security.h 47.6 KB
Newer Older
Linus Torvalds's avatar
Linus Torvalds committed
1 2 3 4 5 6 7 8
/*
 * Linux Security plug
 *
 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9
 * Copyright (C) 2016 Mellanox Techonologies
Linus Torvalds's avatar
Linus Torvalds committed
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 *
 *	This program is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *
 *	Due to this file being licensed under the GPL there is controversy over
 *	whether this permits you to write a module that #includes this file
 *	without placing your module under the GPL.  Please consult a lawyer for
 *	advice before doing this.
 *
 */

#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H

26
#include <linux/key.h>
Al Viro's avatar
Al Viro committed
27
#include <linux/capability.h>
28
#include <linux/fs.h>
29
#include <linux/slab.h>
Al Viro's avatar
Al Viro committed
30
#include <linux/err.h>
31
#include <linux/string.h>
32
#include <linux/mm.h>
33
#include <linux/fs.h>
Al Viro's avatar
Al Viro committed
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57

struct linux_binprm;
struct cred;
struct rlimit;
struct siginfo;
struct sembuf;
struct kern_ipc_perm;
struct audit_context;
struct super_block;
struct inode;
struct dentry;
struct file;
struct vfsmount;
struct path;
struct qstr;
struct iattr;
struct fown_struct;
struct file_operations;
struct shmid_kernel;
struct msg_msg;
struct msg_queue;
struct xattr;
struct xfrm_sec_ctx;
struct mm_struct;
Linus Torvalds's avatar
Linus Torvalds committed
58

59 60 61 62
/* If capable should audit the security request */
#define SECURITY_CAP_NOAUDIT 0
#define SECURITY_CAP_AUDIT 1

63 64 65
/* LSM Agnostic defines for sb_set_mnt_opts */
#define SECURITY_LSM_NATIVE_LABELS	1

Linus Torvalds's avatar
Linus Torvalds committed
66
struct ctl_table;
67
struct audit_krule;
68
struct user_namespace;
Al Viro's avatar
Al Viro committed
69
struct timezone;
Linus Torvalds's avatar
Linus Torvalds committed
70

71 72 73 74
enum lsm_event {
	LSM_POLICY_CHANGE,
};

75
/* These functions are in security/commoncap.c */
76 77
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
		       int cap, int audit);
78
extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
79
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
80
extern int cap_ptrace_traceme(struct task_struct *parent);
81
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
82 83 84 85
extern int cap_capset(struct cred *new, const struct cred *old,
		      const kernel_cap_t *effective,
		      const kernel_cap_t *inheritable,
		      const kernel_cap_t *permitted);
86
extern int cap_bprm_set_creds(struct linux_binprm *bprm);
87 88 89
extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
			      const void *value, size_t size, int flags);
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
90 91
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
92 93
extern int cap_inode_getsecurity(struct inode *inode, const char *name,
				 void **buffer, bool alloc);
94
extern int cap_mmap_addr(unsigned long addr);
95 96
extern int cap_mmap_file(struct file *file, unsigned long reqprot,
			 unsigned long prot, unsigned long flags);
97
extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
98
extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
99
			  unsigned long arg4, unsigned long arg5);
100
extern int cap_task_setscheduler(struct task_struct *p);
101 102
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
extern int cap_task_setnice(struct task_struct *p, int nice);
103
extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
Linus Torvalds's avatar
Linus Torvalds committed
104 105 106 107 108 109

struct msghdr;
struct sk_buff;
struct sock;
struct sockaddr;
struct socket;
110 111 112 113 114 115
struct flowi;
struct dst_entry;
struct xfrm_selector;
struct xfrm_policy;
struct xfrm_state;
struct xfrm_user_sec_ctx;
116
struct seq_file;
Linus Torvalds's avatar
Linus Torvalds committed
117

118
#ifdef CONFIG_MMU
119
extern unsigned long mmap_min_addr;
120
extern unsigned long dac_mmap_min_addr;
121
#else
122
#define mmap_min_addr		0UL
123 124 125
#define dac_mmap_min_addr	0UL
#endif

Linus Torvalds's avatar
Linus Torvalds committed
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
/*
 * Values used in the task_security_ops calls
 */
/* setuid or setgid, id0 == uid or gid */
#define LSM_SETID_ID	1

/* setreuid or setregid, id0 == real, id1 == eff */
#define LSM_SETID_RE	2

/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
#define LSM_SETID_RES	4

/* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS	8

141 142 143 144
/* Flags for security_task_prlimit(). */
#define LSM_PRLIMIT_READ  1
#define LSM_PRLIMIT_WRITE 2

Linus Torvalds's avatar
Linus Torvalds committed
145 146
/* forward declares to avoid warnings */
struct sched_param;
147
struct request_sock;
Linus Torvalds's avatar
Linus Torvalds committed
148

149
/* bprm->unsafe reasons */
Linus Torvalds's avatar
Linus Torvalds committed
150 151
#define LSM_UNSAFE_SHARE	1
#define LSM_UNSAFE_PTRACE	2
152
#define LSM_UNSAFE_NO_NEW_PRIVS	4
Linus Torvalds's avatar
Linus Torvalds committed
153

154
#ifdef CONFIG_MMU
155
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
156
				 void __user *buffer, size_t *lenp, loff_t *ppos);
157
#endif
158

159 160 161 162
/* security_inode_init_security callback function to write xattrs */
typedef int (*initxattrs) (struct inode *inode,
			   const struct xattr *xattr_array, void *fs_data);

Linus Torvalds's avatar
Linus Torvalds committed
163 164
#ifdef CONFIG_SECURITY

165 166 167 168 169 170
struct security_mnt_opts {
	char **mnt_opts;
	int *mnt_opts_flags;
	int num_mnt_opts;
};

171 172 173 174
int call_lsm_notifier(enum lsm_event event, void *data);
int register_lsm_notifier(struct notifier_block *nb);
int unregister_lsm_notifier(struct notifier_block *nb);

175 176 177 178 179 180 181 182 183 184 185
static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
{
	opts->mnt_opts = NULL;
	opts->mnt_opts_flags = NULL;
	opts->num_mnt_opts = 0;
}

static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
{
	int i;
	if (opts->mnt_opts)
186
		for (i = 0; i < opts->num_mnt_opts; i++)
187 188 189 190 191 192 193 194
			kfree(opts->mnt_opts[i]);
	kfree(opts->mnt_opts);
	opts->mnt_opts = NULL;
	kfree(opts->mnt_opts_flags);
	opts->mnt_opts_flags = NULL;
	opts->num_mnt_opts = 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
195
/* prototypes */
196
extern int security_init(void);
Linus Torvalds's avatar
Linus Torvalds committed
197

198
/* Security operations */
199 200 201 202 203 204 205
int security_binder_set_context_mgr(struct task_struct *mgr);
int security_binder_transaction(struct task_struct *from,
				struct task_struct *to);
int security_binder_transfer_binder(struct task_struct *from,
				    struct task_struct *to);
int security_binder_transfer_file(struct task_struct *from,
				  struct task_struct *to, struct file *file);
206
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
207
int security_ptrace_traceme(struct task_struct *parent);
208
int security_capget(struct task_struct *target,
209 210 211
		    kernel_cap_t *effective,
		    kernel_cap_t *inheritable,
		    kernel_cap_t *permitted);
212 213 214 215
int security_capset(struct cred *new, const struct cred *old,
		    const kernel_cap_t *effective,
		    const kernel_cap_t *inheritable,
		    const kernel_cap_t *permitted);
216
int security_capable(const struct cred *cred, struct user_namespace *ns,
217
			int cap);
218 219
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
			     int cap);
220 221
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
222
int security_syslog(int type);
223 224 225 226 227 228 229
int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
static inline int security_settime(const struct timespec *ts, const struct timezone *tz)
{
	struct timespec64 ts64 = timespec_to_timespec64(*ts);

	return security_settime64(&ts64, tz);
}
230
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
231
int security_bprm_set_creds(struct linux_binprm *bprm);
232
int security_bprm_check(struct linux_binprm *bprm);
233 234
void security_bprm_committing_creds(struct linux_binprm *bprm);
void security_bprm_committed_creds(struct linux_binprm *bprm);
235 236
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
237
int security_sb_copy_data(char *orig, char *copy);
238
int security_sb_remount(struct super_block *sb, void *data);
239
int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
240
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
241
int security_sb_statfs(struct dentry *dentry);
Al Viro's avatar
Al Viro committed
242
int security_sb_mount(const char *dev_name, const struct path *path,
Al Viro's avatar
Al Viro committed
243
		      const char *type, unsigned long flags, void *data);
244
int security_sb_umount(struct vfsmount *mnt, int flags);
Al Viro's avatar
Al Viro committed
245
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
246 247 248 249
int security_sb_set_mnt_opts(struct super_block *sb,
				struct security_mnt_opts *opts,
				unsigned long kern_flags,
				unsigned long *set_kern_flags);
250
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
251 252 253
				struct super_block *newsb,
				unsigned long kern_flags,
				unsigned long *set_kern_flags);
254
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
255
int security_dentry_init_security(struct dentry *dentry, int mode,
Al Viro's avatar
Al Viro committed
256
					const struct qstr *name, void **ctx,
257
					u32 *ctxlen);
258 259 260 261
int security_dentry_create_files_as(struct dentry *dentry, int mode,
					struct qstr *name,
					const struct cred *old,
					struct cred *new);
262

263 264 265
int security_inode_alloc(struct inode *inode);
void security_inode_free(struct inode *inode);
int security_inode_init_security(struct inode *inode, struct inode *dir,
266 267 268
				 const struct qstr *qstr,
				 initxattrs initxattrs, void *fs_data);
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
269
				     const struct qstr *qstr, const char **name,
270
				     void **value, size_t *len);
Al Viro's avatar
Al Viro committed
271
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
272 273 274 275
int security_inode_link(struct dentry *old_dentry, struct inode *dir,
			 struct dentry *new_dentry);
int security_inode_unlink(struct inode *dir, struct dentry *dentry);
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
276
			   const char *old_name);
277
int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
278
int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
Al Viro's avatar
Al Viro committed
279
int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
280
int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
281 282
			  struct inode *new_dir, struct dentry *new_dentry,
			  unsigned int flags);
283
int security_inode_readlink(struct dentry *dentry);
284 285
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
			       bool rcu);
286
int security_inode_permission(struct inode *inode, int mask);
287
int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
288
int security_inode_getattr(const struct path *path);
289 290 291 292 293
int security_inode_setxattr(struct dentry *dentry, const char *name,
			    const void *value, size_t size, int flags);
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
				  const void *value, size_t size, int flags);
int security_inode_getxattr(struct dentry *dentry, const char *name);
294
int security_inode_listxattr(struct dentry *dentry);
295
int security_inode_removexattr(struct dentry *dentry, const char *name);
296 297
int security_inode_need_killpriv(struct dentry *dentry);
int security_inode_killpriv(struct dentry *dentry);
298
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);
299 300
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
301
void security_inode_getsecid(struct inode *inode, u32 *secid);
302
int security_inode_copy_up(struct dentry *src, struct cred **new);
303
int security_inode_copy_up_xattr(const char *name);
304 305 306 307
int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
void security_file_free(struct file *file);
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
308 309
int security_mmap_file(struct file *file, unsigned long prot,
			unsigned long flags);
310
int security_mmap_addr(unsigned long addr);
311
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
312
			   unsigned long prot);
313 314
int security_file_lock(struct file *file, unsigned int cmd);
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
315
void security_file_set_fowner(struct file *file);
316
int security_file_send_sigiotask(struct task_struct *tsk,
317
				 struct fown_struct *fown, int sig);
318
int security_file_receive(struct file *file);
319
int security_file_open(struct file *file, const struct cred *cred);
320
int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
321
void security_task_free(struct task_struct *task);
322
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
323
void security_cred_free(struct cred *cred);
324
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
325
void security_transfer_creds(struct cred *new, const struct cred *old);
326 327
int security_kernel_act_as(struct cred *new, u32 secid);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
328
int security_kernel_module_request(char *kmod_name);
329
int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
330 331
int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
				   enum kernel_read_file_id id);
332 333
int security_task_fix_setuid(struct cred *new, const struct cred *old,
			     int flags);
334 335 336 337 338 339 340
int security_task_setpgid(struct task_struct *p, pid_t pgid);
int security_task_getpgid(struct task_struct *p);
int security_task_getsid(struct task_struct *p);
void security_task_getsecid(struct task_struct *p, u32 *secid);
int security_task_setnice(struct task_struct *p, int nice);
int security_task_setioprio(struct task_struct *p, int ioprio);
int security_task_getioprio(struct task_struct *p);
341 342
int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
			  unsigned int flags);
343 344
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
		struct rlimit *new_rlim);
345
int security_task_setscheduler(struct task_struct *p);
346 347 348 349 350
int security_task_getscheduler(struct task_struct *p);
int security_task_movememory(struct task_struct *p);
int security_task_kill(struct task_struct *p, struct siginfo *info,
			int sig, u32 secid);
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
351
			unsigned long arg4, unsigned long arg5);
352 353
void security_task_to_inode(struct task_struct *p, struct inode *inode);
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
354
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
355 356 357 358 359 360 361
int security_msg_msg_alloc(struct msg_msg *msg);
void security_msg_msg_free(struct msg_msg *msg);
int security_msg_queue_alloc(struct msg_queue *msq);
void security_msg_queue_free(struct msg_queue *msq);
int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
int security_msg_queue_msgsnd(struct msg_queue *msq,
362
			      struct msg_msg *msg, int msqflg);
363
int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
364
			      struct task_struct *target, long type, int mode);
365 366 367 368 369
int security_shm_alloc(struct shmid_kernel *shp);
void security_shm_free(struct shmid_kernel *shp);
int security_shm_associate(struct shmid_kernel *shp, int shmflg);
int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
370 371 372 373 374
int security_sem_alloc(struct kern_ipc_perm *sma);
void security_sem_free(struct kern_ipc_perm *sma);
int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
375
			unsigned nsops, int alter);
376
void security_d_instantiate(struct dentry *dentry, struct inode *inode);
377
int security_getprocattr(struct task_struct *p, char *name, char **value);
378
int security_setprocattr(const char *name, void *value, size_t size);
379
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
380
int security_ismaclabel(const char *name);
381
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
382
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
383 384
void security_release_secctx(char *secdata, u32 seclen);

385
void security_inode_invalidate_secctx(struct inode *inode);
386 387 388
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
Linus Torvalds's avatar
Linus Torvalds committed
389
#else /* CONFIG_SECURITY */
390 391 392
struct security_mnt_opts {
};

393 394 395 396 397 398 399 400 401 402 403 404 405 406 407
static inline int call_lsm_notifier(enum lsm_event event, void *data)
{
	return 0;
}

static inline int register_lsm_notifier(struct notifier_block *nb)
{
	return 0;
}

static inline  int unregister_lsm_notifier(struct notifier_block *nb)
{
	return 0;
}

408 409 410 411 412 413 414
static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
{
}

static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
{
}
Linus Torvalds's avatar
Linus Torvalds committed
415 416 417 418 419 420 421 422 423 424 425

/*
 * This is the default capabilities functionality.  Most of these functions
 * are just stubbed out, but a few must call the proper capable code.
 */

static inline int security_init(void)
{
	return 0;
}

426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449
static inline int security_binder_set_context_mgr(struct task_struct *mgr)
{
	return 0;
}

static inline int security_binder_transaction(struct task_struct *from,
					      struct task_struct *to)
{
	return 0;
}

static inline int security_binder_transfer_binder(struct task_struct *from,
						  struct task_struct *to)
{
	return 0;
}

static inline int security_binder_transfer_file(struct task_struct *from,
						struct task_struct *to,
						struct file *file)
{
	return 0;
}

450
static inline int security_ptrace_access_check(struct task_struct *child,
451 452
					     unsigned int mode)
{
453
	return cap_ptrace_access_check(child, mode);
454 455
}

456
static inline int security_ptrace_traceme(struct task_struct *parent)
Linus Torvalds's avatar
Linus Torvalds committed
457
{
458
	return cap_ptrace_traceme(parent);
Linus Torvalds's avatar
Linus Torvalds committed
459 460
}

461
static inline int security_capget(struct task_struct *target,
Linus Torvalds's avatar
Linus Torvalds committed
462 463 464 465
				   kernel_cap_t *effective,
				   kernel_cap_t *inheritable,
				   kernel_cap_t *permitted)
{
466
	return cap_capget(target, effective, inheritable, permitted);
Linus Torvalds's avatar
Linus Torvalds committed
467 468
}

469 470 471 472 473
static inline int security_capset(struct cred *new,
				   const struct cred *old,
				   const kernel_cap_t *effective,
				   const kernel_cap_t *inheritable,
				   const kernel_cap_t *permitted)
Linus Torvalds's avatar
Linus Torvalds committed
474
{
475
	return cap_capset(new, old, effective, inheritable, permitted);
Linus Torvalds's avatar
Linus Torvalds committed
476 477
}

478 479
static inline int security_capable(const struct cred *cred,
				   struct user_namespace *ns, int cap)
480
{
481
	return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
482 483
}

484 485 486
static inline int security_capable_noaudit(const struct cred *cred,
					   struct user_namespace *ns, int cap) {
	return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
487 488
}

489 490
static inline int security_quotactl(int cmds, int type, int id,
				     struct super_block *sb)
Linus Torvalds's avatar
Linus Torvalds committed
491 492 493 494
{
	return 0;
}

495
static inline int security_quota_on(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
496 497 498 499
{
	return 0;
}

500
static inline int security_syslog(int type)
Linus Torvalds's avatar
Linus Torvalds committed
501
{
502
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
503 504
}

505 506 507 508 509 510
static inline int security_settime64(const struct timespec64 *ts,
				     const struct timezone *tz)
{
	return cap_settime(ts, tz);
}

511 512
static inline int security_settime(const struct timespec *ts,
				   const struct timezone *tz)
Linus Torvalds's avatar
Linus Torvalds committed
513
{
514 515 516
	struct timespec64 ts64 = timespec_to_timespec64(*ts);

	return cap_settime(&ts64, tz);
Linus Torvalds's avatar
Linus Torvalds committed
517 518
}

519
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
Alan Cox's avatar
Alan Cox committed
520
{
521
	return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
Alan Cox's avatar
Alan Cox committed
522 523
}

524
static inline int security_bprm_set_creds(struct linux_binprm *bprm)
525
{
526
	return cap_bprm_set_creds(bprm);
Linus Torvalds's avatar
Linus Torvalds committed
527 528
}

529
static inline int security_bprm_check(struct linux_binprm *bprm)
Linus Torvalds's avatar
Linus Torvalds committed
530
{
531
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
532 533
}

534
static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
Linus Torvalds's avatar
Linus Torvalds committed
535 536 537
{
}

538
static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
Linus Torvalds's avatar
Linus Torvalds committed
539 540 541
{
}

542
static inline int security_sb_alloc(struct super_block *sb)
Linus Torvalds's avatar
Linus Torvalds committed
543 544 545 546
{
	return 0;
}

547
static inline void security_sb_free(struct super_block *sb)
Linus Torvalds's avatar
Linus Torvalds committed
548 549
{ }

550
static inline int security_sb_copy_data(char *orig, char *copy)
Linus Torvalds's avatar
Linus Torvalds committed
551 552 553 554
{
	return 0;
}

555 556 557 558 559
static inline int security_sb_remount(struct super_block *sb, void *data)
{
	return 0;
}

560
static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
Linus Torvalds's avatar
Linus Torvalds committed
561 562 563 564
{
	return 0;
}

565 566 567 568 569 570
static inline int security_sb_show_options(struct seq_file *m,
					   struct super_block *sb)
{
	return 0;
}

571
static inline int security_sb_statfs(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
572 573 574 575
{
	return 0;
}

Al Viro's avatar
Al Viro committed
576
static inline int security_sb_mount(const char *dev_name, const struct path *path,
Al Viro's avatar
Al Viro committed
577
				    const char *type, unsigned long flags,
Linus Torvalds's avatar
Linus Torvalds committed
578 579 580 581 582
				    void *data)
{
	return 0;
}

583
static inline int security_sb_umount(struct vfsmount *mnt, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
584 585 586 587
{
	return 0;
}

Al Viro's avatar
Al Viro committed
588 589
static inline int security_sb_pivotroot(const struct path *old_path,
					const struct path *new_path)
Linus Torvalds's avatar
Linus Torvalds committed
590 591 592 593
{
	return 0;
}

594
static inline int security_sb_set_mnt_opts(struct super_block *sb,
595 596 597
					   struct security_mnt_opts *opts,
					   unsigned long kern_flags,
					   unsigned long *set_kern_flags)
598 599 600 601
{
	return 0;
}

602
static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
603 604 605
					      struct super_block *newsb,
					      unsigned long kern_flags,
					      unsigned long *set_kern_flags)
606 607 608
{
	return 0;
}
609 610 611 612 613

static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
{
	return 0;
}
Linus Torvalds's avatar
Linus Torvalds committed
614

615
static inline int security_inode_alloc(struct inode *inode)
Linus Torvalds's avatar
Linus Torvalds committed
616 617 618 619
{
	return 0;
}

620
static inline void security_inode_free(struct inode *inode)
Linus Torvalds's avatar
Linus Torvalds committed
621
{ }
622

623 624
static inline int security_dentry_init_security(struct dentry *dentry,
						 int mode,
Al Viro's avatar
Al Viro committed
625
						 const struct qstr *name,
626 627 628 629 630 631
						 void **ctx,
						 u32 *ctxlen)
{
	return -EOPNOTSUPP;
}

632 633 634 635 636 637 638 639
static inline int security_dentry_create_files_as(struct dentry *dentry,
						  int mode, struct qstr *name,
						  const struct cred *old,
						  struct cred *new)
{
	return 0;
}

640

641
static inline int security_inode_init_security(struct inode *inode,
642
						struct inode *dir,
643
						const struct qstr *qstr,
Mark Rustad's avatar
Mark Rustad committed
644
						const initxattrs xattrs,
645
						void *fs_data)
646
{
Mimi Zohar's avatar
Mimi Zohar committed
647
	return 0;
648
}
649

Mimi Zohar's avatar
Mimi Zohar committed
650 651 652
static inline int security_old_inode_init_security(struct inode *inode,
						   struct inode *dir,
						   const struct qstr *qstr,
653 654
						   const char **name,
						   void **value, size_t *len)
655
{
656
	return -EOPNOTSUPP;
657 658
}

659
static inline int security_inode_create(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
660
					 struct dentry *dentry,
Al Viro's avatar
Al Viro committed
661
					 umode_t mode)
Linus Torvalds's avatar
Linus Torvalds committed
662 663 664 665
{
	return 0;
}

666
static inline int security_inode_link(struct dentry *old_dentry,
Linus Torvalds's avatar
Linus Torvalds committed
667 668 669 670 671 672
				       struct inode *dir,
				       struct dentry *new_dentry)
{
	return 0;
}

673
static inline int security_inode_unlink(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
674 675 676 677 678
					 struct dentry *dentry)
{
	return 0;
}

679
static inline int security_inode_symlink(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
680 681 682 683 684 685
					  struct dentry *dentry,
					  const char *old_name)
{
	return 0;
}

686
static inline int security_inode_mkdir(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
687 688 689 690 691 692
					struct dentry *dentry,
					int mode)
{
	return 0;
}

693
static inline int security_inode_rmdir(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
694 695 696 697 698
					struct dentry *dentry)
{
	return 0;
}

699
static inline int security_inode_mknod(struct inode *dir,
Linus Torvalds's avatar
Linus Torvalds committed
700 701 702 703 704 705
					struct dentry *dentry,
					int mode, dev_t dev)
{
	return 0;
}

706
static inline int security_inode_rename(struct inode *old_dir,
Linus Torvalds's avatar
Linus Torvalds committed
707 708
					 struct dentry *old_dentry,
					 struct inode *new_dir,
709 710
					 struct dentry *new_dentry,
					 unsigned int flags)
Linus Torvalds's avatar
Linus Torvalds committed
711 712 713 714
{
	return 0;
}

715
static inline int security_inode_readlink(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
716 717 718 719
{
	return 0;
}

720 721 722
static inline int security_inode_follow_link(struct dentry *dentry,
					     struct inode *inode,
					     bool rcu)
Linus Torvalds's avatar
Linus Torvalds committed
723 724 725 726
{
	return 0;
}

727
static inline int security_inode_permission(struct inode *inode, int mask)
Linus Torvalds's avatar
Linus Torvalds committed
728 729 730 731
{
	return 0;
}

732
static inline int security_inode_setattr(struct dentry *dentry,
Linus Torvalds's avatar
Linus Torvalds committed
733 734 735 736 737
					  struct iattr *attr)
{
	return 0;
}

738
static inline int security_inode_getattr(const struct path *path)
Linus Torvalds's avatar
Linus Torvalds committed
739 740 741 742
{
	return 0;
}

743 744
static inline int security_inode_setxattr(struct dentry *dentry,
		const char *name, const void *value, size_t size, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
745 746 747 748
{
	return cap_inode_setxattr(dentry, name, value, size, flags);
}

749 750
static inline void security_inode_post_setxattr(struct dentry *dentry,
		const char *name, const void *value, size_t size, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
751 752
{ }

753 754
static inline int security_inode_getxattr(struct dentry *dentry,
			const char *name)
Linus Torvalds's avatar
Linus Torvalds committed
755 756 757 758
{
	return 0;
}

759
static inline int security_inode_listxattr(struct dentry *dentry)
Linus Torvalds's avatar
Linus Torvalds committed
760 761 762 763
{
	return 0;
}

764 765
static inline int security_inode_removexattr(struct dentry *dentry,
			const char *name)
Linus Torvalds's avatar
Linus Torvalds committed
766 767 768 769
{
	return cap_inode_removexattr(dentry, name);
}

770 771 772 773 774 775 776 777 778 779
static inline int security_inode_need_killpriv(struct dentry *dentry)
{
	return cap_inode_need_killpriv(dentry);
}

static inline int security_inode_killpriv(struct dentry *dentry)
{
	return cap_inode_killpriv(dentry);
}

780
static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
Linus Torvalds's avatar
Linus Torvalds committed
781 782 783 784 785 786 787 788 789 790 791 792 793 794
{
	return -EOPNOTSUPP;
}

static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
{
	return -EOPNOTSUPP;
}

static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
	return 0;
}

795
static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
796 797 798 799
{
	*secid = 0;
}

800 801 802 803 804
static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
{
	return 0;
}

805 806 807 808 809
static inline int security_inode_copy_up_xattr(const char *name)
{
	return -EOPNOTSUPP;
}

810
static inline int security_file_permission(struct file *file, int mask)
Linus Torvalds's avatar
Linus Torvalds committed
811 812 813 814
{
	return 0;
}

815
static inline int security_file_alloc(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
816 817 818 819
{
	return 0;
}

820
static inline void security_file_free(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
821 822
{ }

823 824
static inline int security_file_ioctl(struct file *file, unsigned int cmd,
				      unsigned long arg)
Linus Torvalds's avatar
Linus Torvalds committed
825 826 827 828
{
	return 0;
}

829
static inline int security_mmap_file(struct file *file, unsigned long prot,
830 831 832 833 834 835
				     unsigned long flags)
{
	return 0;
}

static inline int security_mmap_addr(unsigned long addr)
Linus Torvalds's avatar
Linus Torvalds committed
836
{
837
	return cap_mmap_addr(addr);
Linus Torvalds's avatar
Linus Torvalds committed
838 839
}

840 841 842
static inline int security_file_mprotect(struct vm_area_struct *vma,
					 unsigned long reqprot,
					 unsigned long prot)
Linus Torvalds's avatar
Linus Torvalds committed
843 844 845 846
{
	return 0;
}

847
static inline int security_file_lock(struct file *file, unsigned int cmd)
Linus Torvalds's avatar
Linus Torvalds committed
848 849 850 851
{
	return 0;
}

852 853
static inline int security_file_fcntl(struct file *file, unsigned int cmd,
				      unsigned long arg)
Linus Torvalds's avatar
Linus Torvalds committed
854 855 856 857
{
	return 0;
}

858
static inline void security_file_set_fowner(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
859
{
860
	return;
Linus Torvalds's avatar
Linus Torvalds committed
861 862
}

863 864 865
static inline int security_file_send_sigiotask(struct task_struct *tsk,
					       struct fown_struct *fown,
					       int sig)
Linus Torvalds's avatar
Linus Torvalds committed
866 867 868 869
{
	return 0;
}

870
static inline int security_file_receive(struct file *file)
Linus Torvalds's avatar
Linus Torvalds committed
871 872 873 874
{
	return 0;
}

875 876
static inline int security_file_open(struct file *file,
				     const struct cred *cred)
877 878 879 880
{
	return 0;
}

881 882 883 884 885 886
static inline int security_task_alloc(struct task_struct *task,
				      unsigned long clone_flags)
{
	return 0;
}

887 888 889
static inline void security_task_free(struct task_struct *task)
{ }

890 891 892 893
static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
	return 0;
}
894

895 896 897 898 899 900
static inline void security_cred_free(struct cred *cred)
{ }

static inline int security_prepare_creds(struct cred *new,
					 const struct cred *old,
					 gfp_t gfp)
Linus Torvalds's avatar
Linus Torvalds committed
901 902 903 904
{
	return 0;
}

905 906 907 908 909
static inline void security_transfer_creds(struct cred *new,
					   const struct cred *old)
{
}

910 911 912 913 914 915 916 917 918 919 920
static inline int security_kernel_act_as(struct cred *cred, u32 secid)
{
	return 0;
}

static inline int security_kernel_create_files_as(struct cred *cred,
						  struct inode *inode)
{
	return 0;
}

921
static inline int security_kernel_module_request(char *kmod_name)
922 923
{
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
924 925
}

926 927 928 929 930 931
static inline int security_kernel_read_file(struct file *file,
					    enum kernel_read_file_id id)
{
	return 0;
}

932
static inline int security_kernel_post_read_file(struct file *file,
933 934
						 char *buf, loff_t size,
						 enum kernel_read_file_id id)
935 936 937 938
{
	return 0;
}

939 940 941
static inline int security_task_fix_setuid(struct cred *new,
					   const struct cred *old,
					   int flags)
Linus Torvalds's avatar
Linus Torvalds committed
942
{
943
	return cap_task_fix_setuid(new, old, flags);
Linus Torvalds's avatar
Linus Torvalds committed
944 945
}

946
static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
Linus Torvalds's avatar
Linus Torvalds committed
947 948 949 950
{
	return 0;
}

951
static inline int security_task_getpgid(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
952 953 954 955
{
	return 0;
}

956
static inline int security_task_getsid(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
957 958 959 960
{
	return 0;
}

961
static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
962 963 964
{
	*secid = 0;
}
965

966
static inline int security_task_setnice(struct task_struct *p, int nice)
Linus Torvalds's avatar
Linus Torvalds committed
967
{
968
	return cap_task_setnice(p, nice);
Linus Torvalds's avatar
Linus Torvalds committed
969 970
}

971
static inline int security_task_setioprio(struct task_struct *p, int ioprio)
972
{
973
	return cap_task_setioprio(p, ioprio);
974 975
}

976
static inline int security_task_getioprio(struct task_struct *p)
977 978 979 980
{
	return 0;
}

981 982 983 984 985 986 987
static inline int security_task_prlimit(const struct cred *cred,
					const struct cred *tcred,
					unsigned int flags)
{
	return 0;
}

988 989
static inline int security_task_setrlimit(struct task_struct *p,
					  unsigned int resource,
990
					  struct rlimit *new_rlim)
Linus Torvalds's avatar
Linus Torvalds committed
991 992 993 994
{
	return 0;
}

995
static inline int security_task_setscheduler(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
996
{
997
	return cap_task_setscheduler(p);
Linus Torvalds's avatar
Linus Torvalds committed
998 999
}

1000
static inline int security_task_getscheduler(struct task_struct *p)
Linus Torvalds's avatar
Linus Torvalds committed
1001 1002 1003 1004
{
	return 0;
}

1005
static inline int security_task_movememory(struct task_struct *p)
1006 1007 1008 1009
{
	return 0;
}

1010 1011 1012
static inline int security_task_kill(struct task_struct *p,
				     struct siginfo *info, int sig,
				     u32 secid)
Linus Torvalds's avatar
Linus Torvalds committed
1013
{