]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - include/linux/security.h
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
LSM: Switch to lists of hooks
[mirror_ubuntu-hirsute-kernel.git] / include / linux / security.h
CommitLineData
1da177e4
LT		 1/*
2 * Linux Security plug
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * Due to this file being licensed under the GPL there is controversy over
16 * whether this permits you to write a module that #includes this file
17 * without placing your module under the GPL. Please consult a lawyer for
18 * advice before doing this.
19 *
20 */
21
22#ifndef __LINUX_SECURITY_H
23#define __LINUX_SECURITY_H
24
29db9190 25#include <linux/key.h>
40401530 26#include <linux/capability.h>
5a0e3ad6 27#include <linux/slab.h>
40401530 28#include <linux/err.h>
d47be3df 29#include <linux/string.h>
b1d9e6b0 30#include <linux/mm.h>
40401530
AV		 31
32struct linux_binprm;
33struct cred;
34struct rlimit;
35struct siginfo;
36struct sem_array;
37struct sembuf;
38struct kern_ipc_perm;
39struct audit_context;
40struct super_block;
41struct inode;
42struct dentry;
43struct file;
44struct vfsmount;
45struct path;
46struct qstr;
47struct nameidata;
48struct iattr;
49struct fown_struct;
50struct file_operations;
51struct shmid_kernel;
52struct msg_msg;
53struct msg_queue;
54struct xattr;
55struct xfrm_sec_ctx;
56struct mm_struct;
1da177e4 57
06112163
EP		 58/* If capable should audit the security request */
59#define SECURITY_CAP_NOAUDIT 0
60#define SECURITY_CAP_AUDIT 1
61
eb9ae686
DQ		 62/* LSM Agnostic defines for sb_set_mnt_opts */
63#define SECURITY_LSM_NATIVE_LABELS 1
64
1da177e4 65struct ctl_table;
03d37d25 66struct audit_krule;
3486740a 67struct user_namespace;
40401530 68struct timezone;
1da177e4 69
b1d9e6b0 70/* These functions are in security/commoncap.c */
6a9de491
EP		 71extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
72 int cap, int audit);
1e6d7679 73extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
9e48858f 74extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
5cd9c58f 75extern int cap_ptrace_traceme(struct task_struct *parent);
7b41b173 76extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
d84f4f99
DH		 77extern int cap_capset(struct cred *new, const struct cred *old,
78 const kernel_cap_t *effective,
79 const kernel_cap_t *inheritable,
80 const kernel_cap_t *permitted);
a6f76f23 81extern int cap_bprm_set_creds(struct linux_binprm *bprm);
1da177e4 82extern int cap_bprm_secureexec(struct linux_binprm *bprm);
8f0cfa52
DH		 83extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
84 const void *value, size_t size, int flags);
85extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
b5376771
SH		 86extern int cap_inode_need_killpriv(struct dentry *dentry);
87extern int cap_inode_killpriv(struct dentry *dentry);
d007794a 88extern int cap_mmap_addr(unsigned long addr);
e5467859
AV		 89extern int cap_mmap_file(struct file *file, unsigned long reqprot,
90 unsigned long prot, unsigned long flags);
d84f4f99 91extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
3898b1b4 92extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f99 93 unsigned long arg4, unsigned long arg5);
b0ae1981 94extern int cap_task_setscheduler(struct task_struct *p);
7b41b173
EP		 95extern int cap_task_setioprio(struct task_struct *p, int ioprio);
96extern int cap_task_setnice(struct task_struct *p, int nice);
20510f2f 97extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
1da177e4
LT		 98
99struct msghdr;
100struct sk_buff;
101struct sock;
102struct sockaddr;
103struct socket;
df71837d
TJ		 104struct flowi;
105struct dst_entry;
106struct xfrm_selector;
107struct xfrm_policy;
108struct xfrm_state;
109struct xfrm_user_sec_ctx;
2069f457 110struct seq_file;
1da177e4 111
6e141546 112#ifdef CONFIG_MMU
ed032189 113extern unsigned long mmap_min_addr;
a2551df7 114extern unsigned long dac_mmap_min_addr;
6e141546 115#else
be8cfc4a 116#define mmap_min_addr 0UL
6e141546
DH		 117#define dac_mmap_min_addr 0UL
118#endif
119
1da177e4
LT		 120/*
121 * Values used in the task_security_ops calls
122 */
123/* setuid or setgid, id0 == uid or gid */
124#define LSM_SETID_ID 1
125
126/* setreuid or setregid, id0 == real, id1 == eff */
127#define LSM_SETID_RE 2
128
129/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
130#define LSM_SETID_RES 4
131
132/* setfsuid or setfsgid, id0 == fsuid or fsgid */
133#define LSM_SETID_FS 8
134
135/* forward declares to avoid warnings */
1da177e4 136struct sched_param;
4237c75c 137struct request_sock;
1da177e4 138
a6f76f23 139/* bprm->unsafe reasons */
1da177e4
LT		 140#define LSM_UNSAFE_SHARE 1
141#define LSM_UNSAFE_PTRACE 2
142#define LSM_UNSAFE_PTRACE_CAP 4
259e5e6c 143#define LSM_UNSAFE_NO_NEW_PRIVS 8
1da177e4 144
6e141546 145#ifdef CONFIG_MMU
8d65af78 146extern int mmap_min_addr_handler(struct ctl_table *table, int write,
47d439e9 147 void __user *buffer, size_t *lenp, loff_t *ppos);
6e141546 148#endif
47d439e9 149
9d8f13ba
MZ		 150/* security_inode_init_security callback function to write xattrs */
151typedef int (*initxattrs) (struct inode *inode,
152 const struct xattr *xattr_array, void *fs_data);
153
1da177e4
LT		 154#ifdef CONFIG_SECURITY
155
e0007529
EP		 156struct security_mnt_opts {
157 char **mnt_opts;
158 int *mnt_opts_flags;
159 int num_mnt_opts;
160};
161
162static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
163{
164 opts->mnt_opts = NULL;
165 opts->mnt_opts_flags = NULL;
166 opts->num_mnt_opts = 0;
167}
168
169static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
170{
171 int i;
172 if (opts->mnt_opts)
7b41b173 173 for (i = 0; i < opts->num_mnt_opts; i++)
e0007529
EP		 174 kfree(opts->mnt_opts[i]);
175 kfree(opts->mnt_opts);
176 opts->mnt_opts = NULL;
177 kfree(opts->mnt_opts_flags);
178 opts->mnt_opts_flags = NULL;
179 opts->num_mnt_opts = 0;
180}
181
1da177e4 182/* prototypes */
7b41b173 183extern int security_init(void);
1da177e4 184
20510f2f 185/* Security operations */
79af7307
SS		 186int security_binder_set_context_mgr(struct task_struct *mgr);
187int security_binder_transaction(struct task_struct *from,
188 struct task_struct *to);
189int security_binder_transfer_binder(struct task_struct *from,
190 struct task_struct *to);
191int security_binder_transfer_file(struct task_struct *from,
192 struct task_struct *to, struct file *file);
9e48858f 193int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
5cd9c58f 194int security_ptrace_traceme(struct task_struct *parent);
20510f2f 195int security_capget(struct task_struct *target,
7b41b173
EP		 196 kernel_cap_t *effective,
197 kernel_cap_t *inheritable,
198 kernel_cap_t *permitted);
d84f4f99
DH		 199int security_capset(struct cred *new, const struct cred *old,
200 const kernel_cap_t *effective,
201 const kernel_cap_t *inheritable,
202 const kernel_cap_t *permitted);
b7e724d3 203int security_capable(const struct cred *cred, struct user_namespace *ns,
3486740a 204 int cap);
c7eba4a9
EP		 205int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
206 int cap);
20510f2f
JM		 207int security_quotactl(int cmds, int type, int id, struct super_block *sb);
208int security_quota_on(struct dentry *dentry);
12b3052c 209int security_syslog(int type);
1e6d7679 210int security_settime(const struct timespec *ts, const struct timezone *tz);
20510f2f 211int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
a6f76f23 212int security_bprm_set_creds(struct linux_binprm *bprm);
20510f2f 213int security_bprm_check(struct linux_binprm *bprm);
a6f76f23
DH		 214void security_bprm_committing_creds(struct linux_binprm *bprm);
215void security_bprm_committed_creds(struct linux_binprm *bprm);
20510f2f
JM		 216int security_bprm_secureexec(struct linux_binprm *bprm);
217int security_sb_alloc(struct super_block *sb);
218void security_sb_free(struct super_block *sb);
e0007529 219int security_sb_copy_data(char *orig, char *copy);
ff36fe2c 220int security_sb_remount(struct super_block *sb, void *data);
12204e24 221int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
2069f457 222int security_sb_show_options(struct seq_file *m, struct super_block *sb);
20510f2f 223int security_sb_statfs(struct dentry *dentry);
808d4e3c
AV		 224int security_sb_mount(const char *dev_name, struct path *path,
225 const char *type, unsigned long flags, void *data);
20510f2f 226int security_sb_umount(struct vfsmount *mnt, int flags);
b5266eb4 227int security_sb_pivotroot(struct path *old_path, struct path *new_path);
649f6e77
DQ		 228int security_sb_set_mnt_opts(struct super_block *sb,
229 struct security_mnt_opts *opts,
230 unsigned long kern_flags,
231 unsigned long *set_kern_flags);
094f7b69 232int security_sb_clone_mnt_opts(const struct super_block *oldsb,
c9180a57 233 struct super_block *newsb);
e0007529 234int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
d47be3df
DQ		 235int security_dentry_init_security(struct dentry *dentry, int mode,
236 struct qstr *name, void **ctx,
237 u32 *ctxlen);
c9180a57 238
20510f2f
JM		 239int security_inode_alloc(struct inode *inode);
240void security_inode_free(struct inode *inode);
241int security_inode_init_security(struct inode *inode, struct inode *dir,
9d8f13ba
MZ		 242 const struct qstr *qstr,
243 initxattrs initxattrs, void *fs_data);
244int security_old_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 245 const struct qstr *qstr, const char **name,
9d8f13ba 246 void **value, size_t *len);
4acdaf27 247int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
20510f2f
JM		 248int security_inode_link(struct dentry *old_dentry, struct inode *dir,
249 struct dentry *new_dentry);
250int security_inode_unlink(struct inode *dir, struct dentry *dentry);
251int security_inode_symlink(struct inode *dir, struct dentry *dentry,
7b41b173 252 const char *old_name);
18bb1db3 253int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
20510f2f 254int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1a67aafb 255int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
20510f2f 256int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
0b3974eb
MS		 257 struct inode *new_dir, struct dentry *new_dentry,
258 unsigned int flags);
20510f2f
JM		 259int security_inode_readlink(struct dentry *dentry);
260int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
b77b0646 261int security_inode_permission(struct inode *inode, int mask);
20510f2f 262int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
3f7036a0 263int security_inode_getattr(const struct path *path);
8f0cfa52
DH		 264int security_inode_setxattr(struct dentry *dentry, const char *name,
265 const void *value, size_t size, int flags);
266void security_inode_post_setxattr(struct dentry *dentry, const char *name,
267 const void *value, size_t size, int flags);
268int security_inode_getxattr(struct dentry *dentry, const char *name);
20510f2f 269int security_inode_listxattr(struct dentry *dentry);
8f0cfa52 270int security_inode_removexattr(struct dentry *dentry, const char *name);
b5376771
SH		 271int security_inode_need_killpriv(struct dentry *dentry);
272int security_inode_killpriv(struct dentry *dentry);
42492594 273int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
20510f2f
JM		 274int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
275int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
8a076191 276void security_inode_getsecid(const struct inode *inode, u32 *secid);
20510f2f
JM		 277int security_file_permission(struct file *file, int mask);
278int security_file_alloc(struct file *file);
279void security_file_free(struct file *file);
280int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
8b3ec681
AV		 281int security_mmap_file(struct file *file, unsigned long prot,
282 unsigned long flags);
e5467859 283int security_mmap_addr(unsigned long addr);
20510f2f 284int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
7b41b173 285 unsigned long prot);
20510f2f
JM		 286int security_file_lock(struct file *file, unsigned int cmd);
287int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
e0b93edd 288void security_file_set_fowner(struct file *file);
20510f2f 289int security_file_send_sigiotask(struct task_struct *tsk,
7b41b173 290 struct fown_struct *fown, int sig);
20510f2f 291int security_file_receive(struct file *file);
83d49856 292int security_file_open(struct file *file, const struct cred *cred);
20510f2f 293int security_task_create(unsigned long clone_flags);
1a2a4d06 294void security_task_free(struct task_struct *task);
ee18d64c 295int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
f1752eec 296void security_cred_free(struct cred *cred);
d84f4f99 297int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
ee18d64c 298void security_transfer_creds(struct cred *new, const struct cred *old);
3a3b7ce9
DH		 299int security_kernel_act_as(struct cred *new, u32 secid);
300int security_kernel_create_files_as(struct cred *new, struct inode *inode);
13752fe2 301int security_kernel_fw_from_file(struct file *file, char *buf, size_t size);
dd8dbf2e 302int security_kernel_module_request(char *kmod_name);
2e72d51b 303int security_kernel_module_from_file(struct file *file);
d84f4f99
DH		 304int security_task_fix_setuid(struct cred *new, const struct cred *old,
305 int flags);
20510f2f
JM		 306int security_task_setpgid(struct task_struct *p, pid_t pgid);
307int security_task_getpgid(struct task_struct *p);
308int security_task_getsid(struct task_struct *p);
309void security_task_getsecid(struct task_struct *p, u32 *secid);
20510f2f
JM		 310int security_task_setnice(struct task_struct *p, int nice);
311int security_task_setioprio(struct task_struct *p, int ioprio);
312int security_task_getioprio(struct task_struct *p);
8fd00b4d
JS		 313int security_task_setrlimit(struct task_struct *p, unsigned int resource,
314 struct rlimit *new_rlim);
b0ae1981 315int security_task_setscheduler(struct task_struct *p);
20510f2f
JM		 316int security_task_getscheduler(struct task_struct *p);
317int security_task_movememory(struct task_struct *p);
318int security_task_kill(struct task_struct *p, struct siginfo *info,
319 int sig, u32 secid);
320int security_task_wait(struct task_struct *p);
321int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f99 322 unsigned long arg4, unsigned long arg5);
20510f2f
JM		 323void security_task_to_inode(struct task_struct *p, struct inode *inode);
324int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
8a076191 325void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
20510f2f
JM		 326int security_msg_msg_alloc(struct msg_msg *msg);
327void security_msg_msg_free(struct msg_msg *msg);
328int security_msg_queue_alloc(struct msg_queue *msq);
329void security_msg_queue_free(struct msg_queue *msq);
330int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
331int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
332int security_msg_queue_msgsnd(struct msg_queue *msq,
7b41b173 333 struct msg_msg *msg, int msqflg);
20510f2f 334int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
7b41b173 335 struct task_struct *target, long type, int mode);
20510f2f
JM		 336int security_shm_alloc(struct shmid_kernel *shp);
337void security_shm_free(struct shmid_kernel *shp);
338int security_shm_associate(struct shmid_kernel *shp, int shmflg);
339int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
340int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
341int security_sem_alloc(struct sem_array *sma);
342void security_sem_free(struct sem_array *sma);
343int security_sem_associate(struct sem_array *sma, int semflg);
344int security_sem_semctl(struct sem_array *sma, int cmd);
345int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
346 unsigned nsops, int alter);
7b41b173 347void security_d_instantiate(struct dentry *dentry, struct inode *inode);
20510f2f
JM		 348int security_getprocattr(struct task_struct *p, char *name, char **value);
349int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
350int security_netlink_send(struct sock *sk, struct sk_buff *skb);
746df9b5 351int security_ismaclabel(const char *name);
20510f2f 352int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
7bf570dc 353int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
20510f2f
JM		 354void security_release_secctx(char *secdata, u32 seclen);
355
1ee65e37
DQ		 356int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
357int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
358int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
1da177e4 359#else /* CONFIG_SECURITY */
e0007529
EP		 360struct security_mnt_opts {
361};
362
363static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
364{
365}
366
367static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
368{
369}
1da177e4
LT		 370
371/*
372 * This is the default capabilities functionality. Most of these functions
373 * are just stubbed out, but a few must call the proper capable code.
374 */
375
376static inline int security_init(void)
377{
378 return 0;
379}
380
79af7307
SS		 381static inline int security_binder_set_context_mgr(struct task_struct *mgr)
382{
383 return 0;
384}
385
386static inline int security_binder_transaction(struct task_struct *from,
387 struct task_struct *to)
388{
389 return 0;
390}
391
392static inline int security_binder_transfer_binder(struct task_struct *from,
393 struct task_struct *to)
394{
395 return 0;
396}
397
398static inline int security_binder_transfer_file(struct task_struct *from,
399 struct task_struct *to,
400 struct file *file)
401{
402 return 0;
403}
404
9e48858f 405static inline int security_ptrace_access_check(struct task_struct *child,
5cd9c58f
DH		 406 unsigned int mode)
407{
9e48858f 408 return cap_ptrace_access_check(child, mode);
5cd9c58f
DH		 409}
410
5e186b57 411static inline int security_ptrace_traceme(struct task_struct *parent)
1da177e4 412{
5cd9c58f 413 return cap_ptrace_traceme(parent);
1da177e4
LT		 414}
415
7b41b173 416static inline int security_capget(struct task_struct *target,
1da177e4
LT		 417 kernel_cap_t *effective,
418 kernel_cap_t *inheritable,
419 kernel_cap_t *permitted)
420{
7b41b173 421 return cap_capget(target, effective, inheritable, permitted);
1da177e4
LT		 422}
423
d84f4f99
DH		 424static inline int security_capset(struct cred *new,
425 const struct cred *old,
426 const kernel_cap_t *effective,
427 const kernel_cap_t *inheritable,
428 const kernel_cap_t *permitted)
1da177e4 429{
d84f4f99 430 return cap_capset(new, old, effective, inheritable, permitted);
1da177e4
LT		 431}
432
b7e724d3
EP		 433static inline int security_capable(const struct cred *cred,
434 struct user_namespace *ns, int cap)
06112163 435{
6a9de491 436 return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
3699c53c
DH		 437}
438
c7eba4a9
EP		 439static inline int security_capable_noaudit(const struct cred *cred,
440 struct user_namespace *ns, int cap) {
441 return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
12b5989b
CW		 442}
443
7b41b173
EP		 444static inline int security_quotactl(int cmds, int type, int id,
445 struct super_block *sb)
1da177e4
LT		 446{
447 return 0;
448}
449
7b41b173 450static inline int security_quota_on(struct dentry *dentry)
1da177e4
LT		 451{
452 return 0;
453}
454
12b3052c 455static inline int security_syslog(int type)
1da177e4 456{
12b3052c 457 return 0;
1da177e4
LT		 458}
459
1e6d7679
RC		 460static inline int security_settime(const struct timespec *ts,
461 const struct timezone *tz)
1da177e4
LT		 462{
463 return cap_settime(ts, tz);
464}
465
1b79cd04 466static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
731572d3 467{
b1d9e6b0 468 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
731572d3
AC		 469}
470
a6f76f23 471static inline int security_bprm_set_creds(struct linux_binprm *bprm)
7b41b173 472{
a6f76f23 473 return cap_bprm_set_creds(bprm);
1da177e4
LT		 474}
475
a6f76f23 476static inline int security_bprm_check(struct linux_binprm *bprm)
1da177e4 477{
a6f76f23 478 return 0;
1da177e4
LT		 479}
480
a6f76f23 481static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
1da177e4 482{
1da177e4
LT		 483}
484
a6f76f23 485static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
1da177e4 486{
1da177e4
LT		 487}
488
7b41b173 489static inline int security_bprm_secureexec(struct linux_binprm *bprm)
1da177e4
LT		 490{
491 return cap_bprm_secureexec(bprm);
492}
493
7b41b173 494static inline int security_sb_alloc(struct super_block *sb)
1da177e4
LT		 495{
496 return 0;
497}
498
7b41b173 499static inline void security_sb_free(struct super_block *sb)
1da177e4
LT		 500{ }
501
7b41b173 502static inline int security_sb_copy_data(char *orig, char *copy)
1da177e4
LT		 503{
504 return 0;
505}
506
ff36fe2c
EP		 507static inline int security_sb_remount(struct super_block *sb, void *data)
508{
509 return 0;
510}
511
12204e24 512static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
1da177e4
LT		 513{
514 return 0;
515}
516
2069f457
EP		 517static inline int security_sb_show_options(struct seq_file *m,
518 struct super_block *sb)
519{
520 return 0;
521}
522
7b41b173 523static inline int security_sb_statfs(struct dentry *dentry)
1da177e4
LT		 524{
525 return 0;
526}
527
808d4e3c
AV		 528static inline int security_sb_mount(const char *dev_name, struct path *path,
529 const char *type, unsigned long flags,
1da177e4
LT		 530 void *data)
531{
532 return 0;
533}
534
7b41b173 535static inline int security_sb_umount(struct vfsmount *mnt, int flags)
1da177e4
LT		 536{
537 return 0;
538}
539
7b41b173
EP		 540static inline int security_sb_pivotroot(struct path *old_path,
541 struct path *new_path)
1da177e4
LT		 542{
543 return 0;
544}
545
e0007529 546static inline int security_sb_set_mnt_opts(struct super_block *sb,
649f6e77
DQ		 547 struct security_mnt_opts *opts,
548 unsigned long kern_flags,
549 unsigned long *set_kern_flags)
e0007529
EP		 550{
551 return 0;
552}
553
094f7b69 554static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
e0007529 555 struct super_block *newsb)
094f7b69
JL		 556{
557 return 0;
558}
e0007529
EP		 559
560static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
561{
562 return 0;
563}
1da177e4 564
7b41b173 565static inline int security_inode_alloc(struct inode *inode)
1da177e4
LT		 566{
567 return 0;
568}
569
7b41b173 570static inline void security_inode_free(struct inode *inode)
1da177e4 571{ }
5e41ff9e 572
d47be3df
DQ		 573static inline int security_dentry_init_security(struct dentry *dentry,
574 int mode,
575 struct qstr *name,
576 void **ctx,
577 u32 *ctxlen)
578{
579 return -EOPNOTSUPP;
580}
581
582
7b41b173 583static inline int security_inode_init_security(struct inode *inode,
5e41ff9e 584 struct inode *dir,
2a7dba39 585 const struct qstr *qstr,
fbff6610 586 const initxattrs xattrs,
9d8f13ba 587 void *fs_data)
5e41ff9e 588{
1e39f384 589 return 0;
5e41ff9e 590}
7b41b173 591
1e39f384
MZ		 592static inline int security_old_inode_init_security(struct inode *inode,
593 struct inode *dir,
594 const struct qstr *qstr,
9548906b
TH		 595 const char **name,
596 void **value, size_t *len)
e1c9b23a 597{
30e05324 598 return -EOPNOTSUPP;
e1c9b23a
MZ		 599}
600
7b41b173 601static inline int security_inode_create(struct inode *dir,
1da177e4 602 struct dentry *dentry,
4acdaf27 603 umode_t mode)
1da177e4
LT		 604{
605 return 0;
606}
607
7b41b173 608static inline int security_inode_link(struct dentry *old_dentry,
1da177e4
LT		 609 struct inode *dir,
610 struct dentry *new_dentry)
611{
612 return 0;
613}
614
7b41b173 615static inline int security_inode_unlink(struct inode *dir,
1da177e4
LT		 616 struct dentry *dentry)
617{
618 return 0;
619}
620
7b41b173 621static inline int security_inode_symlink(struct inode *dir,
1da177e4
LT		 622 struct dentry *dentry,
623 const char *old_name)
624{
625 return 0;
626}
627
7b41b173 628static inline int security_inode_mkdir(struct inode *dir,
1da177e4
LT		 629 struct dentry *dentry,
630 int mode)
631{
632 return 0;
633}
634
7b41b173 635static inline int security_inode_rmdir(struct inode *dir,
1da177e4
LT		 636 struct dentry *dentry)
637{
638 return 0;
639}
640
7b41b173 641static inline int security_inode_mknod(struct inode *dir,
1da177e4
LT		 642 struct dentry *dentry,
643 int mode, dev_t dev)
644{
645 return 0;
646}
647
7b41b173 648static inline int security_inode_rename(struct inode *old_dir,
1da177e4
LT		 649 struct dentry *old_dentry,
650 struct inode *new_dir,
0b3974eb
MS		 651 struct dentry *new_dentry,
652 unsigned int flags)
1da177e4
LT		 653{
654 return 0;
655}
656
7b41b173 657static inline int security_inode_readlink(struct dentry *dentry)
1da177e4
LT		 658{
659 return 0;
660}
661
7b41b173 662static inline int security_inode_follow_link(struct dentry *dentry,
1da177e4
LT		 663 struct nameidata *nd)
664{
665 return 0;
666}
667
b77b0646 668static inline int security_inode_permission(struct inode *inode, int mask)
1da177e4
LT		 669{
670 return 0;
671}
672
7b41b173 673static inline int security_inode_setattr(struct dentry *dentry,
1da177e4
LT		 674 struct iattr *attr)
675{
676 return 0;
677}
678
3f7036a0 679static inline int security_inode_getattr(const struct path *path)
1da177e4
LT		 680{
681 return 0;
682}
683
8f0cfa52
DH		 684static inline int security_inode_setxattr(struct dentry *dentry,
685 const char *name, const void *value, size_t size, int flags)
1da177e4
LT		 686{
687 return cap_inode_setxattr(dentry, name, value, size, flags);
688}
689
8f0cfa52
DH		 690static inline void security_inode_post_setxattr(struct dentry *dentry,
691 const char *name, const void *value, size_t size, int flags)
1da177e4
LT		 692{ }
693
8f0cfa52
DH		 694static inline int security_inode_getxattr(struct dentry *dentry,
695 const char *name)
1da177e4
LT		 696{
697 return 0;
698}
699
7b41b173 700static inline int security_inode_listxattr(struct dentry *dentry)
1da177e4
LT		 701{
702 return 0;
703}
704
8f0cfa52
DH		 705static inline int security_inode_removexattr(struct dentry *dentry,
706 const char *name)
1da177e4
LT		 707{
708 return cap_inode_removexattr(dentry, name);
709}
710
b5376771
SH		 711static inline int security_inode_need_killpriv(struct dentry *dentry)
712{
713 return cap_inode_need_killpriv(dentry);
714}
715
716static inline int security_inode_killpriv(struct dentry *dentry)
717{
718 return cap_inode_killpriv(dentry);
719}
720
42492594 721static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
1da177e4
LT		 722{
723 return -EOPNOTSUPP;
724}
725
726static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
727{
728 return -EOPNOTSUPP;
729}
730
731static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
732{
733 return 0;
734}
735
8a076191
AD		 736static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
737{
738 *secid = 0;
739}
740
7b41b173 741static inline int security_file_permission(struct file *file, int mask)
1da177e4
LT		 742{
743 return 0;
744}
745
7b41b173 746static inline int security_file_alloc(struct file *file)
1da177e4
LT		 747{
748 return 0;
749}
750
7b41b173 751static inline void security_file_free(struct file *file)
1da177e4
LT		 752{ }
753
7b41b173
EP		 754static inline int security_file_ioctl(struct file *file, unsigned int cmd,
755 unsigned long arg)
1da177e4
LT		 756{
757 return 0;
758}
759
8b3ec681 760static inline int security_mmap_file(struct file *file, unsigned long prot,
e5467859
AV		 761 unsigned long flags)
762{
763 return 0;
764}
765
766static inline int security_mmap_addr(unsigned long addr)
1da177e4 767{
d007794a 768 return cap_mmap_addr(addr);
1da177e4
LT		 769}
770
7b41b173
EP		 771static inline int security_file_mprotect(struct vm_area_struct *vma,
772 unsigned long reqprot,
773 unsigned long prot)
1da177e4
LT		 774{
775 return 0;
776}
777
7b41b173 778static inline int security_file_lock(struct file *file, unsigned int cmd)
1da177e4
LT		 779{
780 return 0;
781}
782
7b41b173
EP		 783static inline int security_file_fcntl(struct file *file, unsigned int cmd,
784 unsigned long arg)
1da177e4
LT		 785{
786 return 0;
787}
788
e0b93edd 789static inline void security_file_set_fowner(struct file *file)
1da177e4 790{
e0b93edd 791 return;
1da177e4
LT		 792}
793
7b41b173
EP		 794static inline int security_file_send_sigiotask(struct task_struct *tsk,
795 struct fown_struct *fown,
796 int sig)
1da177e4
LT		 797{
798 return 0;
799}
800
7b41b173 801static inline int security_file_receive(struct file *file)
1da177e4
LT		 802{
803 return 0;
804}
805
83d49856
EP		 806static inline int security_file_open(struct file *file,
807 const struct cred *cred)
788e7dd4
YN		 808{
809 return 0;
810}
811
7b41b173 812static inline int security_task_create(unsigned long clone_flags)
1da177e4
LT		 813{
814 return 0;
815}
816
1a2a4d06
KC		 817static inline void security_task_free(struct task_struct *task)
818{ }
819
945af7c3
DH		 820static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
821{
822 return 0;
823}
ee18d64c 824
d84f4f99
DH		 825static inline void security_cred_free(struct cred *cred)
826{ }
827
828static inline int security_prepare_creds(struct cred *new,
829 const struct cred *old,
830 gfp_t gfp)
1da177e4
LT		 831{
832 return 0;
833}
834
ee18d64c
DH		 835static inline void security_transfer_creds(struct cred *new,
836 const struct cred *old)
837{
838}
839
3a3b7ce9
DH		 840static inline int security_kernel_act_as(struct cred *cred, u32 secid)
841{
842 return 0;
843}
844
845static inline int security_kernel_create_files_as(struct cred *cred,
846 struct inode *inode)
847{
848 return 0;
849}
850
13752fe2
KC		 851static inline int security_kernel_fw_from_file(struct file *file,
852 char *buf, size_t size)
853{
854 return 0;
855}
856
dd8dbf2e 857static inline int security_kernel_module_request(char *kmod_name)
9188499c
EP		 858{
859 return 0;
1da177e4
LT		 860}
861
2e72d51b
KC		 862static inline int security_kernel_module_from_file(struct file *file)
863{
864 return 0;
865}
866
d84f4f99
DH		 867static inline int security_task_fix_setuid(struct cred *new,
868 const struct cred *old,
869 int flags)
1da177e4 870{
d84f4f99 871 return cap_task_fix_setuid(new, old, flags);
1da177e4
LT		 872}
873
7b41b173 874static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
1da177e4
LT		 875{
876 return 0;
877}
878
7b41b173 879static inline int security_task_getpgid(struct task_struct *p)
1da177e4
LT		 880{
881 return 0;
882}
883
7b41b173 884static inline int security_task_getsid(struct task_struct *p)
1da177e4
LT		 885{
886 return 0;
887}
888
7b41b173 889static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
8a076191
AD		 890{
891 *secid = 0;
892}
f9008e4c 893
7b41b173 894static inline int security_task_setnice(struct task_struct *p, int nice)
1da177e4 895{
b5376771 896 return cap_task_setnice(p, nice);
1da177e4
LT		 897}
898
7b41b173 899static inline int security_task_setioprio(struct task_struct *p, int ioprio)
03e68060 900{
b5376771 901 return cap_task_setioprio(p, ioprio);
03e68060
JM		 902}
903
7b41b173 904static inline int security_task_getioprio(struct task_struct *p)
a1836a42
DQ		 905{
906 return 0;
907}
908
8fd00b4d
JS		 909static inline int security_task_setrlimit(struct task_struct *p,
910 unsigned int resource,
7b41b173 911 struct rlimit *new_rlim)
1da177e4
LT		 912{
913 return 0;
914}
915
b0ae1981 916static inline int security_task_setscheduler(struct task_struct *p)
1da177e4 917{
b0ae1981 918 return cap_task_setscheduler(p);
1da177e4
LT		 919}
920
7b41b173 921static inline int security_task_getscheduler(struct task_struct *p)
1da177e4
LT		 922{
923 return 0;
924}
925
7b41b173 926static inline int security_task_movememory(struct task_struct *p)
35601547
DQ		 927{
928 return 0;
929}
930
7b41b173
EP		 931static inline int security_task_kill(struct task_struct *p,
932 struct siginfo *info, int sig,
933 u32 secid)
1da177e4 934{
aedb60a6 935 return 0;
1da177e4
LT		 936}
937
7b41b173 938static inline int security_task_wait(struct task_struct *p)
1da177e4
LT		 939{
940 return 0;
941}
942
7b41b173
EP		 943static inline int security_task_prctl(int option, unsigned long arg2,
944 unsigned long arg3,
945 unsigned long arg4,
d84f4f99 946 unsigned long arg5)
1da177e4 947{
d84f4f99 948 return cap_task_prctl(option, arg2, arg3, arg3, arg5);
1da177e4
LT		 949}
950
951static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
952{ }
953
7b41b173
EP		 954static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
955 short flag)
1da177e4
LT		 956{
957 return 0;
958}
959
8a076191
AD		 960static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
961{
962 *secid = 0;
963}
964
7b41b173 965static inline int security_msg_msg_alloc(struct msg_msg *msg)
1da177e4
LT		 966{
967 return 0;
968}
969
7b41b173 970static inline void security_msg_msg_free(struct msg_msg *msg)
1da177e4
LT		 971{ }
972
7b41b173 973static inline int security_msg_queue_alloc(struct msg_queue *msq)
1da177e4
LT		 974{
975 return 0;
976}
977
7b41b173 978static inline void security_msg_queue_free(struct msg_queue *msq)
1da177e4
LT		 979{ }
980
7b41b173
EP		 981static inline int security_msg_queue_associate(struct msg_queue *msq,
982 int msqflg)
1da177e4
LT		 983{
984 return 0;
985}
986
7b41b173 987static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1da177e4
LT		 988{
989 return 0;
990}
991
7b41b173
EP		 992static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
993 struct msg_msg *msg, int msqflg)
1da177e4
LT		 994{
995 return 0;
996}
997
7b41b173
EP		 998static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
999 struct msg_msg *msg,
1000 struct task_struct *target,
1001 long type, int mode)
1da177e4
LT		 1002{
1003 return 0;
1004}
1005
7b41b173 1006static inline int security_shm_alloc(struct shmid_kernel *shp)
1da177e4
LT		 1007{
1008 return 0;
1009}
1010
7b41b173 1011static inline void security_shm_free(struct shmid_kernel *shp)
1da177e4
LT		 1012{ }
1013
7b41b173
EP		 1014static inline int security_shm_associate(struct shmid_kernel *shp,
1015 int shmflg)
1da177e4
LT		 1016{
1017 return 0;
1018}
1019
7b41b173 1020static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
1da177e4
LT		 1021{
1022 return 0;
1023}
1024
7b41b173
EP		 1025static inline int security_shm_shmat(struct shmid_kernel *shp,
1026 char __user *shmaddr, int shmflg)
1da177e4
LT		 1027{
1028 return 0;
1029}
1030
7b41b173 1031static inline int security_sem_alloc(struct sem_array *sma)
1da177e4
LT		 1032{
1033 return 0;
1034}
1035
7b41b173 1036static inline void security_sem_free(struct sem_array *sma)
1da177e4
LT		 1037{ }
1038
7b41b173 1039static inline int security_sem_associate(struct sem_array *sma, int semflg)
1da177e4
LT		 1040{
1041 return 0;
1042}
1043
7b41b173 1044static inline int security_sem_semctl(struct sem_array *sma, int cmd)
1da177e4
LT		 1045{
1046 return 0;
1047}
1048
7b41b173
EP		 1049static inline int security_sem_semop(struct sem_array *sma,
1050 struct sembuf *sops, unsigned nsops,
1051 int alter)
1da177e4
LT		 1052{
1053 return 0;
1054}
1055
7b41b173 1056static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
1da177e4
LT		 1057{ }
1058
04ff9708 1059static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
1da177e4
LT		 1060{
1061 return -EINVAL;
1062}
1063
1064static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
1065{
1066 return -EINVAL;
1067}
1068
7b41b173 1069static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
1da177e4 1070{
b1d9e6b0 1071 return 0;
1da177e4
LT		 1072}
1073
746df9b5
DQ		 1074static inline int security_ismaclabel(const char *name)
1075{
1076 return 0;
1077}
1078
dc49c1f9
CZ		 1079static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
1080{
1081 return -EOPNOTSUPP;
1082}
1083
7bf570dc 1084static inline int security_secctx_to_secid(const char *secdata,
63cb3449
DH		 1085 u32 seclen,
1086 u32 *secid)
1087{
1088 return -EOPNOTSUPP;
1089}
1090
dc49c1f9
CZ		 1091static inline void security_release_secctx(char *secdata, u32 seclen)
1092{
dc49c1f9 1093}
1ee65e37
DQ		 1094
1095static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
1096{
1097 return -EOPNOTSUPP;
1098}
1099static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
1100{
1101 return -EOPNOTSUPP;
1102}
1103static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
1104{
1105 return -EOPNOTSUPP;
1106}
1da177e4
LT		 1107#endif /* CONFIG_SECURITY */
1108
1109#ifdef CONFIG_SECURITY_NETWORK
4237c75c 1110
3610cda5 1111int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
20510f2f
JM		 1112int security_unix_may_send(struct socket *sock, struct socket *other);
1113int security_socket_create(int family, int type, int protocol, int kern);
1114int security_socket_post_create(struct socket *sock, int family,
1115 int type, int protocol, int kern);
1116int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
1117int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
1118int security_socket_listen(struct socket *sock, int backlog);
1119int security_socket_accept(struct socket *sock, struct socket *newsock);
20510f2f
JM		 1120int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
1121int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1122 int size, int flags);
1123int security_socket_getsockname(struct socket *sock);
1124int security_socket_getpeername(struct socket *sock);
1125int security_socket_getsockopt(struct socket *sock, int level, int optname);
1126int security_socket_setsockopt(struct socket *sock, int level, int optname);
1127int security_socket_shutdown(struct socket *sock, int how);
1128int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
1129int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1130 int __user *optlen, unsigned len);
1131int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
1132int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1133void security_sk_free(struct sock *sk);
1134void security_sk_clone(const struct sock *sk, struct sock *newsk);
1135void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
1136void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
1137void security_sock_graft(struct sock*sk, struct socket *parent);
1138int security_inet_conn_request(struct sock *sk,
1139 struct sk_buff *skb, struct request_sock *req);
1140void security_inet_csk_clone(struct sock *newsk,
1141 const struct request_sock *req);
1142void security_inet_conn_established(struct sock *sk,
1143 struct sk_buff *skb);
2606fd1f
EP		 1144int security_secmark_relabel_packet(u32 secid);
1145void security_secmark_refcount_inc(void);
1146void security_secmark_refcount_dec(void);
5dbbaf2d
PM		 1147int security_tun_dev_alloc_security(void **security);
1148void security_tun_dev_free_security(void *security);
2b980dbd 1149int security_tun_dev_create(void);
5dbbaf2d
PM		 1150int security_tun_dev_attach_queue(void *security);
1151int security_tun_dev_attach(struct sock *sk, void *security);
1152int security_tun_dev_open(void *security);
6b877699 1153
1da177e4 1154#else /* CONFIG_SECURITY_NETWORK */
3610cda5
DM		 1155static inline int security_unix_stream_connect(struct sock *sock,
1156 struct sock *other,
7b41b173 1157 struct sock *newsk)
1da177e4
LT		 1158{
1159 return 0;
1160}
1161
7b41b173
EP		 1162static inline int security_unix_may_send(struct socket *sock,
1163 struct socket *other)
1da177e4
LT		 1164{
1165 return 0;
1166}
1167
7b41b173
EP		 1168static inline int security_socket_create(int family, int type,
1169 int protocol, int kern)
1da177e4
LT		 1170{
1171 return 0;
1172}
1173
7b41b173 1174static inline int security_socket_post_create(struct socket *sock,
7420ed23
VY		 1175 int family,
1176 int type,
1177 int protocol, int kern)
1da177e4 1178{
7420ed23 1179 return 0;
1da177e4
LT		 1180}
1181
7b41b173
EP		 1182static inline int security_socket_bind(struct socket *sock,
1183 struct sockaddr *address,
1da177e4
LT		 1184 int addrlen)
1185{
1186 return 0;
1187}
1188
7b41b173
EP		 1189static inline int security_socket_connect(struct socket *sock,
1190 struct sockaddr *address,
1da177e4
LT		 1191 int addrlen)
1192{
1193 return 0;
1194}
1195
7b41b173 1196static inline int security_socket_listen(struct socket *sock, int backlog)
1da177e4
LT		 1197{
1198 return 0;
1199}
1200
7b41b173
EP		 1201static inline int security_socket_accept(struct socket *sock,
1202 struct socket *newsock)
1da177e4
LT		 1203{
1204 return 0;
1205}
1206
7b41b173
EP		 1207static inline int security_socket_sendmsg(struct socket *sock,
1208 struct msghdr *msg, int size)
1da177e4
LT		 1209{
1210 return 0;
1211}
1212
7b41b173
EP		 1213static inline int security_socket_recvmsg(struct socket *sock,
1214 struct msghdr *msg, int size,
1da177e4
LT		 1215 int flags)
1216{
1217 return 0;
1218}
1219
7b41b173 1220static inline int security_socket_getsockname(struct socket *sock)
1da177e4
LT		 1221{
1222 return 0;
1223}
1224
7b41b173 1225static inline int security_socket_getpeername(struct socket *sock)
1da177e4
LT		 1226{
1227 return 0;
1228}
1229
7b41b173 1230static inline int security_socket_getsockopt(struct socket *sock,
1da177e4
LT		 1231 int level, int optname)
1232{
1233 return 0;
1234}
1235
7b41b173 1236static inline int security_socket_setsockopt(struct socket *sock,
1da177e4
LT		 1237 int level, int optname)
1238{
1239 return 0;
1240}
1241
7b41b173 1242static inline int security_socket_shutdown(struct socket *sock, int how)
1da177e4
LT		 1243{
1244 return 0;
1245}
7b41b173
EP		 1246static inline int security_sock_rcv_skb(struct sock *sk,
1247 struct sk_buff *skb)
1da177e4
LT		 1248{
1249 return 0;
1250}
1251
2c7946a7
CZ		 1252static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1253 int __user *optlen, unsigned len)
1254{
1255 return -ENOPROTOOPT;
1256}
1257
dc49c1f9 1258static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
1da177e4
LT		 1259{
1260 return -ENOPROTOOPT;
1261}
1262
dd0fc66f 1263static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1da177e4
LT		 1264{
1265 return 0;
1266}
1267
1268static inline void security_sk_free(struct sock *sk)
892c141e
VY		 1269{
1270}
1271
1272static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
1da177e4
LT		 1273{
1274}
df71837d 1275
beb8d13b 1276static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
df71837d 1277{
df71837d 1278}
4237c75c
VY		 1279
1280static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
1281{
1282}
1283
7b41b173 1284static inline void security_sock_graft(struct sock *sk, struct socket *parent)
4237c75c
VY		 1285{
1286}
1287
1288static inline int security_inet_conn_request(struct sock *sk,
1289 struct sk_buff *skb, struct request_sock *req)
1290{
1291 return 0;
1292}
1293
1294static inline void security_inet_csk_clone(struct sock *newsk,
1295 const struct request_sock *req)
1296{
1297}
6b877699
VY		 1298
1299static inline void security_inet_conn_established(struct sock *sk,
1300 struct sk_buff *skb)
1301{
1302}
2b980dbd 1303
2606fd1f
EP		 1304static inline int security_secmark_relabel_packet(u32 secid)
1305{
1306 return 0;
1307}
1308
1309static inline void security_secmark_refcount_inc(void)
1310{
1311}
1312
1313static inline void security_secmark_refcount_dec(void)
1314{
1315}
1316
5dbbaf2d
PM		 1317static inline int security_tun_dev_alloc_security(void **security)
1318{
1319 return 0;
1320}
1321
1322static inline void security_tun_dev_free_security(void *security)
1323{
1324}
1325
2b980dbd
PM		 1326static inline int security_tun_dev_create(void)
1327{
1328 return 0;
1329}
1330
5dbbaf2d
PM		 1331static inline int security_tun_dev_attach_queue(void *security)
1332{
1333 return 0;
1334}
1335
1336static inline int security_tun_dev_attach(struct sock *sk, void *security)
2b980dbd 1337{
5dbbaf2d 1338 return 0;
2b980dbd
PM		 1339}
1340
5dbbaf2d 1341static inline int security_tun_dev_open(void *security)
2b980dbd
PM		 1342{
1343 return 0;
1344}
1da177e4
LT		 1345#endif /* CONFIG_SECURITY_NETWORK */
1346
df71837d 1347#ifdef CONFIG_SECURITY_NETWORK_XFRM
beb8d13b 1348
52a4c640
NA		 1349int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1350 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
03e1ad7b
PM		 1351int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
1352void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
1353int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
20510f2f
JM		 1354int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1355int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1356 struct xfrm_sec_ctx *polsec, u32 secid);
1357int security_xfrm_state_delete(struct xfrm_state *x);
1358void security_xfrm_state_free(struct xfrm_state *x);
03e1ad7b 1359int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
20510f2f 1360int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
e33f7704
DM		 1361 struct xfrm_policy *xp,
1362 const struct flowi *fl);
20510f2f
JM		 1363int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
1364void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
beb8d13b 1365
df71837d 1366#else /* CONFIG_SECURITY_NETWORK_XFRM */
20510f2f 1367
52a4c640
NA		 1368static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1369 struct xfrm_user_sec_ctx *sec_ctx,
1370 gfp_t gfp)
df71837d
TJ		 1371{
1372 return 0;
1373}
1374
03e1ad7b 1375static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
df71837d
TJ		 1376{
1377 return 0;
1378}
1379
03e1ad7b 1380static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
df71837d
TJ		 1381{
1382}
1383
03e1ad7b 1384static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
c8c05a8e
CZ		 1385{
1386 return 0;
1387}
1388
e0d1caa7
VY		 1389static inline int security_xfrm_state_alloc(struct xfrm_state *x,
1390 struct xfrm_user_sec_ctx *sec_ctx)
1391{
1392 return 0;
1393}
1394
1395static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1396 struct xfrm_sec_ctx *polsec, u32 secid)
df71837d
TJ		 1397{
1398 return 0;
1399}
1400
1401static inline void security_xfrm_state_free(struct xfrm_state *x)
1402{
1403}
1404
6f68dc37 1405static inline int security_xfrm_state_delete(struct xfrm_state *x)
c8c05a8e
CZ		 1406{
1407 return 0;
1408}
1409
03e1ad7b 1410static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
df71837d
TJ		 1411{
1412 return 0;
1413}
e0d1caa7
VY		 1414
1415static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
e33f7704 1416 struct xfrm_policy *xp, const struct flowi *fl)
e0d1caa7
VY		 1417{
1418 return 1;
1419}
1420
beb8d13b 1421static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
e0d1caa7
VY		 1422{
1423 return 0;
1424}
1425
beb8d13b
VY		 1426static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
1427{
1428}
1429
df71837d
TJ		 1430#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1431
be6d3e56
KT		 1432#ifdef CONFIG_SECURITY_PATH
1433int security_path_unlink(struct path *dir, struct dentry *dentry);
4572befe 1434int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
be6d3e56 1435int security_path_rmdir(struct path *dir, struct dentry *dentry);
04fc66e7 1436int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
be6d3e56 1437 unsigned int dev);
ea0d3ab2 1438int security_path_truncate(struct path *path);
be6d3e56
KT		 1439int security_path_symlink(struct path *dir, struct dentry *dentry,
1440 const char *old_name);
1441int security_path_link(struct dentry *old_dentry, struct path *new_dir,
1442 struct dentry *new_dentry);
1443int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
0b3974eb
MS		 1444 struct path *new_dir, struct dentry *new_dentry,
1445 unsigned int flags);
cdcf116d 1446int security_path_chmod(struct path *path, umode_t mode);
d2b31ca6 1447int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
8b8efb44 1448int security_path_chroot(struct path *path);
be6d3e56
KT		 1449#else /* CONFIG_SECURITY_PATH */
1450static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
1451{
1452 return 0;
1453}
1454
1455static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
4572befe 1456 umode_t mode)
be6d3e56
KT		 1457{
1458 return 0;
1459}
1460
1461static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
1462{
1463 return 0;
1464}
1465
1466static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
04fc66e7 1467 umode_t mode, unsigned int dev)
be6d3e56
KT		 1468{
1469 return 0;
1470}
1471
ea0d3ab2 1472static inline int security_path_truncate(struct path *path)
be6d3e56
KT		 1473{
1474 return 0;
1475}
1476
1477static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
1478 const char *old_name)
1479{
1480 return 0;
1481}
1482
1483static inline int security_path_link(struct dentry *old_dentry,
1484 struct path *new_dir,
1485 struct dentry *new_dentry)
1486{
1487 return 0;
1488}
1489
1490static inline int security_path_rename(struct path *old_dir,
1491 struct dentry *old_dentry,
1492 struct path *new_dir,
0b3974eb
MS		 1493 struct dentry *new_dentry,
1494 unsigned int flags)
be6d3e56
KT		 1495{
1496 return 0;
1497}
89eda068 1498
cdcf116d 1499static inline int security_path_chmod(struct path *path, umode_t mode)
89eda068
TH		 1500{
1501 return 0;
1502}
1503
d2b31ca6 1504static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
89eda068
TH		 1505{
1506 return 0;
1507}
8b8efb44
TH		 1508
1509static inline int security_path_chroot(struct path *path)
1510{
1511 return 0;
1512}
be6d3e56
KT		 1513#endif /* CONFIG_SECURITY_PATH */
1514
29db9190
DH		 1515#ifdef CONFIG_KEYS
1516#ifdef CONFIG_SECURITY
29db9190 1517
d84f4f99 1518int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
20510f2f
JM		 1519void security_key_free(struct key *key);
1520int security_key_permission(key_ref_t key_ref,
f5895943 1521 const struct cred *cred, unsigned perm);
70a5bb72 1522int security_key_getsecurity(struct key *key, char **_buffer);
29db9190
DH		 1523
1524#else
1525
d720024e 1526static inline int security_key_alloc(struct key *key,
d84f4f99 1527 const struct cred *cred,
7e047ef5 1528 unsigned long flags)
29db9190
DH		 1529{
1530 return 0;
1531}
1532
1533static inline void security_key_free(struct key *key)
1534{
1535}
1536
1537static inline int security_key_permission(key_ref_t key_ref,
d84f4f99 1538 const struct cred *cred,
f5895943 1539 unsigned perm)
29db9190
DH		 1540{
1541 return 0;
1542}
1543
70a5bb72
DH		 1544static inline int security_key_getsecurity(struct key *key, char **_buffer)
1545{
1546 *_buffer = NULL;
1547 return 0;
be1d6a5f 1548}
ee18d64c 1549
29db9190
DH		 1550#endif
1551#endif /* CONFIG_KEYS */
1552
03d37d25
AD		 1553#ifdef CONFIG_AUDIT
1554#ifdef CONFIG_SECURITY
1555int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
1556int security_audit_rule_known(struct audit_krule *krule);
1557int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
1558 struct audit_context *actx);
1559void security_audit_rule_free(void *lsmrule);
1560
1561#else
1562
1563static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
1564 void **lsmrule)
1565{
1566 return 0;
1567}
1568
1569static inline int security_audit_rule_known(struct audit_krule *krule)
1570{
1571 return 0;
1572}
1573
1574static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
1575 void *lsmrule, struct audit_context *actx)
1576{
1577 return 0;
1578}
1579
1580static inline void security_audit_rule_free(void *lsmrule)
1581{ }
1582
1583#endif /* CONFIG_SECURITY */
1584#endif /* CONFIG_AUDIT */
1585
da31894e
EP		 1586#ifdef CONFIG_SECURITYFS
1587
52ef0c04 1588extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
da31894e
EP		 1589 struct dentry *parent, void *data,
1590 const struct file_operations *fops);
1591extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
1592extern void securityfs_remove(struct dentry *dentry);
1593
1594#else /* CONFIG_SECURITYFS */
1595
1596static inline struct dentry *securityfs_create_dir(const char *name,
1597 struct dentry *parent)
1598{
1599 return ERR_PTR(-ENODEV);
1600}
1601
1602static inline struct dentry *securityfs_create_file(const char *name,
52ef0c04 1603 umode_t mode,
da31894e
EP		 1604 struct dentry *parent,
1605 void *data,
1606 const struct file_operations *fops)
1607{
1608 return ERR_PTR(-ENODEV);
1609}
1610
1611static inline void securityfs_remove(struct dentry *dentry)
1612{}
1613
1614#endif
1615
3d544f41
PE		 1616#ifdef CONFIG_SECURITY
1617
1618static inline char *alloc_secdata(void)
1619{
1620 return (char *)get_zeroed_page(GFP_KERNEL);
1621}
1622
1623static inline void free_secdata(void *secdata)
1624{
1625 free_page((unsigned long)secdata);
1626}
1627
1628#else
1629
1630static inline char *alloc_secdata(void)
1631{
1632 return (char *)1;
1633}
1634
1635static inline void free_secdata(void *secdata)
1636{ }
1637#endif /* CONFIG_SECURITY */
1638
1da177e4
LT		 1639#endif /* ! __LINUX_SECURITY_H */
1640
Ubuntu Hirsute Linux kernel mirror