 133 LOCKDOWN_XFRM_SECRET, 134 LOCKDOWN_CONFIDENTIALITY_MAX, 135}; 136 137extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; 138 139/* These functions are in security/commoncap.c */ 140extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 141 int cap, unsigned int opts); 142extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); 143extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 144extern int cap_ptrace_traceme(struct task_struct *parent); 145extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 146extern int cap_capset(struct cred *new, const struct cred *old, 147 const kernel_cap_t *effective, 148 const kernel_cap_t *inheritable, 149 const kernel_cap_t *permitted); 150extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file); 151int cap_inode_setxattr(struct dentry *dentry, const char *name, 152 const void *value, size_t size, int flags); 153int cap_inode_removexattr(struct user_namespace *mnt_userns, 154 struct dentry *dentry, const char *name); 155int cap_inode_need_killpriv(struct dentry *dentry); 156int cap_inode_killpriv(struct user_namespace *mnt_userns, 157 struct dentry *dentry); 158int cap_inode_getsecurity(struct user_namespace *mnt_userns, 159 struct inode *inode, const char *name, void **buffer, 160 bool alloc); 161extern int cap_mmap_addr(unsigned long addr); 162extern int cap_mmap_file(struct file *file, unsigned long reqprot, 163 unsigned long prot, unsigned long flags); 164extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 165extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 166 unsigned long arg4, unsigned long arg5); 167extern int cap_task_setscheduler(struct task_struct *p); 168extern int cap_task_setioprio(struct task_struct *p, int ioprio); 169extern int cap_task_setnice(struct task_struct *p, int nice); 170extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 171 172struct msghdr; 173struct sk_buff; 174struct sock; 175struct sockaddr; 176struct socket; 177struct flowi_common; 178struct dst_entry; 179struct xfrm_selector; 180struct xfrm_policy; 181struct xfrm_state; 182struct xfrm_user_sec_ctx; 183struct seq_file; 184struct sctp_association; 185 186#ifdef CONFIG_MMU 187extern unsigned long mmap_min_addr; 188extern unsigned long dac_mmap_min_addr; 189#else 190#define mmap_min_addr 0UL 191#define dac_mmap_min_addr 0UL 192#endif 193 194/* 195 * Values used in the task_security_ops calls 196 */ 197/* setuid or setgid, id0 == uid or gid */ 198#define LSM_SETID_ID 1 199 200/* setreuid or setregid, id0 == real, id1 == eff */ 201#define LSM_SETID_RE 2 202 203/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 204#define LSM_SETID_RES 4 205 206/* setfsuid or setfsgid, id0 == fsuid or fsgid */ 207#define LSM_SETID_FS 8 208 209/* Flags for security_task_prlimit(). */ 210#define LSM_PRLIMIT_READ 1 211#define LSM_PRLIMIT_WRITE 2 212 213/* forward declares to avoid warnings */ 214struct sched_param; 215struct request_sock; 216 217/* bprm->unsafe reasons */ 218#define LSM_UNSAFE_SHARE 1 219#define LSM_UNSAFE_PTRACE 2 220#define LSM_UNSAFE_NO_NEW_PRIVS 4 221 222#ifdef CONFIG_MMU 223extern int mmap_min_addr_handler(struct ctl_table *table, int write, 224 void *buffer, size_t *lenp, loff_t *ppos); 225#endif 226 227/* security_inode_init_security callback function to write xattrs */ 228typedef int (*initxattrs) (struct inode *inode, 229 const struct xattr *xattr_array, void *fs_data); 230 231 232/* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */ 233#define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM, 234#define __data_id_stringify(dummy, str) #str, 235 236enum kernel_load_data_id { 237 __kernel_read_file_id(__data_id_enumify) 238}; 239 240static const char * const kernel_load_data_str[] = { 241 __kernel_read_file_id(__data_id_stringify) 242}; 243 244static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id) 245{ 246 if ((unsigned)id >= LOADING_MAX_ID) 247 return kernel_load_data_str[LOADING_UNKNOWN]; 248 249 return kernel_load_data_str[id]; 250} 251 252#ifdef CONFIG_SECURITY 253 254int call_blocking_lsm_notifier(enum lsm_event event, void *data); 255int register_blocking_lsm_notifier(struct notifier_block *nb); 256int unregister_blocking_lsm_notifier(struct notifier_block *nb); 257 258/* prototypes */ 259extern int security_init(void); 260extern int early_security_init(void); 261 262/* Security operations */ 263int security_binder_set_context_mgr(const struct cred *mgr); 264int security_binder_transaction(const struct cred *from, 265 const struct cred *to); 266int security_binder_transfer_binder(const struct cred *from, 267 const struct cred *to); 268int security_binder_transfer_file(const struct cred *from, 269 const struct cred *to, struct file *file); 270int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 271int security_ptrace_traceme(struct task_struct *parent); 272int security_capget(struct task_struct *target, 273 kernel_cap_t *effective, 274 kernel_cap_t *inheritable, 275 kernel_cap_t *permitted); 276int security_capset(struct cred *new, const struct cred *old, 277 const kernel_cap_t *effective, 278 const kernel_cap_t *inheritable, 279 const kernel_cap_t *permitted); 280int security_capable(const struct cred *cred, 281 struct user_namespace *ns, 282 int cap, 283 unsigned int opts); 284int security_quotactl(int cmds, int type, int id, struct super_block *sb); 285int security_quota_on(struct dentry *dentry); 286int security_syslog(int type); 287int security_settime64(const struct timespec64 *ts, const struct timezone *tz); 288int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 289int security_bprm_creds_for_exec(struct linux_binprm *bprm); 290int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file); 291int security_bprm_check(struct linux_binprm *bprm); 292void security_bprm_committing_creds(struct linux_binprm *bprm); 293void security_bprm_committed_creds(struct linux_binprm *bprm); 294int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc); 295int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param); 296int security_sb_alloc(struct super_block *sb); 297void security_sb_delete(struct super_block *sb); 298void security_sb_free(struct super_block *sb); 299void security_free_mnt_opts(void **mnt_opts); 300int security_sb_eat_lsm_opts(char *options, void **mnt_opts); 301int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts); 302int security_sb_remount(struct super_block *sb, void *mnt_opts); 303int security_sb_kern_mount(struct super_block *sb); 304int security_sb_show_options(struct seq_file *m, struct super_block *sb); 305int security_sb_statfs(struct dentry *dentry); 306int security_sb_mount(const char *dev_name, const struct path *path, 307 const char *type, unsigned long flags, void *data); 308int security_sb_umount(struct vfsmount *mnt, int flags); 309int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 310int security_sb_set_mnt_opts(struct super_block *sb, 311 void *mnt_opts, 312 unsigned long kern_flags, 313 unsigned long *set_kern_flags); 314int security_sb_clone_mnt_opts(const struct super_block *oldsb, 315 struct super_block *newsb, 316 unsigned long kern_flags, 317 unsigned long *set_kern_flags); 318int security_move_mount(const struct path *from_path, const struct path *to_path); 319int security_dentry_init_security(struct dentry *dentry, int mode, 320 const struct qstr *name, 321 const char **xattr_name, void **ctx, 322 u32 *ctxlen); 323int security_dentry_create_files_as(struct dentry *dentry, int mode, 324 struct qstr *name, 325 const struct cred *old, 326 struct cred *new); 327int security_path_notify(const struct path *path, u64 mask, 328 unsigned int obj_type); 329int security_inode_alloc(struct inode *inode); 330void security_inode_free(struct inode *inode); 331int security_inode_init_security(struct inode *inode, struct inode *dir, 332 const struct qstr *qstr, 333 initxattrs initxattrs, void *fs_data); 334int security_inode_init_security_anon(struct inode *inode, 335 const struct qstr *name, 336 const struct inode *context_inode); 337int security_old_inode_init_security(struct inode *inode, struct inode *dir, 338 const struct qstr *qstr, const char **name, 339 void **value, size_t *len); 340int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 341int security_inode_link(struct dentry *old_dentry, struct inode *dir, 342 struct dentry *new_dentry); 343int security_inode_unlink(struct inode *dir, struct dentry *dentry); 344int security_inode_symlink(struct inode *dir, struct dentry *dentry, 345 const char *old_name); 346int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 347int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 348int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 349int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 350 struct inode *new_dir, struct dentry *new_dentry, 351 unsigned int flags); 352int security_inode_readlink(struct dentry *dentry); 353int security_inode_follow_link(struct dentry *dentry, struct inode *inode, 354 bool rcu); 355int security_inode_permission(struct inode *inode, int mask); 356int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 357int security_inode_getattr(const struct path *path); 358int security_inode_setxattr(struct user_namespace *mnt_userns, 359 struct dentry *dentry, const char *name, 360 const void *value, size_t size, int flags); 361void security_inode_post_setxattr(struct dentry *dentry, const char *name, 362 const void *value, size_t size, int flags); 363int security_inode_getxattr(struct dentry *dentry, const char *name); 364int security_inode_listxattr(struct dentry *dentry); 365int security_inode_removexattr(struct user_namespace *mnt_userns, 366 struct dentry *dentry, const char *name); 367int security_inode_need_killpriv(struct dentry *dentry); 368int security_inode_killpriv(struct user_namespace *mnt_userns, 369 struct dentry *dentry); 370int security_inode_getsecurity(struct user_namespace *mnt_userns, 371 struct inode *inode, const char *name, 372 void **buffer, bool alloc); 373int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 374int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 375void security_inode_getsecid(struct inode *inode, u32 *secid); 376int security_inode_copy_up(struct dentry *src, struct cred **new); 377int security_inode_copy_up_xattr(const char *name); 378int security_kernfs_init_security(struct kernfs_node *kn_dir, 379 struct kernfs_node *kn); 380int security_file_permission(struct file *file, int mask); 381int security_file_alloc(struct file *file); 382void security_file_free(struct file *file); 383int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 384int security_mmap_file(struct file *file, unsigned long prot, 385 unsigned long flags); 386int security_mmap_addr(unsigned long addr); 387int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 388 unsigned long prot); 389int security_file_lock(struct file *file, unsigned int cmd); 390int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 391void security_file_set_fowner(struct file *file); 392int security_file_send_sigiotask(struct task_struct *tsk, 393 struct fown_struct *fown, int sig); 394int security_file_receive(struct file *file); 395int security_file_open(struct file *file); 396int security_task_alloc(struct task_struct *task, unsigned long clone_flags); 397void security_task_free(struct task_struct *task); 398int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 399void security_cred_free(struct cred *cred); 400int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 401void security_transfer_creds(struct cred *new, const struct cred *old); 402void security_cred_getsecid(const struct cred *c, u32 *secid); 403int security_kernel_act_as(struct cred *new, u32 secid); 404int security_kernel_create_files_as(struct cred *new, struct inode *inode); 405int security_kernel_module_request(char *kmod_name); 406int security_kernel_load_data(enum kernel_load_data_id id, bool contents); 407int security_kernel_post_load_data(char *buf, loff_t size, 408 enum kernel_load_data_id id, 409 char *description); 410int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, 411 bool contents); 412int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 413 enum kernel_read_file_id id); 414int security_task_fix_setuid(struct cred *new, const struct cred *old, 415 int flags); 416int security_task_fix_setgid(struct cred *new, const struct cred *old, 417 int flags); 418int security_task_setpgid(struct task_struct *p, pid_t pgid); 419int security_task_getpgid(struct task_struct *p); 420int security_task_getsid(struct task_struct *p); 421void security_current_getsecid_subj(u32 *secid); 422void security_task_getsecid_obj(struct task_struct *p, u32 *secid); 423int security_task_setnice(struct task_struct *p, int nice); 424int security_task_setioprio(struct task_struct *p, int ioprio); 425int security_task_getioprio(struct task_struct *p); 426int security_task_prlimit(const struct cred *cred, const struct cred *tcred, 427 unsigned int flags); 428int security_task_setrlimit(struct task_struct *p, unsigned int resource, 429 struct rlimit *new_rlim); 430int security_task_setscheduler(struct task_struct *p); 431int security_task_getscheduler(struct task_struct *p); 432int security_task_movememory(struct task_struct *p); 433int security_task_kill(struct task_struct *p, struct kernel_siginfo *info, 434 int sig, const struct cred *cred); 435int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 436 unsigned long arg4, unsigned long arg5); 437void security_task_to_inode(struct task_struct *p, struct inode *inode); 438int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 439void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 440int security_msg_msg_alloc(struct msg_msg *msg); 441void security_msg_msg_free(struct msg_msg *msg); 442int security_msg_queue_alloc(struct kern_ipc_perm *msq); 443void security_msg_queue_free(struct kern_ipc_perm *msq); 444int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg); 445int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd); 446int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 447 struct msg_msg *msg, int msqflg); 448int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, 449 struct task_struct *target, long type, int mode); 450int security_shm_alloc(struct kern_ipc_perm *shp); 451void security_shm_free(struct kern_ipc_perm *shp); 452int security_shm_associate(struct kern_ipc_perm *shp, int shmflg); 453int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd); 454int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg); 455int security_sem_alloc(struct kern_ipc_perm *sma); 456void security_sem_free(struct kern_ipc_perm *sma); 457int security_sem_associate(struct kern_ipc_perm *sma, int semflg); 458int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); 459int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, 460 unsigned nsops, int alter); 461void security_d_instantiate(struct dentry *dentry, struct inode *inode); 462int security_getprocattr(struct task_struct *p, const char *lsm, char *name, 463 char **value); 464int security_setprocattr(const char *lsm, const char *name, void *value, 465 size_t size); 466int security_netlink_send(struct sock *sk, struct sk_buff *skb); 467int security_ismaclabel(const char *name); 468int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 469int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 470void security_release_secctx(char *secdata, u32 seclen); 471void security_inode_invalidate_secctx(struct inode *inode); 472int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 473int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 474int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 475int security_locked_down(enum lockdown_reason what); 476#else /* CONFIG_SECURITY */ 477 478static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) 479{ 480 return 0; 481} 482 483static inline int register_blocking_lsm_notifier(struct notifier_block *nb) 484{ 485 return 0; 486} 487 488static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) 489{ 490 return 0; 491} 492 493static inline void security_free_mnt_opts(void **mnt_opts) 494{ 495} 496 497/* 498 * This is the default capabilities functionality. Most of these functions 499 * are just stubbed out, but a few must call the proper capable code. 500 */ 501 502static inline int security_init(void) 503{ 504 return 0; 505} 506 507static inline int early_security_init(void) 508{ 509 return 0; 510} 511 512static inline int security_binder_set_context_mgr(const struct cred *mgr) 513{ 514 return 0; 515} 516 517static inline int security_binder_transaction(const struct cred *from, 518 const struct cred *to) 519{ 520 return 0; 521} 522 523static inline int security_binder_transfer_binder(const struct cred *from, 524 const struct cred *to) 525{ 526 return 0; 527} 528 529static inline int security_binder_transfer_file(const struct cred *from, 530 const struct cred *to, 531 struct file *file) 532{ 533 return 0; 534} 535 536static inline int security_ptrace_access_check(struct task_struct *child, 537 unsigned int mode) 538{ 539 return cap_ptrace_access_check(child, mode); 540} 541 542static inline int security_ptrace_traceme(struct task_struct *parent) 543{ 544 return cap_ptrace_traceme(parent); 545} 546 547static inline int security_capget(struct task_struct *target, 548 kernel_cap_t *effective, 549 kernel_cap_t *inheritable, 550 kernel_cap_t *permitted) 551{ 552 return cap_capget(target, effective, inheritable, permitted); 553} 554 555static inline int security_capset(struct cred *new, 556 const struct cred *old, 557 const kernel_cap_t *effective, 558 const kernel_cap_t *inheritable, 559 const kernel_cap_t *permitted) 560{ 561 return cap_capset(new, old, effective, inheritable, permitted); 562} 563 564static inline int security_capable(const struct cred *cred, 565 struct user_namespace *ns, 566 int cap, 567 unsigned int opts) 568{ 569 return cap_capable(cred, ns, cap, opts); 570} 571 572static inline int security_quotactl(int cmds, int type, int id, 573 struct super_block *sb) 574{ 575 return 0; 576} 577 578static inline int security_quota_on(struct dentry *dentry) 579{ 580 return 0; 581} 582 583static inline int security_syslog(int type) 584{ 585 return 0; 586} 587 588static inline int security_settime64(const struct timespec64 *ts, 589 const struct timezone *tz) 590{ 591 return cap_settime(ts, tz); 592} 593 594static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 595{ 596 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 597} 598 599static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm) 600{ 601 return 0; 602} 603 604static inline int security_bprm_creds_from_file(struct linux_binprm *bprm, 605 struct file *file) 606{ 607 return cap_bprm_creds_from_file(bprm, file); 608} 609 610static inline int security_bprm_check(struct linux_binprm *bprm) 611{ 612 return 0; 613} 614 615static inline void security_bprm_committing_creds(struct linux_binprm *bprm) 616{ 617} 618 619static inline void security_bprm_committed_creds(struct linux_binprm *bprm) 620{ 621} 622 623static inline int security_fs_context_dup(struct fs_context *fc, 624 struct fs_context *src_fc) 625{ 626 return 0; 627} 628static inline int security_fs_context_parse_param(struct fs_context *fc, 629 struct fs_parameter *param) 630{ 631 return -ENOPARAM; 632} 633 634static inline int security_sb_alloc(struct super_block *sb) 635{ 636 return 0; 637} 638 639static inline void security_sb_delete(struct super_block *sb) 640{ } 641 642static inline void security_sb_free(struct super_block *sb) 643{ } 644 645static inline int security_sb_eat_lsm_opts(char *options, 646 void **mnt_opts) 647{ 648 return 0; 649} 650 651static inline int security_sb_remount(struct super_block *sb, 652 void *mnt_opts) 653{ 654 return 0; 655} 656 657static inline int security_sb_mnt_opts_compat(struct super_block *sb, 658 void *mnt_opts) 659{ 660 return 0; 661} 662 663 664static inline int security_sb_kern_mount(struct super_block *sb) 665{ 666 return 0; 667} 668 669static inline int security_sb_show_options(struct seq_file *m, 670 struct super_block *sb) 671{ 672 return 0; 673} 674 675static inline int security_sb_statfs(struct dentry *dentry) 676{ 677 return 0; 678} 679 680static inline int security_sb_mount(const char *dev_name, const struct path *path, 681 const char *type, unsigned long flags, 682 void *data) 683{ 684 return 0; 685} 686 687static inline int security_sb_umount(struct vfsmount *mnt, int flags) 688{ 689 return 0; 690} 691 692static inline int security_sb_pivotroot(const struct path *old_path, 693 const struct path *new_path) 694{ 695 return 0; 696} 697 698static inline int security_sb_set_mnt_opts(struct super_block *sb, 699 void *mnt_opts, 700 unsigned long kern_flags, 701 unsigned long *set_kern_flags) 702{ 703 return 0; 704} 705 706static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 707 struct super_block *newsb, 708 unsigned long kern_flags, 709 unsigned long *set_kern_flags) 710{ 711 return 0; 712} 713 714static inline int security_move_mount(const struct path *from_path, 715 const struct path *to_path) 716{ 717 return 0; 718} 719 720static inline int security_path_notify(const struct path *path, u64 mask, 721 unsigned int obj_type) 722{ 723 return 0; 724} 725 726static inline int security_inode_alloc(struct inode *inode) 727{ 728 return 0; 729} 730 731static inline void security_inode_free(struct inode *inode) 732{ } 733 734static inline int security_dentry_init_security(struct dentry *dentry, 735 int mode, 736 const struct qstr *name, 737 const char **xattr_name, 738 void **ctx, 739 u32 *ctxlen) 740{ 741 return -EOPNOTSUPP; 742} 743 744static inline int security_dentry_create_files_as(struct dentry *dentry, 745 int mode, struct qstr *name, 746 const struct cred *old, 747 struct cred *new) 748{ 749 return 0; 750} 751 752 753static inline int security_inode_init_security(struct inode *inode, 754 struct inode *dir, 755 const struct qstr *qstr, 756 const initxattrs xattrs, 757 void *fs_data) 758{ 759 return 0; 760} 761 762static inline int security_inode_init_security_anon(struct inode *inode, 763 const struct qstr *name, 764 const struct inode *context_inode) 765{ 766 return 0; 767} 768 769static inline int security_old_inode_init_security(struct inode *inode, 770 struct inode *dir, 771 const struct qstr *qstr, 772 const char **name, 773 void **value, size_t *len) 774{ 775 return -EOPNOTSUPP; 776} 777 778static inline int security_inode_create(struct inode *dir, 779 struct dentry *dentry, 780 umode_t mode) 781{ 782 return 0; 783} 784 785static inline int security_inode_link(struct dentry *old_dentry, 786 struct inode *dir, 787 struct dentry *new_dentry) 788{ 789 return 0; 790} 791 792static inline int security_inode_unlink(struct inode *dir, 793 struct dentry *dentry) 794{ 795 return 0; 796} 797 798static inline int security_inode_symlink(struct inode *dir, 799 struct dentry *dentry, 800 const char *old_name) 801{ 802 return 0; 803} 804 805static inline int security_inode_mkdir(struct inode *dir, 806 struct dentry *dentry, 807 int mode) 808{ 809 return 0; 810} 811 812static inline int security_inode_rmdir(struct inode *dir, 813 struct dentry *dentry) 814{ 815 return 0; 816} 817 818static inline int security_inode_mknod(struct inode *dir, 819 struct dentry *dentry, 820 int mode, dev_t dev) 821{ 822 return 0; 823} 824 825static inline int security_inode_rename(struct inode *old_dir, 826 struct dentry *old_dentry, 827 struct inode *new_dir, 828 struct dentry *new_dentry, 829 unsigned int flags) 830{ 831 return 0; 832} 833 834static inline int security_inode_readlink(struct dentry *dentry) 835{ 836 return 0; 837} 838 839static inline int security_inode_follow_link(struct dentry *dentry, 840 struct inode *inode, 841 bool rcu) 842{ 843 return 0; 844} 845 846static inline int security_inode_permission(struct inode *inode, int mask) 847{ 848 return 0; 849} 850 851static inline int security_inode_setattr(struct dentry *dentry, 852 struct iattr *attr) 853{ 854 return 0; 855} 856 857static inline int security_inode_getattr(const struct path *path) 858{ 859 return 0; 860} 861 862static inline int security_inode_setxattr(struct user_namespace *mnt_userns, 863 struct dentry *dentry, const char *name, const void *value, 864 size_t size, int flags) 865{ 866 return cap_inode_setxattr(dentry, name, value, size, flags); 867} 868 869static inline void security_inode_post_setxattr(struct dentry *dentry, 870 const char *name, const void *value, size_t size, int flags) 871{ } 872 873static inline int security_inode_getxattr(struct dentry *dentry, 874 const char *name) 875{ 876 return 0; 877} 878 879static inline int security_inode_listxattr(struct dentry *dentry) 880{ 881 return 0; 882} 883 884static inline int security_inode_removexattr(struct user_namespace *mnt_userns, 885 struct dentry *dentry, 886 const char *name) 887{ 888 return cap_inode_removexattr(mnt_userns, dentry, name); 889} 890 891static inline int security_inode_need_killpriv(struct dentry *dentry) 892{ 893 return cap_inode_need_killpriv(dentry); 894} 895 896static inline int security_inode_killpriv(struct user_namespace *mnt_userns, 897 struct dentry *dentry) 898{ 899 return cap_inode_killpriv(mnt_userns, dentry); 900} 901 902static inline int security_inode_getsecurity(struct user_namespace *mnt_userns, 903 struct inode *inode, 904 const char *name, void **buffer, 905 bool alloc) 906{ 907 return cap_inode_getsecurity(mnt_userns, inode, name, buffer, alloc); 908} 909 910static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 911{ 912 return -EOPNOTSUPP; 913} 914 915static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 916{ 917 return 0; 918} 919 920static inline void security_inode_getsecid(struct inode *inode, u32 *secid) 921{ 922 *secid = 0; 923} 924 925static inline int security_inode_copy_up(struct dentry *src, struct cred **new) 926{ 927 return 0; 928} 929 930static inline int security_kernfs_init_security(struct kernfs_node *kn_dir, 931 struct kernfs_node *kn) 932{ 933 return 0; 934} 935 936static inline int security_inode_copy_up_xattr(const char *name) 937{ 938 return -EOPNOTSUPP; 939} 940 941static inline int security_file_permission(struct file *file, int mask) 942{ 943 return 0; 944} 945 946static inline int security_file_alloc(struct file *file) 947{ 948 return 0; 949} 950 951static inline void security_file_free(struct file *file) 952{ } 953 954static inline int security_file_ioctl(struct file *file, unsigned int cmd, 955 unsigned long arg) 956{ 957 return 0; 958} 959 960static inline int security_mmap_file(struct file *file, unsigned long prot, 961 unsigned long flags) 962{ 963 return 0; 964} 965 966static inline int security_mmap_addr(unsigned long addr) 967{ 968 return cap_mmap_addr(addr); 969} 970 971static inline int security_file_mprotect(struct vm_area_struct *vma, 972 unsigned long reqprot, 973 unsigned long prot) 974{ 975 return 0; 976} 977 978static inline int security_file_lock(struct file *file, unsigned int cmd) 979{ 980 return 0; 981} 982 983static inline int security_file_fcntl(struct file *file, unsigned int cmd, 984 unsigned long arg) 985{ 986 return 0; 987} 988 989static inline void security_file_set_fowner(struct file *file) 990{ 991 return; 992} 993 994static inline int security_file_send_sigiotask(struct task_struct *tsk, 995 struct fown_struct *fown, 996 int sig) 997{ 998 return 0; 999} 1000 1001static inline int security_file_receive(struct file *file) 1002{ 1003 return 0; 1004} 1005 1006static inline int security_file_open(struct file *file) 1007{ 1008 return 0; 1009} 1010 1011static inline int security_task_alloc(struct task_struct *task, 1012 unsigned long clone_flags) 1013{ 1014 return 0; 1015} 1016 1017static inline void security_task_free(struct task_struct *task) 1018{ } 1019 1020static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1021{ 1022 return 0; 1023} 1024 1025static inline void security_cred_free(struct cred *cred) 1026{ } 1027 1028static inline int security_prepare_creds(struct cred *new, 1029 const struct cred *old, 1030 gfp_t gfp) 1031{ 1032 return 0; 1033} 1034 1035static inline void security_transfer_creds(struct cred *new, 1036 const struct cred *old) 1037{ 1038} 1039 1040static inline void security_cred_getsecid(const struct cred *c, u32 *secid) 1041{ 1042 *secid = 0; 1043} 1044 1045static inline int security_kernel_act_as(struct cred *cred, u32 secid) 1046{ 1047 return 0; 1048} 1049 1050static inline int security_kernel_create_files_as(struct cred *cred, 1051 struct inode *inode) 1052{ 1053 return 0; 1054} 1055 1056static inline int security_kernel_module_request(char *kmod_name) 1057{ 1058 return 0; 1059} 1060 1061static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents) 1062{ 1063 return 0; 1064} 1065 1066static inline int security_kernel_post_load_data(char *buf, loff_t size, 1067 enum kernel_load_data_id id, 1068 char *description) 1069{ 1070 return 0; 1071} 1072 1073static inline int security_kernel_read_file(struct file *file, 1074 enum kernel_read_file_id id, 1075 bool contents) 1076{ 1077 return 0; 1078} 1079 1080static inline int security_kernel_post_read_file(struct file *file, 1081 char *buf, loff_t size, 1082 enum kernel_read_file_id id) 1083{ 1084 return 0; 1085} 1086 1087static inline int security_task_fix_setuid(struct cred *new, 1088 const struct cred *old, 1089 int flags) 1090{ 1091 return cap_task_fix_setuid(new, old, flags); 1092} 1093 1094static inline int security_task_fix_setgid(struct cred *new, 1095 const struct cred *old, 1096 int flags) 1097{ 1098 return 0; 1099} 1100 1101static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 1102{ 1103 return 0; 1104} 1105 1106static inline int security_task_getpgid(struct task_struct *p) 1107{ 1108 return 0; 1109} 1110 1111static inline int security_task_getsid(struct task_struct *p) 1112{ 1113 return 0; 1114} 1115 1116static inline void security_current_getsecid_subj(u32 *secid) 1117{ 1118 *secid = 0; 1119} 1120 1121static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) 1122{ 1123 *secid = 0; 1124} 1125 1126static inline int security_task_setnice(struct task_struct *p, int nice) 1127{ 1128 return cap_task_setnice(p, nice); 1129} 1130 1131static inline int security_task_setioprio(struct task_struct *p, int ioprio) 1132{ 1133 return cap_task_setioprio(p, ioprio); 1134} 1135 1136static inline int security_task_getioprio(struct task_struct *p) 1137{ 1138 return 0; 1139} 1140 1141static inline int security_task_prlimit(const struct cred *cred, 1142 const struct cred *tcred, 1143 unsigned int flags) 1144{ 1145 return 0; 1146} 1147 1148static inline int security_task_setrlimit(struct task_struct *p, 1149 unsigned int resource, 1150 struct rlimit *new_rlim) 1151{ 1152 return 0; 1153} 1154 1155static inline int security_task_setscheduler(struct task_struct *p) 1156{ 1157 return cap_task_setscheduler(p); 1158} 1159 1160static inline int security_task_getscheduler(struct task_struct *p) 1161{ 1162 return 0; 1163} 1164 1165static inline int security_task_movememory(struct task_struct *p) 1166{ 1167 return 0; 1168} 1169 1170static inline int security_task_kill(struct task_struct *p, 1171 struct kernel_siginfo *info, int sig, 1172 const struct cred *cred) 1173{ 1174 return 0; 1175} 1176 1177static inline int security_task_prctl(int option, unsigned long arg2, 1178 unsigned long arg3, 1179 unsigned long arg4, 1180 unsigned long arg5) 1181{ 1182 return cap_task_prctl(option, arg2, arg3, arg4, arg5); 1183} 1184 1185static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 1186{ } 1187 1188static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 1189 short flag) 1190{ 1191 return 0; 1192} 1193 1194static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 1195{ 1196 *secid = 0; 1197} 1198 1199static inline int security_msg_msg_alloc(struct msg_msg *msg) 1200{ 1201 return 0; 1202} 1203 1204static inline void security_msg_msg_free(struct msg_msg *msg) 1205{ } 1206 1207static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq) 1208{ 1209 return 0; 1210} 1211 1212static inline void security_msg_queue_free(struct kern_ipc_perm *msq) 1213{ } 1214 1215static inline int security_msg_queue_associate(struct kern_ipc_perm *msq, 1216 int msqflg) 1217{ 1218 return 0; 1219} 1220 1221static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) 1222{ 1223 return 0; 1224} 1225 1226static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 1227 struct msg_msg *msg, int msqflg) 1228{ 1229 return 0; 1230} 1231 1232static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, 1233 struct msg_msg *msg, 1234 struct task_struct *target, 1235 long type, int mode) 1236{ 1237 return 0; 1238} 1239 1240static inline int security_shm_alloc(struct kern_ipc_perm *shp) 1241{ 1242 return 0; 1243} 1244 1245static inline void security_shm_free(struct kern_ipc_perm *shp) 1246{ } 1247 1248static inline int security_shm_associate(struct kern_ipc_perm *shp, 1249 int shmflg) 1250{ 1251 return 0; 1252} 1253 1254static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 1255{ 1256 return 0; 1257} 1258 1259static inline int security_shm_shmat(struct kern_ipc_perm *shp, 1260 char __user *shmaddr, int shmflg) 1261{ 1262 return 0; 1263} 1264 1265static inline int security_sem_alloc(struct kern_ipc_perm *sma) 1266{ 1267 return 0; 1268} 1269 1270static inline void security_sem_free(struct kern_ipc_perm *sma) 1271{ } 1272 1273static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg) 1274{ 1275 return 0; 1276} 1277 1278static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) 1279{ 1280 return 0; 1281} 1282 1283static inline int security_sem_semop(struct kern_ipc_perm *sma, 1284 struct sembuf *sops, unsigned nsops, 1285 int alter) 1286{ 1287 return 0; 1288} 1289 1290static inline void security_d_instantiate(struct dentry *dentry, 1291 struct inode *inode) 1292{ } 1293 1294static inline int security_getprocattr(struct task_struct *p, const char *lsm, 1295 char *name, char **value) 1296{ 1297 return -EINVAL; 1298} 1299 1300static inline int security_setprocattr(const char *lsm, char *name, 1301 void *value, size_t size) 1302{ 1303 return -EINVAL; 1304} 1305 1306static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1307{ 1308 return 0; 1309} 1310 1311static inline int security_ismaclabel(const char *name) 1312{ 1313 return 0; 1314} 1315 1316static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1317{ 1318 return -EOPNOTSUPP; 1319} 1320 1321static inline int security_secctx_to_secid(const char *secdata, 1322 u32 seclen, 1323 u32 *secid) 1324{ 1325 return -EOPNOTSUPP; 1326} 1327 1328static inline void security_release_secctx(char *secdata, u32 seclen) 1329{ 1330} 1331 1332static inline void security_inode_invalidate_secctx(struct inode *inode) 1333{ 1334} 1335 1336static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1337{ 1338 return -EOPNOTSUPP; 1339} 1340static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1341{ 1342 return -EOPNOTSUPP; 1343} 1344static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1345{ 1346 return -EOPNOTSUPP; 1347} 1348static inline int security_locked_down(enum lockdown_reason what) 1349{ 1350 return 0; 1351} 1352#endif /* CONFIG_SECURITY */ 1353 1354#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) 1355int security_post_notification(const struct cred *w_cred, 1356 const struct cred *cred, 1357 struct watch_notification *n); 1358#else 1359static inline int security_post_notification(const struct cred *w_cred, 1360 const struct cred *cred, 1361 struct watch_notification *n) 1362{ 1363 return 0; 1364} 1365#endif 1366 1367#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS) 1368int security_watch_key(struct key *key); 1369#else 1370static inline int security_watch_key(struct key *key) 1371{ 1372 return 0; 1373} 1374#endif 1375 1376#ifdef CONFIG_SECURITY_NETWORK 1377 1378int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1379int security_unix_may_send(struct socket *sock, struct socket *other); 1380int security_socket_create(int family, int type, int protocol, int kern); 1381int security_socket_post_create(struct socket *sock, int family, 1382 int type, int protocol, int kern); 1383int security_socket_socketpair(struct socket *socka, struct socket *sockb); 1384int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1385int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1386int security_socket_listen(struct socket *sock, int backlog); 1387int security_socket_accept(struct socket *sock, struct socket *newsock); 1388int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1389int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1390 int size, int flags); 1391int security_socket_getsockname(struct socket *sock); 1392int security_socket_getpeername(struct socket *sock); 1393int security_socket_getsockopt(struct socket *sock, int level, int optname); 1394int security_socket_setsockopt(struct socket *sock, int level, int optname); 1395int security_socket_shutdown(struct socket *sock, int how); 1396int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1397int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1398 int __user *optlen, unsigned len); 1399int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1400int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1401void security_sk_free(struct sock *sk); 1402void security_sk_clone(const struct sock *sk, struct sock *newsk); 1403void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic); 1404void security_req_classify_flow(const struct request_sock *req, 1405 struct flowi_common *flic); 1406void security_sock_graft(struct sock*sk, struct socket *parent); 1407int security_inet_conn_request(const struct sock *sk, 1408 struct sk_buff *skb, struct request_sock *req); 1409void security_inet_csk_clone(struct sock *newsk, 1410 const struct request_sock *req); 1411void security_inet_conn_established(struct sock *sk, 1412 struct sk_buff *skb); 1413int security_secmark_relabel_packet(u32 secid); 1414void security_secmark_refcount_inc(void); 1415void security_secmark_refcount_dec(void); 1416int security_tun_dev_alloc_security(void **security); 1417void security_tun_dev_free_security(void *security); 1418int security_tun_dev_create(void); 1419int security_tun_dev_attach_queue(void *security); 1420int security_tun_dev_attach(struct sock *sk, void *security); 1421int security_tun_dev_open(void *security); 1422int security_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb); 1423int security_sctp_bind_connect(struct sock *sk, int optname, 1424 struct sockaddr *address, int addrlen); 1425void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk, 1426 struct sock *newsk); 1427int security_sctp_assoc_established(struct sctp_association *asoc, 1428 struct sk_buff *skb); 1429 1430#else /* CONFIG_SECURITY_NETWORK */ 1431static inline int security_unix_stream_connect(struct sock *sock, 1432 struct sock *other, 1433 struct sock *newsk) 1434{ 1435 return 0; 1436} 1437 1438static inline int security_unix_may_send(struct socket *sock, 1439 struct socket *other) 1440{ 1441 return 0; 1442} 1443 1444static inline int security_socket_create(int family, int type, 1445 int protocol, int kern) 1446{ 1447 return 0; 1448} 1449 1450static inline int security_socket_post_create(struct socket *sock, 1451 int family, 1452 int type, 1453 int protocol, int kern) 1454{ 1455 return 0; 1456} 1457 1458static inline int security_socket_socketpair(struct socket *socka, 1459 struct socket *sockb) 1460{ 1461 return 0; 1462} 1463 1464static inline int security_socket_bind(struct socket *sock, 1465 struct sockaddr *address, 1466 int addrlen) 1467{ 1468 return 0; 1469} 1470 1471static inline int security_socket_connect(struct socket *sock, 1472 struct sockaddr *address, 1473 int addrlen) 1474{ 1475 return 0; 1476} 1477 1478static inline int security_socket_listen(struct socket *sock, int backlog) 1479{ 1480 return 0; 1481} 1482 1483static inline int security_socket_accept(struct socket *sock, 1484 struct socket *newsock) 1485{ 1486 return 0; 1487} 1488 1489static inline int security_socket_sendmsg(struct socket *sock, 1490 struct msghdr *msg, int size) 1491{ 1492 return 0; 1493} 1494 1495static inline int security_socket_recvmsg(struct socket *sock, 1496 struct msghdr *msg, int size, 1497 int flags) 1498{ 1499 return 0; 1500} 1501 1502static inline int security_socket_getsockname(struct socket *sock) 1503{ 1504 return 0; 1505} 1506 1507static inline int security_socket_getpeername(struct socket *sock) 1508{ 1509 return 0; 1510} 1511 1512static inline int security_socket_getsockopt(struct socket *sock, 1513 int level, int optname) 1514{ 1515 return 0; 1516} 1517 1518static inline int security_socket_setsockopt(struct socket *sock, 1519 int level, int optname) 1520{ 1521 return 0; 1522} 1523 1524static inline int security_socket_shutdown(struct socket *sock, int how) 1525{ 1526 return 0; 1527} 1528static inline int security_sock_rcv_skb(struct sock *sk, 1529 struct sk_buff *skb) 1530{ 1531 return 0; 1532} 1533 1534static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1535 int __user *optlen, unsigned len) 1536{ 1537 return -ENOPROTOOPT; 1538} 1539 1540static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1541{ 1542 return -ENOPROTOOPT; 1543} 1544 1545static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1546{ 1547 return 0; 1548} 1549 1550static inline void security_sk_free(struct sock *sk) 1551{ 1552} 1553 1554static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1555{ 1556} 1557 1558static inline void security_sk_classify_flow(struct sock *sk, 1559 struct flowi_common *flic) 1560{ 1561} 1562 1563static inline void security_req_classify_flow(const struct request_sock *req, 1564 struct flowi_common *flic) 1565{ 1566} 1567 1568static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1569{ 1570} 1571 1572static inline int security_inet_conn_request(const struct sock *sk, 1573 struct sk_buff *skb, struct request_sock *req) 1574{ 1575 return 0; 1576} 1577 1578static inline void security_inet_csk_clone(struct sock *newsk, 1579 const struct request_sock *req) 1580{ 1581} 1582 1583static inline void security_inet_conn_established(struct sock *sk, 1584 struct sk_buff *skb) 1585{ 1586} 1587 1588static inline int security_secmark_relabel_packet(u32 secid) 1589{ 1590 return 0; 1591} 1592 1593static inline void security_secmark_refcount_inc(void) 1594{ 1595} 1596 1597static inline void security_secmark_refcount_dec(void) 1598{ 1599} 1600 1601static inline int security_tun_dev_alloc_security(void **security) 1602{ 1603 return 0; 1604} 1605 1606static inline void security_tun_dev_free_security(void *security) 1607{ 1608} 1609 1610static inline int security_tun_dev_create(void) 1611{ 1612 return 0; 1613} 1614 1615static inline int security_tun_dev_attach_queue(void *security) 1616{ 1617 return 0; 1618} 1619 1620static inline int security_tun_dev_attach(struct sock *sk, void *security) 1621{ 1622 return 0; 1623} 1624 1625static inline int security_tun_dev_open(void *security) 1626{ 1627 return 0; 1628} 1629 1630static inline int security_sctp_assoc_request(struct sctp_association *asoc, 1631 struct sk_buff *skb) 1632{ 1633 return 0; 1634} 1635 1636static inline int security_sctp_bind_connect(struct sock *sk, int optname, 1637 struct sockaddr *address, 1638 int addrlen) 1639{ 1640 return 0; 1641} 1642 1643static inline void security_sctp_sk_clone(struct sctp_association *asoc, 1644 struct sock *sk, 1645 struct sock *newsk) 1646{ 1647} 1648 1649static inline int security_sctp_assoc_established(struct sctp_association *asoc, 1650 struct sk_buff *skb) 1651{ 1652 return 0; 1653} 1654#endif /* CONFIG_SECURITY_NETWORK */ 1655 1656#ifdef CONFIG_SECURITY_INFINIBAND 1657int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey); 1658int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num); 1659int security_ib_alloc_security(void **sec); 1660void security_ib_free_security(void *sec); 1661#else /* CONFIG_SECURITY_INFINIBAND */ 1662static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey) 1663{ 1664 return 0; 1665} 1666 1667static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num) 1668{ 1669 return 0; 1670} 1671 1672static inline int security_ib_alloc_security(void **sec) 1673{ 1674 return 0; 1675} 1676 1677static inline void security_ib_free_security(void *sec) 1678{ 1679} 1680#endif /* CONFIG_SECURITY_INFINIBAND */ 1681 1682#ifdef CONFIG_SECURITY_NETWORK_XFRM 1683 1684int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1685 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1686int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1687void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1688int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1689int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1690int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1691 struct xfrm_sec_ctx *polsec, u32 secid); 1692int security_xfrm_state_delete(struct xfrm_state *x); 1693void security_xfrm_state_free(struct xfrm_state *x); 1694int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid); 1695int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1696 struct xfrm_policy *xp, 1697 const struct flowi_common *flic); 1698int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1699void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic); 1700 1701#else /* CONFIG_SECURITY_NETWORK_XFRM */ 1702 1703static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1704 struct xfrm_user_sec_ctx *sec_ctx, 1705 gfp_t gfp) 1706{ 1707 return 0; 1708} 1709 1710static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1711{ 1712 return 0; 1713} 1714 1715static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1716{ 1717} 1718 1719static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1720{ 1721 return 0; 1722} 1723 1724static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1725 struct xfrm_user_sec_ctx *sec_ctx) 1726{ 1727 return 0; 1728} 1729 1730static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1731 struct xfrm_sec_ctx *polsec, u32 secid) 1732{ 1733 return 0; 1734} 1735 1736static inline void security_xfrm_state_free(struct xfrm_state *x) 1737{ 1738} 1739 1740static inline int security_xfrm_state_delete(struct xfrm_state *x) 1741{ 1742 return 0; 1743} 1744 1745static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 1746{ 1747 return 0; 1748} 1749 1750static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1751 struct xfrm_policy *xp, 1752 const struct flowi_common *flic) 1753{ 1754 return 1; 1755} 1756 1757static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1758{ 1759 return 0; 1760} 1761 1762static inline void security_skb_classify_flow(struct sk_buff *skb, 1763 struct flowi_common *flic) 1764{ 1765} 1766 1767#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1768 1769#ifdef CONFIG_SECURITY_PATH 1770int security_path_unlink(const struct path *dir, struct dentry *dentry); 1771int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); 1772int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1773int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1774 unsigned int dev); 1775int security_path_truncate(const struct path *path); 1776int security_path_symlink(const struct path *dir, struct dentry *dentry, 1777 const char *old_name); 1778int security_path_link(struct dentry *old_dentry, const struct path *new_dir, 1779 struct dentry *new_dentry); 1780int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, 1781 const struct path *new_dir, struct dentry *new_dentry, 1782 unsigned int flags); 1783int security_path_chmod(const struct path *path, umode_t mode); 1784int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); 1785int security_path_chroot(const struct path *path); 1786#else /* CONFIG_SECURITY_PATH */ 1787static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) 1788{ 1789 return 0; 1790} 1791 1792static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, 1793 umode_t mode) 1794{ 1795 return 0; 1796} 1797 1798static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) 1799{ 1800 return 0; 1801} 1802 1803static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, 1804 umode_t mode, unsigned int dev) 1805{ 1806 return 0; 1807} 1808 1809static inline int security_path_truncate(const struct path *path) 1810{ 1811 return 0; 1812} 1813 1814static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, 1815 const char *old_name) 1816{ 1817 return 0; 1818} 1819 1820static inline int security_path_link(struct dentry *old_dentry, 1821 const struct path *new_dir, 1822 struct dentry *new_dentry) 1823{ 1824 return 0; 1825} 1826 1827static inline int security_path_rename(const struct path *old_dir, 1828 struct dentry *old_dentry, 1829 const struct path *new_dir, 1830 struct dentry *new_dentry, 1831 unsigned int flags) 1832{ 1833 return 0; 1834} 1835 1836static inline int security_path_chmod(const struct path *path, umode_t mode) 1837{ 1838 return 0; 1839} 1840 1841static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 1842{ 1843 return 0; 1844} 1845 1846static inline int security_path_chroot(const struct path *path) 1847{ 1848 return 0; 1849} 1850#endif /* CONFIG_SECURITY_PATH */ 1851 1852#ifdef CONFIG_KEYS 1853#ifdef CONFIG_SECURITY 1854 1855int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 1856void security_key_free(struct key *key); 1857int security_key_permission(key_ref_t key_ref, const struct cred *cred, 1858 enum key_need_perm need_perm); 1859int security_key_getsecurity(struct key *key, char **_buffer); 1860 1861#else 1862 1863static inline int security_key_alloc(struct key *key, 1864 const struct cred *cred, 1865 unsigned long flags) 1866{ 1867 return 0; 1868} 1869 1870static inline void security_key_free(struct key *key) 1871{ 1872} 1873 1874static inline int security_key_permission(key_ref_t key_ref, 1875 const struct cred *cred, 1876 enum key_need_perm need_perm) 1877{ 1878 return 0; 1879} 1880 1881static inline int security_key_getsecurity(struct key *key, char **_buffer) 1882{ 1883 *_buffer = NULL; 1884 return 0; 1885} 1886 1887#endif 1888#endif /* CONFIG_KEYS */ 1889 1890#ifdef CONFIG_AUDIT 1891#ifdef CONFIG_SECURITY 1892int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1893int security_audit_rule_known(struct audit_krule *krule); 1894int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); 1895void security_audit_rule_free(void *lsmrule); 1896 1897#else 1898 1899static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 1900 void **lsmrule) 1901{ 1902 return 0; 1903} 1904 1905static inline int security_audit_rule_known(struct audit_krule *krule) 1906{ 1907 return 0; 1908} 1909 1910static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1911 void *lsmrule) 1912{ 1913 return 0; 1914} 1915 1916static inline void security_audit_rule_free(void *lsmrule) 1917{ } 1918 1919#endif /* CONFIG_SECURITY */ 1920#endif /* CONFIG_AUDIT */ 1921 1922#ifdef CONFIG_SECURITYFS 1923 1924extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 1925 struct dentry *parent, void *data, 1926 const struct file_operations *fops); 1927extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1928struct dentry *securityfs_create_symlink(const char *name, 1929 struct dentry *parent, 1930 const char *target, 1931 const struct inode_operations *iops); 1932extern void securityfs_remove(struct dentry *dentry); 1933 1934#else /* CONFIG_SECURITYFS */ 1935 1936static inline struct dentry *securityfs_create_dir(const char *name, 1937 struct dentry *parent) 1938{ 1939 return ERR_PTR(-ENODEV); 1940} 1941 1942static inline struct dentry *securityfs_create_file(const char *name, 1943 umode_t mode, 1944 struct dentry *parent, 1945 void *data, 1946 const struct file_operations *fops) 1947{ 1948 return ERR_PTR(-ENODEV); 1949} 1950 1951static inline struct dentry *securityfs_create_symlink(const char *name, 1952 struct dentry *parent, 1953 const char *target, 1954 const struct inode_operations *iops) 1955{ 1956 return ERR_PTR(-ENODEV); 1957} 1958 1959static inline void securityfs_remove(struct dentry *dentry) 1960{} 1961 1962#endif 1963 1964#ifdef CONFIG_BPF_SYSCALL 1965union bpf_attr; 1966struct bpf_map; 1967struct bpf_prog; 1968struct bpf_prog_aux; 1969#ifdef CONFIG_SECURITY 1970extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size); 1971extern int security_bpf_map(struct bpf_map *map, fmode_t fmode); 1972extern int security_bpf_prog(struct bpf_prog *prog); 1973extern int security_bpf_map_alloc(struct bpf_map *map); 1974extern void security_bpf_map_free(struct bpf_map *map); 1975extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux); 1976extern void security_bpf_prog_free(struct bpf_prog_aux *aux); 1977#else 1978static inline int security_bpf(int cmd, union bpf_attr *attr, 1979 unsigned int size) 1980{ 1981 return 0; 1982} 1983 1984static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode) 1985{ 1986 return 0; 1987} 1988 1989static inline int security_bpf_prog(struct bpf_prog *prog) 1990{ 1991 return 0; 1992} 1993 1994static inline int security_bpf_map_alloc(struct bpf_map *map) 1995{ 1996 return 0; 1997} 1998 1999static inline void security_bpf_map_free(struct bpf_map *map) 2000{ } 2001 2002static inline int security_bpf_prog_alloc(struct bpf_prog_aux *aux) 2003{ 2004 return 0; 2005} 2006 2007static inline void security_bpf_prog_free(struct bpf_prog_aux *aux) 2008{ } 2009#endif /* CONFIG_SECURITY */ 2010#endif /* CONFIG_BPF_SYSCALL */ 2011 2012#ifdef CONFIG_PERF_EVENTS 2013struct perf_event_attr; 2014struct perf_event; 2015 2016#ifdef CONFIG_SECURITY 2017extern int security_perf_event_open(struct perf_event_attr *attr, int type); 2018extern int security_perf_event_alloc(struct perf_event *event); 2019extern void security_perf_event_free(struct perf_event *event); 2020extern int security_perf_event_read(struct perf_event *event); 2021extern int security_perf_event_write(struct perf_event *event); 2022#else 2023static inline int security_perf_event_open(struct perf_event_attr *attr, 2024 int type) 2025{ 2026 return 0; 2027} 2028 2029static inline int security_perf_event_alloc(struct perf_event *event) 2030{ 2031 return 0; 2032} 2033 2034static inline void security_perf_event_free(struct perf_event *event) 2035{ 2036} 2037 2038static inline int security_perf_event_read(struct perf_event *event) 2039{ 2040 return 0; 2041} 2042 2043static inline int security_perf_event_write(struct perf_event *event) 2044{ 2045 return 0; 2046} 2047#endif /* CONFIG_SECURITY */ 2048#endif /* CONFIG_PERF_EVENTS */ 2049 2050#ifdef CONFIG_IO_URING 2051#ifdef CONFIG_SECURITY 2052extern int security_uring_override_creds(const struct cred *new); 2053extern int security_uring_sqpoll(void); 2054#else 2055static inline int security_uring_override_creds(const struct cred *new) 2056{ 2057 return 0; 2058} 2059static inline int security_uring_sqpoll(void) 2060{ 2061 return 0; 2062} 2063#endif /* CONFIG_SECURITY */ 2064#endif /* CONFIG_IO_URING */ 2065 2066#endif /* ! __LINUX_SECURITY_H */