security.h 47.6 KB
Newer Older
Linus Torvalds's avatar
Linus Torvalds committed
1 2 3 4 5 6 7 8
/*
 * Linux Security plug
 *
 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9
 * Copyright (C) 2016 Mellanox Techonologies
Linus Torvalds's avatar
Linus Torvalds committed
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 *
 *	This program is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *
 *	Due to this file being licensed under the GPL there is controversy over
 *	whether this permits you to write a module that #includes this file
 *	without placing your module under the GPL.  Please consult a lawyer for
 *	advice before doing this.
 *
 */

#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H

26
#include <linux/key.h>
Al Viro's avatar
Al Viro committed
27
#include <linux/capability.h>
28
#include <linux/fs.h>
29
#include <linux/slab.h>
Al Viro's avatar
Al Viro committed
30
#include <linux/err.h>
31
#include <linux/string.h>
32
#include <linux/mm.h>
33
#include <linux/fs.h>
Al Viro's avatar
Al Viro committed
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

struct linux_binprm;
struct cred;
struct rlimit;
struct siginfo;
struct sembuf;
struct kern_ipc_perm;
struct audit_context;
struct super_block;
struct inode;
struct dentry;
struct file;
struct vfsmount;
struct path;
struct qstr;
struct iattr;
struct fown_struct;
struct file_operations;
struct msg_msg;
struct msg_queue;
struct xattr;
struct xfrm_sec_ctx;
struct mm_struct;
Linus Torvalds's avatar
Linus Torvalds committed
57

58 59 60 61
/* If capable should audit the security request */
#define SECURITY_CAP_NOAUDIT 0
#define SECURITY_CAP_AUDIT 1

62 63 64
/* LSM Agnostic defines for sb_set_mnt_opts */
#define SECURITY_LSM_NATIVE_LABELS	1

Linus Torvalds's avatar
Linus Torvalds committed
65
struct ctl_table;
66
struct audit_krule;
67
struct user_namespace;
Al Viro's avatar
Al Viro committed
68
struct timezone;
Linus Torvalds's avatar
Linus Torvalds committed
69

70 71 72 73
enum lsm_event {
	LSM_POLICY_CHANGE,
};

74
/* These functions are in security/commoncap.c */
75 76
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
		       int cap, int audit);
77
extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
78
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
79
extern int cap_ptrace_traceme(struct task_struct *parent);
80
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
81 82 83 84
extern int cap_capset(struct cred *new, const struct cred *old,
		      const kernel_cap_t *effective,
		      const kernel_cap_t *inheritable,
		      const kernel_cap_t *permitted);
85
extern int cap_bprm_set_creds(struct linux_binprm *bprm);
86 87 88
extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
			      const void *value, size_t size, int flags);
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
89 90
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
91 92
extern int cap_inode_getsecurity(struct inode *inode, const char *name,
				 void **buffer, bool alloc);
93
extern int cap_mmap_addr(unsigned long addr);
94 95
extern int cap_mmap_file(struct file *file, unsigned long reqprot,
			 unsigned long prot, unsigned long flags);
96
extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
97
extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
98
			  unsigned long arg4, unsigned long arg5);
99
extern int cap_task_setscheduler(struct task_struct *p);
100 101
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
extern int cap_task_setnice(struct task_struct *p, int nice);
102
extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
Linus Torvalds's avatar
Linus Torvalds committed
103 104 105 106 107 108

struct msghdr;
struct sk_buff;
struct sock;
struct sockaddr;
struct socket;
109 110 111 112 113 114
struct flowi;
struct dst_entry;
struct xfrm_selector;
struct xfrm_policy;
struct xfrm_state;
struct xfrm_user_sec_ctx;
115
struct seq_file;
Linus Torvalds's avatar
Linus Torvalds committed
116

117
#ifdef CONFIG_MMU
118
extern unsigned long mmap_min_addr;
119
extern unsigned long dac_mmap_min_addr;
120
#else
121
#define mmap_min_addr		0UL
122 123 124
#define dac_mmap_min_addr	0UL
#endif

Linus Torvalds's avatar
Linus Torvalds committed
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
/*
 * Values used in the task_security_ops calls
 */
/* setuid or setgid, id0 == uid or gid */
#define LSM_SETID_ID	1

/* setreuid or setregid, id0 == real, id1 == eff */
#define LSM_SETID_RE	2

/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
#define LSM_SETID_RES	4

/* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS	8

140 141 142 143
/* Flags for security_task_prlimit(). */
#define LSM_PRLIMIT_READ  1
#define LSM_PRLIMIT_WRITE 2

Linus Torvalds's avatar
Linus Torvalds committed
144 145
/* forward declares to avoid warnings */
struct sched_param;
146
struct request_sock;
Linus Torvalds's avatar
Linus Torvalds committed
147

148
/* bprm->unsafe reasons */
Linus Torvalds's avatar
Linus Torvalds committed
149 150
#define LSM_UNSAFE_SHARE	1
#define LSM_UNSAFE_PTRACE	2
151
#define LSM_UNSAFE_NO_NEW_PRIVS	4
Linus Torvalds's avatar
Linus Torvalds committed
152

153
#ifdef CONFIG_MMU
154
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
155
				 void __user *buffer, size_t *lenp, loff_t *ppos);
156
#endif
157

158 159 160 161
/* security_inode_init_security callback function to write xattrs */
typedef int (*initxattrs) (struct inode *inode,
			   const struct xattr *xattr_array, void *fs_data);

Linus Torvalds's avatar
Linus Torvalds committed
162 163
#ifdef CONFIG_SECURITY

164 165 166 167 168 169
struct security_mnt_opts {
	char **mnt_opts;
	int *mnt_opts_flags;
	int num_mnt_opts;
};

170 171 172 173
int call_lsm_notifier(enum lsm_event event, void *data);
int register_lsm_notifier(struct notifier_block *nb);
int unregister_lsm_notifier(struct notifier_block *nb);

174 175 176 177 178 179 180 181 182 183 184
static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
{
	opts->mnt_opts = NULL;
	opts->mnt_opts_flags = NULL;
	opts->num_mnt_opts = 0;
}

static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
{
	int i;
	if (opts->mnt_opts)
185
		for (i = 0; i < opts->num_mnt_opts; i++)
186 187 188 189 190 191 192 193
			kfree(opts->mnt_opts[i]);
	kfree(opts->mnt_opts);
	opts->mnt_opts = NULL;
	kfree(opts->mnt_opts_flags);
	opts->mnt_opts_flags = NULL;
	opts->num_mnt_opts = 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
194
/* prototypes */
195
extern int security_init(void);
Linus Torvalds's avatar
Linus Torvalds committed
196

197
/* Security operations */
198 199 200 201 202 203 204
int security_binder_set_context_mgr(struct task_struct *mgr);
int security_binder_transaction(struct task_struct *from,
				struct task_struct *to);
int security_binder_transfer_binder(struct task_struct *from,
				    struct task_struct *to);
int security_binder_transfer_file(struct task_struct *from,
				  struct task_struct *to, struct file *file);
205
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
206
int security_ptrace_traceme(struct task_struct *parent);
207
int security_capget(struct task_struct *target,
208 209 210
		    kernel_cap_t *effective,
		    kernel_cap_t *inheritable,
		    kernel_cap_t *permitted);
211 212 213 214
int security_capset(struct cred *new, const struct cred *old,
		    const kernel_cap_t *effective,
		    const kernel_cap_t *inheritable,
		    const kernel_cap_t *permitted);
215
int security_capable(const struct cred *cred, struct user_namespace *ns,
216
			int cap);
217 218
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
			     int cap);
219 220
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
221
int security_syslog(int type);
222 223 224 225 226 227 228
int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
static inline int security_settime(const struct timespec *ts, const struct timezone *tz)
{
	struct timespec64 ts64 = timespec_to_timespec64(*ts);

	return security_settime64(&ts64, tz);
}
229
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
230
int security_bprm_set_creds(struct linux_binprm *bprm);
231
int security_bprm_check(struct linux_binprm *bprm);
232 233
void security_bprm_committing_creds(struct linux_binprm *bprm);
void security_bprm_committed_creds(struct linux_binprm *bprm);
234 235
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
236
int security_sb_copy_data(char *orig, char *copy);
237
int security_sb_remount(struct super_block *sb, void *data);
238
int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
239
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
240
int security_sb_statfs(struct dentry *dentry);
Al Viro's avatar
Al Viro committed
241
int security_sb_mount(const char *dev_name, const struct path *path,
Al Viro's avatar
Al Viro committed
242
		      const char *type, unsigned long flags, void *data);
243
int security_sb_umount(struct vfsmount *mnt, int flags);
Al Viro's avatar
Al Viro committed
244
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
245 246 247 248
int security_sb_set_mnt_opts(struct super_block *sb,
				struct security_mnt_opts *opts,
				unsigned long kern_flags,
				unsigned long *set_kern_flags);
249
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
250 251 252
				struct super_block *newsb,
				unsigned long kern_flags,
				unsigned long *set_kern_flags);
253
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
254
int security_dentry_init_security(struct dentry *dentry, int mode,
Al Viro's avatar
Al Viro committed
255
					const struct qstr *name, void **ctx,
256
					u32 *ctxlen);
257 258 259 260
int security_dentry_create_files_as(struct dentry *dentry, int mode,
					struct qstr *name,
					const struct cred *old,
					struct cred *new);
261

262 263 264
int security_inode_alloc(struct inode *inode);
void security_inode_free(struct inode *inode);
int security_inode_init_security(struct inode *inode, struct inode *dir,
265 266 267
				 const struct qstr *qstr,
				 initxattrs initxattrs, void *fs_data);
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
268
				     const struct qstr *qstr, const char **name,
269
				     void **value, size_t *len);
Al Viro's avatar
Al Viro committed
270
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
271 272 273 274
int security_inode_link(struct dentry *old_dentry, struct inode *dir,
			 struct dentry *new_dentry);
int security_inode_unlink(struct inode *dir, struct dentry *dentry);
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
275
			   const char *old_name);
276
int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
277
int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
Al Viro's avatar
Al Viro committed
278
int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
279
int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
280 281
			  struct inode *new_dir, struct dentry *new_dentry,
			  unsigned int flags);
282
int security_inode_readlink(struct dentry *dentry);
283 284
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
			       bool rcu);
285
int security_inode_permission(struct inode *inode, int mask);
286
int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
287
int security_inode_getattr(const struct path *path);
288 289 290 291 292
int security_inode_setxattr(struct dentry *dentry, const char *name,
			    const void *value, size_t size, int flags);
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
				  const void *value, size_t size, int flags);
int security_inode_getxattr(struct dentry *dentry, const char *name);
293
int security_inode_listxattr(struct dentry *dentry);
294
int security_inode_removexattr(struct dentry *dentry, const char *name);
295 296
int security_inode_need_killpriv(struct dentry *dentry);
int security_inode_killpriv(struct dentry *dentry);
297
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);
298 299
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
300
void security_inode_getsecid(struct inode *inode, u32 *secid);
301
int security_inode_copy_up(struct dentry *src, struct cred **new);
302
int security_inode_copy_up_xattr(const char *name);
303 304 305 306
int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
void security_file_free(struct file *file);
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
307 308
int security_mmap_file(struct file *file, unsigned long prot,
			unsigned long flags);
309
int security_mmap_addr(unsigned long addr);
310
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
311
			   unsigned long prot);
312 313
int security_file_lock(struct file *file, unsigned int cmd);
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
314
void security_file_set_fowner(struct file *file);
315
int security_file_send_sigiotask(struct task_struct *tsk,
316
				 struct fown_struct *fown, int sig);
317
int security_file_receive(struct file *file);
318
int security_file_open(struct file *file, const struct cred *cred);
319
int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
320
void security_task_free(struct task_struct *task);
321
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
322
void security_cred_free(struct cred *cred);
323
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
324
void security_transfer_creds(struct cred *new, const struct cred *old);
325 326
int security_kernel_act_as(struct cred *new, u32 secid);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
327
int security_kernel_module_request(char *kmod_name);
328
int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
329 330
int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
				   enum kernel_read_file_id id);
331 332
int security_task_fix_setuid(struct cred *new, const struct cred *old,
			     int flags);
333 334 335 336 337 338 339
int security_task_setpgid(struct task_struct *p, pid_t pgid);
int security_task_getpgid(struct task_struct *p);
int security_task_getsid(struct task_struct *p);
void security_task_getsecid(struct task_struct *p, u32 *secid);
int security_task_setnice(struct task_struct *p, int nice);
int security_task_setioprio(struct task_struct *p, int ioprio);
int security_task_getioprio(struct task_struct *p);
340 341
int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
			  unsigned int flags);
342 343
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
		struct rlimit *new_rlim);
344
int security_task_setscheduler(struct task_struct *p);
345 346 347 348 349
int security_task_getscheduler(struct task_struct *p);
int security_task_movememory(struct task_struct *p);
int security_task_kill(struct task_struct *p, struct siginfo *info,
			int sig, u32 secid);
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
350
			unsigned long arg4, unsigned long arg5);
351 352
void security_task_to_inode(struct task_struct *p, struct inode *inode);
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
353
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
354 355 356 357 358 359 360
int security_msg_msg_alloc(struct msg_msg *msg);
void security_msg_msg_free(struct msg_msg *msg);
int security_msg_queue_alloc(struct msg_queue *msq);
void security_msg_queue_free(struct msg_queue *msq);
int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
int security_msg_queue_msgsnd(struct msg_queue *msq,
361
			      struct msg_msg *msg, int msqflg);
362
int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
363
			      struct task_struct *target, long type, int mode);
364 365 366 367 368
int security_shm_alloc(struct kern_ipc_perm *shp);
void security_shm_free(struct kern_ipc_perm *shp);
int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
369 370 371 372 373
int security_sem_alloc(struct kern_ipc_perm *sma);
void security_sem_free(struct kern_ipc_perm *sma);
int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
374
			unsigned nsops, int alter);
375
void security_d_instantiate(struct dentry *dentry, struct inode *inode);
376
int security_getprocattr(struct task_struct *p, char *name, char **value);
377
int security_setprocattr(const char *name, void *value, size_t size);
378
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
379
int security_ismaclabel(const char *name);
380
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
381
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
382 383
void security_release_secctx(char *secdata, u32 seclen);

384
void security_inode_invalidate_secctx(struct inode *inode);
385 386 387
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
Linus Torvalds's avatar
Linus Torvalds committed
388
#else /* CONFIG_SECURITY */
389 390 391
struct security_mnt_opts {
};

392 393 394 395 396 397 398 399 400 401 402 403 404 405 406
static inline int call_lsm_notifier(enum lsm_event event, void *data)
{
	return 0;
}

static inline int register_lsm_notifier(struct notifier_block *nb)
{
	return 0;
}

static inline  int unregister_lsm_notifier(struct notifier_block *nb)
{
	return 0;
}

407 408 409 410 411 412 413
static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
{
}

static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
{
}
Linus Torvalds's avatar
Linus Torvalds committed
414 415 416 417 418 419 420 421 422 423 424

/*
 * This is the default capabilities functionality.  Most of these functions
 * are just stubbed out, but a few must call the proper capable code.
 */

static inline int security_init(void)
{
	return 0;
}

425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448
static inline int security_binder_set_context_mgr(struct task_struct *mgr)
{
	return 0;
}

static inline int security_binder_transaction(struct task_struct *from,
					      struct task_struct *to)
{
	return 0;
}

static inline int security_binder_transfer_binder(struct task_struct *from,
						  struct task_struct *to)
{
	return 0;
}

static inline int security_binder_transfer_file(struct task_struct *from,
						struct task_struct *to,
						struct file *file)
{
	return 0;
}

449
static inline int security_ptrace_access_check(struct task_struct *child,
450 451
					     unsigned int mode)
{
452
	return cap_ptrace_access_check(child, mode);
453 454
}

455
static inline int security_ptrace_traceme(struct task_struct *parent)
Linus Torvalds's avatar
Linus Torvalds committed
456
{
457
	return cap_ptrace_traceme(parent);
Linus Torvalds's avatar
Linus Torvalds committed
458 459
}

460
static inline int security_capget(struct task_struct *target,
Linus Torvalds's avatar
Linus Torvalds committed
461 462 463 464
				   kernel_cap_t *effective,
				   kernel_cap_t *inheritable,
				   kernel_cap_t *permitted)
{
465
	return cap_capget(target, effective, inheritable, permitted);
Linus Torvalds's avatar
Linus Torvalds committed
466 467
}

468 469 470 471 472
static inline int security_capset(struct cred *new,
				   const struct cred *old,
				   const kernel_cap_t *effective,
				   const kernel_cap_t *inheritable,
				   const kernel_cap_t *permitted)
Linus Torvalds's avatar
Linus Torvalds committed
473
{
474
	return cap_capset(new, old, effective, inheritable, permitted);
Linus Torvalds's avatar
Linus Torvalds committed
475 476
}

477 478
static inline int security_capable(const struct cred *cred,
				   struct user_namespace *ns, int cap)
479
{
480
	return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
481 482
}

483 484 485
static inline int security_capable_noaudit(const struct cred *cred,
					   struct user_namespace *ns, int cap) {
	return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
486 487
}

488 489
static inline int security_quotactl(int cmds, int type, int id,
				     struct super_block *sb)
Linus Torvalds's avatar
Linus Torvalds committed
490 491 492 493
{
	return 0;
}

494
static inline int security_quota_on(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
495 496 497 498
{
	return 0;
}

499
static inline int security_syslog(int type)
Linus Torvalds's avatar
Linus Torvalds committed
500
{
501
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
502 503
}

504 505 506 507 508 509
static inline int security_settime64(const struct timespec64 *ts,
				     const struct timezone *tz)
{
	return cap_settime(ts, tz);
}

510 511
static inline int security_settime(const struct timespec *ts,
				   const struct timezone *tz)
Linus Torvalds's avatar
Linus Torvalds committed
512
{
513 514 515
	struct timespec64 ts64 = timespec_to_timespec64(*ts);

	return cap_settime(&ts64, tz);
Linus Torvalds's avatar
Linus Torvalds committed
516 517
}

518
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
Alan Cox's avatar
Alan Cox committed
519
{
520
	return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
Alan Cox's avatar
Alan Cox committed
521 522
}

523
static inline int security_bprm_set_creds(struct linux_binprm *bprm)
524
{
525
	return cap_bprm_set_creds(bprm);
Linus Torvalds's avatar
Linus Torvalds committed
526 527
}

528
static inline int security_bprm_check(struct linux_binprm *bprm)
Linus Torvalds's avatar
Linus Torvalds committed
529
{
530
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
531 532
}

533
static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
Linus Torvalds's avatar
Linus Torvalds committed
534 535 536
{
}

537
static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
Linus Torvalds's avatar
Linus Torvalds committed
538 539 540
{
}

541
static inline int security_sb_alloc(struct super_block *sb)
Linus Torvalds's avatar
Linus Torvalds committed
542 543 544 545
{
	return 0;
}

546
static inline void security_sb_free(struct super_block *sb)
Linus Torvalds's avatar
Linus Torvalds committed
547 548
{ }

549
static inline int security_sb_copy_data(char *orig, char *copy)
Linus Torvalds's avatar
Linus Torvalds committed
550 551 552 553
{
	return 0;
}

554 555 556 557 558
static inline int security_sb_remount(struct super_block *sb, void *data)
{
	return 0;
}

559
static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
Linus Torvalds's avatar
Linus Torvalds committed
560 561 562 563
{
	return 0;
}

564 565 566 567 568 569
static inline int security_sb_show_options(struct seq_file *m,
					   struct super_block *sb)
{
	return 0;
}

570
static inline int security_sb_statfs(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
571 572 573 574
{
	return 0;
}

Al Viro's avatar
Al Viro committed
575
static inline int security_sb_mount(const char *dev_name, const struct path *path,
Al Viro's avatar
Al Viro committed
576
				    const char *type, unsigned long flags,
Linus Torvalds's avatar
Linus Torvalds committed
577 578 579 580 581
				    void *data)
{
	return 0;
}

582
static inline int security_sb_umount(struct vfsmount *mnt, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
583 584 585 586
{
	return 0;
}

Al Viro's avatar
Al Viro committed
587 588
static inline int security_sb_pivotroot(const struct path *old_path,
					const struct path *new_path)
Linus Torvalds's avatar
Linus Torvalds committed
589 590 591 592
{
	return 0;
}

593
static inline int security_sb_set_mnt_opts(struct super_block *sb,
594 595 596
					   struct security_mnt_opts *opts,
					   unsigned long kern_flags,
					   unsigned long *set_kern_flags)
597 598 599 600
{
	return 0;
}

601
static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
602 603 604
					      struct super_block *newsb,
					      unsigned long kern_flags,
					      unsigned long *set_kern_flags)
605 606 607
{
	return 0;
}
608 609 610 611 612

static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
{
	return 0;
}
Linus Torvalds's avatar
Linus Torvalds committed
613

614
static inline int security_inode_alloc(struct inode *inode)
Linus Torvalds's avatar
Linus Torvalds committed
615 616 617 618
{
	return 0;
}

619
static inline void security_inode_free(struct inode *inode)
Linus Torvalds's avatar
Linus Torvalds committed
620
{ }
621

622 623
static inline int security_dentry_init_security(struct dentry *dentry,
						 int mode,
Al Viro's avatar
Al Viro committed
624
						 const struct qstr *name,
625 626 627 628 629 630
						 void **ctx,
						 u32 *ctxlen)
{
	return -EOPNOTSUPP;
}

631 632 633 634 635 636 637 638
static inline int security_dentry_create_files_as(struct dentry *dentry,
						  int mode, struct qstr *name,
						  const struct cred *old,
						  struct cred *new)
{
	return 0;
}

639

640
static inline int security_inode_init_security(struct inode *inode,
641
						struct inode *dir,
642
						const struct qstr *qstr,
Mark Rustad's avatar
Mark Rustad committed
643
						const initxattrs xattrs,
644
						void *fs_data)
645
{
Mimi Zohar's avatar
Mimi Zohar committed
646
	return 0;
647
}
648

Mimi Zohar's avatar
Mimi Zohar committed
649 650 651
static inline int security_old_inode_init_security(struct inode *inode,
						   struct inode *dir,
						   const struct qstr *qstr,
652 653
						   const char **name,
						   void **value, size_t *len)
654
{
655
	return -EOPNOTSUPP;
656 657
}

658
static inline int security_inode_create(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
659
					 struct dentry *dentry,
Al Viro's avatar
Al Viro committed
660
					 umode_t mode)
Linus Torvalds's avatar
Linus Torvalds committed
661 662 663 664
{
	return 0;
}

665
static inline int security_inode_link(struct dentry *old_dentry,
Linus Torvalds's avatar
Linus Torvalds committed
666 667 668 669 670 671
				       struct inode *dir,
				       struct dentry *new_dentry)
{
	return 0;
}

672
static inline int security_inode_unlink(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
673 674 675 676 677
					 struct dentry *dentry)
{
	return 0;
}

678
static inline int security_inode_symlink(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
679 680 681 682 683 684
					  struct dentry *dentry,
					  const char *old_name)
{
	return 0;
}

685
static inline int security_inode_mkdir(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
686 687 688 689 690 691
					struct dentry *dentry,
					int mode)
{
	return 0;
}

692
static inline int security_inode_rmdir(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
693 694 695 696 697
					struct dentry *dentry)
{
	return 0;
}

698
static inline int security_inode_mknod(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
699 700 701 702 703 704
					struct dentry *dentry,
					int mode, dev_t dev)
{
	return 0;
}

705
static inline int security_inode_rename(struct inode *old_dir,
Linus Torvalds's avatar
Linus Torvalds committed
706 707
					 struct dentry *old_dentry,
					 struct inode *new_dir,
708 709
					 struct dentry *new_dentry,
					 unsigned int flags)
Linus Torvalds's avatar
Linus Torvalds committed
710 711 712 713
{
	return 0;
}

714
static inline int security_inode_readlink(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
715 716 717 718
{
	return 0;
}

719 720 721
static inline int security_inode_follow_link(struct dentry *dentry,
					     struct inode *inode,
					     bool rcu)
Linus Torvalds's avatar
Linus Torvalds committed
722 723 724 725
{
	return 0;
}

726
static inline int security_inode_permission(struct inode *inode, int mask)
Linus Torvalds's avatar
Linus Torvalds committed
727 728 729 730
{
	return 0;
}

731
static inline int security_inode_setattr(struct dentry *dentry,
Linus Torvalds's avatar
Linus Torvalds committed
732 733 734 735 736
					  struct iattr *attr)
{
	return 0;
}

737
static inline int security_inode_getattr(const struct path *path)
Linus Torvalds's avatar
Linus Torvalds committed
738 739 740 741
{
	return 0;
}

742 743
static inline int security_inode_setxattr(struct dentry *dentry,
		const char *name, const void *value, size_t size, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
744 745 746 747
{
	return cap_inode_setxattr(dentry, name, value, size, flags);
}

748 749
static inline void security_inode_post_setxattr(struct dentry *dentry,
		const char *name, const void *value, size_t size, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
750 751
{ }

752 753
static inline int security_inode_getxattr(struct dentry *dentry,
			const char *name)
Linus Torvalds's avatar
Linus Torvalds committed
754 755 756 757
{
	return 0;
}

758
static inline int security_inode_listxattr(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
759 760 761 762
{
	return 0;
}

763 764
static inline int security_inode_removexattr(struct dentry *dentry,
			const char *name)
Linus Torvalds's avatar
Linus Torvalds committed
765 766 767 768
{
	return cap_inode_removexattr(dentry, name);
}

769 770 771 772 773 774 775 776 777 778
static inline int security_inode_need_killpriv(struct dentry *dentry)
{
	return cap_inode_need_killpriv(dentry);
}

static inline int security_inode_killpriv(struct dentry *dentry)
{
	return cap_inode_killpriv(dentry);
}

779
static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
Linus Torvalds's avatar
Linus Torvalds committed
780 781 782 783 784 785 786 787 788 789 790 791 792 793
{
	return -EOPNOTSUPP;
}

static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
{
	return -EOPNOTSUPP;
}

static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
	return 0;
}

794
static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
795 796 797 798
{
	*secid = 0;
}

799 800 801 802 803
static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
{
	return 0;
}

804 805 806 807 808
static inline int security_inode_copy_up_xattr(const char *name)
{
	return -EOPNOTSUPP;
}

809
static inline int security_file_permission(struct file *file, int mask)
Linus Torvalds's avatar
Linus Torvalds committed
810 811 812 813
{
	return 0;
}

814
static inline int security_file_alloc(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
815 816 817 818
{
	return 0;
}

819
static inline void security_file_free(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
820 821
{ }

822 823
static inline int security_file_ioctl(struct file *file, unsigned int cmd,
				      unsigned long arg)
Linus Torvalds's avatar
Linus Torvalds committed
824 825 826 827
{
	return 0;
}

828
static inline int security_mmap_file(struct file *file, unsigned long prot,
829 830 831 832 833 834
				     unsigned long flags)
{
	return 0;
}

static inline int security_mmap_addr(unsigned long addr)
Linus Torvalds's avatar
Linus Torvalds committed
835
{
836
	return cap_mmap_addr(addr);
Linus Torvalds's avatar
Linus Torvalds committed
837 838
}

839 840 841
static inline int security_file_mprotect(struct vm_area_struct *vma,
					 unsigned long reqprot,
					 unsigned long prot)
Linus Torvalds's avatar
Linus Torvalds committed
842 843 844 845
{
	return 0;
}

846
static inline int security_file_lock(struct file *file, unsigned int cmd)
Linus Torvalds's avatar
Linus Torvalds committed
847 848 849 850
{
	return 0;
}

851 852
static inline int security_file_fcntl(struct file *file, unsigned int cmd,
				      unsigned long arg)
Linus Torvalds's avatar
Linus Torvalds committed
853 854 855 856
{
	return 0;
}

857
static inline void security_file_set_fowner(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
858
{
859
	return;
Linus Torvalds's avatar
Linus Torvalds committed
860 861
}

862 863 864
static inline int security_file_send_sigiotask(struct task_struct *tsk,
					       struct fown_struct *fown,
					       int sig)
Linus Torvalds's avatar
Linus Torvalds committed
865 866 867 868
{
	return 0;
}

869
static inline int security_file_receive(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
870 871 872 873
{
	return 0;
}

874 875
static inline int security_file_open(struct file *file,
				     const struct cred *cred)
876 877 878 879
{
	return 0;
}

880 881 882 883 884 885
static inline int security_task_alloc(struct task_struct *task,
				      unsigned long clone_flags)
{
	return 0;
}

886 887 888
static inline void security_task_free(struct task_struct *task)
{ }

889 890 891 892
static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
	return 0;
}
893

894 895 896 897 898 899
static inline void security_cred_free(struct cred *cred)
{ }

static inline int security_prepare_creds(struct cred *new,
					 const struct cred *old,
					 gfp_t gfp)
Linus Torvalds's avatar
Linus Torvalds committed
900 901 902 903
{
	return 0;
}

904 905 906 907 908
static inline void security_transfer_creds(struct cred *new,
					   const struct cred *old)
{
}

909 910 911 912 913 914 915 916 917 918 919
static inline int security_kernel_act_as(struct cred *cred, u32 secid)
{
	return 0;
}

static inline int security_kernel_create_files_as(struct cred *cred,
						  struct inode *inode)
{
	return 0;
}

920
static inline int security_kernel_module_request(char *kmod_name)
921 922
{
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
923 924
}

925 926 927 928 929 930
static inline int security_kernel_read_file(struct file *file,
					    enum kernel_read_file_id id)
{
	return 0;
}

931
static inline int security_kernel_post_read_file(struct file *file,
932 933
						 char *buf, loff_t size,
						 enum kernel_read_file_id id)
934 935 936 937
{
	return 0;
}

938 939 940
static inline int security_task_fix_setuid(struct cred *new,
					   const struct cred *old,
					   int flags)
Linus Torvalds's avatar
Linus Torvalds committed
941
{
942
	return cap_task_fix_setuid(new, old, flags);
Linus Torvalds's avatar
Linus Torvalds committed
943 944
}

945
static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
Linus Torvalds's avatar
Linus Torvalds committed
946 947 948 949
{
	return 0;
}

950
static inline int security_task_getpgid(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
951 952 953 954
{
	return 0;
}

955
static inline int security_task_getsid(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
956 957 958 959
{
	return 0;
}

960
static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
961 962 963
{
	*secid = 0;
}
964

965
static inline int security_task_setnice(struct task_struct *p, int nice)
Linus Torvalds's avatar
Linus Torvalds committed
966
{
967
	return cap_task_setnice(p, nice);
Linus Torvalds's avatar
Linus Torvalds committed
968 969
}

970
static inline int security_task_setioprio(struct task_struct *p, int ioprio)
971
{
972
	return cap_task_setioprio(p, ioprio);
973 974
}

975
static inline int security_task_getioprio(struct task_struct *p)
976 977 978 979
{
	return 0;
}

980 981 982 983 984 985 986
static inline int security_task_prlimit(const struct cred *cred,
					const struct cred *tcred,
					unsigned int flags)
{
	return 0;
}

987 988
static inline int security_task_setrlimit(struct task_struct *p,
					  unsigned int resource,
989
					  struct rlimit *new_rlim)
Linus Torvalds's avatar
Linus Torvalds committed
990 991 992 993
{
	return 0;
}

994
static inline int security_task_setscheduler(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
995
{
996
	return cap_task_setscheduler(p);
Linus Torvalds's avatar
Linus Torvalds committed
997 998
}

999
static inline int security_task_getscheduler(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
1000 1001 1002 1003
{
	return 0;
}

1004
static inline int security_task_movememory(struct task_struct *p)
1005 1006 1007 1008
{
	return 0;
}

1009 1010 1011
static inline int security_task_kill(struct task_struct *p,
				     struct siginfo *info, int sig,
				     u32 secid)
Linus Torvalds's avatar
Linus Torvalds committed
1012
{