]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - include/linux/security.h
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
binder: use cred instead of task for selinux checks
[mirror_ubuntu-jammy-kernel.git] / include / linux / security.h
CommitLineData
1da177e4
LT		 1/*
2 * Linux Security plug
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
d291f1a6 9 * Copyright (C) 2016 Mellanox Techonologies
1da177e4
LT		 10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * Due to this file being licensed under the GPL there is controversy over
17 * whether this permits you to write a module that #includes this file
18 * without placing your module under the GPL. Please consult a lawyer for
19 * advice before doing this.
20 *
21 */
22
23#ifndef __LINUX_SECURITY_H
24#define __LINUX_SECURITY_H
25
b89999d0 26#include <linux/kernel_read_file.h>
29db9190 27#include <linux/key.h>
40401530 28#include <linux/capability.h>
cf222217 29#include <linux/fs.h>
5a0e3ad6 30#include <linux/slab.h>
40401530 31#include <linux/err.h>
d47be3df 32#include <linux/string.h>
b1d9e6b0 33#include <linux/mm.h>
40401530
AV		 34
35struct linux_binprm;
36struct cred;
37struct rlimit;
ae7795bc 38struct kernel_siginfo;
40401530
AV		 39struct sembuf;
40struct kern_ipc_perm;
41struct audit_context;
42struct super_block;
43struct inode;
44struct dentry;
45struct file;
46struct vfsmount;
47struct path;
48struct qstr;
40401530
AV		 49struct iattr;
50struct fown_struct;
51struct file_operations;
40401530 52struct msg_msg;
40401530 53struct xattr;
b230d5ab 54struct kernfs_node;
40401530
AV		 55struct xfrm_sec_ctx;
56struct mm_struct;
da2441fd
DH		 57struct fs_context;
58struct fs_parameter;
59enum fs_value_type;
344fa64e
DH		 60struct watch;
61struct watch_notification;
1da177e4 62
c1a85a00
MM		 63/* Default (no) options for the capable function */
64#define CAP_OPT_NONE 0x0
06112163 65/* If capable should audit the security request */
c1a85a00
MM		 66#define CAP_OPT_NOAUDIT BIT(1)
67/* If capable is being called by a setid function */
68#define CAP_OPT_INSETID BIT(2)
06112163 69
846e5662 70/* LSM Agnostic defines for fs_context::lsm_flags */
eb9ae686
DQ		 71#define SECURITY_LSM_NATIVE_LABELS 1
72
1da177e4 73struct ctl_table;
03d37d25 74struct audit_krule;
3486740a 75struct user_namespace;
40401530 76struct timezone;
1da177e4 77
8f408ab6
DJ		 78enum lsm_event {
79 LSM_POLICY_CHANGE,
80};
81
9e47d31d
MG		 82/*
83 * These are reasons that can be passed to the security_locked_down()
84 * LSM hook. Lockdown reasons that protect kernel integrity (ie, the
85 * ability for userland to modify kernel code) are placed before
86 * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel
87 * confidentiality (ie, the ability for userland to extract
88 * information from the running kernel that would otherwise be
89 * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX.
90 *
91 * LSM authors should note that the semantics of any given lockdown
92 * reason are not guaranteed to be stable - the same reason may block
93 * one set of features in one kernel release, and a slightly different
94 * set of features in a later kernel release. LSMs that seek to expose
95 * lockdown policy at any level of granularity other than "none",
96 * "integrity" or "confidentiality" are responsible for either
97 * ensuring that they expose a consistent level of functionality to
98 * userland, or ensuring that userland is aware that this is
99 * potentially a moving target. It is easy to misuse this information
100 * in a way that could break userspace. Please be careful not to do
101 * so.
000d388e
MG		 102 *
103 * If you add to this, remember to extend lockdown_reasons in
104 * security/lockdown/lockdown.c.
9e47d31d
MG		 105 */
106enum lockdown_reason {
107 LOCKDOWN_NONE,
49fcf732 108 LOCKDOWN_MODULE_SIGNATURE,
9b9d8dda 109 LOCKDOWN_DEV_MEM,
359efcc2 110 LOCKDOWN_EFI_TEST,
7d31f460 111 LOCKDOWN_KEXEC,
38bd94b8 112 LOCKDOWN_HIBERNATION,
eb627e17 113 LOCKDOWN_PCI_ACCESS,
96c4f672 114 LOCKDOWN_IOPORT,
95f5e95f 115 LOCKDOWN_MSR,
f474e148 116 LOCKDOWN_ACPI_TABLES,
3f19cad3 117 LOCKDOWN_PCMCIA_CIS,
794edf30 118 LOCKDOWN_TIOCSSERIAL,
20657f66 119 LOCKDOWN_MODULE_PARAMETERS,
906357f7 120 LOCKDOWN_MMIOTRACE,
5496197f 121 LOCKDOWN_DEBUGFS,
69393cb0 122 LOCKDOWN_XMON_WR,
51e1bb9e 123 LOCKDOWN_BPF_WRITE_USER,
9e47d31d 124 LOCKDOWN_INTEGRITY_MAX,
02e935bf 125 LOCKDOWN_KCORE,
a94549dd 126 LOCKDOWN_KPROBES,
71330842 127 LOCKDOWN_BPF_READ_KERNEL,
b0c8fdc7 128 LOCKDOWN_PERF,
ccbd54ff 129 LOCKDOWN_TRACEFS,
69393cb0 130 LOCKDOWN_XMON_RW,
c7a5899e 131 LOCKDOWN_XFRM_SECRET,
9e47d31d
MG		 132 LOCKDOWN_CONFIDENTIALITY_MAX,
133};
134
59438b46
SS		 135extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
136
b1393bc0
CS		 137/*
138 * A "security context" is the text representation of
139 * the information used by LSMs.
140 * This structure contains the string, its length, and which LSM
141 * it is useful for.
142 */
143struct lsmcontext {
144 char *context; /* Provided by the module */
145 u32 len;
146 int slot; /* Identifies the module */
147};
148
149/**
150 * lsmcontext_init - initialize an lsmcontext structure.
151 * @cp: Pointer to the context to initialize
152 * @context: Initial context, or NULL
153 * @size: Size of context, or 0
154 * @slot: Which LSM provided the context
155 *
156 * Fill in the lsmcontext from the provided information.
157 * This is a scaffolding function that will be removed when
158 * lsmcontext integration is complete.
159 */
160static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
161 u32 size, int slot)
162{
163 cp->slot = slot;
164 cp->context = context;
165 cp->len = size;
166}
167
f17b27a2
CS		 168/*
169 * Data exported by the security modules
170 *
171 * Any LSM that provides secid or secctx based hooks must be included.
172 */
173#define LSMBLOB_ENTRIES ( \
174 (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
175 (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
176 (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
177 (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0))
178
179struct lsmblob {
180 u32 secid[LSMBLOB_ENTRIES];
181};
182
183#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */
184#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */
185#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */
85ff5379
CS		 186#define LSMBLOB_DISPLAY -4 /* Use the "display" slot */
187#define LSMBLOB_FIRST -5 /* Use the default "display" slot */
f17b27a2
CS		 188
189/**
190 * lsmblob_init - initialize an lsmblob structure.
191 * @blob: Pointer to the data to initialize
192 * @secid: The initial secid value
193 *
194 * Set all secid for all modules to the specified value.
195 */
196static inline void lsmblob_init(struct lsmblob *blob, u32 secid)
197{
198 int i;
199
200 for (i = 0; i < LSMBLOB_ENTRIES; i++)
201 blob->secid[i] = secid;
202}
203
204/**
205 * lsmblob_is_set - report if there is an value in the lsmblob
206 * @blob: Pointer to the exported LSM data
207 *
208 * Returns true if there is a secid set, false otherwise
209 */
210static inline bool lsmblob_is_set(struct lsmblob *blob)
211{
212 struct lsmblob empty = {};
213
214 return !!memcmp(blob, &empty, sizeof(*blob));
215}
216
217/**
218 * lsmblob_equal - report if the two lsmblob's are equal
219 * @bloba: Pointer to one LSM data
220 * @blobb: Pointer to the other LSM data
221 *
222 * Returns true if all entries in the two are equal, false otherwise
223 */
224static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb)
225{
226 return !memcmp(bloba, blobb, sizeof(*bloba));
227}
228
c0792283
CS		 229/**
230 * lsmblob_value - find the first non-zero value in an lsmblob structure.
231 * @blob: Pointer to the data
232 *
233 * This needs to be used with extreme caution, as the cases where
234 * it is appropriate are rare.
235 *
236 * Return the first secid value set in the lsmblob.
237 * There should only be one.
238 */
239static inline u32 lsmblob_value(const struct lsmblob *blob)
240{
241 int i;
242
243 for (i = 0; i < LSMBLOB_ENTRIES; i++)
244 if (blob->secid[i])
245 return blob->secid[i];
246
247 return 0;
248}
249
85ff5379
CS		 250const char *security_lsm_slot_name(int slot);
251
252static inline bool lsm_multiple_contexts(void)
253{
254#ifdef CONFIG_SECURITY
255 return security_lsm_slot_name(1) != NULL;
256#else
257 return false;
258#endif
259}
260
b1d9e6b0 261/* These functions are in security/commoncap.c */
6a9de491 262extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
c1a85a00 263 int cap, unsigned int opts);
457db29b 264extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
9e48858f 265extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
5cd9c58f 266extern int cap_ptrace_traceme(struct task_struct *parent);
7b41b173 267extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
d84f4f99
DH		 268extern int cap_capset(struct cred *new, const struct cred *old,
269 const kernel_cap_t *effective,
270 const kernel_cap_t *inheritable,
271 const kernel_cap_t *permitted);
56305aa9 272extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
71bc356f
CB		 273int cap_inode_setxattr(struct dentry *dentry, const char *name,
274 const void *value, size_t size, int flags);
275int cap_inode_removexattr(struct user_namespace *mnt_userns,
276 struct dentry *dentry, const char *name);
277int cap_inode_need_killpriv(struct dentry *dentry);
278int cap_inode_killpriv(struct user_namespace *mnt_userns,
279 struct dentry *dentry);
280int cap_inode_getsecurity(struct user_namespace *mnt_userns,
281 struct inode *inode, const char *name, void **buffer,
282 bool alloc);
d007794a 283extern int cap_mmap_addr(unsigned long addr);
e5467859
AV		 284extern int cap_mmap_file(struct file *file, unsigned long reqprot,
285 unsigned long prot, unsigned long flags);
d84f4f99 286extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
3898b1b4 287extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f99 288 unsigned long arg4, unsigned long arg5);
b0ae1981 289extern int cap_task_setscheduler(struct task_struct *p);
7b41b173
EP		 290extern int cap_task_setioprio(struct task_struct *p, int ioprio);
291extern int cap_task_setnice(struct task_struct *p, int nice);
20510f2f 292extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
1da177e4
LT		 293
294struct msghdr;
295struct sk_buff;
296struct sock;
297struct sockaddr;
298struct socket;
3df98d79 299struct flowi_common;
df71837d
TJ		 300struct dst_entry;
301struct xfrm_selector;
302struct xfrm_policy;
303struct xfrm_state;
304struct xfrm_user_sec_ctx;
2069f457 305struct seq_file;
72e89f50 306struct sctp_endpoint;
1da177e4 307
6e141546 308#ifdef CONFIG_MMU
ed032189 309extern unsigned long mmap_min_addr;
a2551df7 310extern unsigned long dac_mmap_min_addr;
6e141546 311#else
be8cfc4a 312#define mmap_min_addr 0UL
6e141546
DH		 313#define dac_mmap_min_addr 0UL
314#endif
315
1da177e4
LT		 316/*
317 * Values used in the task_security_ops calls
318 */
319/* setuid or setgid, id0 == uid or gid */
320#define LSM_SETID_ID 1
321
322/* setreuid or setregid, id0 == real, id1 == eff */
323#define LSM_SETID_RE 2
324
325/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
326#define LSM_SETID_RES 4
327
328/* setfsuid or setfsgid, id0 == fsuid or fsgid */
329#define LSM_SETID_FS 8
330
791ec491
SS		 331/* Flags for security_task_prlimit(). */
332#define LSM_PRLIMIT_READ 1
333#define LSM_PRLIMIT_WRITE 2
334
1da177e4 335/* forward declares to avoid warnings */
1da177e4 336struct sched_param;
4237c75c 337struct request_sock;
1da177e4 338
a6f76f23 339/* bprm->unsafe reasons */
1da177e4
LT		 340#define LSM_UNSAFE_SHARE 1
341#define LSM_UNSAFE_PTRACE 2
9227dd2a 342#define LSM_UNSAFE_NO_NEW_PRIVS 4
1da177e4 343
6e141546 344#ifdef CONFIG_MMU
8d65af78 345extern int mmap_min_addr_handler(struct ctl_table *table, int write,
32927393 346 void *buffer, size_t *lenp, loff_t *ppos);
6e141546 347#endif
47d439e9 348
9d8f13ba
MZ		 349/* security_inode_init_security callback function to write xattrs */
350typedef int (*initxattrs) (struct inode *inode,
351 const struct xattr *xattr_array, void *fs_data);
352
377179cd
MZ		 353
354/* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */
355#define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM,
356#define __data_id_stringify(dummy, str) #str,
357
358enum kernel_load_data_id {
359 __kernel_read_file_id(__data_id_enumify)
360};
361
362static const char * const kernel_load_data_str[] = {
363 __kernel_read_file_id(__data_id_stringify)
364};
365
366static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
367{
368 if ((unsigned)id >= LOADING_MAX_ID)
369 return kernel_load_data_str[LOADING_UNKNOWN];
370
371 return kernel_load_data_str[id];
372}
373
1da177e4
LT		 374#ifdef CONFIG_SECURITY
375
42df744c
JK		 376int call_blocking_lsm_notifier(enum lsm_event event, void *data);
377int register_blocking_lsm_notifier(struct notifier_block *nb);
378int unregister_blocking_lsm_notifier(struct notifier_block *nb);
8f408ab6 379
1da177e4 380/* prototypes */
7b41b173 381extern int security_init(void);
e6b1db98 382extern int early_security_init(void);
1da177e4 383
20510f2f 384/* Security operations */
c55515eb
TK		 385int security_binder_set_context_mgr(const struct cred *mgr);
386int security_binder_transaction(const struct cred *from,
387 const struct cred *to);
388int security_binder_transfer_binder(const struct cred *from,
389 const struct cred *to);
390int security_binder_transfer_file(const struct cred *from,
391 const struct cred *to, struct file *file);
9e48858f 392int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
5cd9c58f 393int security_ptrace_traceme(struct task_struct *parent);
20510f2f 394int security_capget(struct task_struct *target,
7b41b173
EP		 395 kernel_cap_t *effective,
396 kernel_cap_t *inheritable,
397 kernel_cap_t *permitted);
d84f4f99
DH		 398int security_capset(struct cred *new, const struct cred *old,
399 const kernel_cap_t *effective,
400 const kernel_cap_t *inheritable,
401 const kernel_cap_t *permitted);
c1a85a00
MM		 402int security_capable(const struct cred *cred,
403 struct user_namespace *ns,
404 int cap,
405 unsigned int opts);
20510f2f
JM		 406int security_quotactl(int cmds, int type, int id, struct super_block *sb);
407int security_quota_on(struct dentry *dentry);
12b3052c 408int security_syslog(int type);
457db29b 409int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
20510f2f 410int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
b8bff599 411int security_bprm_creds_for_exec(struct linux_binprm *bprm);
56305aa9 412int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
20510f2f 413int security_bprm_check(struct linux_binprm *bprm);
a6f76f23
DH		 414void security_bprm_committing_creds(struct linux_binprm *bprm);
415void security_bprm_committed_creds(struct linux_binprm *bprm);
0b52075e 416int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
da2441fd 417int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
20510f2f 418int security_sb_alloc(struct super_block *sb);
83e804f0 419void security_sb_delete(struct super_block *sb);
20510f2f 420void security_sb_free(struct super_block *sb);
204cc0cc
AV		 421void security_free_mnt_opts(void **mnt_opts);
422int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
69c4a42d 423int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts);
204cc0cc 424int security_sb_remount(struct super_block *sb, void *mnt_opts);
a10d7c22 425int security_sb_kern_mount(struct super_block *sb);
2069f457 426int security_sb_show_options(struct seq_file *m, struct super_block *sb);
20510f2f 427int security_sb_statfs(struct dentry *dentry);
8a04c43b 428int security_sb_mount(const char *dev_name, const struct path *path,
808d4e3c 429 const char *type, unsigned long flags, void *data);
20510f2f 430int security_sb_umount(struct vfsmount *mnt, int flags);
3b73b68c 431int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
649f6e77 432int security_sb_set_mnt_opts(struct super_block *sb,
204cc0cc 433 void *mnt_opts,
649f6e77
DQ		 434 unsigned long kern_flags,
435 unsigned long *set_kern_flags);
094f7b69 436int security_sb_clone_mnt_opts(const struct super_block *oldsb,
0b4d3452
SM		 437 struct super_block *newsb,
438 unsigned long kern_flags,
439 unsigned long *set_kern_flags);
757cbe59
AV		 440int security_add_mnt_opt(const char *option, const char *val,
441 int len, void **mnt_opts);
2db154b3 442int security_move_mount(const struct path *from_path, const struct path *to_path);
d47be3df 443int security_dentry_init_security(struct dentry *dentry, int mode,
4f3ccd76 444 const struct qstr *name, void **ctx,
d47be3df 445 u32 *ctxlen);
2602625b
VG		 446int security_dentry_create_files_as(struct dentry *dentry, int mode,
447 struct qstr *name,
448 const struct cred *old,
449 struct cred *new);
ac5656d8
AG		 450int security_path_notify(const struct path *path, u64 mask,
451 unsigned int obj_type);
20510f2f
JM		 452int security_inode_alloc(struct inode *inode);
453void security_inode_free(struct inode *inode);
454int security_inode_init_security(struct inode *inode, struct inode *dir,
9d8f13ba
MZ		 455 const struct qstr *qstr,
456 initxattrs initxattrs, void *fs_data);
215b674b
LG		 457int security_inode_init_security_anon(struct inode *inode,
458 const struct qstr *name,
459 const struct inode *context_inode);
9d8f13ba 460int security_old_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 461 const struct qstr *qstr, const char **name,
9d8f13ba 462 void **value, size_t *len);
4acdaf27 463int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
20510f2f
JM		 464int security_inode_link(struct dentry *old_dentry, struct inode *dir,
465 struct dentry *new_dentry);
466int security_inode_unlink(struct inode *dir, struct dentry *dentry);
467int security_inode_symlink(struct inode *dir, struct dentry *dentry,
7b41b173 468 const char *old_name);
18bb1db3 469int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
20510f2f 470int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1a67aafb 471int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
20510f2f 472int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
0b3974eb
MS		 473 struct inode *new_dir, struct dentry *new_dentry,
474 unsigned int flags);
20510f2f 475int security_inode_readlink(struct dentry *dentry);
bda0be7a
N		 476int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
477 bool rcu);
b77b0646 478int security_inode_permission(struct inode *inode, int mask);
20510f2f 479int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
3f7036a0 480int security_inode_getattr(const struct path *path);
71bc356f
CB		 481int security_inode_setxattr(struct user_namespace *mnt_userns,
482 struct dentry *dentry, const char *name,
8f0cfa52
DH		 483 const void *value, size_t size, int flags);
484void security_inode_post_setxattr(struct dentry *dentry, const char *name,
485 const void *value, size_t size, int flags);
486int security_inode_getxattr(struct dentry *dentry, const char *name);
20510f2f 487int security_inode_listxattr(struct dentry *dentry);
71bc356f
CB		 488int security_inode_removexattr(struct user_namespace *mnt_userns,
489 struct dentry *dentry, const char *name);
b5376771 490int security_inode_need_killpriv(struct dentry *dentry);
71bc356f
CB		 491int security_inode_killpriv(struct user_namespace *mnt_userns,
492 struct dentry *dentry);
493int security_inode_getsecurity(struct user_namespace *mnt_userns,
494 struct inode *inode, const char *name,
495 void **buffer, bool alloc);
20510f2f
JM		 496int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
497int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
59b31922 498void security_inode_getsecid(struct inode *inode, struct lsmblob *blob);
d8ad8b49 499int security_inode_copy_up(struct dentry *src, struct cred **new);
121ab822 500int security_inode_copy_up_xattr(const char *name);
b230d5ab
OM		 501int security_kernfs_init_security(struct kernfs_node *kn_dir,
502 struct kernfs_node *kn);
20510f2f
JM		 503int security_file_permission(struct file *file, int mask);
504int security_file_alloc(struct file *file);
505void security_file_free(struct file *file);
506int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
8b3ec681
AV		 507int security_mmap_file(struct file *file, unsigned long prot,
508 unsigned long flags);
e5467859 509int security_mmap_addr(unsigned long addr);
20510f2f 510int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
7b41b173 511 unsigned long prot);
20510f2f
JM		 512int security_file_lock(struct file *file, unsigned int cmd);
513int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
e0b93edd 514void security_file_set_fowner(struct file *file);
20510f2f 515int security_file_send_sigiotask(struct task_struct *tsk,
7b41b173 516 struct fown_struct *fown, int sig);
20510f2f 517int security_file_receive(struct file *file);
e3f20ae2 518int security_file_open(struct file *file);
e4e55b47 519int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
1a2a4d06 520void security_task_free(struct task_struct *task);
ee18d64c 521int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
f1752eec 522void security_cred_free(struct cred *cred);
d84f4f99 523int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
ee18d64c 524void security_transfer_creds(struct cred *new, const struct cred *old);
36fd78ba 525void security_cred_getsecid(const struct cred *c, struct lsmblob *blob);
27b390fd 526int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
3a3b7ce9 527int security_kernel_create_files_as(struct cred *new, struct inode *inode);
dd8dbf2e 528int security_kernel_module_request(char *kmod_name);
b64fcae7
KC		 529int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
530int security_kernel_post_load_data(char *buf, loff_t size,
531 enum kernel_load_data_id id,
532 char *description);
2039bda1
KC		 533int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
534 bool contents);
bc8ca5b9
MZ		 535int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
536 enum kernel_read_file_id id);
d84f4f99
DH		 537int security_task_fix_setuid(struct cred *new, const struct cred *old,
538 int flags);
39030e13
TC		 539int security_task_fix_setgid(struct cred *new, const struct cred *old,
540 int flags);
20510f2f
JM		 541int security_task_setpgid(struct task_struct *p, pid_t pgid);
542int security_task_getpgid(struct task_struct *p);
543int security_task_getsid(struct task_struct *p);
e209474e
CS		 544void security_task_getsecid_subj(struct task_struct *p, struct lsmblob *blob);
545void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob);
20510f2f
JM		 546int security_task_setnice(struct task_struct *p, int nice);
547int security_task_setioprio(struct task_struct *p, int ioprio);
548int security_task_getioprio(struct task_struct *p);
791ec491
SS		 549int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
550 unsigned int flags);
8fd00b4d
JS		 551int security_task_setrlimit(struct task_struct *p, unsigned int resource,
552 struct rlimit *new_rlim);
b0ae1981 553int security_task_setscheduler(struct task_struct *p);
20510f2f
JM		 554int security_task_getscheduler(struct task_struct *p);
555int security_task_movememory(struct task_struct *p);
ae7795bc 556int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 557 int sig, const struct cred *cred);
20510f2f 558int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f99 559 unsigned long arg4, unsigned long arg5);
20510f2f
JM		 560void security_task_to_inode(struct task_struct *p, struct inode *inode);
561int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
f9d254ba 562void security_ipc_getsecid(struct kern_ipc_perm *ipcp, struct lsmblob *blob);
20510f2f
JM		 563int security_msg_msg_alloc(struct msg_msg *msg);
564void security_msg_msg_free(struct msg_msg *msg);
d8c6e854
EB		 565int security_msg_queue_alloc(struct kern_ipc_perm *msq);
566void security_msg_queue_free(struct kern_ipc_perm *msq);
567int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
568int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
569int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
7b41b173 570 struct msg_msg *msg, int msqflg);
d8c6e854 571int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
7b41b173 572 struct task_struct *target, long type, int mode);
7191adff
EB		 573int security_shm_alloc(struct kern_ipc_perm *shp);
574void security_shm_free(struct kern_ipc_perm *shp);
575int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
576int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
577int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
aefad959
EB		 578int security_sem_alloc(struct kern_ipc_perm *sma);
579void security_sem_free(struct kern_ipc_perm *sma);
580int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
581int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
582int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
20510f2f 583 unsigned nsops, int alter);
7b41b173 584void security_d_instantiate(struct dentry *dentry, struct inode *inode);
6d9c939d
CS		 585int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
586 char **value);
587int security_setprocattr(const char *lsm, const char *name, void *value,
588 size_t size);
20510f2f 589int security_netlink_send(struct sock *sk, struct sk_buff *skb);
746df9b5 590int security_ismaclabel(const char *name);
85ff5379
CS		 591int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp,
592 int display);
c0792283
CS		 593int security_secctx_to_secid(const char *secdata, u32 seclen,
594 struct lsmblob *blob);
b1393bc0 595void security_release_secctx(struct lsmcontext *cp);
6f3be9f5 596void security_inode_invalidate_secctx(struct inode *inode);
1ee65e37
DQ		 597int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
598int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
1013a233 599int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp);
9e47d31d 600int security_locked_down(enum lockdown_reason what);
df8b9262 601int security_lock_kernel_down(const char *where, enum lockdown_reason level);
1da177e4 602#else /* CONFIG_SECURITY */
e0007529 603
42df744c 604static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
8f408ab6
DJ		 605{
606 return 0;
607}
608
42df744c 609static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
8f408ab6
DJ		 610{
611 return 0;
612}
613
42df744c 614static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb)
8f408ab6
DJ		 615{
616 return 0;
617}
618
204cc0cc 619static inline void security_free_mnt_opts(void **mnt_opts)
e0007529
EP		 620{
621}
1da177e4
LT		 622
623/*
624 * This is the default capabilities functionality. Most of these functions
625 * are just stubbed out, but a few must call the proper capable code.
626 */
627
628static inline int security_init(void)
629{
630 return 0;
631}
632
e6b1db98
MG		 633static inline int early_security_init(void)
634{
635 return 0;
636}
637
c55515eb 638static inline int security_binder_set_context_mgr(const struct cred *mgr)
79af7307
SS		 639{
640 return 0;
641}
642
c55515eb
TK		 643static inline int security_binder_transaction(const struct cred *from,
644 const struct cred *to)
79af7307
SS		 645{
646 return 0;
647}
648
c55515eb
TK		 649static inline int security_binder_transfer_binder(const struct cred *from,
650 const struct cred *to)
79af7307
SS		 651{
652 return 0;
653}
654
c55515eb
TK		 655static inline int security_binder_transfer_file(const struct cred *from,
656 const struct cred *to,
79af7307
SS		 657 struct file *file)
658{
659 return 0;
660}
661
9e48858f 662static inline int security_ptrace_access_check(struct task_struct *child,
5cd9c58f
DH		 663 unsigned int mode)
664{
9e48858f 665 return cap_ptrace_access_check(child, mode);
5cd9c58f
DH		 666}
667
5e186b57 668static inline int security_ptrace_traceme(struct task_struct *parent)
1da177e4 669{
5cd9c58f 670 return cap_ptrace_traceme(parent);
1da177e4
LT		 671}
672
7b41b173 673static inline int security_capget(struct task_struct *target,
1da177e4
LT		 674 kernel_cap_t *effective,
675 kernel_cap_t *inheritable,
676 kernel_cap_t *permitted)
677{
7b41b173 678 return cap_capget(target, effective, inheritable, permitted);
1da177e4
LT		 679}
680
d84f4f99
DH		 681static inline int security_capset(struct cred *new,
682 const struct cred *old,
683 const kernel_cap_t *effective,
684 const kernel_cap_t *inheritable,
685 const kernel_cap_t *permitted)
1da177e4 686{
d84f4f99 687 return cap_capset(new, old, effective, inheritable, permitted);
1da177e4
LT		 688}
689
b7e724d3 690static inline int security_capable(const struct cred *cred,
c1a85a00
MM		 691 struct user_namespace *ns,
692 int cap,
693 unsigned int opts)
06112163 694{
c1a85a00 695 return cap_capable(cred, ns, cap, opts);
12b5989b
CW		 696}
697
7b41b173
EP		 698static inline int security_quotactl(int cmds, int type, int id,
699 struct super_block *sb)
1da177e4
LT		 700{
701 return 0;
702}
703
7b41b173 704static inline int security_quota_on(struct dentry *dentry)
1da177e4
LT		 705{
706 return 0;
707}
708
12b3052c 709static inline int security_syslog(int type)
1da177e4 710{
12b3052c 711 return 0;
1da177e4
LT		 712}
713
457db29b
BW		 714static inline int security_settime64(const struct timespec64 *ts,
715 const struct timezone *tz)
716{
717 return cap_settime(ts, tz);
718}
719
1b79cd04 720static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
731572d3 721{
b1d9e6b0 722 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
731572d3
AC		 723}
724
b8bff599 725static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
7b41b173 726{
b8bff599
EB		 727 return 0;
728}
729
56305aa9
EB		 730static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
731 struct file *file)
7b41b173 732{
56305aa9 733 return cap_bprm_creds_from_file(bprm, file);
1da177e4
LT		 734}
735
a6f76f23 736static inline int security_bprm_check(struct linux_binprm *bprm)
1da177e4 737{
a6f76f23 738 return 0;
1da177e4
LT		 739}
740
a6f76f23 741static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
1da177e4 742{
1da177e4
LT		 743}
744
a6f76f23 745static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
1da177e4 746{
1da177e4
LT		 747}
748
0b52075e
AV		 749static inline int security_fs_context_dup(struct fs_context *fc,
750 struct fs_context *src_fc)
751{
752 return 0;
753}
da2441fd
DH		 754static inline int security_fs_context_parse_param(struct fs_context *fc,
755 struct fs_parameter *param)
756{
757 return -ENOPARAM;
758}
759
7b41b173 760static inline int security_sb_alloc(struct super_block *sb)
1da177e4
LT		 761{
762 return 0;
763}
764
83e804f0
MS		 765static inline void security_sb_delete(struct super_block *sb)
766{ }
767
7b41b173 768static inline void security_sb_free(struct super_block *sb)
1da177e4
LT		 769{ }
770
f5c0c26d 771static inline int security_sb_eat_lsm_opts(char *options,
204cc0cc 772 void **mnt_opts)
1da177e4
LT		 773{
774 return 0;
775}
776
c039bc3c 777static inline int security_sb_remount(struct super_block *sb,
204cc0cc 778 void *mnt_opts)
ff36fe2c
EP		 779{
780 return 0;
781}
782
69c4a42d
OK		 783static inline int security_sb_mnt_opts_compat(struct super_block *sb,
784 void *mnt_opts)
785{
786 return 0;
787}
788
789
a10d7c22 790static inline int security_sb_kern_mount(struct super_block *sb)
1da177e4
LT		 791{
792 return 0;
793}
794
2069f457
EP		 795static inline int security_sb_show_options(struct seq_file *m,
796 struct super_block *sb)
797{
798 return 0;
799}
800
7b41b173 801static inline int security_sb_statfs(struct dentry *dentry)
1da177e4
LT		 802{
803 return 0;
804}
805
8a04c43b 806static inline int security_sb_mount(const char *dev_name, const struct path *path,
808d4e3c 807 const char *type, unsigned long flags,
1da177e4
LT		 808 void *data)
809{
810 return 0;
811}
812
7b41b173 813static inline int security_sb_umount(struct vfsmount *mnt, int flags)
1da177e4
LT		 814{
815 return 0;
816}
817
3b73b68c
AV		 818static inline int security_sb_pivotroot(const struct path *old_path,
819 const struct path *new_path)
1da177e4
LT		 820{
821 return 0;
822}
823
e0007529 824static inline int security_sb_set_mnt_opts(struct super_block *sb,
204cc0cc 825 void *mnt_opts,
649f6e77
DQ		 826 unsigned long kern_flags,
827 unsigned long *set_kern_flags)
e0007529
EP		 828{
829 return 0;
830}
831
094f7b69 832static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
0b4d3452
SM		 833 struct super_block *newsb,
834 unsigned long kern_flags,
835 unsigned long *set_kern_flags)
094f7b69
JL		 836{
837 return 0;
838}
e0007529 839
757cbe59
AV		 840static inline int security_add_mnt_opt(const char *option, const char *val,
841 int len, void **mnt_opts)
e0007529
EP		 842{
843 return 0;
844}
1da177e4 845
2db154b3
DH		 846static inline int security_move_mount(const struct path *from_path,
847 const struct path *to_path)
848{
849 return 0;
850}
851
ac5656d8
AG		 852static inline int security_path_notify(const struct path *path, u64 mask,
853 unsigned int obj_type)
854{
855 return 0;
856}
857
7b41b173 858static inline int security_inode_alloc(struct inode *inode)
1da177e4
LT		 859{
860 return 0;
861}
862
7b41b173 863static inline void security_inode_free(struct inode *inode)
1da177e4 864{ }
5e41ff9e 865
d47be3df
DQ		 866static inline int security_dentry_init_security(struct dentry *dentry,
867 int mode,
4f3ccd76 868 const struct qstr *name,
d47be3df
DQ		 869 void **ctx,
870 u32 *ctxlen)
871{
872 return -EOPNOTSUPP;
873}
874
2602625b
VG		 875static inline int security_dentry_create_files_as(struct dentry *dentry,
876 int mode, struct qstr *name,
877 const struct cred *old,
878 struct cred *new)
879{
880 return 0;
881}
882
d47be3df 883
7b41b173 884static inline int security_inode_init_security(struct inode *inode,
5e41ff9e 885 struct inode *dir,
2a7dba39 886 const struct qstr *qstr,
fbff6610 887 const initxattrs xattrs,
9d8f13ba 888 void *fs_data)
5e41ff9e 889{
1e39f384 890 return 0;
215b674b
LG		 891}
892
893static inline int security_inode_init_security_anon(struct inode *inode,
894 const struct qstr *name,
895 const struct inode *context_inode)
896{
897 return 0;
5e41ff9e 898}
7b41b173 899
1e39f384
MZ		 900static inline int security_old_inode_init_security(struct inode *inode,
901 struct inode *dir,
902 const struct qstr *qstr,
9548906b
TH		 903 const char **name,
904 void **value, size_t *len)
e1c9b23a 905{
30e05324 906 return -EOPNOTSUPP;
e1c9b23a
MZ		 907}
908
7b41b173 909static inline int security_inode_create(struct inode *dir,
1da177e4 910 struct dentry *dentry,
4acdaf27 911 umode_t mode)
1da177e4
LT		 912{
913 return 0;
914}
915
7b41b173 916static inline int security_inode_link(struct dentry *old_dentry,
1da177e4
LT		 917 struct inode *dir,
918 struct dentry *new_dentry)
919{
920 return 0;
921}
922
7b41b173 923static inline int security_inode_unlink(struct inode *dir,
1da177e4
LT		 924 struct dentry *dentry)
925{
926 return 0;
927}
928
7b41b173 929static inline int security_inode_symlink(struct inode *dir,
1da177e4
LT		 930 struct dentry *dentry,
931 const char *old_name)
932{
933 return 0;
934}
935
7b41b173 936static inline int security_inode_mkdir(struct inode *dir,
1da177e4
LT		 937 struct dentry *dentry,
938 int mode)
939{
940 return 0;
941}
942
7b41b173 943static inline int security_inode_rmdir(struct inode *dir,
1da177e4
LT		 944 struct dentry *dentry)
945{
946 return 0;
947}
948
7b41b173 949static inline int security_inode_mknod(struct inode *dir,
1da177e4
LT		 950 struct dentry *dentry,
951 int mode, dev_t dev)
952{
953 return 0;
954}
955
7b41b173 956static inline int security_inode_rename(struct inode *old_dir,
1da177e4
LT		 957 struct dentry *old_dentry,
958 struct inode *new_dir,
0b3974eb
MS		 959 struct dentry *new_dentry,
960 unsigned int flags)
1da177e4
LT		 961{
962 return 0;
963}
964
7b41b173 965static inline int security_inode_readlink(struct dentry *dentry)
1da177e4
LT		 966{
967 return 0;
968}
969
bda0be7a
N		 970static inline int security_inode_follow_link(struct dentry *dentry,
971 struct inode *inode,
972 bool rcu)
1da177e4
LT		 973{
974 return 0;
975}
976
b77b0646 977static inline int security_inode_permission(struct inode *inode, int mask)
1da177e4
LT		 978{
979 return 0;
980}
981
7b41b173 982static inline int security_inode_setattr(struct dentry *dentry,
1da177e4
LT		 983 struct iattr *attr)
984{
985 return 0;
986}
987
3f7036a0 988static inline int security_inode_getattr(const struct path *path)
1da177e4
LT		 989{
990 return 0;
991}
992
71bc356f
CB		 993static inline int security_inode_setxattr(struct user_namespace *mnt_userns,
994 struct dentry *dentry, const char *name, const void *value,
995 size_t size, int flags)
1da177e4
LT		 996{
997 return cap_inode_setxattr(dentry, name, value, size, flags);
998}
999
8f0cfa52
DH		 1000static inline void security_inode_post_setxattr(struct dentry *dentry,
1001 const char *name, const void *value, size_t size, int flags)
1da177e4
LT		 1002{ }
1003
8f0cfa52
DH		 1004static inline int security_inode_getxattr(struct dentry *dentry,
1005 const char *name)
1da177e4
LT		 1006{
1007 return 0;
1008}
1009
7b41b173 1010static inline int security_inode_listxattr(struct dentry *dentry)
1da177e4
LT		 1011{
1012 return 0;
1013}
1014
71bc356f
CB		 1015static inline int security_inode_removexattr(struct user_namespace *mnt_userns,
1016 struct dentry *dentry,
1017 const char *name)
1da177e4 1018{
71bc356f 1019 return cap_inode_removexattr(mnt_userns, dentry, name);
1da177e4
LT		 1020}
1021
b5376771
SH		 1022static inline int security_inode_need_killpriv(struct dentry *dentry)
1023{
1024 return cap_inode_need_killpriv(dentry);
1025}
1026
71bc356f
CB		 1027static inline int security_inode_killpriv(struct user_namespace *mnt_userns,
1028 struct dentry *dentry)
b5376771 1029{
71bc356f 1030 return cap_inode_killpriv(mnt_userns, dentry);
b5376771
SH		 1031}
1032
71bc356f
CB		 1033static inline int security_inode_getsecurity(struct user_namespace *mnt_userns,
1034 struct inode *inode,
1035 const char *name, void **buffer,
1036 bool alloc)
1da177e4 1037{
71bc356f 1038 return cap_inode_getsecurity(mnt_userns, inode, name, buffer, alloc);
1da177e4
LT		 1039}
1040
1041static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
1042{
1043 return -EOPNOTSUPP;
1044}
1045
1046static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
1047{
1048 return 0;
1049}
1050
59b31922
CS		 1051static inline void security_inode_getsecid(struct inode *inode,
1052 struct lsmblob *blob)
8a076191 1053{
59b31922 1054 lsmblob_init(blob, 0);
8a076191
AD		 1055}
1056
d8ad8b49
VG		 1057static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
1058{
1059 return 0;
1060}
1061
b230d5ab
OM		 1062static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
1063 struct kernfs_node *kn)
1064{
1065 return 0;
1066}
1067
121ab822
VG		 1068static inline int security_inode_copy_up_xattr(const char *name)
1069{
1070 return -EOPNOTSUPP;
1071}
1072
7b41b173 1073static inline int security_file_permission(struct file *file, int mask)
1da177e4
LT		 1074{
1075 return 0;
1076}
1077
7b41b173 1078static inline int security_file_alloc(struct file *file)
1da177e4
LT		 1079{
1080 return 0;
1081}
1082
7b41b173 1083static inline void security_file_free(struct file *file)
1da177e4
LT		 1084{ }
1085
7b41b173
EP		 1086static inline int security_file_ioctl(struct file *file, unsigned int cmd,
1087 unsigned long arg)
1da177e4
LT		 1088{
1089 return 0;
1090}
1091
8b3ec681 1092static inline int security_mmap_file(struct file *file, unsigned long prot,
e5467859
AV		 1093 unsigned long flags)
1094{
1095 return 0;
1096}
1097
1098static inline int security_mmap_addr(unsigned long addr)
1da177e4 1099{
d007794a 1100 return cap_mmap_addr(addr);
1da177e4
LT		 1101}
1102
7b41b173
EP		 1103static inline int security_file_mprotect(struct vm_area_struct *vma,
1104 unsigned long reqprot,
1105 unsigned long prot)
1da177e4
LT		 1106{
1107 return 0;
1108}
1109
7b41b173 1110static inline int security_file_lock(struct file *file, unsigned int cmd)
1da177e4
LT		 1111{
1112 return 0;
1113}
1114
7b41b173
EP		 1115static inline int security_file_fcntl(struct file *file, unsigned int cmd,
1116 unsigned long arg)
1da177e4
LT		 1117{
1118 return 0;
1119}
1120
e0b93edd 1121static inline void security_file_set_fowner(struct file *file)
1da177e4 1122{
e0b93edd 1123 return;
1da177e4
LT		 1124}
1125
7b41b173
EP		 1126static inline int security_file_send_sigiotask(struct task_struct *tsk,
1127 struct fown_struct *fown,
1128 int sig)
1da177e4
LT		 1129{
1130 return 0;
1131}
1132
7b41b173 1133static inline int security_file_receive(struct file *file)
1da177e4
LT		 1134{
1135 return 0;
1136}
1137
e3f20ae2 1138static inline int security_file_open(struct file *file)
788e7dd4
YN		 1139{
1140 return 0;
1141}
1142
e4e55b47
TH		 1143static inline int security_task_alloc(struct task_struct *task,
1144 unsigned long clone_flags)
1145{
1146 return 0;
1147}
1148
1a2a4d06
KC		 1149static inline void security_task_free(struct task_struct *task)
1150{ }
1151
945af7c3
DH		 1152static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1153{
1154 return 0;
1155}
ee18d64c 1156
d84f4f99
DH		 1157static inline void security_cred_free(struct cred *cred)
1158{ }
1159
1160static inline int security_prepare_creds(struct cred *new,
1161 const struct cred *old,
1162 gfp_t gfp)
1da177e4
LT		 1163{
1164 return 0;
1165}
1166
ee18d64c
DH		 1167static inline void security_transfer_creds(struct cred *new,
1168 const struct cred *old)
1169{
1170}
1171
27b390fd
CS		 1172static inline int security_kernel_act_as(struct cred *cred,
1173 struct lsmblob *blob)
3a3b7ce9
DH		 1174{
1175 return 0;
1176}
1177
1178static inline int security_kernel_create_files_as(struct cred *cred,
1179 struct inode *inode)
1180{
1181 return 0;
1182}
1183
dd8dbf2e 1184static inline int security_kernel_module_request(char *kmod_name)
9188499c
EP		 1185{
1186 return 0;
1da177e4
LT		 1187}
1188
b64fcae7
KC		 1189static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
1190{
1191 return 0;
1192}
1193
1194static inline int security_kernel_post_load_data(char *buf, loff_t size,
1195 enum kernel_load_data_id id,
1196 char *description)
377179cd
MZ		 1197{
1198 return 0;
1199}
1200
39eeb4fb 1201static inline int security_kernel_read_file(struct file *file,
2039bda1
KC		 1202 enum kernel_read_file_id id,
1203 bool contents)
39eeb4fb
MZ		 1204{
1205 return 0;
1206}
1207
b44a7dfc 1208static inline int security_kernel_post_read_file(struct file *file,
bc8ca5b9
MZ		 1209 char *buf, loff_t size,
1210 enum kernel_read_file_id id)
b44a7dfc
MZ		 1211{
1212 return 0;
1213}
1214
d84f4f99
DH		 1215static inline int security_task_fix_setuid(struct cred *new,
1216 const struct cred *old,
1217 int flags)
1da177e4 1218{
d84f4f99 1219 return cap_task_fix_setuid(new, old, flags);
1da177e4
LT		 1220}
1221
39030e13
TC		 1222static inline int security_task_fix_setgid(struct cred *new,
1223 const struct cred *old,
1224 int flags)
1225{
1226 return 0;
1227}
1228
7b41b173 1229static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
1da177e4
LT		 1230{
1231 return 0;
1232}
1233
7b41b173 1234static inline int security_task_getpgid(struct task_struct *p)
1da177e4
LT		 1235{
1236 return 0;
1237}
1238
7b41b173 1239static inline int security_task_getsid(struct task_struct *p)
1da177e4
LT		 1240{
1241 return 0;
1242}
1243
e209474e
CS		 1244static inline void security_task_getsecid_subj(struct task_struct *p,
1245 struct lsmblob *blob)
4ebd7651 1246{
e209474e 1247 lsmblob_init(blob, 0);
4ebd7651
PM		 1248}
1249
e209474e
CS		 1250static inline void security_task_getsecid_obj(struct task_struct *p,
1251 struct lsmblob *blob)
8a076191 1252{
e209474e 1253 lsmblob_init(blob, 0);
8a076191 1254}
f9008e4c 1255
7b41b173 1256static inline int security_task_setnice(struct task_struct *p, int nice)
1da177e4 1257{
b5376771 1258 return cap_task_setnice(p, nice);
1da177e4
LT		 1259}
1260
7b41b173 1261static inline int security_task_setioprio(struct task_struct *p, int ioprio)
03e68060 1262{
b5376771 1263 return cap_task_setioprio(p, ioprio);
03e68060
JM		 1264}
1265
7b41b173 1266static inline int security_task_getioprio(struct task_struct *p)
a1836a42
DQ		 1267{
1268 return 0;
1269}
1270
791ec491
SS		 1271static inline int security_task_prlimit(const struct cred *cred,
1272 const struct cred *tcred,
1273 unsigned int flags)
1274{
1275 return 0;
1276}
1277
8fd00b4d
JS		 1278static inline int security_task_setrlimit(struct task_struct *p,
1279 unsigned int resource,
7b41b173 1280 struct rlimit *new_rlim)
1da177e4
LT		 1281{
1282 return 0;
1283}
1284
b0ae1981 1285static inline int security_task_setscheduler(struct task_struct *p)
1da177e4 1286{
b0ae1981 1287 return cap_task_setscheduler(p);
1da177e4
LT		 1288}
1289
7b41b173 1290static inline int security_task_getscheduler(struct task_struct *p)
1da177e4
LT		 1291{
1292 return 0;
1293}
1294
7b41b173 1295static inline int security_task_movememory(struct task_struct *p)
35601547
DQ		 1296{
1297 return 0;
1298}
1299
7b41b173 1300static inline int security_task_kill(struct task_struct *p,
ae7795bc 1301 struct kernel_siginfo *info, int sig,
6b4f3d01 1302 const struct cred *cred)
1da177e4 1303{
aedb60a6 1304 return 0;
1da177e4
LT		 1305}
1306
7b41b173
EP		 1307static inline int security_task_prctl(int option, unsigned long arg2,
1308 unsigned long arg3,
1309 unsigned long arg4,
d84f4f99 1310 unsigned long arg5)
1da177e4 1311{
b7f76ea2 1312 return cap_task_prctl(option, arg2, arg3, arg4, arg5);
1da177e4
LT		 1313}
1314
1315static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
1316{ }
1317
7b41b173
EP		 1318static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
1319 short flag)
1da177e4
LT		 1320{
1321 return 0;
1322}
1323
f9d254ba
CS		 1324static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp,
1325 struct lsmblob *blob)
8a076191 1326{
f9d254ba 1327 lsmblob_init(blob, 0);
8a076191
AD		 1328}
1329
7b41b173 1330static inline int security_msg_msg_alloc(struct msg_msg *msg)
1da177e4
LT		 1331{
1332 return 0;
1333}
1334
7b41b173 1335static inline void security_msg_msg_free(struct msg_msg *msg)
1da177e4
LT		 1336{ }
1337
d8c6e854 1338static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1da177e4
LT		 1339{
1340 return 0;
1341}
1342
d8c6e854 1343static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
1da177e4
LT		 1344{ }
1345
d8c6e854 1346static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
7b41b173 1347 int msqflg)
1da177e4
LT		 1348{
1349 return 0;
1350}
1351
d8c6e854 1352static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1da177e4
LT		 1353{
1354 return 0;
1355}
1356
d8c6e854 1357static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
7b41b173 1358 struct msg_msg *msg, int msqflg)
1da177e4
LT		 1359{
1360 return 0;
1361}
1362
d8c6e854 1363static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
7b41b173
EP		 1364 struct msg_msg *msg,
1365 struct task_struct *target,
1366 long type, int mode)
1da177e4
LT		 1367{
1368 return 0;
1369}
1370
7191adff 1371static inline int security_shm_alloc(struct kern_ipc_perm *shp)
1da177e4
LT		 1372{
1373 return 0;
1374}
1375
7191adff 1376static inline void security_shm_free(struct kern_ipc_perm *shp)
1da177e4
LT		 1377{ }
1378
7191adff 1379static inline int security_shm_associate(struct kern_ipc_perm *shp,
7b41b173 1380 int shmflg)
1da177e4
LT		 1381{
1382 return 0;
1383}
1384
7191adff 1385static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
1da177e4
LT		 1386{
1387 return 0;
1388}
1389
7191adff 1390static inline int security_shm_shmat(struct kern_ipc_perm *shp,
7b41b173 1391 char __user *shmaddr, int shmflg)
1da177e4
LT		 1392{
1393 return 0;
1394}
1395
aefad959 1396static inline int security_sem_alloc(struct kern_ipc_perm *sma)
1da177e4
LT		 1397{
1398 return 0;
1399}
1400
aefad959 1401static inline void security_sem_free(struct kern_ipc_perm *sma)
1da177e4
LT		 1402{ }
1403
aefad959 1404static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
1da177e4
LT		 1405{
1406 return 0;
1407}
1408
aefad959 1409static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
1da177e4
LT		 1410{
1411 return 0;
1412}
1413
aefad959 1414static inline int security_sem_semop(struct kern_ipc_perm *sma,
7b41b173
EP		 1415 struct sembuf *sops, unsigned nsops,
1416 int alter)
1da177e4
LT		 1417{
1418 return 0;
1419}
1420
6d9c939d
CS		 1421static inline void security_d_instantiate(struct dentry *dentry,
1422 struct inode *inode)
1da177e4
LT		 1423{ }
1424
6d9c939d
CS		 1425static inline int security_getprocattr(struct task_struct *p, const char *lsm,
1426 char *name, char **value)
1da177e4
LT		 1427{
1428 return -EINVAL;
1429}
1430
6d9c939d
CS		 1431static inline int security_setprocattr(const char *lsm, char *name,
1432 void *value, size_t size)
1da177e4
LT		 1433{
1434 return -EINVAL;
1435}
1436
7b41b173 1437static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
1da177e4 1438{
b1d9e6b0 1439 return 0;
1da177e4
LT		 1440}
1441
746df9b5
DQ		 1442static inline int security_ismaclabel(const char *name)
1443{
1444 return 0;
1445}
1446
1c55161c 1447static inline int security_secid_to_secctx(struct lsmblob *blob,
85ff5379 1448 struct lsmcontext *cp, int display)
dc49c1f9
CZ		 1449{
1450 return -EOPNOTSUPP;
1451}
1452
7bf570dc 1453static inline int security_secctx_to_secid(const char *secdata,
63cb3449 1454 u32 seclen,
c0792283 1455 struct lsmblob *blob)
63cb3449
DH		 1456{
1457 return -EOPNOTSUPP;
1458}
1459
b1393bc0 1460static inline void security_release_secctx(struct lsmcontext *cp)
dc49c1f9 1461{
dc49c1f9 1462}
1ee65e37 1463
6f3be9f5
AG		 1464static inline void security_inode_invalidate_secctx(struct inode *inode)
1465{
1466}
1467
1ee65e37
DQ		 1468static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
1469{
1470 return -EOPNOTSUPP;
1471}
1472static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
1473{
1474 return -EOPNOTSUPP;
1475}
1013a233
CS		 1476static inline int security_inode_getsecctx(struct inode *inode,
1477 struct lsmcontext *cp)
1ee65e37
DQ		 1478{
1479 return -EOPNOTSUPP;
1480}
9e47d31d
MG		 1481static inline int security_locked_down(enum lockdown_reason what)
1482{
1483 return 0;
1484}
df8b9262
JC		 1485static inline int security_lock_kernel_down(const char *where, enum lockdown_reason level)
1486{
1487 return 0;
1488}
1da177e4
LT		 1489#endif /* CONFIG_SECURITY */
1490
344fa64e
DH		 1491#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
1492int security_post_notification(const struct cred *w_cred,
1493 const struct cred *cred,
1494 struct watch_notification *n);
1495#else
1496static inline int security_post_notification(const struct cred *w_cred,
1497 const struct cred *cred,
1498 struct watch_notification *n)
1499{
1500 return 0;
1501}
1502#endif
1503
998f5040
DH		 1504#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
1505int security_watch_key(struct key *key);
1506#else
1507static inline int security_watch_key(struct key *key)
1508{
1509 return 0;
1510}
1511#endif
1512
1da177e4 1513#ifdef CONFIG_SECURITY_NETWORK
4237c75c 1514
3610cda5 1515int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
20510f2f
JM		 1516int security_unix_may_send(struct socket *sock, struct socket *other);
1517int security_socket_create(int family, int type, int protocol, int kern);
1518int security_socket_post_create(struct socket *sock, int family,
1519 int type, int protocol, int kern);
aae7cfcb 1520int security_socket_socketpair(struct socket *socka, struct socket *sockb);
20510f2f
JM		 1521int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
1522int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
1523int security_socket_listen(struct socket *sock, int backlog);
1524int security_socket_accept(struct socket *sock, struct socket *newsock);
20510f2f
JM		 1525int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
1526int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1527 int size, int flags);
1528int security_socket_getsockname(struct socket *sock);
1529int security_socket_getpeername(struct socket *sock);
1530int security_socket_getsockopt(struct socket *sock, int level, int optname);
1531int security_socket_setsockopt(struct socket *sock, int level, int optname);
1532int security_socket_shutdown(struct socket *sock, int how);
1533int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
1534int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1535 int __user *optlen, unsigned len);
3d328ede
CS		 1536int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
1537 struct lsmblob *blob);
20510f2f
JM		 1538int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1539void security_sk_free(struct sock *sk);
1540void security_sk_clone(const struct sock *sk, struct sock *newsk);
3df98d79
PM		 1541void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic);
1542void security_req_classify_flow(const struct request_sock *req,
1543 struct flowi_common *flic);
20510f2f 1544void security_sock_graft(struct sock*sk, struct socket *parent);
41dd9596 1545int security_inet_conn_request(const struct sock *sk,
20510f2f
JM		 1546 struct sk_buff *skb, struct request_sock *req);
1547void security_inet_csk_clone(struct sock *newsk,
1548 const struct request_sock *req);
1549void security_inet_conn_established(struct sock *sk,
1550 struct sk_buff *skb);
c0792283 1551int security_secmark_relabel_packet(struct lsmblob *blob);
2606fd1f
EP		 1552void security_secmark_refcount_inc(void);
1553void security_secmark_refcount_dec(void);
5dbbaf2d
PM		 1554int security_tun_dev_alloc_security(void **security);
1555void security_tun_dev_free_security(void *security);
2b980dbd 1556int security_tun_dev_create(void);
5dbbaf2d
PM		 1557int security_tun_dev_attach_queue(void *security);
1558int security_tun_dev_attach(struct sock *sk, void *security);
1559int security_tun_dev_open(void *security);
72e89f50
RH		 1560int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb);
1561int security_sctp_bind_connect(struct sock *sk, int optname,
1562 struct sockaddr *address, int addrlen);
1563void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
1564 struct sock *newsk);
6b877699 1565
1da177e4 1566#else /* CONFIG_SECURITY_NETWORK */
3610cda5
DM		 1567static inline int security_unix_stream_connect(struct sock *sock,
1568 struct sock *other,
7b41b173 1569 struct sock *newsk)
1da177e4
LT		 1570{
1571 return 0;
1572}
1573
7b41b173
EP		 1574static inline int security_unix_may_send(struct socket *sock,
1575 struct socket *other)
1da177e4
LT		 1576{
1577 return 0;
1578}
1579
7b41b173
EP		 1580static inline int security_socket_create(int family, int type,
1581 int protocol, int kern)
1da177e4
LT		 1582{
1583 return 0;
1584}
1585
7b41b173 1586static inline int security_socket_post_create(struct socket *sock,
7420ed23
VY		 1587 int family,
1588 int type,
1589 int protocol, int kern)
1da177e4 1590{
7420ed23 1591 return 0;
1da177e4
LT		 1592}
1593
aae7cfcb
DH		 1594static inline int security_socket_socketpair(struct socket *socka,
1595 struct socket *sockb)
1596{
1597 return 0;
1598}
1599
7b41b173
EP		 1600static inline int security_socket_bind(struct socket *sock,
1601 struct sockaddr *address,
1da177e4
LT		 1602 int addrlen)
1603{
1604 return 0;
1605}
1606
7b41b173
EP		 1607static inline int security_socket_connect(struct socket *sock,
1608 struct sockaddr *address,
1da177e4
LT		 1609 int addrlen)
1610{
1611 return 0;
1612}
1613
7b41b173 1614static inline int security_socket_listen(struct socket *sock, int backlog)
1da177e4
LT		 1615{
1616 return 0;
1617}
1618
7b41b173
EP		 1619static inline int security_socket_accept(struct socket *sock,
1620 struct socket *newsock)
1da177e4
LT		 1621{
1622 return 0;
1623}
1624
7b41b173
EP		 1625static inline int security_socket_sendmsg(struct socket *sock,
1626 struct msghdr *msg, int size)
1da177e4
LT		 1627{
1628 return 0;
1629}
1630
7b41b173
EP		 1631static inline int security_socket_recvmsg(struct socket *sock,
1632 struct msghdr *msg, int size,
1da177e4
LT		 1633 int flags)
1634{
1635 return 0;
1636}
1637
7b41b173 1638static inline int security_socket_getsockname(struct socket *sock)
1da177e4
LT		 1639{
1640 return 0;
1641}
1642
7b41b173 1643static inline int security_socket_getpeername(struct socket *sock)
1da177e4
LT		 1644{
1645 return 0;
1646}
1647
7b41b173 1648static inline int security_socket_getsockopt(struct socket *sock,
1da177e4
LT		 1649 int level, int optname)
1650{
1651 return 0;
1652}
1653
7b41b173 1654static inline int security_socket_setsockopt(struct socket *sock,
1da177e4
LT		 1655 int level, int optname)
1656{
1657 return 0;
1658}
1659
7b41b173 1660static inline int security_socket_shutdown(struct socket *sock, int how)
1da177e4
LT		 1661{
1662 return 0;
1663}
7b41b173
EP		 1664static inline int security_sock_rcv_skb(struct sock *sk,
1665 struct sk_buff *skb)
1da177e4
LT		 1666{
1667 return 0;
1668}
1669
2c7946a7
CZ		 1670static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1671 int __user *optlen, unsigned len)
1672{
1673 return -ENOPROTOOPT;
1674}
1675
3d328ede
CS		 1676static inline int security_socket_getpeersec_dgram(struct socket *sock,
1677 struct sk_buff *skb,
1678 struct lsmblob *blob)
1da177e4
LT		 1679{
1680 return -ENOPROTOOPT;
1681}
1682
dd0fc66f 1683static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1da177e4
LT		 1684{
1685 return 0;
1686}
1687
1688static inline void security_sk_free(struct sock *sk)
892c141e
VY		 1689{
1690}
1691
1692static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
1da177e4
LT		 1693{
1694}
df71837d 1695
3df98d79
PM		 1696static inline void security_sk_classify_flow(struct sock *sk,
1697 struct flowi_common *flic)
df71837d 1698{
df71837d 1699}
4237c75c 1700
3df98d79
PM		 1701static inline void security_req_classify_flow(const struct request_sock *req,
1702 struct flowi_common *flic)
4237c75c
VY		 1703{
1704}
1705
7b41b173 1706static inline void security_sock_graft(struct sock *sk, struct socket *parent)
4237c75c
VY		 1707{
1708}
1709
41dd9596 1710static inline int security_inet_conn_request(const struct sock *sk,
4237c75c
VY		 1711 struct sk_buff *skb, struct request_sock *req)
1712{
1713 return 0;
1714}
1715
1716static inline void security_inet_csk_clone(struct sock *newsk,
1717 const struct request_sock *req)
1718{
1719}
6b877699
VY		 1720
1721static inline void security_inet_conn_established(struct sock *sk,
1722 struct sk_buff *skb)
1723{
1724}
2b980dbd 1725
c0792283 1726static inline int security_secmark_relabel_packet(struct lsmblob *blob)
2606fd1f
EP		 1727{
1728 return 0;
1729}
1730
1731static inline void security_secmark_refcount_inc(void)
1732{
1733}
1734
1735static inline void security_secmark_refcount_dec(void)
1736{
1737}
1738
5dbbaf2d
PM		 1739static inline int security_tun_dev_alloc_security(void **security)
1740{
1741 return 0;
1742}
1743
1744static inline void security_tun_dev_free_security(void *security)
1745{
1746}
1747
2b980dbd
PM		 1748static inline int security_tun_dev_create(void)
1749{
1750 return 0;
1751}
1752
5dbbaf2d
PM		 1753static inline int security_tun_dev_attach_queue(void *security)
1754{
1755 return 0;
1756}
1757
1758static inline int security_tun_dev_attach(struct sock *sk, void *security)
2b980dbd 1759{
5dbbaf2d 1760 return 0;
2b980dbd
PM		 1761}
1762
5dbbaf2d 1763static inline int security_tun_dev_open(void *security)
2b980dbd
PM		 1764{
1765 return 0;
1766}
72e89f50
RH		 1767
1768static inline int security_sctp_assoc_request(struct sctp_endpoint *ep,
1769 struct sk_buff *skb)
1770{
1771 return 0;
1772}
1773
1774static inline int security_sctp_bind_connect(struct sock *sk, int optname,
1775 struct sockaddr *address,
1776 int addrlen)
1777{
1778 return 0;
1779}
1780
1781static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
1782 struct sock *sk,
1783 struct sock *newsk)
1784{
1785}
1da177e4
LT		 1786#endif /* CONFIG_SECURITY_NETWORK */
1787
d291f1a6
DJ		 1788#ifdef CONFIG_SECURITY_INFINIBAND
1789int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
47a2b338 1790int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
d291f1a6
DJ		 1791int security_ib_alloc_security(void **sec);
1792void security_ib_free_security(void *sec);
1793#else /* CONFIG_SECURITY_INFINIBAND */
1794static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
1795{
1796 return 0;
1797}
1798
47a2b338
DJ		 1799static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
1800{
1801 return 0;
1802}
1803
d291f1a6
DJ		 1804static inline int security_ib_alloc_security(void **sec)
1805{
1806 return 0;
1807}
1808
1809static inline void security_ib_free_security(void *sec)
1810{
1811}
1812#endif /* CONFIG_SECURITY_INFINIBAND */
1813
df71837d 1814#ifdef CONFIG_SECURITY_NETWORK_XFRM
beb8d13b 1815
52a4c640
NA		 1816int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1817 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
03e1ad7b
PM		 1818int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
1819void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
1820int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
20510f2f
JM		 1821int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1822int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1823 struct xfrm_sec_ctx *polsec, u32 secid);
1824int security_xfrm_state_delete(struct xfrm_state *x);
1825void security_xfrm_state_free(struct xfrm_state *x);
8a922805 1826int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);
20510f2f 1827int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
e33f7704 1828 struct xfrm_policy *xp,
3df98d79 1829 const struct flowi_common *flic);
20510f2f 1830int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
3df98d79 1831void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
beb8d13b 1832
df71837d 1833#else /* CONFIG_SECURITY_NETWORK_XFRM */
20510f2f 1834
52a4c640
NA		 1835static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1836 struct xfrm_user_sec_ctx *sec_ctx,
1837 gfp_t gfp)
df71837d
TJ		 1838{
1839 return 0;
1840}
1841
03e1ad7b 1842static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
df71837d
TJ		 1843{
1844 return 0;
1845}
1846
03e1ad7b 1847static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
df71837d
TJ		 1848{
1849}
1850
03e1ad7b 1851static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
c8c05a8e
CZ		 1852{
1853 return 0;
1854}
1855
e0d1caa7
VY		 1856static inline int security_xfrm_state_alloc(struct xfrm_state *x,
1857 struct xfrm_user_sec_ctx *sec_ctx)
1858{
1859 return 0;
1860}
1861
1862static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1863 struct xfrm_sec_ctx *polsec, u32 secid)
df71837d
TJ		 1864{
1865 return 0;
1866}
1867
1868static inline void security_xfrm_state_free(struct xfrm_state *x)
1869{
1870}
1871
6f68dc37 1872static inline int security_xfrm_state_delete(struct xfrm_state *x)
c8c05a8e
CZ		 1873{
1874 return 0;
1875}
1876
8a922805 1877static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
df71837d
TJ		 1878{
1879 return 0;
1880}
e0d1caa7
VY		 1881
1882static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3df98d79
PM		 1883 struct xfrm_policy *xp,
1884 const struct flowi_common *flic)
e0d1caa7
VY		 1885{
1886 return 1;
1887}
1888
beb8d13b 1889static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
e0d1caa7
VY		 1890{
1891 return 0;
1892}
1893
3df98d79
PM		 1894static inline void security_skb_classify_flow(struct sk_buff *skb,
1895 struct flowi_common *flic)
beb8d13b
VY		 1896{
1897}
1898
df71837d
TJ		 1899#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1900
be6d3e56 1901#ifdef CONFIG_SECURITY_PATH
989f74e0 1902int security_path_unlink(const struct path *dir, struct dentry *dentry);
d3607752 1903int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
989f74e0 1904int security_path_rmdir(const struct path *dir, struct dentry *dentry);
d3607752 1905int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
be6d3e56 1906 unsigned int dev);
81f4c506 1907int security_path_truncate(const struct path *path);
d3607752 1908int security_path_symlink(const struct path *dir, struct dentry *dentry,
be6d3e56 1909 const char *old_name);
3ccee46a 1910int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
be6d3e56 1911 struct dentry *new_dentry);
3ccee46a
AV		 1912int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1913 const struct path *new_dir, struct dentry *new_dentry,
0b3974eb 1914 unsigned int flags);
be01f9f2 1915int security_path_chmod(const struct path *path, umode_t mode);
7fd25dac 1916int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
77b286c0 1917int security_path_chroot(const struct path *path);
be6d3e56 1918#else /* CONFIG_SECURITY_PATH */
989f74e0 1919static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
be6d3e56
KT		 1920{
1921 return 0;
1922}
1923
d3607752 1924static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
4572befe 1925 umode_t mode)
be6d3e56
KT		 1926{
1927 return 0;
1928}
1929
989f74e0 1930static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
be6d3e56
KT		 1931{
1932 return 0;
1933}
1934
d3607752 1935static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
04fc66e7 1936 umode_t mode, unsigned int dev)
be6d3e56
KT		 1937{
1938 return 0;
1939}
1940
81f4c506 1941static inline int security_path_truncate(const struct path *path)
be6d3e56
KT		 1942{
1943 return 0;
1944}
1945
d3607752 1946static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
be6d3e56
KT		 1947 const char *old_name)
1948{
1949 return 0;
1950}
1951
1952static inline int security_path_link(struct dentry *old_dentry,
3ccee46a 1953 const struct path *new_dir,
be6d3e56
KT		 1954 struct dentry *new_dentry)
1955{
1956 return 0;
1957}
1958
3ccee46a 1959static inline int security_path_rename(const struct path *old_dir,
be6d3e56 1960 struct dentry *old_dentry,
3ccee46a 1961 const struct path *new_dir,
0b3974eb
MS		 1962 struct dentry *new_dentry,
1963 unsigned int flags)
be6d3e56
KT		 1964{
1965 return 0;
1966}
89eda068 1967
be01f9f2 1968static inline int security_path_chmod(const struct path *path, umode_t mode)
89eda068
TH		 1969{
1970 return 0;
1971}
1972
7fd25dac 1973static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
89eda068
TH		 1974{
1975 return 0;
1976}
8b8efb44 1977
77b286c0 1978static inline int security_path_chroot(const struct path *path)
8b8efb44
TH		 1979{
1980 return 0;
1981}
be6d3e56
KT		 1982#endif /* CONFIG_SECURITY_PATH */
1983
29db9190
DH		 1984#ifdef CONFIG_KEYS
1985#ifdef CONFIG_SECURITY
29db9190 1986
d84f4f99 1987int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
20510f2f 1988void security_key_free(struct key *key);
8c0637e9
DH		 1989int security_key_permission(key_ref_t key_ref, const struct cred *cred,
1990 enum key_need_perm need_perm);
70a5bb72 1991int security_key_getsecurity(struct key *key, char **_buffer);
29db9190
DH		 1992
1993#else
1994
d720024e 1995static inline int security_key_alloc(struct key *key,
d84f4f99 1996 const struct cred *cred,
7e047ef5 1997 unsigned long flags)
29db9190
DH		 1998{
1999 return 0;
2000}
2001
2002static inline void security_key_free(struct key *key)
2003{
2004}
2005
2006static inline int security_key_permission(key_ref_t key_ref,
d84f4f99 2007 const struct cred *cred,
8c0637e9 2008 enum key_need_perm need_perm)
29db9190
DH		 2009{
2010 return 0;
2011}
2012
70a5bb72
DH		 2013static inline int security_key_getsecurity(struct key *key, char **_buffer)
2014{
2015 *_buffer = NULL;
2016 return 0;
be1d6a5f 2017}
ee18d64c 2018
29db9190
DH		 2019#endif
2020#endif /* CONFIG_KEYS */
2021
03d37d25
AD		 2022#ifdef CONFIG_AUDIT
2023#ifdef CONFIG_SECURITY
2024int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
2025int security_audit_rule_known(struct audit_krule *krule);
eb182194
CS		 2026int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
2027 void **lsmrule);
f17b27a2 2028void security_audit_rule_free(void **lsmrule);
03d37d25
AD		 2029
2030#else
2031
2032static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
2033 void **lsmrule)
2034{
2035 return 0;
2036}
2037
2038static inline int security_audit_rule_known(struct audit_krule *krule)
2039{
2040 return 0;
2041}
2042
eb182194
CS		 2043static inline int security_audit_rule_match(struct lsmblob *blob, u32 field,
2044 u32 op, void **lsmrule)
03d37d25
AD		 2045{
2046 return 0;
2047}
2048
f17b27a2 2049static inline void security_audit_rule_free(void **lsmrule)
03d37d25
AD		 2050{ }
2051
2052#endif /* CONFIG_SECURITY */
2053#endif /* CONFIG_AUDIT */
2054
da31894e
EP		 2055#ifdef CONFIG_SECURITYFS
2056
52ef0c04 2057extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
da31894e
EP		 2058 struct dentry *parent, void *data,
2059 const struct file_operations *fops);
2060extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
6623ec7c
JJ		 2061struct dentry *securityfs_create_symlink(const char *name,
2062 struct dentry *parent,
2063 const char *target,
2064 const struct inode_operations *iops);
da31894e
EP		 2065extern void securityfs_remove(struct dentry *dentry);
2066
2067#else /* CONFIG_SECURITYFS */
2068
2069static inline struct dentry *securityfs_create_dir(const char *name,
2070 struct dentry *parent)
2071{
2072 return ERR_PTR(-ENODEV);
2073}
2074
2075static inline struct dentry *securityfs_create_file(const char *name,
52ef0c04 2076 umode_t mode,
da31894e
EP		 2077 struct dentry *parent,
2078 void *data,
2079 const struct file_operations *fops)
2080{
2081 return ERR_PTR(-ENODEV);
2082}
2083
6623ec7c
JJ		 2084static inline struct dentry *securityfs_create_symlink(const char *name,
2085 struct dentry *parent,
2086 const char *target,
2087 const struct inode_operations *iops)
2088{
2089 return ERR_PTR(-ENODEV);
2090}
2091
da31894e
EP		 2092static inline void securityfs_remove(struct dentry *dentry)
2093{}
2094
2095#endif
2096
afdb09c7 2097#ifdef CONFIG_BPF_SYSCALL
1495dc9f
JK		 2098union bpf_attr;
2099struct bpf_map;
2100struct bpf_prog;
2101struct bpf_prog_aux;
afdb09c7
CF		 2102#ifdef CONFIG_SECURITY
2103extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size);
2104extern int security_bpf_map(struct bpf_map *map, fmode_t fmode);
2105extern int security_bpf_prog(struct bpf_prog *prog);
2106extern int security_bpf_map_alloc(struct bpf_map *map);
2107extern void security_bpf_map_free(struct bpf_map *map);
2108extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux);
2109extern void security_bpf_prog_free(struct bpf_prog_aux *aux);
2110#else
2111static inline int security_bpf(int cmd, union bpf_attr *attr,
2112 unsigned int size)
2113{
2114 return 0;
2115}
2116
2117static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode)
2118{
2119 return 0;
2120}
2121
2122static inline int security_bpf_prog(struct bpf_prog *prog)
2123{
2124 return 0;
2125}
2126
2127static inline int security_bpf_map_alloc(struct bpf_map *map)
2128{
2129 return 0;
2130}
2131
2132static inline void security_bpf_map_free(struct bpf_map *map)
2133{ }
2134
2135static inline int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
2136{
2137 return 0;
2138}
2139
2140static inline void security_bpf_prog_free(struct bpf_prog_aux *aux)
2141{ }
2142#endif /* CONFIG_SECURITY */
2143#endif /* CONFIG_BPF_SYSCALL */
2144
da97e184
JFG		 2145#ifdef CONFIG_PERF_EVENTS
2146struct perf_event_attr;
ae79d558 2147struct perf_event;
da97e184
JFG		 2148
2149#ifdef CONFIG_SECURITY
2150extern int security_perf_event_open(struct perf_event_attr *attr, int type);
2151extern int security_perf_event_alloc(struct perf_event *event);
2152extern void security_perf_event_free(struct perf_event *event);
2153extern int security_perf_event_read(struct perf_event *event);
2154extern int security_perf_event_write(struct perf_event *event);
2155#else
2156static inline int security_perf_event_open(struct perf_event_attr *attr,
2157 int type)
2158{
2159 return 0;
2160}
2161
2162static inline int security_perf_event_alloc(struct perf_event *event)
2163{
2164 return 0;
2165}
2166
2167static inline void security_perf_event_free(struct perf_event *event)
2168{
2169}
2170
2171static inline int security_perf_event_read(struct perf_event *event)
2172{
2173 return 0;
2174}
1da177e4 2175
da97e184
JFG		 2176static inline int security_perf_event_write(struct perf_event *event)
2177{
2178 return 0;
2179}
2180#endif /* CONFIG_SECURITY */
2181#endif /* CONFIG_PERF_EVENTS */
2182
2183#endif /* ! __LINUX_SECURITY_H */
Ubuntu Jammy Linux kernel mirror