1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun * Linux Security plug
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5*4882a593Smuzhiyun * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6*4882a593Smuzhiyun * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7*4882a593Smuzhiyun * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8*4882a593Smuzhiyun * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9*4882a593Smuzhiyun * Copyright (C) 2016 Mellanox Techonologies
10*4882a593Smuzhiyun *
11*4882a593Smuzhiyun * This program is free software; you can redistribute it and/or modify
12*4882a593Smuzhiyun * it under the terms of the GNU General Public License as published by
13*4882a593Smuzhiyun * the Free Software Foundation; either version 2 of the License, or
14*4882a593Smuzhiyun * (at your option) any later version.
15*4882a593Smuzhiyun *
16*4882a593Smuzhiyun * Due to this file being licensed under the GPL there is controversy over
17*4882a593Smuzhiyun * whether this permits you to write a module that #includes this file
18*4882a593Smuzhiyun * without placing your module under the GPL. Please consult a lawyer for
19*4882a593Smuzhiyun * advice before doing this.
20*4882a593Smuzhiyun *
21*4882a593Smuzhiyun */
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun #ifndef __LINUX_SECURITY_H
24*4882a593Smuzhiyun #define __LINUX_SECURITY_H
25*4882a593Smuzhiyun
26*4882a593Smuzhiyun #include <linux/kernel_read_file.h>
27*4882a593Smuzhiyun #include <linux/key.h>
28*4882a593Smuzhiyun #include <linux/capability.h>
29*4882a593Smuzhiyun #include <linux/fs.h>
30*4882a593Smuzhiyun #include <linux/slab.h>
31*4882a593Smuzhiyun #include <linux/err.h>
32*4882a593Smuzhiyun #include <linux/string.h>
33*4882a593Smuzhiyun #include <linux/mm.h>
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun struct linux_binprm;
36*4882a593Smuzhiyun struct cred;
37*4882a593Smuzhiyun struct rlimit;
38*4882a593Smuzhiyun struct kernel_siginfo;
39*4882a593Smuzhiyun struct sembuf;
40*4882a593Smuzhiyun struct kern_ipc_perm;
41*4882a593Smuzhiyun struct audit_context;
42*4882a593Smuzhiyun struct super_block;
43*4882a593Smuzhiyun struct inode;
44*4882a593Smuzhiyun struct dentry;
45*4882a593Smuzhiyun struct file;
46*4882a593Smuzhiyun struct vfsmount;
47*4882a593Smuzhiyun struct path;
48*4882a593Smuzhiyun struct qstr;
49*4882a593Smuzhiyun struct iattr;
50*4882a593Smuzhiyun struct fown_struct;
51*4882a593Smuzhiyun struct file_operations;
52*4882a593Smuzhiyun struct msg_msg;
53*4882a593Smuzhiyun struct xattr;
54*4882a593Smuzhiyun struct kernfs_node;
55*4882a593Smuzhiyun struct xfrm_sec_ctx;
56*4882a593Smuzhiyun struct mm_struct;
57*4882a593Smuzhiyun struct fs_context;
58*4882a593Smuzhiyun struct fs_parameter;
59*4882a593Smuzhiyun enum fs_value_type;
60*4882a593Smuzhiyun struct watch;
61*4882a593Smuzhiyun struct watch_notification;
62*4882a593Smuzhiyun
63*4882a593Smuzhiyun /* Default (no) options for the capable function */
64*4882a593Smuzhiyun #define CAP_OPT_NONE 0x0
65*4882a593Smuzhiyun /* If capable should audit the security request */
66*4882a593Smuzhiyun #define CAP_OPT_NOAUDIT BIT(1)
67*4882a593Smuzhiyun /* If capable is being called by a setid function */
68*4882a593Smuzhiyun #define CAP_OPT_INSETID BIT(2)
69*4882a593Smuzhiyun
70*4882a593Smuzhiyun /* LSM Agnostic defines for fs_context::lsm_flags */
71*4882a593Smuzhiyun #define SECURITY_LSM_NATIVE_LABELS 1
72*4882a593Smuzhiyun
73*4882a593Smuzhiyun struct ctl_table;
74*4882a593Smuzhiyun struct audit_krule;
75*4882a593Smuzhiyun struct user_namespace;
76*4882a593Smuzhiyun struct timezone;
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun enum lsm_event {
79*4882a593Smuzhiyun LSM_POLICY_CHANGE,
80*4882a593Smuzhiyun };
81*4882a593Smuzhiyun
82*4882a593Smuzhiyun /*
83*4882a593Smuzhiyun * These are reasons that can be passed to the security_locked_down()
84*4882a593Smuzhiyun * LSM hook. Lockdown reasons that protect kernel integrity (ie, the
85*4882a593Smuzhiyun * ability for userland to modify kernel code) are placed before
86*4882a593Smuzhiyun * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel
87*4882a593Smuzhiyun * confidentiality (ie, the ability for userland to extract
88*4882a593Smuzhiyun * information from the running kernel that would otherwise be
89*4882a593Smuzhiyun * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX.
90*4882a593Smuzhiyun *
91*4882a593Smuzhiyun * LSM authors should note that the semantics of any given lockdown
92*4882a593Smuzhiyun * reason are not guaranteed to be stable - the same reason may block
93*4882a593Smuzhiyun * one set of features in one kernel release, and a slightly different
94*4882a593Smuzhiyun * set of features in a later kernel release. LSMs that seek to expose
95*4882a593Smuzhiyun * lockdown policy at any level of granularity other than "none",
96*4882a593Smuzhiyun * "integrity" or "confidentiality" are responsible for either
97*4882a593Smuzhiyun * ensuring that they expose a consistent level of functionality to
98*4882a593Smuzhiyun * userland, or ensuring that userland is aware that this is
99*4882a593Smuzhiyun * potentially a moving target. It is easy to misuse this information
100*4882a593Smuzhiyun * in a way that could break userspace. Please be careful not to do
101*4882a593Smuzhiyun * so.
102*4882a593Smuzhiyun *
103*4882a593Smuzhiyun * If you add to this, remember to extend lockdown_reasons in
104*4882a593Smuzhiyun * security/lockdown/lockdown.c.
105*4882a593Smuzhiyun */
106*4882a593Smuzhiyun enum lockdown_reason {
107*4882a593Smuzhiyun LOCKDOWN_NONE,
108*4882a593Smuzhiyun LOCKDOWN_MODULE_SIGNATURE,
109*4882a593Smuzhiyun LOCKDOWN_DEV_MEM,
110*4882a593Smuzhiyun LOCKDOWN_EFI_TEST,
111*4882a593Smuzhiyun LOCKDOWN_KEXEC,
112*4882a593Smuzhiyun LOCKDOWN_HIBERNATION,
113*4882a593Smuzhiyun LOCKDOWN_PCI_ACCESS,
114*4882a593Smuzhiyun LOCKDOWN_IOPORT,
115*4882a593Smuzhiyun LOCKDOWN_MSR,
116*4882a593Smuzhiyun LOCKDOWN_ACPI_TABLES,
117*4882a593Smuzhiyun LOCKDOWN_PCMCIA_CIS,
118*4882a593Smuzhiyun LOCKDOWN_TIOCSSERIAL,
119*4882a593Smuzhiyun LOCKDOWN_MODULE_PARAMETERS,
120*4882a593Smuzhiyun LOCKDOWN_MMIOTRACE,
121*4882a593Smuzhiyun LOCKDOWN_DEBUGFS,
122*4882a593Smuzhiyun LOCKDOWN_XMON_WR,
123*4882a593Smuzhiyun LOCKDOWN_BPF_WRITE_USER,
124*4882a593Smuzhiyun LOCKDOWN_DBG_WRITE_KERNEL,
125*4882a593Smuzhiyun LOCKDOWN_INTEGRITY_MAX,
126*4882a593Smuzhiyun LOCKDOWN_KCORE,
127*4882a593Smuzhiyun LOCKDOWN_KPROBES,
128*4882a593Smuzhiyun LOCKDOWN_BPF_READ,
129*4882a593Smuzhiyun LOCKDOWN_DBG_READ_KERNEL,
130*4882a593Smuzhiyun LOCKDOWN_PERF,
131*4882a593Smuzhiyun LOCKDOWN_TRACEFS,
132*4882a593Smuzhiyun LOCKDOWN_XMON_RW,
133*4882a593Smuzhiyun LOCKDOWN_CONFIDENTIALITY_MAX,
134*4882a593Smuzhiyun };
135*4882a593Smuzhiyun
136*4882a593Smuzhiyun /* These functions are in security/commoncap.c */
137*4882a593Smuzhiyun extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
138*4882a593Smuzhiyun int cap, unsigned int opts);
139*4882a593Smuzhiyun extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
140*4882a593Smuzhiyun extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
141*4882a593Smuzhiyun extern int cap_ptrace_traceme(struct task_struct *parent);
142*4882a593Smuzhiyun extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
143*4882a593Smuzhiyun extern int cap_capset(struct cred *new, const struct cred *old,
144*4882a593Smuzhiyun const kernel_cap_t *effective,
145*4882a593Smuzhiyun const kernel_cap_t *inheritable,
146*4882a593Smuzhiyun const kernel_cap_t *permitted);
147*4882a593Smuzhiyun extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
148*4882a593Smuzhiyun extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
149*4882a593Smuzhiyun const void *value, size_t size, int flags);
150*4882a593Smuzhiyun extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
151*4882a593Smuzhiyun extern int cap_inode_need_killpriv(struct dentry *dentry);
152*4882a593Smuzhiyun extern int cap_inode_killpriv(struct dentry *dentry);
153*4882a593Smuzhiyun extern int cap_inode_getsecurity(struct inode *inode, const char *name,
154*4882a593Smuzhiyun void **buffer, bool alloc);
155*4882a593Smuzhiyun extern int cap_mmap_addr(unsigned long addr);
156*4882a593Smuzhiyun extern int cap_mmap_file(struct file *file, unsigned long reqprot,
157*4882a593Smuzhiyun unsigned long prot, unsigned long flags);
158*4882a593Smuzhiyun extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
159*4882a593Smuzhiyun extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
160*4882a593Smuzhiyun unsigned long arg4, unsigned long arg5);
161*4882a593Smuzhiyun extern int cap_task_setscheduler(struct task_struct *p);
162*4882a593Smuzhiyun extern int cap_task_setioprio(struct task_struct *p, int ioprio);
163*4882a593Smuzhiyun extern int cap_task_setnice(struct task_struct *p, int nice);
164*4882a593Smuzhiyun extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
165*4882a593Smuzhiyun
166*4882a593Smuzhiyun struct msghdr;
167*4882a593Smuzhiyun struct sk_buff;
168*4882a593Smuzhiyun struct sock;
169*4882a593Smuzhiyun struct sockaddr;
170*4882a593Smuzhiyun struct socket;
171*4882a593Smuzhiyun struct flowi_common;
172*4882a593Smuzhiyun struct dst_entry;
173*4882a593Smuzhiyun struct xfrm_selector;
174*4882a593Smuzhiyun struct xfrm_policy;
175*4882a593Smuzhiyun struct xfrm_state;
176*4882a593Smuzhiyun struct xfrm_user_sec_ctx;
177*4882a593Smuzhiyun struct seq_file;
178*4882a593Smuzhiyun struct sctp_endpoint;
179*4882a593Smuzhiyun
180*4882a593Smuzhiyun #ifdef CONFIG_MMU
181*4882a593Smuzhiyun extern unsigned long mmap_min_addr;
182*4882a593Smuzhiyun extern unsigned long dac_mmap_min_addr;
183*4882a593Smuzhiyun #else
184*4882a593Smuzhiyun #define mmap_min_addr 0UL
185*4882a593Smuzhiyun #define dac_mmap_min_addr 0UL
186*4882a593Smuzhiyun #endif
187*4882a593Smuzhiyun
188*4882a593Smuzhiyun /*
189*4882a593Smuzhiyun * Values used in the task_security_ops calls
190*4882a593Smuzhiyun */
191*4882a593Smuzhiyun /* setuid or setgid, id0 == uid or gid */
192*4882a593Smuzhiyun #define LSM_SETID_ID 1
193*4882a593Smuzhiyun
194*4882a593Smuzhiyun /* setreuid or setregid, id0 == real, id1 == eff */
195*4882a593Smuzhiyun #define LSM_SETID_RE 2
196*4882a593Smuzhiyun
197*4882a593Smuzhiyun /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
198*4882a593Smuzhiyun #define LSM_SETID_RES 4
199*4882a593Smuzhiyun
200*4882a593Smuzhiyun /* setfsuid or setfsgid, id0 == fsuid or fsgid */
201*4882a593Smuzhiyun #define LSM_SETID_FS 8
202*4882a593Smuzhiyun
203*4882a593Smuzhiyun /* Flags for security_task_prlimit(). */
204*4882a593Smuzhiyun #define LSM_PRLIMIT_READ 1
205*4882a593Smuzhiyun #define LSM_PRLIMIT_WRITE 2
206*4882a593Smuzhiyun
207*4882a593Smuzhiyun /* forward declares to avoid warnings */
208*4882a593Smuzhiyun struct sched_param;
209*4882a593Smuzhiyun struct request_sock;
210*4882a593Smuzhiyun
211*4882a593Smuzhiyun /* bprm->unsafe reasons */
212*4882a593Smuzhiyun #define LSM_UNSAFE_SHARE 1
213*4882a593Smuzhiyun #define LSM_UNSAFE_PTRACE 2
214*4882a593Smuzhiyun #define LSM_UNSAFE_NO_NEW_PRIVS 4
215*4882a593Smuzhiyun
216*4882a593Smuzhiyun #ifdef CONFIG_MMU
217*4882a593Smuzhiyun extern int mmap_min_addr_handler(struct ctl_table *table, int write,
218*4882a593Smuzhiyun void *buffer, size_t *lenp, loff_t *ppos);
219*4882a593Smuzhiyun #endif
220*4882a593Smuzhiyun
221*4882a593Smuzhiyun /* security_inode_init_security callback function to write xattrs */
222*4882a593Smuzhiyun typedef int (*initxattrs) (struct inode *inode,
223*4882a593Smuzhiyun const struct xattr *xattr_array, void *fs_data);
224*4882a593Smuzhiyun
225*4882a593Smuzhiyun
226*4882a593Smuzhiyun /* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */
227*4882a593Smuzhiyun #define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM,
228*4882a593Smuzhiyun #define __data_id_stringify(dummy, str) #str,
229*4882a593Smuzhiyun
230*4882a593Smuzhiyun enum kernel_load_data_id {
231*4882a593Smuzhiyun __kernel_read_file_id(__data_id_enumify)
232*4882a593Smuzhiyun };
233*4882a593Smuzhiyun
234*4882a593Smuzhiyun static const char * const kernel_load_data_str[] = {
235*4882a593Smuzhiyun __kernel_read_file_id(__data_id_stringify)
236*4882a593Smuzhiyun };
237*4882a593Smuzhiyun
kernel_load_data_id_str(enum kernel_load_data_id id)238*4882a593Smuzhiyun static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
239*4882a593Smuzhiyun {
240*4882a593Smuzhiyun if ((unsigned)id >= LOADING_MAX_ID)
241*4882a593Smuzhiyun return kernel_load_data_str[LOADING_UNKNOWN];
242*4882a593Smuzhiyun
243*4882a593Smuzhiyun return kernel_load_data_str[id];
244*4882a593Smuzhiyun }
245*4882a593Smuzhiyun
246*4882a593Smuzhiyun #ifdef CONFIG_SECURITY
247*4882a593Smuzhiyun
248*4882a593Smuzhiyun int call_blocking_lsm_notifier(enum lsm_event event, void *data);
249*4882a593Smuzhiyun int register_blocking_lsm_notifier(struct notifier_block *nb);
250*4882a593Smuzhiyun int unregister_blocking_lsm_notifier(struct notifier_block *nb);
251*4882a593Smuzhiyun
252*4882a593Smuzhiyun /* prototypes */
253*4882a593Smuzhiyun extern int security_init(void);
254*4882a593Smuzhiyun extern int early_security_init(void);
255*4882a593Smuzhiyun
256*4882a593Smuzhiyun /* Security operations */
257*4882a593Smuzhiyun int security_binder_set_context_mgr(const struct cred *mgr);
258*4882a593Smuzhiyun int security_binder_transaction(const struct cred *from,
259*4882a593Smuzhiyun const struct cred *to);
260*4882a593Smuzhiyun int security_binder_transfer_binder(const struct cred *from,
261*4882a593Smuzhiyun const struct cred *to);
262*4882a593Smuzhiyun int security_binder_transfer_file(const struct cred *from,
263*4882a593Smuzhiyun const struct cred *to, struct file *file);
264*4882a593Smuzhiyun int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
265*4882a593Smuzhiyun int security_ptrace_traceme(struct task_struct *parent);
266*4882a593Smuzhiyun int security_capget(struct task_struct *target,
267*4882a593Smuzhiyun kernel_cap_t *effective,
268*4882a593Smuzhiyun kernel_cap_t *inheritable,
269*4882a593Smuzhiyun kernel_cap_t *permitted);
270*4882a593Smuzhiyun int security_capset(struct cred *new, const struct cred *old,
271*4882a593Smuzhiyun const kernel_cap_t *effective,
272*4882a593Smuzhiyun const kernel_cap_t *inheritable,
273*4882a593Smuzhiyun const kernel_cap_t *permitted);
274*4882a593Smuzhiyun int security_capable(const struct cred *cred,
275*4882a593Smuzhiyun struct user_namespace *ns,
276*4882a593Smuzhiyun int cap,
277*4882a593Smuzhiyun unsigned int opts);
278*4882a593Smuzhiyun int security_quotactl(int cmds, int type, int id, struct super_block *sb);
279*4882a593Smuzhiyun int security_quota_on(struct dentry *dentry);
280*4882a593Smuzhiyun int security_syslog(int type);
281*4882a593Smuzhiyun int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
282*4882a593Smuzhiyun int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
283*4882a593Smuzhiyun int security_bprm_creds_for_exec(struct linux_binprm *bprm);
284*4882a593Smuzhiyun int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
285*4882a593Smuzhiyun int security_bprm_check(struct linux_binprm *bprm);
286*4882a593Smuzhiyun void security_bprm_committing_creds(struct linux_binprm *bprm);
287*4882a593Smuzhiyun void security_bprm_committed_creds(struct linux_binprm *bprm);
288*4882a593Smuzhiyun int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
289*4882a593Smuzhiyun int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
290*4882a593Smuzhiyun int security_sb_alloc(struct super_block *sb);
291*4882a593Smuzhiyun void security_sb_free(struct super_block *sb);
292*4882a593Smuzhiyun void security_free_mnt_opts(void **mnt_opts);
293*4882a593Smuzhiyun int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
294*4882a593Smuzhiyun int security_sb_remount(struct super_block *sb, void *mnt_opts);
295*4882a593Smuzhiyun int security_sb_kern_mount(struct super_block *sb);
296*4882a593Smuzhiyun int security_sb_show_options(struct seq_file *m, struct super_block *sb);
297*4882a593Smuzhiyun int security_sb_statfs(struct dentry *dentry);
298*4882a593Smuzhiyun int security_sb_mount(const char *dev_name, const struct path *path,
299*4882a593Smuzhiyun const char *type, unsigned long flags, void *data);
300*4882a593Smuzhiyun int security_sb_umount(struct vfsmount *mnt, int flags);
301*4882a593Smuzhiyun int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
302*4882a593Smuzhiyun int security_sb_set_mnt_opts(struct super_block *sb,
303*4882a593Smuzhiyun void *mnt_opts,
304*4882a593Smuzhiyun unsigned long kern_flags,
305*4882a593Smuzhiyun unsigned long *set_kern_flags);
306*4882a593Smuzhiyun int security_sb_clone_mnt_opts(const struct super_block *oldsb,
307*4882a593Smuzhiyun struct super_block *newsb,
308*4882a593Smuzhiyun unsigned long kern_flags,
309*4882a593Smuzhiyun unsigned long *set_kern_flags);
310*4882a593Smuzhiyun int security_add_mnt_opt(const char *option, const char *val,
311*4882a593Smuzhiyun int len, void **mnt_opts);
312*4882a593Smuzhiyun int security_move_mount(const struct path *from_path, const struct path *to_path);
313*4882a593Smuzhiyun int security_dentry_init_security(struct dentry *dentry, int mode,
314*4882a593Smuzhiyun const struct qstr *name, void **ctx,
315*4882a593Smuzhiyun u32 *ctxlen);
316*4882a593Smuzhiyun int security_dentry_create_files_as(struct dentry *dentry, int mode,
317*4882a593Smuzhiyun struct qstr *name,
318*4882a593Smuzhiyun const struct cred *old,
319*4882a593Smuzhiyun struct cred *new);
320*4882a593Smuzhiyun int security_path_notify(const struct path *path, u64 mask,
321*4882a593Smuzhiyun unsigned int obj_type);
322*4882a593Smuzhiyun int security_inode_alloc(struct inode *inode);
323*4882a593Smuzhiyun void security_inode_free(struct inode *inode);
324*4882a593Smuzhiyun int security_inode_init_security(struct inode *inode, struct inode *dir,
325*4882a593Smuzhiyun const struct qstr *qstr,
326*4882a593Smuzhiyun initxattrs initxattrs, void *fs_data);
327*4882a593Smuzhiyun int security_inode_init_security_anon(struct inode *inode,
328*4882a593Smuzhiyun const struct qstr *name,
329*4882a593Smuzhiyun const struct inode *context_inode);
330*4882a593Smuzhiyun int security_old_inode_init_security(struct inode *inode, struct inode *dir,
331*4882a593Smuzhiyun const struct qstr *qstr, const char **name,
332*4882a593Smuzhiyun void **value, size_t *len);
333*4882a593Smuzhiyun int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
334*4882a593Smuzhiyun int security_inode_link(struct dentry *old_dentry, struct inode *dir,
335*4882a593Smuzhiyun struct dentry *new_dentry);
336*4882a593Smuzhiyun int security_inode_unlink(struct inode *dir, struct dentry *dentry);
337*4882a593Smuzhiyun int security_inode_symlink(struct inode *dir, struct dentry *dentry,
338*4882a593Smuzhiyun const char *old_name);
339*4882a593Smuzhiyun int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
340*4882a593Smuzhiyun int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
341*4882a593Smuzhiyun int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
342*4882a593Smuzhiyun int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
343*4882a593Smuzhiyun struct inode *new_dir, struct dentry *new_dentry,
344*4882a593Smuzhiyun unsigned int flags);
345*4882a593Smuzhiyun int security_inode_readlink(struct dentry *dentry);
346*4882a593Smuzhiyun int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
347*4882a593Smuzhiyun bool rcu);
348*4882a593Smuzhiyun int security_inode_permission(struct inode *inode, int mask);
349*4882a593Smuzhiyun int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
350*4882a593Smuzhiyun int security_inode_getattr(const struct path *path);
351*4882a593Smuzhiyun int security_inode_setxattr(struct dentry *dentry, const char *name,
352*4882a593Smuzhiyun const void *value, size_t size, int flags);
353*4882a593Smuzhiyun void security_inode_post_setxattr(struct dentry *dentry, const char *name,
354*4882a593Smuzhiyun const void *value, size_t size, int flags);
355*4882a593Smuzhiyun int security_inode_getxattr(struct dentry *dentry, const char *name);
356*4882a593Smuzhiyun int security_inode_listxattr(struct dentry *dentry);
357*4882a593Smuzhiyun int security_inode_removexattr(struct dentry *dentry, const char *name);
358*4882a593Smuzhiyun int security_inode_need_killpriv(struct dentry *dentry);
359*4882a593Smuzhiyun int security_inode_killpriv(struct dentry *dentry);
360*4882a593Smuzhiyun int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);
361*4882a593Smuzhiyun int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
362*4882a593Smuzhiyun int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
363*4882a593Smuzhiyun void security_inode_getsecid(struct inode *inode, u32 *secid);
364*4882a593Smuzhiyun int security_inode_copy_up(struct dentry *src, struct cred **new);
365*4882a593Smuzhiyun int security_inode_copy_up_xattr(const char *name);
366*4882a593Smuzhiyun int security_kernfs_init_security(struct kernfs_node *kn_dir,
367*4882a593Smuzhiyun struct kernfs_node *kn);
368*4882a593Smuzhiyun int security_file_permission(struct file *file, int mask);
369*4882a593Smuzhiyun int security_file_alloc(struct file *file);
370*4882a593Smuzhiyun void security_file_free(struct file *file);
371*4882a593Smuzhiyun int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
372*4882a593Smuzhiyun int security_mmap_file(struct file *file, unsigned long prot,
373*4882a593Smuzhiyun unsigned long flags);
374*4882a593Smuzhiyun int security_mmap_addr(unsigned long addr);
375*4882a593Smuzhiyun int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
376*4882a593Smuzhiyun unsigned long prot);
377*4882a593Smuzhiyun int security_file_lock(struct file *file, unsigned int cmd);
378*4882a593Smuzhiyun int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
379*4882a593Smuzhiyun void security_file_set_fowner(struct file *file);
380*4882a593Smuzhiyun int security_file_send_sigiotask(struct task_struct *tsk,
381*4882a593Smuzhiyun struct fown_struct *fown, int sig);
382*4882a593Smuzhiyun int security_file_receive(struct file *file);
383*4882a593Smuzhiyun int security_file_open(struct file *file);
384*4882a593Smuzhiyun int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
385*4882a593Smuzhiyun void security_task_free(struct task_struct *task);
386*4882a593Smuzhiyun int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
387*4882a593Smuzhiyun void security_cred_free(struct cred *cred);
388*4882a593Smuzhiyun int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
389*4882a593Smuzhiyun void security_transfer_creds(struct cred *new, const struct cred *old);
390*4882a593Smuzhiyun void security_cred_getsecid(const struct cred *c, u32 *secid);
391*4882a593Smuzhiyun int security_kernel_act_as(struct cred *new, u32 secid);
392*4882a593Smuzhiyun int security_kernel_create_files_as(struct cred *new, struct inode *inode);
393*4882a593Smuzhiyun int security_kernel_module_request(char *kmod_name);
394*4882a593Smuzhiyun int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
395*4882a593Smuzhiyun int security_kernel_post_load_data(char *buf, loff_t size,
396*4882a593Smuzhiyun enum kernel_load_data_id id,
397*4882a593Smuzhiyun char *description);
398*4882a593Smuzhiyun int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
399*4882a593Smuzhiyun bool contents);
400*4882a593Smuzhiyun int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
401*4882a593Smuzhiyun enum kernel_read_file_id id);
402*4882a593Smuzhiyun int security_task_fix_setuid(struct cred *new, const struct cred *old,
403*4882a593Smuzhiyun int flags);
404*4882a593Smuzhiyun int security_task_fix_setgid(struct cred *new, const struct cred *old,
405*4882a593Smuzhiyun int flags);
406*4882a593Smuzhiyun int security_task_setpgid(struct task_struct *p, pid_t pgid);
407*4882a593Smuzhiyun int security_task_getpgid(struct task_struct *p);
408*4882a593Smuzhiyun int security_task_getsid(struct task_struct *p);
409*4882a593Smuzhiyun void security_task_getsecid(struct task_struct *p, u32 *secid);
410*4882a593Smuzhiyun int security_task_setnice(struct task_struct *p, int nice);
411*4882a593Smuzhiyun int security_task_setioprio(struct task_struct *p, int ioprio);
412*4882a593Smuzhiyun int security_task_getioprio(struct task_struct *p);
413*4882a593Smuzhiyun int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
414*4882a593Smuzhiyun unsigned int flags);
415*4882a593Smuzhiyun int security_task_setrlimit(struct task_struct *p, unsigned int resource,
416*4882a593Smuzhiyun struct rlimit *new_rlim);
417*4882a593Smuzhiyun int security_task_setscheduler(struct task_struct *p);
418*4882a593Smuzhiyun int security_task_getscheduler(struct task_struct *p);
419*4882a593Smuzhiyun int security_task_movememory(struct task_struct *p);
420*4882a593Smuzhiyun int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
421*4882a593Smuzhiyun int sig, const struct cred *cred);
422*4882a593Smuzhiyun int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
423*4882a593Smuzhiyun unsigned long arg4, unsigned long arg5);
424*4882a593Smuzhiyun void security_task_to_inode(struct task_struct *p, struct inode *inode);
425*4882a593Smuzhiyun int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
426*4882a593Smuzhiyun void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
427*4882a593Smuzhiyun int security_msg_msg_alloc(struct msg_msg *msg);
428*4882a593Smuzhiyun void security_msg_msg_free(struct msg_msg *msg);
429*4882a593Smuzhiyun int security_msg_queue_alloc(struct kern_ipc_perm *msq);
430*4882a593Smuzhiyun void security_msg_queue_free(struct kern_ipc_perm *msq);
431*4882a593Smuzhiyun int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
432*4882a593Smuzhiyun int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
433*4882a593Smuzhiyun int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
434*4882a593Smuzhiyun struct msg_msg *msg, int msqflg);
435*4882a593Smuzhiyun int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
436*4882a593Smuzhiyun struct task_struct *target, long type, int mode);
437*4882a593Smuzhiyun int security_shm_alloc(struct kern_ipc_perm *shp);
438*4882a593Smuzhiyun void security_shm_free(struct kern_ipc_perm *shp);
439*4882a593Smuzhiyun int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
440*4882a593Smuzhiyun int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
441*4882a593Smuzhiyun int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
442*4882a593Smuzhiyun int security_sem_alloc(struct kern_ipc_perm *sma);
443*4882a593Smuzhiyun void security_sem_free(struct kern_ipc_perm *sma);
444*4882a593Smuzhiyun int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
445*4882a593Smuzhiyun int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
446*4882a593Smuzhiyun int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
447*4882a593Smuzhiyun unsigned nsops, int alter);
448*4882a593Smuzhiyun void security_d_instantiate(struct dentry *dentry, struct inode *inode);
449*4882a593Smuzhiyun int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
450*4882a593Smuzhiyun char **value);
451*4882a593Smuzhiyun int security_setprocattr(const char *lsm, const char *name, void *value,
452*4882a593Smuzhiyun size_t size);
453*4882a593Smuzhiyun int security_netlink_send(struct sock *sk, struct sk_buff *skb);
454*4882a593Smuzhiyun int security_ismaclabel(const char *name);
455*4882a593Smuzhiyun int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
456*4882a593Smuzhiyun int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
457*4882a593Smuzhiyun void security_release_secctx(char *secdata, u32 seclen);
458*4882a593Smuzhiyun void security_inode_invalidate_secctx(struct inode *inode);
459*4882a593Smuzhiyun int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
460*4882a593Smuzhiyun int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
461*4882a593Smuzhiyun int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
462*4882a593Smuzhiyun int security_locked_down(enum lockdown_reason what);
463*4882a593Smuzhiyun #else /* CONFIG_SECURITY */
464*4882a593Smuzhiyun
call_blocking_lsm_notifier(enum lsm_event event,void * data)465*4882a593Smuzhiyun static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
466*4882a593Smuzhiyun {
467*4882a593Smuzhiyun return 0;
468*4882a593Smuzhiyun }
469*4882a593Smuzhiyun
register_blocking_lsm_notifier(struct notifier_block * nb)470*4882a593Smuzhiyun static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
471*4882a593Smuzhiyun {
472*4882a593Smuzhiyun return 0;
473*4882a593Smuzhiyun }
474*4882a593Smuzhiyun
unregister_blocking_lsm_notifier(struct notifier_block * nb)475*4882a593Smuzhiyun static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb)
476*4882a593Smuzhiyun {
477*4882a593Smuzhiyun return 0;
478*4882a593Smuzhiyun }
479*4882a593Smuzhiyun
security_free_mnt_opts(void ** mnt_opts)480*4882a593Smuzhiyun static inline void security_free_mnt_opts(void **mnt_opts)
481*4882a593Smuzhiyun {
482*4882a593Smuzhiyun }
483*4882a593Smuzhiyun
484*4882a593Smuzhiyun /*
485*4882a593Smuzhiyun * This is the default capabilities functionality. Most of these functions
486*4882a593Smuzhiyun * are just stubbed out, but a few must call the proper capable code.
487*4882a593Smuzhiyun */
488*4882a593Smuzhiyun
security_init(void)489*4882a593Smuzhiyun static inline int security_init(void)
490*4882a593Smuzhiyun {
491*4882a593Smuzhiyun return 0;
492*4882a593Smuzhiyun }
493*4882a593Smuzhiyun
early_security_init(void)494*4882a593Smuzhiyun static inline int early_security_init(void)
495*4882a593Smuzhiyun {
496*4882a593Smuzhiyun return 0;
497*4882a593Smuzhiyun }
498*4882a593Smuzhiyun
security_binder_set_context_mgr(const struct cred * mgr)499*4882a593Smuzhiyun static inline int security_binder_set_context_mgr(const struct cred *mgr)
500*4882a593Smuzhiyun {
501*4882a593Smuzhiyun return 0;
502*4882a593Smuzhiyun }
503*4882a593Smuzhiyun
security_binder_transaction(const struct cred * from,const struct cred * to)504*4882a593Smuzhiyun static inline int security_binder_transaction(const struct cred *from,
505*4882a593Smuzhiyun const struct cred *to)
506*4882a593Smuzhiyun {
507*4882a593Smuzhiyun return 0;
508*4882a593Smuzhiyun }
509*4882a593Smuzhiyun
security_binder_transfer_binder(const struct cred * from,const struct cred * to)510*4882a593Smuzhiyun static inline int security_binder_transfer_binder(const struct cred *from,
511*4882a593Smuzhiyun const struct cred *to)
512*4882a593Smuzhiyun {
513*4882a593Smuzhiyun return 0;
514*4882a593Smuzhiyun }
515*4882a593Smuzhiyun
security_binder_transfer_file(const struct cred * from,const struct cred * to,struct file * file)516*4882a593Smuzhiyun static inline int security_binder_transfer_file(const struct cred *from,
517*4882a593Smuzhiyun const struct cred *to,
518*4882a593Smuzhiyun struct file *file)
519*4882a593Smuzhiyun {
520*4882a593Smuzhiyun return 0;
521*4882a593Smuzhiyun }
522*4882a593Smuzhiyun
security_ptrace_access_check(struct task_struct * child,unsigned int mode)523*4882a593Smuzhiyun static inline int security_ptrace_access_check(struct task_struct *child,
524*4882a593Smuzhiyun unsigned int mode)
525*4882a593Smuzhiyun {
526*4882a593Smuzhiyun return cap_ptrace_access_check(child, mode);
527*4882a593Smuzhiyun }
528*4882a593Smuzhiyun
security_ptrace_traceme(struct task_struct * parent)529*4882a593Smuzhiyun static inline int security_ptrace_traceme(struct task_struct *parent)
530*4882a593Smuzhiyun {
531*4882a593Smuzhiyun return cap_ptrace_traceme(parent);
532*4882a593Smuzhiyun }
533*4882a593Smuzhiyun
security_capget(struct task_struct * target,kernel_cap_t * effective,kernel_cap_t * inheritable,kernel_cap_t * permitted)534*4882a593Smuzhiyun static inline int security_capget(struct task_struct *target,
535*4882a593Smuzhiyun kernel_cap_t *effective,
536*4882a593Smuzhiyun kernel_cap_t *inheritable,
537*4882a593Smuzhiyun kernel_cap_t *permitted)
538*4882a593Smuzhiyun {
539*4882a593Smuzhiyun return cap_capget(target, effective, inheritable, permitted);
540*4882a593Smuzhiyun }
541*4882a593Smuzhiyun
security_capset(struct cred * new,const struct cred * old,const kernel_cap_t * effective,const kernel_cap_t * inheritable,const kernel_cap_t * permitted)542*4882a593Smuzhiyun static inline int security_capset(struct cred *new,
543*4882a593Smuzhiyun const struct cred *old,
544*4882a593Smuzhiyun const kernel_cap_t *effective,
545*4882a593Smuzhiyun const kernel_cap_t *inheritable,
546*4882a593Smuzhiyun const kernel_cap_t *permitted)
547*4882a593Smuzhiyun {
548*4882a593Smuzhiyun return cap_capset(new, old, effective, inheritable, permitted);
549*4882a593Smuzhiyun }
550*4882a593Smuzhiyun
security_capable(const struct cred * cred,struct user_namespace * ns,int cap,unsigned int opts)551*4882a593Smuzhiyun static inline int security_capable(const struct cred *cred,
552*4882a593Smuzhiyun struct user_namespace *ns,
553*4882a593Smuzhiyun int cap,
554*4882a593Smuzhiyun unsigned int opts)
555*4882a593Smuzhiyun {
556*4882a593Smuzhiyun return cap_capable(cred, ns, cap, opts);
557*4882a593Smuzhiyun }
558*4882a593Smuzhiyun
security_quotactl(int cmds,int type,int id,struct super_block * sb)559*4882a593Smuzhiyun static inline int security_quotactl(int cmds, int type, int id,
560*4882a593Smuzhiyun struct super_block *sb)
561*4882a593Smuzhiyun {
562*4882a593Smuzhiyun return 0;
563*4882a593Smuzhiyun }
564*4882a593Smuzhiyun
security_quota_on(struct dentry * dentry)565*4882a593Smuzhiyun static inline int security_quota_on(struct dentry *dentry)
566*4882a593Smuzhiyun {
567*4882a593Smuzhiyun return 0;
568*4882a593Smuzhiyun }
569*4882a593Smuzhiyun
security_syslog(int type)570*4882a593Smuzhiyun static inline int security_syslog(int type)
571*4882a593Smuzhiyun {
572*4882a593Smuzhiyun return 0;
573*4882a593Smuzhiyun }
574*4882a593Smuzhiyun
security_settime64(const struct timespec64 * ts,const struct timezone * tz)575*4882a593Smuzhiyun static inline int security_settime64(const struct timespec64 *ts,
576*4882a593Smuzhiyun const struct timezone *tz)
577*4882a593Smuzhiyun {
578*4882a593Smuzhiyun return cap_settime(ts, tz);
579*4882a593Smuzhiyun }
580*4882a593Smuzhiyun
security_vm_enough_memory_mm(struct mm_struct * mm,long pages)581*4882a593Smuzhiyun static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
582*4882a593Smuzhiyun {
583*4882a593Smuzhiyun return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
584*4882a593Smuzhiyun }
585*4882a593Smuzhiyun
security_bprm_creds_for_exec(struct linux_binprm * bprm)586*4882a593Smuzhiyun static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
587*4882a593Smuzhiyun {
588*4882a593Smuzhiyun return 0;
589*4882a593Smuzhiyun }
590*4882a593Smuzhiyun
security_bprm_creds_from_file(struct linux_binprm * bprm,struct file * file)591*4882a593Smuzhiyun static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
592*4882a593Smuzhiyun struct file *file)
593*4882a593Smuzhiyun {
594*4882a593Smuzhiyun return cap_bprm_creds_from_file(bprm, file);
595*4882a593Smuzhiyun }
596*4882a593Smuzhiyun
security_bprm_check(struct linux_binprm * bprm)597*4882a593Smuzhiyun static inline int security_bprm_check(struct linux_binprm *bprm)
598*4882a593Smuzhiyun {
599*4882a593Smuzhiyun return 0;
600*4882a593Smuzhiyun }
601*4882a593Smuzhiyun
security_bprm_committing_creds(struct linux_binprm * bprm)602*4882a593Smuzhiyun static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
603*4882a593Smuzhiyun {
604*4882a593Smuzhiyun }
605*4882a593Smuzhiyun
security_bprm_committed_creds(struct linux_binprm * bprm)606*4882a593Smuzhiyun static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
607*4882a593Smuzhiyun {
608*4882a593Smuzhiyun }
609*4882a593Smuzhiyun
security_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)610*4882a593Smuzhiyun static inline int security_fs_context_dup(struct fs_context *fc,
611*4882a593Smuzhiyun struct fs_context *src_fc)
612*4882a593Smuzhiyun {
613*4882a593Smuzhiyun return 0;
614*4882a593Smuzhiyun }
security_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)615*4882a593Smuzhiyun static inline int security_fs_context_parse_param(struct fs_context *fc,
616*4882a593Smuzhiyun struct fs_parameter *param)
617*4882a593Smuzhiyun {
618*4882a593Smuzhiyun return -ENOPARAM;
619*4882a593Smuzhiyun }
620*4882a593Smuzhiyun
security_sb_alloc(struct super_block * sb)621*4882a593Smuzhiyun static inline int security_sb_alloc(struct super_block *sb)
622*4882a593Smuzhiyun {
623*4882a593Smuzhiyun return 0;
624*4882a593Smuzhiyun }
625*4882a593Smuzhiyun
security_sb_free(struct super_block * sb)626*4882a593Smuzhiyun static inline void security_sb_free(struct super_block *sb)
627*4882a593Smuzhiyun { }
628*4882a593Smuzhiyun
security_sb_eat_lsm_opts(char * options,void ** mnt_opts)629*4882a593Smuzhiyun static inline int security_sb_eat_lsm_opts(char *options,
630*4882a593Smuzhiyun void **mnt_opts)
631*4882a593Smuzhiyun {
632*4882a593Smuzhiyun return 0;
633*4882a593Smuzhiyun }
634*4882a593Smuzhiyun
security_sb_remount(struct super_block * sb,void * mnt_opts)635*4882a593Smuzhiyun static inline int security_sb_remount(struct super_block *sb,
636*4882a593Smuzhiyun void *mnt_opts)
637*4882a593Smuzhiyun {
638*4882a593Smuzhiyun return 0;
639*4882a593Smuzhiyun }
640*4882a593Smuzhiyun
security_sb_kern_mount(struct super_block * sb)641*4882a593Smuzhiyun static inline int security_sb_kern_mount(struct super_block *sb)
642*4882a593Smuzhiyun {
643*4882a593Smuzhiyun return 0;
644*4882a593Smuzhiyun }
645*4882a593Smuzhiyun
security_sb_show_options(struct seq_file * m,struct super_block * sb)646*4882a593Smuzhiyun static inline int security_sb_show_options(struct seq_file *m,
647*4882a593Smuzhiyun struct super_block *sb)
648*4882a593Smuzhiyun {
649*4882a593Smuzhiyun return 0;
650*4882a593Smuzhiyun }
651*4882a593Smuzhiyun
security_sb_statfs(struct dentry * dentry)652*4882a593Smuzhiyun static inline int security_sb_statfs(struct dentry *dentry)
653*4882a593Smuzhiyun {
654*4882a593Smuzhiyun return 0;
655*4882a593Smuzhiyun }
656*4882a593Smuzhiyun
security_sb_mount(const char * dev_name,const struct path * path,const char * type,unsigned long flags,void * data)657*4882a593Smuzhiyun static inline int security_sb_mount(const char *dev_name, const struct path *path,
658*4882a593Smuzhiyun const char *type, unsigned long flags,
659*4882a593Smuzhiyun void *data)
660*4882a593Smuzhiyun {
661*4882a593Smuzhiyun return 0;
662*4882a593Smuzhiyun }
663*4882a593Smuzhiyun
security_sb_umount(struct vfsmount * mnt,int flags)664*4882a593Smuzhiyun static inline int security_sb_umount(struct vfsmount *mnt, int flags)
665*4882a593Smuzhiyun {
666*4882a593Smuzhiyun return 0;
667*4882a593Smuzhiyun }
668*4882a593Smuzhiyun
security_sb_pivotroot(const struct path * old_path,const struct path * new_path)669*4882a593Smuzhiyun static inline int security_sb_pivotroot(const struct path *old_path,
670*4882a593Smuzhiyun const struct path *new_path)
671*4882a593Smuzhiyun {
672*4882a593Smuzhiyun return 0;
673*4882a593Smuzhiyun }
674*4882a593Smuzhiyun
security_sb_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)675*4882a593Smuzhiyun static inline int security_sb_set_mnt_opts(struct super_block *sb,
676*4882a593Smuzhiyun void *mnt_opts,
677*4882a593Smuzhiyun unsigned long kern_flags,
678*4882a593Smuzhiyun unsigned long *set_kern_flags)
679*4882a593Smuzhiyun {
680*4882a593Smuzhiyun return 0;
681*4882a593Smuzhiyun }
682*4882a593Smuzhiyun
security_sb_clone_mnt_opts(const struct super_block * oldsb,struct super_block * newsb,unsigned long kern_flags,unsigned long * set_kern_flags)683*4882a593Smuzhiyun static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
684*4882a593Smuzhiyun struct super_block *newsb,
685*4882a593Smuzhiyun unsigned long kern_flags,
686*4882a593Smuzhiyun unsigned long *set_kern_flags)
687*4882a593Smuzhiyun {
688*4882a593Smuzhiyun return 0;
689*4882a593Smuzhiyun }
690*4882a593Smuzhiyun
security_add_mnt_opt(const char * option,const char * val,int len,void ** mnt_opts)691*4882a593Smuzhiyun static inline int security_add_mnt_opt(const char *option, const char *val,
692*4882a593Smuzhiyun int len, void **mnt_opts)
693*4882a593Smuzhiyun {
694*4882a593Smuzhiyun return 0;
695*4882a593Smuzhiyun }
696*4882a593Smuzhiyun
security_move_mount(const struct path * from_path,const struct path * to_path)697*4882a593Smuzhiyun static inline int security_move_mount(const struct path *from_path,
698*4882a593Smuzhiyun const struct path *to_path)
699*4882a593Smuzhiyun {
700*4882a593Smuzhiyun return 0;
701*4882a593Smuzhiyun }
702*4882a593Smuzhiyun
security_path_notify(const struct path * path,u64 mask,unsigned int obj_type)703*4882a593Smuzhiyun static inline int security_path_notify(const struct path *path, u64 mask,
704*4882a593Smuzhiyun unsigned int obj_type)
705*4882a593Smuzhiyun {
706*4882a593Smuzhiyun return 0;
707*4882a593Smuzhiyun }
708*4882a593Smuzhiyun
security_inode_alloc(struct inode * inode)709*4882a593Smuzhiyun static inline int security_inode_alloc(struct inode *inode)
710*4882a593Smuzhiyun {
711*4882a593Smuzhiyun return 0;
712*4882a593Smuzhiyun }
713*4882a593Smuzhiyun
security_inode_free(struct inode * inode)714*4882a593Smuzhiyun static inline void security_inode_free(struct inode *inode)
715*4882a593Smuzhiyun { }
716*4882a593Smuzhiyun
security_dentry_init_security(struct dentry * dentry,int mode,const struct qstr * name,void ** ctx,u32 * ctxlen)717*4882a593Smuzhiyun static inline int security_dentry_init_security(struct dentry *dentry,
718*4882a593Smuzhiyun int mode,
719*4882a593Smuzhiyun const struct qstr *name,
720*4882a593Smuzhiyun void **ctx,
721*4882a593Smuzhiyun u32 *ctxlen)
722*4882a593Smuzhiyun {
723*4882a593Smuzhiyun return -EOPNOTSUPP;
724*4882a593Smuzhiyun }
725*4882a593Smuzhiyun
security_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)726*4882a593Smuzhiyun static inline int security_dentry_create_files_as(struct dentry *dentry,
727*4882a593Smuzhiyun int mode, struct qstr *name,
728*4882a593Smuzhiyun const struct cred *old,
729*4882a593Smuzhiyun struct cred *new)
730*4882a593Smuzhiyun {
731*4882a593Smuzhiyun return 0;
732*4882a593Smuzhiyun }
733*4882a593Smuzhiyun
734*4882a593Smuzhiyun
security_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const initxattrs xattrs,void * fs_data)735*4882a593Smuzhiyun static inline int security_inode_init_security(struct inode *inode,
736*4882a593Smuzhiyun struct inode *dir,
737*4882a593Smuzhiyun const struct qstr *qstr,
738*4882a593Smuzhiyun const initxattrs xattrs,
739*4882a593Smuzhiyun void *fs_data)
740*4882a593Smuzhiyun {
741*4882a593Smuzhiyun return 0;
742*4882a593Smuzhiyun }
743*4882a593Smuzhiyun
security_inode_init_security_anon(struct inode * inode,const struct qstr * name,const struct inode * context_inode)744*4882a593Smuzhiyun static inline int security_inode_init_security_anon(struct inode *inode,
745*4882a593Smuzhiyun const struct qstr *name,
746*4882a593Smuzhiyun const struct inode *context_inode)
747*4882a593Smuzhiyun {
748*4882a593Smuzhiyun return 0;
749*4882a593Smuzhiyun }
750*4882a593Smuzhiyun
security_old_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const char ** name,void ** value,size_t * len)751*4882a593Smuzhiyun static inline int security_old_inode_init_security(struct inode *inode,
752*4882a593Smuzhiyun struct inode *dir,
753*4882a593Smuzhiyun const struct qstr *qstr,
754*4882a593Smuzhiyun const char **name,
755*4882a593Smuzhiyun void **value, size_t *len)
756*4882a593Smuzhiyun {
757*4882a593Smuzhiyun return -EOPNOTSUPP;
758*4882a593Smuzhiyun }
759*4882a593Smuzhiyun
security_inode_create(struct inode * dir,struct dentry * dentry,umode_t mode)760*4882a593Smuzhiyun static inline int security_inode_create(struct inode *dir,
761*4882a593Smuzhiyun struct dentry *dentry,
762*4882a593Smuzhiyun umode_t mode)
763*4882a593Smuzhiyun {
764*4882a593Smuzhiyun return 0;
765*4882a593Smuzhiyun }
766*4882a593Smuzhiyun
security_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)767*4882a593Smuzhiyun static inline int security_inode_link(struct dentry *old_dentry,
768*4882a593Smuzhiyun struct inode *dir,
769*4882a593Smuzhiyun struct dentry *new_dentry)
770*4882a593Smuzhiyun {
771*4882a593Smuzhiyun return 0;
772*4882a593Smuzhiyun }
773*4882a593Smuzhiyun
security_inode_unlink(struct inode * dir,struct dentry * dentry)774*4882a593Smuzhiyun static inline int security_inode_unlink(struct inode *dir,
775*4882a593Smuzhiyun struct dentry *dentry)
776*4882a593Smuzhiyun {
777*4882a593Smuzhiyun return 0;
778*4882a593Smuzhiyun }
779*4882a593Smuzhiyun
security_inode_symlink(struct inode * dir,struct dentry * dentry,const char * old_name)780*4882a593Smuzhiyun static inline int security_inode_symlink(struct inode *dir,
781*4882a593Smuzhiyun struct dentry *dentry,
782*4882a593Smuzhiyun const char *old_name)
783*4882a593Smuzhiyun {
784*4882a593Smuzhiyun return 0;
785*4882a593Smuzhiyun }
786*4882a593Smuzhiyun
security_inode_mkdir(struct inode * dir,struct dentry * dentry,int mode)787*4882a593Smuzhiyun static inline int security_inode_mkdir(struct inode *dir,
788*4882a593Smuzhiyun struct dentry *dentry,
789*4882a593Smuzhiyun int mode)
790*4882a593Smuzhiyun {
791*4882a593Smuzhiyun return 0;
792*4882a593Smuzhiyun }
793*4882a593Smuzhiyun
security_inode_rmdir(struct inode * dir,struct dentry * dentry)794*4882a593Smuzhiyun static inline int security_inode_rmdir(struct inode *dir,
795*4882a593Smuzhiyun struct dentry *dentry)
796*4882a593Smuzhiyun {
797*4882a593Smuzhiyun return 0;
798*4882a593Smuzhiyun }
799*4882a593Smuzhiyun
security_inode_mknod(struct inode * dir,struct dentry * dentry,int mode,dev_t dev)800*4882a593Smuzhiyun static inline int security_inode_mknod(struct inode *dir,
801*4882a593Smuzhiyun struct dentry *dentry,
802*4882a593Smuzhiyun int mode, dev_t dev)
803*4882a593Smuzhiyun {
804*4882a593Smuzhiyun return 0;
805*4882a593Smuzhiyun }
806*4882a593Smuzhiyun
security_inode_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)807*4882a593Smuzhiyun static inline int security_inode_rename(struct inode *old_dir,
808*4882a593Smuzhiyun struct dentry *old_dentry,
809*4882a593Smuzhiyun struct inode *new_dir,
810*4882a593Smuzhiyun struct dentry *new_dentry,
811*4882a593Smuzhiyun unsigned int flags)
812*4882a593Smuzhiyun {
813*4882a593Smuzhiyun return 0;
814*4882a593Smuzhiyun }
815*4882a593Smuzhiyun
security_inode_readlink(struct dentry * dentry)816*4882a593Smuzhiyun static inline int security_inode_readlink(struct dentry *dentry)
817*4882a593Smuzhiyun {
818*4882a593Smuzhiyun return 0;
819*4882a593Smuzhiyun }
820*4882a593Smuzhiyun
security_inode_follow_link(struct dentry * dentry,struct inode * inode,bool rcu)821*4882a593Smuzhiyun static inline int security_inode_follow_link(struct dentry *dentry,
822*4882a593Smuzhiyun struct inode *inode,
823*4882a593Smuzhiyun bool rcu)
824*4882a593Smuzhiyun {
825*4882a593Smuzhiyun return 0;
826*4882a593Smuzhiyun }
827*4882a593Smuzhiyun
security_inode_permission(struct inode * inode,int mask)828*4882a593Smuzhiyun static inline int security_inode_permission(struct inode *inode, int mask)
829*4882a593Smuzhiyun {
830*4882a593Smuzhiyun return 0;
831*4882a593Smuzhiyun }
832*4882a593Smuzhiyun
security_inode_setattr(struct dentry * dentry,struct iattr * attr)833*4882a593Smuzhiyun static inline int security_inode_setattr(struct dentry *dentry,
834*4882a593Smuzhiyun struct iattr *attr)
835*4882a593Smuzhiyun {
836*4882a593Smuzhiyun return 0;
837*4882a593Smuzhiyun }
838*4882a593Smuzhiyun
security_inode_getattr(const struct path * path)839*4882a593Smuzhiyun static inline int security_inode_getattr(const struct path *path)
840*4882a593Smuzhiyun {
841*4882a593Smuzhiyun return 0;
842*4882a593Smuzhiyun }
843*4882a593Smuzhiyun
security_inode_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)844*4882a593Smuzhiyun static inline int security_inode_setxattr(struct dentry *dentry,
845*4882a593Smuzhiyun const char *name, const void *value, size_t size, int flags)
846*4882a593Smuzhiyun {
847*4882a593Smuzhiyun return cap_inode_setxattr(dentry, name, value, size, flags);
848*4882a593Smuzhiyun }
849*4882a593Smuzhiyun
security_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)850*4882a593Smuzhiyun static inline void security_inode_post_setxattr(struct dentry *dentry,
851*4882a593Smuzhiyun const char *name, const void *value, size_t size, int flags)
852*4882a593Smuzhiyun { }
853*4882a593Smuzhiyun
security_inode_getxattr(struct dentry * dentry,const char * name)854*4882a593Smuzhiyun static inline int security_inode_getxattr(struct dentry *dentry,
855*4882a593Smuzhiyun const char *name)
856*4882a593Smuzhiyun {
857*4882a593Smuzhiyun return 0;
858*4882a593Smuzhiyun }
859*4882a593Smuzhiyun
security_inode_listxattr(struct dentry * dentry)860*4882a593Smuzhiyun static inline int security_inode_listxattr(struct dentry *dentry)
861*4882a593Smuzhiyun {
862*4882a593Smuzhiyun return 0;
863*4882a593Smuzhiyun }
864*4882a593Smuzhiyun
security_inode_removexattr(struct dentry * dentry,const char * name)865*4882a593Smuzhiyun static inline int security_inode_removexattr(struct dentry *dentry,
866*4882a593Smuzhiyun const char *name)
867*4882a593Smuzhiyun {
868*4882a593Smuzhiyun return cap_inode_removexattr(dentry, name);
869*4882a593Smuzhiyun }
870*4882a593Smuzhiyun
security_inode_need_killpriv(struct dentry * dentry)871*4882a593Smuzhiyun static inline int security_inode_need_killpriv(struct dentry *dentry)
872*4882a593Smuzhiyun {
873*4882a593Smuzhiyun return cap_inode_need_killpriv(dentry);
874*4882a593Smuzhiyun }
875*4882a593Smuzhiyun
security_inode_killpriv(struct dentry * dentry)876*4882a593Smuzhiyun static inline int security_inode_killpriv(struct dentry *dentry)
877*4882a593Smuzhiyun {
878*4882a593Smuzhiyun return cap_inode_killpriv(dentry);
879*4882a593Smuzhiyun }
880*4882a593Smuzhiyun
security_inode_getsecurity(struct inode * inode,const char * name,void ** buffer,bool alloc)881*4882a593Smuzhiyun static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
882*4882a593Smuzhiyun {
883*4882a593Smuzhiyun return cap_inode_getsecurity(inode, name, buffer, alloc);
884*4882a593Smuzhiyun }
885*4882a593Smuzhiyun
security_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)886*4882a593Smuzhiyun static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
887*4882a593Smuzhiyun {
888*4882a593Smuzhiyun return -EOPNOTSUPP;
889*4882a593Smuzhiyun }
890*4882a593Smuzhiyun
security_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)891*4882a593Smuzhiyun static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
892*4882a593Smuzhiyun {
893*4882a593Smuzhiyun return 0;
894*4882a593Smuzhiyun }
895*4882a593Smuzhiyun
security_inode_getsecid(struct inode * inode,u32 * secid)896*4882a593Smuzhiyun static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
897*4882a593Smuzhiyun {
898*4882a593Smuzhiyun *secid = 0;
899*4882a593Smuzhiyun }
900*4882a593Smuzhiyun
security_inode_copy_up(struct dentry * src,struct cred ** new)901*4882a593Smuzhiyun static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
902*4882a593Smuzhiyun {
903*4882a593Smuzhiyun return 0;
904*4882a593Smuzhiyun }
905*4882a593Smuzhiyun
security_kernfs_init_security(struct kernfs_node * kn_dir,struct kernfs_node * kn)906*4882a593Smuzhiyun static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
907*4882a593Smuzhiyun struct kernfs_node *kn)
908*4882a593Smuzhiyun {
909*4882a593Smuzhiyun return 0;
910*4882a593Smuzhiyun }
911*4882a593Smuzhiyun
security_inode_copy_up_xattr(const char * name)912*4882a593Smuzhiyun static inline int security_inode_copy_up_xattr(const char *name)
913*4882a593Smuzhiyun {
914*4882a593Smuzhiyun return -EOPNOTSUPP;
915*4882a593Smuzhiyun }
916*4882a593Smuzhiyun
security_file_permission(struct file * file,int mask)917*4882a593Smuzhiyun static inline int security_file_permission(struct file *file, int mask)
918*4882a593Smuzhiyun {
919*4882a593Smuzhiyun return 0;
920*4882a593Smuzhiyun }
921*4882a593Smuzhiyun
security_file_alloc(struct file * file)922*4882a593Smuzhiyun static inline int security_file_alloc(struct file *file)
923*4882a593Smuzhiyun {
924*4882a593Smuzhiyun return 0;
925*4882a593Smuzhiyun }
926*4882a593Smuzhiyun
security_file_free(struct file * file)927*4882a593Smuzhiyun static inline void security_file_free(struct file *file)
928*4882a593Smuzhiyun { }
929*4882a593Smuzhiyun
security_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)930*4882a593Smuzhiyun static inline int security_file_ioctl(struct file *file, unsigned int cmd,
931*4882a593Smuzhiyun unsigned long arg)
932*4882a593Smuzhiyun {
933*4882a593Smuzhiyun return 0;
934*4882a593Smuzhiyun }
935*4882a593Smuzhiyun
security_mmap_file(struct file * file,unsigned long prot,unsigned long flags)936*4882a593Smuzhiyun static inline int security_mmap_file(struct file *file, unsigned long prot,
937*4882a593Smuzhiyun unsigned long flags)
938*4882a593Smuzhiyun {
939*4882a593Smuzhiyun return 0;
940*4882a593Smuzhiyun }
941*4882a593Smuzhiyun
security_mmap_addr(unsigned long addr)942*4882a593Smuzhiyun static inline int security_mmap_addr(unsigned long addr)
943*4882a593Smuzhiyun {
944*4882a593Smuzhiyun return cap_mmap_addr(addr);
945*4882a593Smuzhiyun }
946*4882a593Smuzhiyun
security_file_mprotect(struct vm_area_struct * vma,unsigned long reqprot,unsigned long prot)947*4882a593Smuzhiyun static inline int security_file_mprotect(struct vm_area_struct *vma,
948*4882a593Smuzhiyun unsigned long reqprot,
949*4882a593Smuzhiyun unsigned long prot)
950*4882a593Smuzhiyun {
951*4882a593Smuzhiyun return 0;
952*4882a593Smuzhiyun }
953*4882a593Smuzhiyun
security_file_lock(struct file * file,unsigned int cmd)954*4882a593Smuzhiyun static inline int security_file_lock(struct file *file, unsigned int cmd)
955*4882a593Smuzhiyun {
956*4882a593Smuzhiyun return 0;
957*4882a593Smuzhiyun }
958*4882a593Smuzhiyun
security_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)959*4882a593Smuzhiyun static inline int security_file_fcntl(struct file *file, unsigned int cmd,
960*4882a593Smuzhiyun unsigned long arg)
961*4882a593Smuzhiyun {
962*4882a593Smuzhiyun return 0;
963*4882a593Smuzhiyun }
964*4882a593Smuzhiyun
security_file_set_fowner(struct file * file)965*4882a593Smuzhiyun static inline void security_file_set_fowner(struct file *file)
966*4882a593Smuzhiyun {
967*4882a593Smuzhiyun return;
968*4882a593Smuzhiyun }
969*4882a593Smuzhiyun
security_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int sig)970*4882a593Smuzhiyun static inline int security_file_send_sigiotask(struct task_struct *tsk,
971*4882a593Smuzhiyun struct fown_struct *fown,
972*4882a593Smuzhiyun int sig)
973*4882a593Smuzhiyun {
974*4882a593Smuzhiyun return 0;
975*4882a593Smuzhiyun }
976*4882a593Smuzhiyun
security_file_receive(struct file * file)977*4882a593Smuzhiyun static inline int security_file_receive(struct file *file)
978*4882a593Smuzhiyun {
979*4882a593Smuzhiyun return 0;
980*4882a593Smuzhiyun }
981*4882a593Smuzhiyun
security_file_open(struct file * file)982*4882a593Smuzhiyun static inline int security_file_open(struct file *file)
983*4882a593Smuzhiyun {
984*4882a593Smuzhiyun return 0;
985*4882a593Smuzhiyun }
986*4882a593Smuzhiyun
security_task_alloc(struct task_struct * task,unsigned long clone_flags)987*4882a593Smuzhiyun static inline int security_task_alloc(struct task_struct *task,
988*4882a593Smuzhiyun unsigned long clone_flags)
989*4882a593Smuzhiyun {
990*4882a593Smuzhiyun return 0;
991*4882a593Smuzhiyun }
992*4882a593Smuzhiyun
security_task_free(struct task_struct * task)993*4882a593Smuzhiyun static inline void security_task_free(struct task_struct *task)
994*4882a593Smuzhiyun { }
995*4882a593Smuzhiyun
security_cred_alloc_blank(struct cred * cred,gfp_t gfp)996*4882a593Smuzhiyun static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
997*4882a593Smuzhiyun {
998*4882a593Smuzhiyun return 0;
999*4882a593Smuzhiyun }
1000*4882a593Smuzhiyun
security_cred_free(struct cred * cred)1001*4882a593Smuzhiyun static inline void security_cred_free(struct cred *cred)
1002*4882a593Smuzhiyun { }
1003*4882a593Smuzhiyun
security_prepare_creds(struct cred * new,const struct cred * old,gfp_t gfp)1004*4882a593Smuzhiyun static inline int security_prepare_creds(struct cred *new,
1005*4882a593Smuzhiyun const struct cred *old,
1006*4882a593Smuzhiyun gfp_t gfp)
1007*4882a593Smuzhiyun {
1008*4882a593Smuzhiyun return 0;
1009*4882a593Smuzhiyun }
1010*4882a593Smuzhiyun
security_transfer_creds(struct cred * new,const struct cred * old)1011*4882a593Smuzhiyun static inline void security_transfer_creds(struct cred *new,
1012*4882a593Smuzhiyun const struct cred *old)
1013*4882a593Smuzhiyun {
1014*4882a593Smuzhiyun }
1015*4882a593Smuzhiyun
security_cred_getsecid(const struct cred * c,u32 * secid)1016*4882a593Smuzhiyun static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
1017*4882a593Smuzhiyun {
1018*4882a593Smuzhiyun *secid = 0;
1019*4882a593Smuzhiyun }
1020*4882a593Smuzhiyun
security_kernel_act_as(struct cred * cred,u32 secid)1021*4882a593Smuzhiyun static inline int security_kernel_act_as(struct cred *cred, u32 secid)
1022*4882a593Smuzhiyun {
1023*4882a593Smuzhiyun return 0;
1024*4882a593Smuzhiyun }
1025*4882a593Smuzhiyun
security_kernel_create_files_as(struct cred * cred,struct inode * inode)1026*4882a593Smuzhiyun static inline int security_kernel_create_files_as(struct cred *cred,
1027*4882a593Smuzhiyun struct inode *inode)
1028*4882a593Smuzhiyun {
1029*4882a593Smuzhiyun return 0;
1030*4882a593Smuzhiyun }
1031*4882a593Smuzhiyun
security_kernel_module_request(char * kmod_name)1032*4882a593Smuzhiyun static inline int security_kernel_module_request(char *kmod_name)
1033*4882a593Smuzhiyun {
1034*4882a593Smuzhiyun return 0;
1035*4882a593Smuzhiyun }
1036*4882a593Smuzhiyun
security_kernel_load_data(enum kernel_load_data_id id,bool contents)1037*4882a593Smuzhiyun static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
1038*4882a593Smuzhiyun {
1039*4882a593Smuzhiyun return 0;
1040*4882a593Smuzhiyun }
1041*4882a593Smuzhiyun
security_kernel_post_load_data(char * buf,loff_t size,enum kernel_load_data_id id,char * description)1042*4882a593Smuzhiyun static inline int security_kernel_post_load_data(char *buf, loff_t size,
1043*4882a593Smuzhiyun enum kernel_load_data_id id,
1044*4882a593Smuzhiyun char *description)
1045*4882a593Smuzhiyun {
1046*4882a593Smuzhiyun return 0;
1047*4882a593Smuzhiyun }
1048*4882a593Smuzhiyun
security_kernel_read_file(struct file * file,enum kernel_read_file_id id,bool contents)1049*4882a593Smuzhiyun static inline int security_kernel_read_file(struct file *file,
1050*4882a593Smuzhiyun enum kernel_read_file_id id,
1051*4882a593Smuzhiyun bool contents)
1052*4882a593Smuzhiyun {
1053*4882a593Smuzhiyun return 0;
1054*4882a593Smuzhiyun }
1055*4882a593Smuzhiyun
security_kernel_post_read_file(struct file * file,char * buf,loff_t size,enum kernel_read_file_id id)1056*4882a593Smuzhiyun static inline int security_kernel_post_read_file(struct file *file,
1057*4882a593Smuzhiyun char *buf, loff_t size,
1058*4882a593Smuzhiyun enum kernel_read_file_id id)
1059*4882a593Smuzhiyun {
1060*4882a593Smuzhiyun return 0;
1061*4882a593Smuzhiyun }
1062*4882a593Smuzhiyun
security_task_fix_setuid(struct cred * new,const struct cred * old,int flags)1063*4882a593Smuzhiyun static inline int security_task_fix_setuid(struct cred *new,
1064*4882a593Smuzhiyun const struct cred *old,
1065*4882a593Smuzhiyun int flags)
1066*4882a593Smuzhiyun {
1067*4882a593Smuzhiyun return cap_task_fix_setuid(new, old, flags);
1068*4882a593Smuzhiyun }
1069*4882a593Smuzhiyun
security_task_fix_setgid(struct cred * new,const struct cred * old,int flags)1070*4882a593Smuzhiyun static inline int security_task_fix_setgid(struct cred *new,
1071*4882a593Smuzhiyun const struct cred *old,
1072*4882a593Smuzhiyun int flags)
1073*4882a593Smuzhiyun {
1074*4882a593Smuzhiyun return 0;
1075*4882a593Smuzhiyun }
1076*4882a593Smuzhiyun
security_task_setpgid(struct task_struct * p,pid_t pgid)1077*4882a593Smuzhiyun static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
1078*4882a593Smuzhiyun {
1079*4882a593Smuzhiyun return 0;
1080*4882a593Smuzhiyun }
1081*4882a593Smuzhiyun
security_task_getpgid(struct task_struct * p)1082*4882a593Smuzhiyun static inline int security_task_getpgid(struct task_struct *p)
1083*4882a593Smuzhiyun {
1084*4882a593Smuzhiyun return 0;
1085*4882a593Smuzhiyun }
1086*4882a593Smuzhiyun
security_task_getsid(struct task_struct * p)1087*4882a593Smuzhiyun static inline int security_task_getsid(struct task_struct *p)
1088*4882a593Smuzhiyun {
1089*4882a593Smuzhiyun return 0;
1090*4882a593Smuzhiyun }
1091*4882a593Smuzhiyun
security_task_getsecid(struct task_struct * p,u32 * secid)1092*4882a593Smuzhiyun static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
1093*4882a593Smuzhiyun {
1094*4882a593Smuzhiyun *secid = 0;
1095*4882a593Smuzhiyun }
1096*4882a593Smuzhiyun
security_task_setnice(struct task_struct * p,int nice)1097*4882a593Smuzhiyun static inline int security_task_setnice(struct task_struct *p, int nice)
1098*4882a593Smuzhiyun {
1099*4882a593Smuzhiyun return cap_task_setnice(p, nice);
1100*4882a593Smuzhiyun }
1101*4882a593Smuzhiyun
security_task_setioprio(struct task_struct * p,int ioprio)1102*4882a593Smuzhiyun static inline int security_task_setioprio(struct task_struct *p, int ioprio)
1103*4882a593Smuzhiyun {
1104*4882a593Smuzhiyun return cap_task_setioprio(p, ioprio);
1105*4882a593Smuzhiyun }
1106*4882a593Smuzhiyun
security_task_getioprio(struct task_struct * p)1107*4882a593Smuzhiyun static inline int security_task_getioprio(struct task_struct *p)
1108*4882a593Smuzhiyun {
1109*4882a593Smuzhiyun return 0;
1110*4882a593Smuzhiyun }
1111*4882a593Smuzhiyun
security_task_prlimit(const struct cred * cred,const struct cred * tcred,unsigned int flags)1112*4882a593Smuzhiyun static inline int security_task_prlimit(const struct cred *cred,
1113*4882a593Smuzhiyun const struct cred *tcred,
1114*4882a593Smuzhiyun unsigned int flags)
1115*4882a593Smuzhiyun {
1116*4882a593Smuzhiyun return 0;
1117*4882a593Smuzhiyun }
1118*4882a593Smuzhiyun
security_task_setrlimit(struct task_struct * p,unsigned int resource,struct rlimit * new_rlim)1119*4882a593Smuzhiyun static inline int security_task_setrlimit(struct task_struct *p,
1120*4882a593Smuzhiyun unsigned int resource,
1121*4882a593Smuzhiyun struct rlimit *new_rlim)
1122*4882a593Smuzhiyun {
1123*4882a593Smuzhiyun return 0;
1124*4882a593Smuzhiyun }
1125*4882a593Smuzhiyun
security_task_setscheduler(struct task_struct * p)1126*4882a593Smuzhiyun static inline int security_task_setscheduler(struct task_struct *p)
1127*4882a593Smuzhiyun {
1128*4882a593Smuzhiyun return cap_task_setscheduler(p);
1129*4882a593Smuzhiyun }
1130*4882a593Smuzhiyun
security_task_getscheduler(struct task_struct * p)1131*4882a593Smuzhiyun static inline int security_task_getscheduler(struct task_struct *p)
1132*4882a593Smuzhiyun {
1133*4882a593Smuzhiyun return 0;
1134*4882a593Smuzhiyun }
1135*4882a593Smuzhiyun
security_task_movememory(struct task_struct * p)1136*4882a593Smuzhiyun static inline int security_task_movememory(struct task_struct *p)
1137*4882a593Smuzhiyun {
1138*4882a593Smuzhiyun return 0;
1139*4882a593Smuzhiyun }
1140*4882a593Smuzhiyun
security_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)1141*4882a593Smuzhiyun static inline int security_task_kill(struct task_struct *p,
1142*4882a593Smuzhiyun struct kernel_siginfo *info, int sig,
1143*4882a593Smuzhiyun const struct cred *cred)
1144*4882a593Smuzhiyun {
1145*4882a593Smuzhiyun return 0;
1146*4882a593Smuzhiyun }
1147*4882a593Smuzhiyun
security_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5)1148*4882a593Smuzhiyun static inline int security_task_prctl(int option, unsigned long arg2,
1149*4882a593Smuzhiyun unsigned long arg3,
1150*4882a593Smuzhiyun unsigned long arg4,
1151*4882a593Smuzhiyun unsigned long arg5)
1152*4882a593Smuzhiyun {
1153*4882a593Smuzhiyun return cap_task_prctl(option, arg2, arg3, arg4, arg5);
1154*4882a593Smuzhiyun }
1155*4882a593Smuzhiyun
security_task_to_inode(struct task_struct * p,struct inode * inode)1156*4882a593Smuzhiyun static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
1157*4882a593Smuzhiyun { }
1158*4882a593Smuzhiyun
security_ipc_permission(struct kern_ipc_perm * ipcp,short flag)1159*4882a593Smuzhiyun static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
1160*4882a593Smuzhiyun short flag)
1161*4882a593Smuzhiyun {
1162*4882a593Smuzhiyun return 0;
1163*4882a593Smuzhiyun }
1164*4882a593Smuzhiyun
security_ipc_getsecid(struct kern_ipc_perm * ipcp,u32 * secid)1165*4882a593Smuzhiyun static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
1166*4882a593Smuzhiyun {
1167*4882a593Smuzhiyun *secid = 0;
1168*4882a593Smuzhiyun }
1169*4882a593Smuzhiyun
security_msg_msg_alloc(struct msg_msg * msg)1170*4882a593Smuzhiyun static inline int security_msg_msg_alloc(struct msg_msg *msg)
1171*4882a593Smuzhiyun {
1172*4882a593Smuzhiyun return 0;
1173*4882a593Smuzhiyun }
1174*4882a593Smuzhiyun
security_msg_msg_free(struct msg_msg * msg)1175*4882a593Smuzhiyun static inline void security_msg_msg_free(struct msg_msg *msg)
1176*4882a593Smuzhiyun { }
1177*4882a593Smuzhiyun
security_msg_queue_alloc(struct kern_ipc_perm * msq)1178*4882a593Smuzhiyun static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1179*4882a593Smuzhiyun {
1180*4882a593Smuzhiyun return 0;
1181*4882a593Smuzhiyun }
1182*4882a593Smuzhiyun
security_msg_queue_free(struct kern_ipc_perm * msq)1183*4882a593Smuzhiyun static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
1184*4882a593Smuzhiyun { }
1185*4882a593Smuzhiyun
security_msg_queue_associate(struct kern_ipc_perm * msq,int msqflg)1186*4882a593Smuzhiyun static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
1187*4882a593Smuzhiyun int msqflg)
1188*4882a593Smuzhiyun {
1189*4882a593Smuzhiyun return 0;
1190*4882a593Smuzhiyun }
1191*4882a593Smuzhiyun
security_msg_queue_msgctl(struct kern_ipc_perm * msq,int cmd)1192*4882a593Smuzhiyun static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1193*4882a593Smuzhiyun {
1194*4882a593Smuzhiyun return 0;
1195*4882a593Smuzhiyun }
1196*4882a593Smuzhiyun
security_msg_queue_msgsnd(struct kern_ipc_perm * msq,struct msg_msg * msg,int msqflg)1197*4882a593Smuzhiyun static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
1198*4882a593Smuzhiyun struct msg_msg *msg, int msqflg)
1199*4882a593Smuzhiyun {
1200*4882a593Smuzhiyun return 0;
1201*4882a593Smuzhiyun }
1202*4882a593Smuzhiyun
security_msg_queue_msgrcv(struct kern_ipc_perm * msq,struct msg_msg * msg,struct task_struct * target,long type,int mode)1203*4882a593Smuzhiyun static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
1204*4882a593Smuzhiyun struct msg_msg *msg,
1205*4882a593Smuzhiyun struct task_struct *target,
1206*4882a593Smuzhiyun long type, int mode)
1207*4882a593Smuzhiyun {
1208*4882a593Smuzhiyun return 0;
1209*4882a593Smuzhiyun }
1210*4882a593Smuzhiyun
security_shm_alloc(struct kern_ipc_perm * shp)1211*4882a593Smuzhiyun static inline int security_shm_alloc(struct kern_ipc_perm *shp)
1212*4882a593Smuzhiyun {
1213*4882a593Smuzhiyun return 0;
1214*4882a593Smuzhiyun }
1215*4882a593Smuzhiyun
security_shm_free(struct kern_ipc_perm * shp)1216*4882a593Smuzhiyun static inline void security_shm_free(struct kern_ipc_perm *shp)
1217*4882a593Smuzhiyun { }
1218*4882a593Smuzhiyun
security_shm_associate(struct kern_ipc_perm * shp,int shmflg)1219*4882a593Smuzhiyun static inline int security_shm_associate(struct kern_ipc_perm *shp,
1220*4882a593Smuzhiyun int shmflg)
1221*4882a593Smuzhiyun {
1222*4882a593Smuzhiyun return 0;
1223*4882a593Smuzhiyun }
1224*4882a593Smuzhiyun
security_shm_shmctl(struct kern_ipc_perm * shp,int cmd)1225*4882a593Smuzhiyun static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
1226*4882a593Smuzhiyun {
1227*4882a593Smuzhiyun return 0;
1228*4882a593Smuzhiyun }
1229*4882a593Smuzhiyun
security_shm_shmat(struct kern_ipc_perm * shp,char __user * shmaddr,int shmflg)1230*4882a593Smuzhiyun static inline int security_shm_shmat(struct kern_ipc_perm *shp,
1231*4882a593Smuzhiyun char __user *shmaddr, int shmflg)
1232*4882a593Smuzhiyun {
1233*4882a593Smuzhiyun return 0;
1234*4882a593Smuzhiyun }
1235*4882a593Smuzhiyun
security_sem_alloc(struct kern_ipc_perm * sma)1236*4882a593Smuzhiyun static inline int security_sem_alloc(struct kern_ipc_perm *sma)
1237*4882a593Smuzhiyun {
1238*4882a593Smuzhiyun return 0;
1239*4882a593Smuzhiyun }
1240*4882a593Smuzhiyun
security_sem_free(struct kern_ipc_perm * sma)1241*4882a593Smuzhiyun static inline void security_sem_free(struct kern_ipc_perm *sma)
1242*4882a593Smuzhiyun { }
1243*4882a593Smuzhiyun
security_sem_associate(struct kern_ipc_perm * sma,int semflg)1244*4882a593Smuzhiyun static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
1245*4882a593Smuzhiyun {
1246*4882a593Smuzhiyun return 0;
1247*4882a593Smuzhiyun }
1248*4882a593Smuzhiyun
security_sem_semctl(struct kern_ipc_perm * sma,int cmd)1249*4882a593Smuzhiyun static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
1250*4882a593Smuzhiyun {
1251*4882a593Smuzhiyun return 0;
1252*4882a593Smuzhiyun }
1253*4882a593Smuzhiyun
security_sem_semop(struct kern_ipc_perm * sma,struct sembuf * sops,unsigned nsops,int alter)1254*4882a593Smuzhiyun static inline int security_sem_semop(struct kern_ipc_perm *sma,
1255*4882a593Smuzhiyun struct sembuf *sops, unsigned nsops,
1256*4882a593Smuzhiyun int alter)
1257*4882a593Smuzhiyun {
1258*4882a593Smuzhiyun return 0;
1259*4882a593Smuzhiyun }
1260*4882a593Smuzhiyun
security_d_instantiate(struct dentry * dentry,struct inode * inode)1261*4882a593Smuzhiyun static inline void security_d_instantiate(struct dentry *dentry,
1262*4882a593Smuzhiyun struct inode *inode)
1263*4882a593Smuzhiyun { }
1264*4882a593Smuzhiyun
security_getprocattr(struct task_struct * p,const char * lsm,char * name,char ** value)1265*4882a593Smuzhiyun static inline int security_getprocattr(struct task_struct *p, const char *lsm,
1266*4882a593Smuzhiyun char *name, char **value)
1267*4882a593Smuzhiyun {
1268*4882a593Smuzhiyun return -EINVAL;
1269*4882a593Smuzhiyun }
1270*4882a593Smuzhiyun
security_setprocattr(const char * lsm,char * name,void * value,size_t size)1271*4882a593Smuzhiyun static inline int security_setprocattr(const char *lsm, char *name,
1272*4882a593Smuzhiyun void *value, size_t size)
1273*4882a593Smuzhiyun {
1274*4882a593Smuzhiyun return -EINVAL;
1275*4882a593Smuzhiyun }
1276*4882a593Smuzhiyun
security_netlink_send(struct sock * sk,struct sk_buff * skb)1277*4882a593Smuzhiyun static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
1278*4882a593Smuzhiyun {
1279*4882a593Smuzhiyun return 0;
1280*4882a593Smuzhiyun }
1281*4882a593Smuzhiyun
security_ismaclabel(const char * name)1282*4882a593Smuzhiyun static inline int security_ismaclabel(const char *name)
1283*4882a593Smuzhiyun {
1284*4882a593Smuzhiyun return 0;
1285*4882a593Smuzhiyun }
1286*4882a593Smuzhiyun
security_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)1287*4882a593Smuzhiyun static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
1288*4882a593Smuzhiyun {
1289*4882a593Smuzhiyun return -EOPNOTSUPP;
1290*4882a593Smuzhiyun }
1291*4882a593Smuzhiyun
security_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)1292*4882a593Smuzhiyun static inline int security_secctx_to_secid(const char *secdata,
1293*4882a593Smuzhiyun u32 seclen,
1294*4882a593Smuzhiyun u32 *secid)
1295*4882a593Smuzhiyun {
1296*4882a593Smuzhiyun return -EOPNOTSUPP;
1297*4882a593Smuzhiyun }
1298*4882a593Smuzhiyun
security_release_secctx(char * secdata,u32 seclen)1299*4882a593Smuzhiyun static inline void security_release_secctx(char *secdata, u32 seclen)
1300*4882a593Smuzhiyun {
1301*4882a593Smuzhiyun }
1302*4882a593Smuzhiyun
security_inode_invalidate_secctx(struct inode * inode)1303*4882a593Smuzhiyun static inline void security_inode_invalidate_secctx(struct inode *inode)
1304*4882a593Smuzhiyun {
1305*4882a593Smuzhiyun }
1306*4882a593Smuzhiyun
security_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)1307*4882a593Smuzhiyun static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
1308*4882a593Smuzhiyun {
1309*4882a593Smuzhiyun return -EOPNOTSUPP;
1310*4882a593Smuzhiyun }
security_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)1311*4882a593Smuzhiyun static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
1312*4882a593Smuzhiyun {
1313*4882a593Smuzhiyun return -EOPNOTSUPP;
1314*4882a593Smuzhiyun }
security_inode_getsecctx(struct inode * inode,void ** ctx,u32 * ctxlen)1315*4882a593Smuzhiyun static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
1316*4882a593Smuzhiyun {
1317*4882a593Smuzhiyun return -EOPNOTSUPP;
1318*4882a593Smuzhiyun }
security_locked_down(enum lockdown_reason what)1319*4882a593Smuzhiyun static inline int security_locked_down(enum lockdown_reason what)
1320*4882a593Smuzhiyun {
1321*4882a593Smuzhiyun return 0;
1322*4882a593Smuzhiyun }
1323*4882a593Smuzhiyun #endif /* CONFIG_SECURITY */
1324*4882a593Smuzhiyun
1325*4882a593Smuzhiyun #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
1326*4882a593Smuzhiyun int security_post_notification(const struct cred *w_cred,
1327*4882a593Smuzhiyun const struct cred *cred,
1328*4882a593Smuzhiyun struct watch_notification *n);
1329*4882a593Smuzhiyun #else
security_post_notification(const struct cred * w_cred,const struct cred * cred,struct watch_notification * n)1330*4882a593Smuzhiyun static inline int security_post_notification(const struct cred *w_cred,
1331*4882a593Smuzhiyun const struct cred *cred,
1332*4882a593Smuzhiyun struct watch_notification *n)
1333*4882a593Smuzhiyun {
1334*4882a593Smuzhiyun return 0;
1335*4882a593Smuzhiyun }
1336*4882a593Smuzhiyun #endif
1337*4882a593Smuzhiyun
1338*4882a593Smuzhiyun #if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
1339*4882a593Smuzhiyun int security_watch_key(struct key *key);
1340*4882a593Smuzhiyun #else
security_watch_key(struct key * key)1341*4882a593Smuzhiyun static inline int security_watch_key(struct key *key)
1342*4882a593Smuzhiyun {
1343*4882a593Smuzhiyun return 0;
1344*4882a593Smuzhiyun }
1345*4882a593Smuzhiyun #endif
1346*4882a593Smuzhiyun
1347*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_NETWORK
1348*4882a593Smuzhiyun
1349*4882a593Smuzhiyun int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
1350*4882a593Smuzhiyun int security_unix_may_send(struct socket *sock, struct socket *other);
1351*4882a593Smuzhiyun int security_socket_create(int family, int type, int protocol, int kern);
1352*4882a593Smuzhiyun int security_socket_post_create(struct socket *sock, int family,
1353*4882a593Smuzhiyun int type, int protocol, int kern);
1354*4882a593Smuzhiyun int security_socket_socketpair(struct socket *socka, struct socket *sockb);
1355*4882a593Smuzhiyun int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
1356*4882a593Smuzhiyun int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
1357*4882a593Smuzhiyun int security_socket_listen(struct socket *sock, int backlog);
1358*4882a593Smuzhiyun int security_socket_accept(struct socket *sock, struct socket *newsock);
1359*4882a593Smuzhiyun int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
1360*4882a593Smuzhiyun int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1361*4882a593Smuzhiyun int size, int flags);
1362*4882a593Smuzhiyun int security_socket_getsockname(struct socket *sock);
1363*4882a593Smuzhiyun int security_socket_getpeername(struct socket *sock);
1364*4882a593Smuzhiyun int security_socket_getsockopt(struct socket *sock, int level, int optname);
1365*4882a593Smuzhiyun int security_socket_setsockopt(struct socket *sock, int level, int optname);
1366*4882a593Smuzhiyun int security_socket_shutdown(struct socket *sock, int how);
1367*4882a593Smuzhiyun int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
1368*4882a593Smuzhiyun int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1369*4882a593Smuzhiyun int __user *optlen, unsigned len);
1370*4882a593Smuzhiyun int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
1371*4882a593Smuzhiyun int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1372*4882a593Smuzhiyun void security_sk_free(struct sock *sk);
1373*4882a593Smuzhiyun void security_sk_clone(const struct sock *sk, struct sock *newsk);
1374*4882a593Smuzhiyun void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic);
1375*4882a593Smuzhiyun void security_req_classify_flow(const struct request_sock *req,
1376*4882a593Smuzhiyun struct flowi_common *flic);
1377*4882a593Smuzhiyun void security_sock_graft(struct sock*sk, struct socket *parent);
1378*4882a593Smuzhiyun int security_inet_conn_request(struct sock *sk,
1379*4882a593Smuzhiyun struct sk_buff *skb, struct request_sock *req);
1380*4882a593Smuzhiyun void security_inet_csk_clone(struct sock *newsk,
1381*4882a593Smuzhiyun const struct request_sock *req);
1382*4882a593Smuzhiyun void security_inet_conn_established(struct sock *sk,
1383*4882a593Smuzhiyun struct sk_buff *skb);
1384*4882a593Smuzhiyun int security_secmark_relabel_packet(u32 secid);
1385*4882a593Smuzhiyun void security_secmark_refcount_inc(void);
1386*4882a593Smuzhiyun void security_secmark_refcount_dec(void);
1387*4882a593Smuzhiyun int security_tun_dev_alloc_security(void **security);
1388*4882a593Smuzhiyun void security_tun_dev_free_security(void *security);
1389*4882a593Smuzhiyun int security_tun_dev_create(void);
1390*4882a593Smuzhiyun int security_tun_dev_attach_queue(void *security);
1391*4882a593Smuzhiyun int security_tun_dev_attach(struct sock *sk, void *security);
1392*4882a593Smuzhiyun int security_tun_dev_open(void *security);
1393*4882a593Smuzhiyun int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb);
1394*4882a593Smuzhiyun int security_sctp_bind_connect(struct sock *sk, int optname,
1395*4882a593Smuzhiyun struct sockaddr *address, int addrlen);
1396*4882a593Smuzhiyun void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
1397*4882a593Smuzhiyun struct sock *newsk);
1398*4882a593Smuzhiyun
1399*4882a593Smuzhiyun #else /* CONFIG_SECURITY_NETWORK */
security_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)1400*4882a593Smuzhiyun static inline int security_unix_stream_connect(struct sock *sock,
1401*4882a593Smuzhiyun struct sock *other,
1402*4882a593Smuzhiyun struct sock *newsk)
1403*4882a593Smuzhiyun {
1404*4882a593Smuzhiyun return 0;
1405*4882a593Smuzhiyun }
1406*4882a593Smuzhiyun
security_unix_may_send(struct socket * sock,struct socket * other)1407*4882a593Smuzhiyun static inline int security_unix_may_send(struct socket *sock,
1408*4882a593Smuzhiyun struct socket *other)
1409*4882a593Smuzhiyun {
1410*4882a593Smuzhiyun return 0;
1411*4882a593Smuzhiyun }
1412*4882a593Smuzhiyun
security_socket_create(int family,int type,int protocol,int kern)1413*4882a593Smuzhiyun static inline int security_socket_create(int family, int type,
1414*4882a593Smuzhiyun int protocol, int kern)
1415*4882a593Smuzhiyun {
1416*4882a593Smuzhiyun return 0;
1417*4882a593Smuzhiyun }
1418*4882a593Smuzhiyun
security_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)1419*4882a593Smuzhiyun static inline int security_socket_post_create(struct socket *sock,
1420*4882a593Smuzhiyun int family,
1421*4882a593Smuzhiyun int type,
1422*4882a593Smuzhiyun int protocol, int kern)
1423*4882a593Smuzhiyun {
1424*4882a593Smuzhiyun return 0;
1425*4882a593Smuzhiyun }
1426*4882a593Smuzhiyun
security_socket_socketpair(struct socket * socka,struct socket * sockb)1427*4882a593Smuzhiyun static inline int security_socket_socketpair(struct socket *socka,
1428*4882a593Smuzhiyun struct socket *sockb)
1429*4882a593Smuzhiyun {
1430*4882a593Smuzhiyun return 0;
1431*4882a593Smuzhiyun }
1432*4882a593Smuzhiyun
security_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)1433*4882a593Smuzhiyun static inline int security_socket_bind(struct socket *sock,
1434*4882a593Smuzhiyun struct sockaddr *address,
1435*4882a593Smuzhiyun int addrlen)
1436*4882a593Smuzhiyun {
1437*4882a593Smuzhiyun return 0;
1438*4882a593Smuzhiyun }
1439*4882a593Smuzhiyun
security_socket_connect(struct socket * sock,struct sockaddr * address,int addrlen)1440*4882a593Smuzhiyun static inline int security_socket_connect(struct socket *sock,
1441*4882a593Smuzhiyun struct sockaddr *address,
1442*4882a593Smuzhiyun int addrlen)
1443*4882a593Smuzhiyun {
1444*4882a593Smuzhiyun return 0;
1445*4882a593Smuzhiyun }
1446*4882a593Smuzhiyun
security_socket_listen(struct socket * sock,int backlog)1447*4882a593Smuzhiyun static inline int security_socket_listen(struct socket *sock, int backlog)
1448*4882a593Smuzhiyun {
1449*4882a593Smuzhiyun return 0;
1450*4882a593Smuzhiyun }
1451*4882a593Smuzhiyun
security_socket_accept(struct socket * sock,struct socket * newsock)1452*4882a593Smuzhiyun static inline int security_socket_accept(struct socket *sock,
1453*4882a593Smuzhiyun struct socket *newsock)
1454*4882a593Smuzhiyun {
1455*4882a593Smuzhiyun return 0;
1456*4882a593Smuzhiyun }
1457*4882a593Smuzhiyun
security_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)1458*4882a593Smuzhiyun static inline int security_socket_sendmsg(struct socket *sock,
1459*4882a593Smuzhiyun struct msghdr *msg, int size)
1460*4882a593Smuzhiyun {
1461*4882a593Smuzhiyun return 0;
1462*4882a593Smuzhiyun }
1463*4882a593Smuzhiyun
security_socket_recvmsg(struct socket * sock,struct msghdr * msg,int size,int flags)1464*4882a593Smuzhiyun static inline int security_socket_recvmsg(struct socket *sock,
1465*4882a593Smuzhiyun struct msghdr *msg, int size,
1466*4882a593Smuzhiyun int flags)
1467*4882a593Smuzhiyun {
1468*4882a593Smuzhiyun return 0;
1469*4882a593Smuzhiyun }
1470*4882a593Smuzhiyun
security_socket_getsockname(struct socket * sock)1471*4882a593Smuzhiyun static inline int security_socket_getsockname(struct socket *sock)
1472*4882a593Smuzhiyun {
1473*4882a593Smuzhiyun return 0;
1474*4882a593Smuzhiyun }
1475*4882a593Smuzhiyun
security_socket_getpeername(struct socket * sock)1476*4882a593Smuzhiyun static inline int security_socket_getpeername(struct socket *sock)
1477*4882a593Smuzhiyun {
1478*4882a593Smuzhiyun return 0;
1479*4882a593Smuzhiyun }
1480*4882a593Smuzhiyun
security_socket_getsockopt(struct socket * sock,int level,int optname)1481*4882a593Smuzhiyun static inline int security_socket_getsockopt(struct socket *sock,
1482*4882a593Smuzhiyun int level, int optname)
1483*4882a593Smuzhiyun {
1484*4882a593Smuzhiyun return 0;
1485*4882a593Smuzhiyun }
1486*4882a593Smuzhiyun
security_socket_setsockopt(struct socket * sock,int level,int optname)1487*4882a593Smuzhiyun static inline int security_socket_setsockopt(struct socket *sock,
1488*4882a593Smuzhiyun int level, int optname)
1489*4882a593Smuzhiyun {
1490*4882a593Smuzhiyun return 0;
1491*4882a593Smuzhiyun }
1492*4882a593Smuzhiyun
security_socket_shutdown(struct socket * sock,int how)1493*4882a593Smuzhiyun static inline int security_socket_shutdown(struct socket *sock, int how)
1494*4882a593Smuzhiyun {
1495*4882a593Smuzhiyun return 0;
1496*4882a593Smuzhiyun }
security_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)1497*4882a593Smuzhiyun static inline int security_sock_rcv_skb(struct sock *sk,
1498*4882a593Smuzhiyun struct sk_buff *skb)
1499*4882a593Smuzhiyun {
1500*4882a593Smuzhiyun return 0;
1501*4882a593Smuzhiyun }
1502*4882a593Smuzhiyun
security_socket_getpeersec_stream(struct socket * sock,char __user * optval,int __user * optlen,unsigned len)1503*4882a593Smuzhiyun static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1504*4882a593Smuzhiyun int __user *optlen, unsigned len)
1505*4882a593Smuzhiyun {
1506*4882a593Smuzhiyun return -ENOPROTOOPT;
1507*4882a593Smuzhiyun }
1508*4882a593Smuzhiyun
security_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)1509*4882a593Smuzhiyun static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
1510*4882a593Smuzhiyun {
1511*4882a593Smuzhiyun return -ENOPROTOOPT;
1512*4882a593Smuzhiyun }
1513*4882a593Smuzhiyun
security_sk_alloc(struct sock * sk,int family,gfp_t priority)1514*4882a593Smuzhiyun static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1515*4882a593Smuzhiyun {
1516*4882a593Smuzhiyun return 0;
1517*4882a593Smuzhiyun }
1518*4882a593Smuzhiyun
security_sk_free(struct sock * sk)1519*4882a593Smuzhiyun static inline void security_sk_free(struct sock *sk)
1520*4882a593Smuzhiyun {
1521*4882a593Smuzhiyun }
1522*4882a593Smuzhiyun
security_sk_clone(const struct sock * sk,struct sock * newsk)1523*4882a593Smuzhiyun static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
1524*4882a593Smuzhiyun {
1525*4882a593Smuzhiyun }
1526*4882a593Smuzhiyun
security_sk_classify_flow(struct sock * sk,struct flowi_common * flic)1527*4882a593Smuzhiyun static inline void security_sk_classify_flow(struct sock *sk,
1528*4882a593Smuzhiyun struct flowi_common *flic)
1529*4882a593Smuzhiyun {
1530*4882a593Smuzhiyun }
1531*4882a593Smuzhiyun
security_req_classify_flow(const struct request_sock * req,struct flowi_common * flic)1532*4882a593Smuzhiyun static inline void security_req_classify_flow(const struct request_sock *req,
1533*4882a593Smuzhiyun struct flowi_common *flic)
1534*4882a593Smuzhiyun {
1535*4882a593Smuzhiyun }
1536*4882a593Smuzhiyun
security_sock_graft(struct sock * sk,struct socket * parent)1537*4882a593Smuzhiyun static inline void security_sock_graft(struct sock *sk, struct socket *parent)
1538*4882a593Smuzhiyun {
1539*4882a593Smuzhiyun }
1540*4882a593Smuzhiyun
security_inet_conn_request(struct sock * sk,struct sk_buff * skb,struct request_sock * req)1541*4882a593Smuzhiyun static inline int security_inet_conn_request(struct sock *sk,
1542*4882a593Smuzhiyun struct sk_buff *skb, struct request_sock *req)
1543*4882a593Smuzhiyun {
1544*4882a593Smuzhiyun return 0;
1545*4882a593Smuzhiyun }
1546*4882a593Smuzhiyun
security_inet_csk_clone(struct sock * newsk,const struct request_sock * req)1547*4882a593Smuzhiyun static inline void security_inet_csk_clone(struct sock *newsk,
1548*4882a593Smuzhiyun const struct request_sock *req)
1549*4882a593Smuzhiyun {
1550*4882a593Smuzhiyun }
1551*4882a593Smuzhiyun
security_inet_conn_established(struct sock * sk,struct sk_buff * skb)1552*4882a593Smuzhiyun static inline void security_inet_conn_established(struct sock *sk,
1553*4882a593Smuzhiyun struct sk_buff *skb)
1554*4882a593Smuzhiyun {
1555*4882a593Smuzhiyun }
1556*4882a593Smuzhiyun
security_secmark_relabel_packet(u32 secid)1557*4882a593Smuzhiyun static inline int security_secmark_relabel_packet(u32 secid)
1558*4882a593Smuzhiyun {
1559*4882a593Smuzhiyun return 0;
1560*4882a593Smuzhiyun }
1561*4882a593Smuzhiyun
security_secmark_refcount_inc(void)1562*4882a593Smuzhiyun static inline void security_secmark_refcount_inc(void)
1563*4882a593Smuzhiyun {
1564*4882a593Smuzhiyun }
1565*4882a593Smuzhiyun
security_secmark_refcount_dec(void)1566*4882a593Smuzhiyun static inline void security_secmark_refcount_dec(void)
1567*4882a593Smuzhiyun {
1568*4882a593Smuzhiyun }
1569*4882a593Smuzhiyun
security_tun_dev_alloc_security(void ** security)1570*4882a593Smuzhiyun static inline int security_tun_dev_alloc_security(void **security)
1571*4882a593Smuzhiyun {
1572*4882a593Smuzhiyun return 0;
1573*4882a593Smuzhiyun }
1574*4882a593Smuzhiyun
security_tun_dev_free_security(void * security)1575*4882a593Smuzhiyun static inline void security_tun_dev_free_security(void *security)
1576*4882a593Smuzhiyun {
1577*4882a593Smuzhiyun }
1578*4882a593Smuzhiyun
security_tun_dev_create(void)1579*4882a593Smuzhiyun static inline int security_tun_dev_create(void)
1580*4882a593Smuzhiyun {
1581*4882a593Smuzhiyun return 0;
1582*4882a593Smuzhiyun }
1583*4882a593Smuzhiyun
security_tun_dev_attach_queue(void * security)1584*4882a593Smuzhiyun static inline int security_tun_dev_attach_queue(void *security)
1585*4882a593Smuzhiyun {
1586*4882a593Smuzhiyun return 0;
1587*4882a593Smuzhiyun }
1588*4882a593Smuzhiyun
security_tun_dev_attach(struct sock * sk,void * security)1589*4882a593Smuzhiyun static inline int security_tun_dev_attach(struct sock *sk, void *security)
1590*4882a593Smuzhiyun {
1591*4882a593Smuzhiyun return 0;
1592*4882a593Smuzhiyun }
1593*4882a593Smuzhiyun
security_tun_dev_open(void * security)1594*4882a593Smuzhiyun static inline int security_tun_dev_open(void *security)
1595*4882a593Smuzhiyun {
1596*4882a593Smuzhiyun return 0;
1597*4882a593Smuzhiyun }
1598*4882a593Smuzhiyun
security_sctp_assoc_request(struct sctp_endpoint * ep,struct sk_buff * skb)1599*4882a593Smuzhiyun static inline int security_sctp_assoc_request(struct sctp_endpoint *ep,
1600*4882a593Smuzhiyun struct sk_buff *skb)
1601*4882a593Smuzhiyun {
1602*4882a593Smuzhiyun return 0;
1603*4882a593Smuzhiyun }
1604*4882a593Smuzhiyun
security_sctp_bind_connect(struct sock * sk,int optname,struct sockaddr * address,int addrlen)1605*4882a593Smuzhiyun static inline int security_sctp_bind_connect(struct sock *sk, int optname,
1606*4882a593Smuzhiyun struct sockaddr *address,
1607*4882a593Smuzhiyun int addrlen)
1608*4882a593Smuzhiyun {
1609*4882a593Smuzhiyun return 0;
1610*4882a593Smuzhiyun }
1611*4882a593Smuzhiyun
security_sctp_sk_clone(struct sctp_endpoint * ep,struct sock * sk,struct sock * newsk)1612*4882a593Smuzhiyun static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
1613*4882a593Smuzhiyun struct sock *sk,
1614*4882a593Smuzhiyun struct sock *newsk)
1615*4882a593Smuzhiyun {
1616*4882a593Smuzhiyun }
1617*4882a593Smuzhiyun #endif /* CONFIG_SECURITY_NETWORK */
1618*4882a593Smuzhiyun
1619*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_INFINIBAND
1620*4882a593Smuzhiyun int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
1621*4882a593Smuzhiyun int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
1622*4882a593Smuzhiyun int security_ib_alloc_security(void **sec);
1623*4882a593Smuzhiyun void security_ib_free_security(void *sec);
1624*4882a593Smuzhiyun #else /* CONFIG_SECURITY_INFINIBAND */
security_ib_pkey_access(void * sec,u64 subnet_prefix,u16 pkey)1625*4882a593Smuzhiyun static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
1626*4882a593Smuzhiyun {
1627*4882a593Smuzhiyun return 0;
1628*4882a593Smuzhiyun }
1629*4882a593Smuzhiyun
security_ib_endport_manage_subnet(void * sec,const char * dev_name,u8 port_num)1630*4882a593Smuzhiyun static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
1631*4882a593Smuzhiyun {
1632*4882a593Smuzhiyun return 0;
1633*4882a593Smuzhiyun }
1634*4882a593Smuzhiyun
security_ib_alloc_security(void ** sec)1635*4882a593Smuzhiyun static inline int security_ib_alloc_security(void **sec)
1636*4882a593Smuzhiyun {
1637*4882a593Smuzhiyun return 0;
1638*4882a593Smuzhiyun }
1639*4882a593Smuzhiyun
security_ib_free_security(void * sec)1640*4882a593Smuzhiyun static inline void security_ib_free_security(void *sec)
1641*4882a593Smuzhiyun {
1642*4882a593Smuzhiyun }
1643*4882a593Smuzhiyun #endif /* CONFIG_SECURITY_INFINIBAND */
1644*4882a593Smuzhiyun
1645*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_NETWORK_XFRM
1646*4882a593Smuzhiyun
1647*4882a593Smuzhiyun int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1648*4882a593Smuzhiyun struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
1649*4882a593Smuzhiyun int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
1650*4882a593Smuzhiyun void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
1651*4882a593Smuzhiyun int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
1652*4882a593Smuzhiyun int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1653*4882a593Smuzhiyun int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1654*4882a593Smuzhiyun struct xfrm_sec_ctx *polsec, u32 secid);
1655*4882a593Smuzhiyun int security_xfrm_state_delete(struct xfrm_state *x);
1656*4882a593Smuzhiyun void security_xfrm_state_free(struct xfrm_state *x);
1657*4882a593Smuzhiyun int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1658*4882a593Smuzhiyun int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1659*4882a593Smuzhiyun struct xfrm_policy *xp,
1660*4882a593Smuzhiyun const struct flowi_common *flic);
1661*4882a593Smuzhiyun int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
1662*4882a593Smuzhiyun void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
1663*4882a593Smuzhiyun
1664*4882a593Smuzhiyun #else /* CONFIG_SECURITY_NETWORK_XFRM */
1665*4882a593Smuzhiyun
security_xfrm_policy_alloc(struct xfrm_sec_ctx ** ctxp,struct xfrm_user_sec_ctx * sec_ctx,gfp_t gfp)1666*4882a593Smuzhiyun static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1667*4882a593Smuzhiyun struct xfrm_user_sec_ctx *sec_ctx,
1668*4882a593Smuzhiyun gfp_t gfp)
1669*4882a593Smuzhiyun {
1670*4882a593Smuzhiyun return 0;
1671*4882a593Smuzhiyun }
1672*4882a593Smuzhiyun
security_xfrm_policy_clone(struct xfrm_sec_ctx * old,struct xfrm_sec_ctx ** new_ctxp)1673*4882a593Smuzhiyun static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
1674*4882a593Smuzhiyun {
1675*4882a593Smuzhiyun return 0;
1676*4882a593Smuzhiyun }
1677*4882a593Smuzhiyun
security_xfrm_policy_free(struct xfrm_sec_ctx * ctx)1678*4882a593Smuzhiyun static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
1679*4882a593Smuzhiyun {
1680*4882a593Smuzhiyun }
1681*4882a593Smuzhiyun
security_xfrm_policy_delete(struct xfrm_sec_ctx * ctx)1682*4882a593Smuzhiyun static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
1683*4882a593Smuzhiyun {
1684*4882a593Smuzhiyun return 0;
1685*4882a593Smuzhiyun }
1686*4882a593Smuzhiyun
security_xfrm_state_alloc(struct xfrm_state * x,struct xfrm_user_sec_ctx * sec_ctx)1687*4882a593Smuzhiyun static inline int security_xfrm_state_alloc(struct xfrm_state *x,
1688*4882a593Smuzhiyun struct xfrm_user_sec_ctx *sec_ctx)
1689*4882a593Smuzhiyun {
1690*4882a593Smuzhiyun return 0;
1691*4882a593Smuzhiyun }
1692*4882a593Smuzhiyun
security_xfrm_state_alloc_acquire(struct xfrm_state * x,struct xfrm_sec_ctx * polsec,u32 secid)1693*4882a593Smuzhiyun static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1694*4882a593Smuzhiyun struct xfrm_sec_ctx *polsec, u32 secid)
1695*4882a593Smuzhiyun {
1696*4882a593Smuzhiyun return 0;
1697*4882a593Smuzhiyun }
1698*4882a593Smuzhiyun
security_xfrm_state_free(struct xfrm_state * x)1699*4882a593Smuzhiyun static inline void security_xfrm_state_free(struct xfrm_state *x)
1700*4882a593Smuzhiyun {
1701*4882a593Smuzhiyun }
1702*4882a593Smuzhiyun
security_xfrm_state_delete(struct xfrm_state * x)1703*4882a593Smuzhiyun static inline int security_xfrm_state_delete(struct xfrm_state *x)
1704*4882a593Smuzhiyun {
1705*4882a593Smuzhiyun return 0;
1706*4882a593Smuzhiyun }
1707*4882a593Smuzhiyun
security_xfrm_policy_lookup(struct xfrm_sec_ctx * ctx,u32 fl_secid,u8 dir)1708*4882a593Smuzhiyun static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
1709*4882a593Smuzhiyun {
1710*4882a593Smuzhiyun return 0;
1711*4882a593Smuzhiyun }
1712*4882a593Smuzhiyun
security_xfrm_state_pol_flow_match(struct xfrm_state * x,struct xfrm_policy * xp,const struct flowi_common * flic)1713*4882a593Smuzhiyun static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1714*4882a593Smuzhiyun struct xfrm_policy *xp,
1715*4882a593Smuzhiyun const struct flowi_common *flic)
1716*4882a593Smuzhiyun {
1717*4882a593Smuzhiyun return 1;
1718*4882a593Smuzhiyun }
1719*4882a593Smuzhiyun
security_xfrm_decode_session(struct sk_buff * skb,u32 * secid)1720*4882a593Smuzhiyun static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
1721*4882a593Smuzhiyun {
1722*4882a593Smuzhiyun return 0;
1723*4882a593Smuzhiyun }
1724*4882a593Smuzhiyun
security_skb_classify_flow(struct sk_buff * skb,struct flowi_common * flic)1725*4882a593Smuzhiyun static inline void security_skb_classify_flow(struct sk_buff *skb,
1726*4882a593Smuzhiyun struct flowi_common *flic)
1727*4882a593Smuzhiyun {
1728*4882a593Smuzhiyun }
1729*4882a593Smuzhiyun
1730*4882a593Smuzhiyun #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1731*4882a593Smuzhiyun
1732*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_PATH
1733*4882a593Smuzhiyun int security_path_unlink(const struct path *dir, struct dentry *dentry);
1734*4882a593Smuzhiyun int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
1735*4882a593Smuzhiyun int security_path_rmdir(const struct path *dir, struct dentry *dentry);
1736*4882a593Smuzhiyun int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
1737*4882a593Smuzhiyun unsigned int dev);
1738*4882a593Smuzhiyun int security_path_truncate(const struct path *path);
1739*4882a593Smuzhiyun int security_path_symlink(const struct path *dir, struct dentry *dentry,
1740*4882a593Smuzhiyun const char *old_name);
1741*4882a593Smuzhiyun int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
1742*4882a593Smuzhiyun struct dentry *new_dentry);
1743*4882a593Smuzhiyun int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1744*4882a593Smuzhiyun const struct path *new_dir, struct dentry *new_dentry,
1745*4882a593Smuzhiyun unsigned int flags);
1746*4882a593Smuzhiyun int security_path_chmod(const struct path *path, umode_t mode);
1747*4882a593Smuzhiyun int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
1748*4882a593Smuzhiyun int security_path_chroot(const struct path *path);
1749*4882a593Smuzhiyun #else /* CONFIG_SECURITY_PATH */
security_path_unlink(const struct path * dir,struct dentry * dentry)1750*4882a593Smuzhiyun static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
1751*4882a593Smuzhiyun {
1752*4882a593Smuzhiyun return 0;
1753*4882a593Smuzhiyun }
1754*4882a593Smuzhiyun
security_path_mkdir(const struct path * dir,struct dentry * dentry,umode_t mode)1755*4882a593Smuzhiyun static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
1756*4882a593Smuzhiyun umode_t mode)
1757*4882a593Smuzhiyun {
1758*4882a593Smuzhiyun return 0;
1759*4882a593Smuzhiyun }
1760*4882a593Smuzhiyun
security_path_rmdir(const struct path * dir,struct dentry * dentry)1761*4882a593Smuzhiyun static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
1762*4882a593Smuzhiyun {
1763*4882a593Smuzhiyun return 0;
1764*4882a593Smuzhiyun }
1765*4882a593Smuzhiyun
security_path_mknod(const struct path * dir,struct dentry * dentry,umode_t mode,unsigned int dev)1766*4882a593Smuzhiyun static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
1767*4882a593Smuzhiyun umode_t mode, unsigned int dev)
1768*4882a593Smuzhiyun {
1769*4882a593Smuzhiyun return 0;
1770*4882a593Smuzhiyun }
1771*4882a593Smuzhiyun
security_path_truncate(const struct path * path)1772*4882a593Smuzhiyun static inline int security_path_truncate(const struct path *path)
1773*4882a593Smuzhiyun {
1774*4882a593Smuzhiyun return 0;
1775*4882a593Smuzhiyun }
1776*4882a593Smuzhiyun
security_path_symlink(const struct path * dir,struct dentry * dentry,const char * old_name)1777*4882a593Smuzhiyun static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
1778*4882a593Smuzhiyun const char *old_name)
1779*4882a593Smuzhiyun {
1780*4882a593Smuzhiyun return 0;
1781*4882a593Smuzhiyun }
1782*4882a593Smuzhiyun
security_path_link(struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry)1783*4882a593Smuzhiyun static inline int security_path_link(struct dentry *old_dentry,
1784*4882a593Smuzhiyun const struct path *new_dir,
1785*4882a593Smuzhiyun struct dentry *new_dentry)
1786*4882a593Smuzhiyun {
1787*4882a593Smuzhiyun return 0;
1788*4882a593Smuzhiyun }
1789*4882a593Smuzhiyun
security_path_rename(const struct path * old_dir,struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry,unsigned int flags)1790*4882a593Smuzhiyun static inline int security_path_rename(const struct path *old_dir,
1791*4882a593Smuzhiyun struct dentry *old_dentry,
1792*4882a593Smuzhiyun const struct path *new_dir,
1793*4882a593Smuzhiyun struct dentry *new_dentry,
1794*4882a593Smuzhiyun unsigned int flags)
1795*4882a593Smuzhiyun {
1796*4882a593Smuzhiyun return 0;
1797*4882a593Smuzhiyun }
1798*4882a593Smuzhiyun
security_path_chmod(const struct path * path,umode_t mode)1799*4882a593Smuzhiyun static inline int security_path_chmod(const struct path *path, umode_t mode)
1800*4882a593Smuzhiyun {
1801*4882a593Smuzhiyun return 0;
1802*4882a593Smuzhiyun }
1803*4882a593Smuzhiyun
security_path_chown(const struct path * path,kuid_t uid,kgid_t gid)1804*4882a593Smuzhiyun static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
1805*4882a593Smuzhiyun {
1806*4882a593Smuzhiyun return 0;
1807*4882a593Smuzhiyun }
1808*4882a593Smuzhiyun
security_path_chroot(const struct path * path)1809*4882a593Smuzhiyun static inline int security_path_chroot(const struct path *path)
1810*4882a593Smuzhiyun {
1811*4882a593Smuzhiyun return 0;
1812*4882a593Smuzhiyun }
1813*4882a593Smuzhiyun #endif /* CONFIG_SECURITY_PATH */
1814*4882a593Smuzhiyun
1815*4882a593Smuzhiyun #ifdef CONFIG_KEYS
1816*4882a593Smuzhiyun #ifdef CONFIG_SECURITY
1817*4882a593Smuzhiyun
1818*4882a593Smuzhiyun int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
1819*4882a593Smuzhiyun void security_key_free(struct key *key);
1820*4882a593Smuzhiyun int security_key_permission(key_ref_t key_ref, const struct cred *cred,
1821*4882a593Smuzhiyun enum key_need_perm need_perm);
1822*4882a593Smuzhiyun int security_key_getsecurity(struct key *key, char **_buffer);
1823*4882a593Smuzhiyun
1824*4882a593Smuzhiyun #else
1825*4882a593Smuzhiyun
security_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)1826*4882a593Smuzhiyun static inline int security_key_alloc(struct key *key,
1827*4882a593Smuzhiyun const struct cred *cred,
1828*4882a593Smuzhiyun unsigned long flags)
1829*4882a593Smuzhiyun {
1830*4882a593Smuzhiyun return 0;
1831*4882a593Smuzhiyun }
1832*4882a593Smuzhiyun
security_key_free(struct key * key)1833*4882a593Smuzhiyun static inline void security_key_free(struct key *key)
1834*4882a593Smuzhiyun {
1835*4882a593Smuzhiyun }
1836*4882a593Smuzhiyun
security_key_permission(key_ref_t key_ref,const struct cred * cred,enum key_need_perm need_perm)1837*4882a593Smuzhiyun static inline int security_key_permission(key_ref_t key_ref,
1838*4882a593Smuzhiyun const struct cred *cred,
1839*4882a593Smuzhiyun enum key_need_perm need_perm)
1840*4882a593Smuzhiyun {
1841*4882a593Smuzhiyun return 0;
1842*4882a593Smuzhiyun }
1843*4882a593Smuzhiyun
security_key_getsecurity(struct key * key,char ** _buffer)1844*4882a593Smuzhiyun static inline int security_key_getsecurity(struct key *key, char **_buffer)
1845*4882a593Smuzhiyun {
1846*4882a593Smuzhiyun *_buffer = NULL;
1847*4882a593Smuzhiyun return 0;
1848*4882a593Smuzhiyun }
1849*4882a593Smuzhiyun
1850*4882a593Smuzhiyun #endif
1851*4882a593Smuzhiyun #endif /* CONFIG_KEYS */
1852*4882a593Smuzhiyun
1853*4882a593Smuzhiyun #ifdef CONFIG_AUDIT
1854*4882a593Smuzhiyun #ifdef CONFIG_SECURITY
1855*4882a593Smuzhiyun int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
1856*4882a593Smuzhiyun int security_audit_rule_known(struct audit_krule *krule);
1857*4882a593Smuzhiyun int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
1858*4882a593Smuzhiyun void security_audit_rule_free(void *lsmrule);
1859*4882a593Smuzhiyun
1860*4882a593Smuzhiyun #else
1861*4882a593Smuzhiyun
security_audit_rule_init(u32 field,u32 op,char * rulestr,void ** lsmrule)1862*4882a593Smuzhiyun static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
1863*4882a593Smuzhiyun void **lsmrule)
1864*4882a593Smuzhiyun {
1865*4882a593Smuzhiyun return 0;
1866*4882a593Smuzhiyun }
1867*4882a593Smuzhiyun
security_audit_rule_known(struct audit_krule * krule)1868*4882a593Smuzhiyun static inline int security_audit_rule_known(struct audit_krule *krule)
1869*4882a593Smuzhiyun {
1870*4882a593Smuzhiyun return 0;
1871*4882a593Smuzhiyun }
1872*4882a593Smuzhiyun
security_audit_rule_match(u32 secid,u32 field,u32 op,void * lsmrule)1873*4882a593Smuzhiyun static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
1874*4882a593Smuzhiyun void *lsmrule)
1875*4882a593Smuzhiyun {
1876*4882a593Smuzhiyun return 0;
1877*4882a593Smuzhiyun }
1878*4882a593Smuzhiyun
security_audit_rule_free(void * lsmrule)1879*4882a593Smuzhiyun static inline void security_audit_rule_free(void *lsmrule)
1880*4882a593Smuzhiyun { }
1881*4882a593Smuzhiyun
1882*4882a593Smuzhiyun #endif /* CONFIG_SECURITY */
1883*4882a593Smuzhiyun #endif /* CONFIG_AUDIT */
1884*4882a593Smuzhiyun
1885*4882a593Smuzhiyun #ifdef CONFIG_SECURITYFS
1886*4882a593Smuzhiyun
1887*4882a593Smuzhiyun extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
1888*4882a593Smuzhiyun struct dentry *parent, void *data,
1889*4882a593Smuzhiyun const struct file_operations *fops);
1890*4882a593Smuzhiyun extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
1891*4882a593Smuzhiyun struct dentry *securityfs_create_symlink(const char *name,
1892*4882a593Smuzhiyun struct dentry *parent,
1893*4882a593Smuzhiyun const char *target,
1894*4882a593Smuzhiyun const struct inode_operations *iops);
1895*4882a593Smuzhiyun extern void securityfs_remove(struct dentry *dentry);
1896*4882a593Smuzhiyun
1897*4882a593Smuzhiyun #else /* CONFIG_SECURITYFS */
1898*4882a593Smuzhiyun
securityfs_create_dir(const char * name,struct dentry * parent)1899*4882a593Smuzhiyun static inline struct dentry *securityfs_create_dir(const char *name,
1900*4882a593Smuzhiyun struct dentry *parent)
1901*4882a593Smuzhiyun {
1902*4882a593Smuzhiyun return ERR_PTR(-ENODEV);
1903*4882a593Smuzhiyun }
1904*4882a593Smuzhiyun
securityfs_create_file(const char * name,umode_t mode,struct dentry * parent,void * data,const struct file_operations * fops)1905*4882a593Smuzhiyun static inline struct dentry *securityfs_create_file(const char *name,
1906*4882a593Smuzhiyun umode_t mode,
1907*4882a593Smuzhiyun struct dentry *parent,
1908*4882a593Smuzhiyun void *data,
1909*4882a593Smuzhiyun const struct file_operations *fops)
1910*4882a593Smuzhiyun {
1911*4882a593Smuzhiyun return ERR_PTR(-ENODEV);
1912*4882a593Smuzhiyun }
1913*4882a593Smuzhiyun
securityfs_create_symlink(const char * name,struct dentry * parent,const char * target,const struct inode_operations * iops)1914*4882a593Smuzhiyun static inline struct dentry *securityfs_create_symlink(const char *name,
1915*4882a593Smuzhiyun struct dentry *parent,
1916*4882a593Smuzhiyun const char *target,
1917*4882a593Smuzhiyun const struct inode_operations *iops)
1918*4882a593Smuzhiyun {
1919*4882a593Smuzhiyun return ERR_PTR(-ENODEV);
1920*4882a593Smuzhiyun }
1921*4882a593Smuzhiyun
securityfs_remove(struct dentry * dentry)1922*4882a593Smuzhiyun static inline void securityfs_remove(struct dentry *dentry)
1923*4882a593Smuzhiyun {}
1924*4882a593Smuzhiyun
1925*4882a593Smuzhiyun #endif
1926*4882a593Smuzhiyun
1927*4882a593Smuzhiyun #ifdef CONFIG_BPF_SYSCALL
1928*4882a593Smuzhiyun union bpf_attr;
1929*4882a593Smuzhiyun struct bpf_map;
1930*4882a593Smuzhiyun struct bpf_prog;
1931*4882a593Smuzhiyun struct bpf_prog_aux;
1932*4882a593Smuzhiyun #ifdef CONFIG_SECURITY
1933*4882a593Smuzhiyun extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size);
1934*4882a593Smuzhiyun extern int security_bpf_map(struct bpf_map *map, fmode_t fmode);
1935*4882a593Smuzhiyun extern int security_bpf_prog(struct bpf_prog *prog);
1936*4882a593Smuzhiyun extern int security_bpf_map_alloc(struct bpf_map *map);
1937*4882a593Smuzhiyun extern void security_bpf_map_free(struct bpf_map *map);
1938*4882a593Smuzhiyun extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux);
1939*4882a593Smuzhiyun extern void security_bpf_prog_free(struct bpf_prog_aux *aux);
1940*4882a593Smuzhiyun #else
security_bpf(int cmd,union bpf_attr * attr,unsigned int size)1941*4882a593Smuzhiyun static inline int security_bpf(int cmd, union bpf_attr *attr,
1942*4882a593Smuzhiyun unsigned int size)
1943*4882a593Smuzhiyun {
1944*4882a593Smuzhiyun return 0;
1945*4882a593Smuzhiyun }
1946*4882a593Smuzhiyun
security_bpf_map(struct bpf_map * map,fmode_t fmode)1947*4882a593Smuzhiyun static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode)
1948*4882a593Smuzhiyun {
1949*4882a593Smuzhiyun return 0;
1950*4882a593Smuzhiyun }
1951*4882a593Smuzhiyun
security_bpf_prog(struct bpf_prog * prog)1952*4882a593Smuzhiyun static inline int security_bpf_prog(struct bpf_prog *prog)
1953*4882a593Smuzhiyun {
1954*4882a593Smuzhiyun return 0;
1955*4882a593Smuzhiyun }
1956*4882a593Smuzhiyun
security_bpf_map_alloc(struct bpf_map * map)1957*4882a593Smuzhiyun static inline int security_bpf_map_alloc(struct bpf_map *map)
1958*4882a593Smuzhiyun {
1959*4882a593Smuzhiyun return 0;
1960*4882a593Smuzhiyun }
1961*4882a593Smuzhiyun
security_bpf_map_free(struct bpf_map * map)1962*4882a593Smuzhiyun static inline void security_bpf_map_free(struct bpf_map *map)
1963*4882a593Smuzhiyun { }
1964*4882a593Smuzhiyun
security_bpf_prog_alloc(struct bpf_prog_aux * aux)1965*4882a593Smuzhiyun static inline int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
1966*4882a593Smuzhiyun {
1967*4882a593Smuzhiyun return 0;
1968*4882a593Smuzhiyun }
1969*4882a593Smuzhiyun
security_bpf_prog_free(struct bpf_prog_aux * aux)1970*4882a593Smuzhiyun static inline void security_bpf_prog_free(struct bpf_prog_aux *aux)
1971*4882a593Smuzhiyun { }
1972*4882a593Smuzhiyun #endif /* CONFIG_SECURITY */
1973*4882a593Smuzhiyun #endif /* CONFIG_BPF_SYSCALL */
1974*4882a593Smuzhiyun
1975*4882a593Smuzhiyun #ifdef CONFIG_PERF_EVENTS
1976*4882a593Smuzhiyun struct perf_event_attr;
1977*4882a593Smuzhiyun struct perf_event;
1978*4882a593Smuzhiyun
1979*4882a593Smuzhiyun #ifdef CONFIG_SECURITY
1980*4882a593Smuzhiyun extern int security_perf_event_open(struct perf_event_attr *attr, int type);
1981*4882a593Smuzhiyun extern int security_perf_event_alloc(struct perf_event *event);
1982*4882a593Smuzhiyun extern void security_perf_event_free(struct perf_event *event);
1983*4882a593Smuzhiyun extern int security_perf_event_read(struct perf_event *event);
1984*4882a593Smuzhiyun extern int security_perf_event_write(struct perf_event *event);
1985*4882a593Smuzhiyun #else
security_perf_event_open(struct perf_event_attr * attr,int type)1986*4882a593Smuzhiyun static inline int security_perf_event_open(struct perf_event_attr *attr,
1987*4882a593Smuzhiyun int type)
1988*4882a593Smuzhiyun {
1989*4882a593Smuzhiyun return 0;
1990*4882a593Smuzhiyun }
1991*4882a593Smuzhiyun
security_perf_event_alloc(struct perf_event * event)1992*4882a593Smuzhiyun static inline int security_perf_event_alloc(struct perf_event *event)
1993*4882a593Smuzhiyun {
1994*4882a593Smuzhiyun return 0;
1995*4882a593Smuzhiyun }
1996*4882a593Smuzhiyun
security_perf_event_free(struct perf_event * event)1997*4882a593Smuzhiyun static inline void security_perf_event_free(struct perf_event *event)
1998*4882a593Smuzhiyun {
1999*4882a593Smuzhiyun }
2000*4882a593Smuzhiyun
security_perf_event_read(struct perf_event * event)2001*4882a593Smuzhiyun static inline int security_perf_event_read(struct perf_event *event)
2002*4882a593Smuzhiyun {
2003*4882a593Smuzhiyun return 0;
2004*4882a593Smuzhiyun }
2005*4882a593Smuzhiyun
security_perf_event_write(struct perf_event * event)2006*4882a593Smuzhiyun static inline int security_perf_event_write(struct perf_event *event)
2007*4882a593Smuzhiyun {
2008*4882a593Smuzhiyun return 0;
2009*4882a593Smuzhiyun }
2010*4882a593Smuzhiyun #endif /* CONFIG_SECURITY */
2011*4882a593Smuzhiyun #endif /* CONFIG_PERF_EVENTS */
2012*4882a593Smuzhiyun
2013*4882a593Smuzhiyun #endif /* ! __LINUX_SECURITY_H */
2014