projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
security: Introduce inode_post_remove_acl hook
[linux-2.6-block.git] / include / linux / security.h
CommitLineData
1da177e4
LT		 1/*
2 * Linux Security plug
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
d291f1a6 9 * Copyright (C) 2016 Mellanox Techonologies
1da177e4
LT		 10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * Due to this file being licensed under the GPL there is controversy over
17 * whether this permits you to write a module that #includes this file
18 * without placing your module under the GPL. Please consult a lawyer for
19 * advice before doing this.
20 *
21 */
22
23#ifndef __LINUX_SECURITY_H
24#define __LINUX_SECURITY_H
25
b89999d0 26#include <linux/kernel_read_file.h>
29db9190 27#include <linux/key.h>
40401530 28#include <linux/capability.h>
cf222217 29#include <linux/fs.h>
5a0e3ad6 30#include <linux/slab.h>
40401530 31#include <linux/err.h>
d47be3df 32#include <linux/string.h>
b1d9e6b0 33#include <linux/mm.h>
b10b9c34 34#include <linux/sockptr.h>
e1ca7129 35#include <uapi/linux/lsm.h>
40401530
AV		 36
37struct linux_binprm;
38struct cred;
39struct rlimit;
ae7795bc 40struct kernel_siginfo;
40401530
AV		 41struct sembuf;
42struct kern_ipc_perm;
43struct audit_context;
44struct super_block;
45struct inode;
46struct dentry;
47struct file;
48struct vfsmount;
49struct path;
50struct qstr;
40401530
AV		 51struct iattr;
52struct fown_struct;
53struct file_operations;
40401530 54struct msg_msg;
40401530 55struct xattr;
b230d5ab 56struct kernfs_node;
40401530
AV		 57struct xfrm_sec_ctx;
58struct mm_struct;
da2441fd
DH		 59struct fs_context;
60struct fs_parameter;
61enum fs_value_type;
344fa64e
DH		 62struct watch;
63struct watch_notification;
a04a1198 64struct lsm_ctx;
1da177e4 65
c1a85a00
MM		 66/* Default (no) options for the capable function */
67#define CAP_OPT_NONE 0x0
06112163 68/* If capable should audit the security request */
c1a85a00
MM		 69#define CAP_OPT_NOAUDIT BIT(1)
70/* If capable is being called by a setid function */
71#define CAP_OPT_INSETID BIT(2)
06112163 72
4e04143c 73/* LSM Agnostic defines for security_sb_set_mnt_opts() flags */
eb9ae686
DQ		 74#define SECURITY_LSM_NATIVE_LABELS 1
75
1da177e4 76struct ctl_table;
03d37d25 77struct audit_krule;
3486740a 78struct user_namespace;
40401530 79struct timezone;
1da177e4 80
8f408ab6
DJ		 81enum lsm_event {
82 LSM_POLICY_CHANGE,
83};
84
9e47d31d
MG		 85/*
86 * These are reasons that can be passed to the security_locked_down()
87 * LSM hook. Lockdown reasons that protect kernel integrity (ie, the
88 * ability for userland to modify kernel code) are placed before
89 * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel
90 * confidentiality (ie, the ability for userland to extract
91 * information from the running kernel that would otherwise be
92 * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX.
93 *
94 * LSM authors should note that the semantics of any given lockdown
95 * reason are not guaranteed to be stable - the same reason may block
96 * one set of features in one kernel release, and a slightly different
97 * set of features in a later kernel release. LSMs that seek to expose
98 * lockdown policy at any level of granularity other than "none",
99 * "integrity" or "confidentiality" are responsible for either
100 * ensuring that they expose a consistent level of functionality to
101 * userland, or ensuring that userland is aware that this is
102 * potentially a moving target. It is easy to misuse this information
103 * in a way that could break userspace. Please be careful not to do
104 * so.
000d388e
MG		 105 *
106 * If you add to this, remember to extend lockdown_reasons in
107 * security/lockdown/lockdown.c.
9e47d31d
MG		 108 */
109enum lockdown_reason {
110 LOCKDOWN_NONE,
49fcf732 111 LOCKDOWN_MODULE_SIGNATURE,
9b9d8dda 112 LOCKDOWN_DEV_MEM,
359efcc2 113 LOCKDOWN_EFI_TEST,
7d31f460 114 LOCKDOWN_KEXEC,
38bd94b8 115 LOCKDOWN_HIBERNATION,
eb627e17 116 LOCKDOWN_PCI_ACCESS,
96c4f672 117 LOCKDOWN_IOPORT,
95f5e95f 118 LOCKDOWN_MSR,
f474e148 119 LOCKDOWN_ACPI_TABLES,
99df7a28 120 LOCKDOWN_DEVICE_TREE,
3f19cad3 121 LOCKDOWN_PCMCIA_CIS,
794edf30 122 LOCKDOWN_TIOCSSERIAL,
20657f66 123 LOCKDOWN_MODULE_PARAMETERS,
906357f7 124 LOCKDOWN_MMIOTRACE,
5496197f 125 LOCKDOWN_DEBUGFS,
69393cb0 126 LOCKDOWN_XMON_WR,
51e1bb9e 127 LOCKDOWN_BPF_WRITE_USER,
eadb2f47 128 LOCKDOWN_DBG_WRITE_KERNEL,
b8f3e488 129 LOCKDOWN_RTAS_ERROR_INJECTION,
9e47d31d 130 LOCKDOWN_INTEGRITY_MAX,
02e935bf 131 LOCKDOWN_KCORE,
a94549dd 132 LOCKDOWN_KPROBES,
71330842 133 LOCKDOWN_BPF_READ_KERNEL,
eadb2f47 134 LOCKDOWN_DBG_READ_KERNEL,
b0c8fdc7 135 LOCKDOWN_PERF,
ccbd54ff 136 LOCKDOWN_TRACEFS,
69393cb0 137 LOCKDOWN_XMON_RW,
c7a5899e 138 LOCKDOWN_XFRM_SECRET,
9e47d31d
MG		 139 LOCKDOWN_CONFIDENTIALITY_MAX,
140};
141
59438b46 142extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
9285c5ad
CS		 143extern u32 lsm_active_cnt;
144extern const struct lsm_id *lsm_idlist[];
59438b46 145
b1d9e6b0 146/* These functions are in security/commoncap.c */
6a9de491 147extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
c1a85a00 148 int cap, unsigned int opts);
457db29b 149extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
9e48858f 150extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
5cd9c58f 151extern int cap_ptrace_traceme(struct task_struct *parent);
6672efbb
KK		 152extern int cap_capget(const struct task_struct *target, kernel_cap_t *effective,
153 kernel_cap_t *inheritable, kernel_cap_t *permitted);
d84f4f99
DH		 154extern int cap_capset(struct cred *new, const struct cred *old,
155 const kernel_cap_t *effective,
156 const kernel_cap_t *inheritable,
157 const kernel_cap_t *permitted);
4a00c673 158extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
71bc356f
CB		 159int cap_inode_setxattr(struct dentry *dentry, const char *name,
160 const void *value, size_t size, int flags);
39f60c1c 161int cap_inode_removexattr(struct mnt_idmap *idmap,
71bc356f
CB		 162 struct dentry *dentry, const char *name);
163int cap_inode_need_killpriv(struct dentry *dentry);
39f60c1c 164int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
4609e1f1 165int cap_inode_getsecurity(struct mnt_idmap *idmap,
71bc356f
CB		 166 struct inode *inode, const char *name, void **buffer,
167 bool alloc);
d007794a 168extern int cap_mmap_addr(unsigned long addr);
e5467859
AV		 169extern int cap_mmap_file(struct file *file, unsigned long reqprot,
170 unsigned long prot, unsigned long flags);
d84f4f99 171extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
3898b1b4 172extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f99 173 unsigned long arg4, unsigned long arg5);
b0ae1981 174extern int cap_task_setscheduler(struct task_struct *p);
7b41b173
EP		 175extern int cap_task_setioprio(struct task_struct *p, int ioprio);
176extern int cap_task_setnice(struct task_struct *p, int nice);
20510f2f 177extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
1da177e4
LT		 178
179struct msghdr;
180struct sk_buff;
181struct sock;
182struct sockaddr;
183struct socket;
3df98d79 184struct flowi_common;
df71837d
TJ		 185struct dst_entry;
186struct xfrm_selector;
187struct xfrm_policy;
188struct xfrm_state;
189struct xfrm_user_sec_ctx;
2069f457 190struct seq_file;
c081d53f 191struct sctp_association;
1da177e4 192
6e141546 193#ifdef CONFIG_MMU
ed032189 194extern unsigned long mmap_min_addr;
a2551df7 195extern unsigned long dac_mmap_min_addr;
6e141546 196#else
be8cfc4a 197#define mmap_min_addr 0UL
6e141546
DH		 198#define dac_mmap_min_addr 0UL
199#endif
200
1da177e4
LT		 201/*
202 * Values used in the task_security_ops calls
203 */
204/* setuid or setgid, id0 == uid or gid */
205#define LSM_SETID_ID 1
206
207/* setreuid or setregid, id0 == real, id1 == eff */
208#define LSM_SETID_RE 2
209
210/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
211#define LSM_SETID_RES 4
212
213/* setfsuid or setfsgid, id0 == fsuid or fsgid */
214#define LSM_SETID_FS 8
215
791ec491
SS		 216/* Flags for security_task_prlimit(). */
217#define LSM_PRLIMIT_READ 1
218#define LSM_PRLIMIT_WRITE 2
219
1da177e4 220/* forward declares to avoid warnings */
1da177e4 221struct sched_param;
4237c75c 222struct request_sock;
1da177e4 223
a6f76f23 224/* bprm->unsafe reasons */
1da177e4
LT		 225#define LSM_UNSAFE_SHARE 1
226#define LSM_UNSAFE_PTRACE 2
9227dd2a 227#define LSM_UNSAFE_NO_NEW_PRIVS 4
1da177e4 228
6e141546 229#ifdef CONFIG_MMU
8d65af78 230extern int mmap_min_addr_handler(struct ctl_table *table, int write,
32927393 231 void *buffer, size_t *lenp, loff_t *ppos);
6e141546 232#endif
47d439e9 233
9d8f13ba
MZ		 234/* security_inode_init_security callback function to write xattrs */
235typedef int (*initxattrs) (struct inode *inode,
236 const struct xattr *xattr_array, void *fs_data);
237
377179cd
MZ		 238
239/* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */
240#define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM,
241#define __data_id_stringify(dummy, str) #str,
242
243enum kernel_load_data_id {
244 __kernel_read_file_id(__data_id_enumify)
245};
246
247static const char * const kernel_load_data_str[] = {
248 __kernel_read_file_id(__data_id_stringify)
249};
250
251static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
252{
253 if ((unsigned)id >= LOADING_MAX_ID)
254 return kernel_load_data_str[LOADING_UNKNOWN];
255
256 return kernel_load_data_str[id];
257}
258
1da177e4
LT		 259#ifdef CONFIG_SECURITY
260
42df744c
JK		 261int call_blocking_lsm_notifier(enum lsm_event event, void *data);
262int register_blocking_lsm_notifier(struct notifier_block *nb);
263int unregister_blocking_lsm_notifier(struct notifier_block *nb);
8f408ab6 264
1da177e4 265/* prototypes */
7b41b173 266extern int security_init(void);
e6b1db98 267extern int early_security_init(void);
e1ca7129 268extern u64 lsm_name_to_attr(const char *name);
1da177e4 269
20510f2f 270/* Security operations */
52f88693
TK		 271int security_binder_set_context_mgr(const struct cred *mgr);
272int security_binder_transaction(const struct cred *from,
273 const struct cred *to);
274int security_binder_transfer_binder(const struct cred *from,
275 const struct cred *to);
276int security_binder_transfer_file(const struct cred *from,
8e4672d6 277 const struct cred *to, const struct file *file);
9e48858f 278int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
5cd9c58f 279int security_ptrace_traceme(struct task_struct *parent);
6672efbb 280int security_capget(const struct task_struct *target,
7b41b173
EP		 281 kernel_cap_t *effective,
282 kernel_cap_t *inheritable,
283 kernel_cap_t *permitted);
d84f4f99
DH		 284int security_capset(struct cred *new, const struct cred *old,
285 const kernel_cap_t *effective,
286 const kernel_cap_t *inheritable,
287 const kernel_cap_t *permitted);
c1a85a00
MM		 288int security_capable(const struct cred *cred,
289 struct user_namespace *ns,
290 int cap,
291 unsigned int opts);
25cc71d1 292int security_quotactl(int cmds, int type, int id, const struct super_block *sb);
20510f2f 293int security_quota_on(struct dentry *dentry);
12b3052c 294int security_syslog(int type);
457db29b 295int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
20510f2f 296int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
b8bff599 297int security_bprm_creds_for_exec(struct linux_binprm *bprm);
4a00c673 298int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
20510f2f 299int security_bprm_check(struct linux_binprm *bprm);
64fc9526 300void security_bprm_committing_creds(const struct linux_binprm *bprm);
a721f7b8 301void security_bprm_committed_creds(const struct linux_binprm *bprm);
d80a8f1b 302int security_fs_context_submount(struct fs_context *fc, struct super_block *reference);
0b52075e 303int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
da2441fd 304int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
20510f2f 305int security_sb_alloc(struct super_block *sb);
83e804f0 306void security_sb_delete(struct super_block *sb);
20510f2f 307void security_sb_free(struct super_block *sb);
204cc0cc
AV		 308void security_free_mnt_opts(void **mnt_opts);
309int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
69c4a42d 310int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts);
204cc0cc 311int security_sb_remount(struct super_block *sb, void *mnt_opts);
20a2aa47 312int security_sb_kern_mount(const struct super_block *sb);
2069f457 313int security_sb_show_options(struct seq_file *m, struct super_block *sb);
20510f2f 314int security_sb_statfs(struct dentry *dentry);
8a04c43b 315int security_sb_mount(const char *dev_name, const struct path *path,
808d4e3c 316 const char *type, unsigned long flags, void *data);
20510f2f 317int security_sb_umount(struct vfsmount *mnt, int flags);
3b73b68c 318int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
649f6e77 319int security_sb_set_mnt_opts(struct super_block *sb,
204cc0cc 320 void *mnt_opts,
649f6e77
DQ		 321 unsigned long kern_flags,
322 unsigned long *set_kern_flags);
094f7b69 323int security_sb_clone_mnt_opts(const struct super_block *oldsb,
0b4d3452
SM		 324 struct super_block *newsb,
325 unsigned long kern_flags,
326 unsigned long *set_kern_flags);
2db154b3 327int security_move_mount(const struct path *from_path, const struct path *to_path);
d47be3df 328int security_dentry_init_security(struct dentry *dentry, int mode,
15bf3239
VG		 329 const struct qstr *name,
330 const char **xattr_name, void **ctx,
331 u32 *ctxlen);
2602625b
VG		 332int security_dentry_create_files_as(struct dentry *dentry, int mode,
333 struct qstr *name,
334 const struct cred *old,
335 struct cred *new);
ac5656d8
AG		 336int security_path_notify(const struct path *path, u64 mask,
337 unsigned int obj_type);
20510f2f
JM		 338int security_inode_alloc(struct inode *inode);
339void security_inode_free(struct inode *inode);
340int security_inode_init_security(struct inode *inode, struct inode *dir,
9d8f13ba
MZ		 341 const struct qstr *qstr,
342 initxattrs initxattrs, void *fs_data);
215b674b
LG		 343int security_inode_init_security_anon(struct inode *inode,
344 const struct qstr *name,
345 const struct inode *context_inode);
4acdaf27 346int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
a7811e34
RS		 347void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
348 struct inode *inode);
20510f2f
JM		 349int security_inode_link(struct dentry *old_dentry, struct inode *dir,
350 struct dentry *new_dentry);
351int security_inode_unlink(struct inode *dir, struct dentry *dentry);
352int security_inode_symlink(struct inode *dir, struct dentry *dentry,
7b41b173 353 const char *old_name);
18bb1db3 354int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
20510f2f 355int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1a67aafb 356int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
20510f2f 357int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
0b3974eb
MS		 358 struct inode *new_dir, struct dentry *new_dentry,
359 unsigned int flags);
20510f2f 360int security_inode_readlink(struct dentry *dentry);
bda0be7a
N		 361int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
362 bool rcu);
b77b0646 363int security_inode_permission(struct inode *inode, int mask);
c1632a0f 364int security_inode_setattr(struct mnt_idmap *idmap,
0e363cf3 365 struct dentry *dentry, struct iattr *attr);
77fa6f31
RS		 366void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
367 int ia_valid);
3f7036a0 368int security_inode_getattr(const struct path *path);
39f60c1c 369int security_inode_setxattr(struct mnt_idmap *idmap,
71bc356f 370 struct dentry *dentry, const char *name,
8f0cfa52 371 const void *value, size_t size, int flags);
700b7940 372int security_inode_set_acl(struct mnt_idmap *idmap,
72b3897e
CB		 373 struct dentry *dentry, const char *acl_name,
374 struct posix_acl *kacl);
8b9d0b82
RS		 375void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name,
376 struct posix_acl *kacl);
700b7940 377int security_inode_get_acl(struct mnt_idmap *idmap,
72b3897e 378 struct dentry *dentry, const char *acl_name);
700b7940 379int security_inode_remove_acl(struct mnt_idmap *idmap,
72b3897e 380 struct dentry *dentry, const char *acl_name);
2d705d80
RS		 381void security_inode_post_remove_acl(struct mnt_idmap *idmap,
382 struct dentry *dentry,
383 const char *acl_name);
8f0cfa52
DH		 384void security_inode_post_setxattr(struct dentry *dentry, const char *name,
385 const void *value, size_t size, int flags);
386int security_inode_getxattr(struct dentry *dentry, const char *name);
20510f2f 387int security_inode_listxattr(struct dentry *dentry);
39f60c1c 388int security_inode_removexattr(struct mnt_idmap *idmap,
71bc356f 389 struct dentry *dentry, const char *name);
dae52cbf 390void security_inode_post_removexattr(struct dentry *dentry, const char *name);
b5376771 391int security_inode_need_killpriv(struct dentry *dentry);
39f60c1c 392int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
4609e1f1 393int security_inode_getsecurity(struct mnt_idmap *idmap,
71bc356f
CB		 394 struct inode *inode, const char *name,
395 void **buffer, bool alloc);
20510f2f
JM		 396int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
397int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
d6335d77 398void security_inode_getsecid(struct inode *inode, u32 *secid);
d8ad8b49 399int security_inode_copy_up(struct dentry *src, struct cred **new);
121ab822 400int security_inode_copy_up_xattr(const char *name);
b230d5ab
OM		 401int security_kernfs_init_security(struct kernfs_node *kn_dir,
402 struct kernfs_node *kn);
20510f2f
JM		 403int security_file_permission(struct file *file, int mask);
404int security_file_alloc(struct file *file);
f09068b5 405void security_file_release(struct file *file);
20510f2f
JM		 406void security_file_free(struct file *file);
407int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
f1bb47a3
AP		 408int security_file_ioctl_compat(struct file *file, unsigned int cmd,
409 unsigned long arg);
8b3ec681
AV		 410int security_mmap_file(struct file *file, unsigned long prot,
411 unsigned long flags);
e5467859 412int security_mmap_addr(unsigned long addr);
20510f2f 413int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
7b41b173 414 unsigned long prot);
20510f2f
JM		 415int security_file_lock(struct file *file, unsigned int cmd);
416int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
e0b93edd 417void security_file_set_fowner(struct file *file);
20510f2f 418int security_file_send_sigiotask(struct task_struct *tsk,
7b41b173 419 struct fown_struct *fown, int sig);
20510f2f 420int security_file_receive(struct file *file);
e3f20ae2 421int security_file_open(struct file *file);
8f46ff57 422int security_file_post_open(struct file *file, int mask);
3350607d 423int security_file_truncate(struct file *file);
e4e55b47 424int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
1a2a4d06 425void security_task_free(struct task_struct *task);
ee18d64c 426int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
f1752eec 427void security_cred_free(struct cred *cred);
d84f4f99 428int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
ee18d64c 429void security_transfer_creds(struct cred *new, const struct cred *old);
3ec30113 430void security_cred_getsecid(const struct cred *c, u32 *secid);
3a3b7ce9
DH		 431int security_kernel_act_as(struct cred *new, u32 secid);
432int security_kernel_create_files_as(struct cred *new, struct inode *inode);
dd8dbf2e 433int security_kernel_module_request(char *kmod_name);
b64fcae7
KC		 434int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
435int security_kernel_post_load_data(char *buf, loff_t size,
436 enum kernel_load_data_id id,
437 char *description);
2039bda1
KC		 438int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
439 bool contents);
bc8ca5b9
MZ		 440int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
441 enum kernel_read_file_id id);
d84f4f99
DH		 442int security_task_fix_setuid(struct cred *new, const struct cred *old,
443 int flags);
39030e13
TC		 444int security_task_fix_setgid(struct cred *new, const struct cred *old,
445 int flags);
fcfe0ac2 446int security_task_fix_setgroups(struct cred *new, const struct cred *old);
20510f2f
JM		 447int security_task_setpgid(struct task_struct *p, pid_t pgid);
448int security_task_getpgid(struct task_struct *p);
449int security_task_getsid(struct task_struct *p);
6326948f 450void security_current_getsecid_subj(u32 *secid);
4ebd7651 451void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
20510f2f
JM		 452int security_task_setnice(struct task_struct *p, int nice);
453int security_task_setioprio(struct task_struct *p, int ioprio);
454int security_task_getioprio(struct task_struct *p);
791ec491
SS		 455int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
456 unsigned int flags);
8fd00b4d
JS		 457int security_task_setrlimit(struct task_struct *p, unsigned int resource,
458 struct rlimit *new_rlim);
b0ae1981 459int security_task_setscheduler(struct task_struct *p);
20510f2f
JM		 460int security_task_getscheduler(struct task_struct *p);
461int security_task_movememory(struct task_struct *p);
ae7795bc 462int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
6b4f3d01 463 int sig, const struct cred *cred);
20510f2f 464int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f99 465 unsigned long arg4, unsigned long arg5);
20510f2f 466void security_task_to_inode(struct task_struct *p, struct inode *inode);
7cd4c5c2 467int security_create_user_ns(const struct cred *cred);
20510f2f 468int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
8a076191 469void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
20510f2f
JM		 470int security_msg_msg_alloc(struct msg_msg *msg);
471void security_msg_msg_free(struct msg_msg *msg);
d8c6e854
EB		 472int security_msg_queue_alloc(struct kern_ipc_perm *msq);
473void security_msg_queue_free(struct kern_ipc_perm *msq);
474int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
475int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
476int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
7b41b173 477 struct msg_msg *msg, int msqflg);
d8c6e854 478int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
7b41b173 479 struct task_struct *target, long type, int mode);
7191adff
EB		 480int security_shm_alloc(struct kern_ipc_perm *shp);
481void security_shm_free(struct kern_ipc_perm *shp);
482int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
483int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
484int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
aefad959
EB		 485int security_sem_alloc(struct kern_ipc_perm *sma);
486void security_sem_free(struct kern_ipc_perm *sma);
487int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
488int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
489int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
20510f2f 490 unsigned nsops, int alter);
7b41b173 491void security_d_instantiate(struct dentry *dentry, struct inode *inode);
a04a1198
CS		 492int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
493 size_t __user *size, u32 flags);
494int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
495 size_t size, u32 flags);
267c068e 496int security_getprocattr(struct task_struct *p, int lsmid, const char *name,
6d9c939d 497 char **value);
267c068e 498int security_setprocattr(int lsmid, const char *name, void *value, size_t size);
20510f2f 499int security_netlink_send(struct sock *sk, struct sk_buff *skb);
746df9b5 500int security_ismaclabel(const char *name);
20510f2f 501int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
7bf570dc 502int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
20510f2f 503void security_release_secctx(char *secdata, u32 seclen);
6f3be9f5 504void security_inode_invalidate_secctx(struct inode *inode);
1ee65e37
DQ		 505int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
506int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
507int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
9e47d31d 508int security_locked_down(enum lockdown_reason what);
d7cf3412
PM		 509int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, size_t *uctx_len,
510 void *val, size_t val_len, u64 id, u64 flags);
1da177e4 511#else /* CONFIG_SECURITY */
e0007529 512
42df744c 513static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
8f408ab6
DJ		 514{
515 return 0;
516}
517
42df744c 518static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
8f408ab6
DJ		 519{
520 return 0;
521}
522
42df744c 523static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb)
8f408ab6
DJ		 524{
525 return 0;
526}
527
e1ca7129
CS		 528static inline u64 lsm_name_to_attr(const char *name)
529{
530 return LSM_ATTR_UNDEF;
531}
532
204cc0cc 533static inline void security_free_mnt_opts(void **mnt_opts)
e0007529
EP		 534{
535}
1da177e4
LT		 536
537/*
538 * This is the default capabilities functionality. Most of these functions
539 * are just stubbed out, but a few must call the proper capable code.
540 */
541
542static inline int security_init(void)
543{
544 return 0;
545}
546
e6b1db98
MG		 547static inline int early_security_init(void)
548{
549 return 0;
550}
551
52f88693 552static inline int security_binder_set_context_mgr(const struct cred *mgr)
79af7307
SS		 553{
554 return 0;
555}
556
52f88693
TK		 557static inline int security_binder_transaction(const struct cred *from,
558 const struct cred *to)
79af7307
SS		 559{
560 return 0;
561}
562
52f88693
TK		 563static inline int security_binder_transfer_binder(const struct cred *from,
564 const struct cred *to)
79af7307
SS		 565{
566 return 0;
567}
568
52f88693
TK		 569static inline int security_binder_transfer_file(const struct cred *from,
570 const struct cred *to,
8e4672d6 571 const struct file *file)
79af7307
SS		 572{
573 return 0;
574}
575
9e48858f 576static inline int security_ptrace_access_check(struct task_struct *child,
5cd9c58f
DH		 577 unsigned int mode)
578{
9e48858f 579 return cap_ptrace_access_check(child, mode);
5cd9c58f
DH		 580}
581
5e186b57 582static inline int security_ptrace_traceme(struct task_struct *parent)
1da177e4 583{
5cd9c58f 584 return cap_ptrace_traceme(parent);
1da177e4
LT		 585}
586
6672efbb 587static inline int security_capget(const struct task_struct *target,
1da177e4
LT		 588 kernel_cap_t *effective,
589 kernel_cap_t *inheritable,
590 kernel_cap_t *permitted)
591{
7b41b173 592 return cap_capget(target, effective, inheritable, permitted);
1da177e4
LT		 593}
594
d84f4f99
DH		 595static inline int security_capset(struct cred *new,
596 const struct cred *old,
597 const kernel_cap_t *effective,
598 const kernel_cap_t *inheritable,
599 const kernel_cap_t *permitted)
1da177e4 600{
d84f4f99 601 return cap_capset(new, old, effective, inheritable, permitted);
1da177e4
LT		 602}
603
b7e724d3 604static inline int security_capable(const struct cred *cred,
c1a85a00
MM		 605 struct user_namespace *ns,
606 int cap,
607 unsigned int opts)
06112163 608{
c1a85a00 609 return cap_capable(cred, ns, cap, opts);
12b5989b
CW		 610}
611
7b41b173 612static inline int security_quotactl(int cmds, int type, int id,
25cc71d1 613 const struct super_block *sb)
1da177e4
LT		 614{
615 return 0;
616}
617
7b41b173 618static inline int security_quota_on(struct dentry *dentry)
1da177e4
LT		 619{
620 return 0;
621}
622
12b3052c 623static inline int security_syslog(int type)
1da177e4 624{
12b3052c 625 return 0;
1da177e4
LT		 626}
627
457db29b
BW		 628static inline int security_settime64(const struct timespec64 *ts,
629 const struct timezone *tz)
630{
631 return cap_settime(ts, tz);
632}
633
1b79cd04 634static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
731572d3 635{
b1d9e6b0 636 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
731572d3
AC		 637}
638
b8bff599 639static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
7b41b173 640{
b8bff599
EB		 641 return 0;
642}
643
56305aa9 644static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
4a00c673 645 const struct file *file)
7b41b173 646{
56305aa9 647 return cap_bprm_creds_from_file(bprm, file);
1da177e4
LT		 648}
649
a6f76f23 650static inline int security_bprm_check(struct linux_binprm *bprm)
1da177e4 651{
a6f76f23 652 return 0;
1da177e4
LT		 653}
654
64fc9526 655static inline void security_bprm_committing_creds(const struct linux_binprm *bprm)
1da177e4 656{
1da177e4
LT		 657}
658
a721f7b8 659static inline void security_bprm_committed_creds(const struct linux_binprm *bprm)
1da177e4 660{
1da177e4
LT		 661}
662
d80a8f1b
DH		 663static inline int security_fs_context_submount(struct fs_context *fc,
664 struct super_block *reference)
665{
666 return 0;
667}
0b52075e
AV		 668static inline int security_fs_context_dup(struct fs_context *fc,
669 struct fs_context *src_fc)
670{
671 return 0;
672}
da2441fd
DH		 673static inline int security_fs_context_parse_param(struct fs_context *fc,
674 struct fs_parameter *param)
675{
676 return -ENOPARAM;
677}
678
7b41b173 679static inline int security_sb_alloc(struct super_block *sb)
1da177e4
LT		 680{
681 return 0;
682}
683
83e804f0
MS		 684static inline void security_sb_delete(struct super_block *sb)
685{ }
686
7b41b173 687static inline void security_sb_free(struct super_block *sb)
1da177e4
LT		 688{ }
689
f5c0c26d 690static inline int security_sb_eat_lsm_opts(char *options,
204cc0cc 691 void **mnt_opts)
1da177e4
LT		 692{
693 return 0;
694}
695
c039bc3c 696static inline int security_sb_remount(struct super_block *sb,
204cc0cc 697 void *mnt_opts)
ff36fe2c
EP		 698{
699 return 0;
700}
701
69c4a42d
OK		 702static inline int security_sb_mnt_opts_compat(struct super_block *sb,
703 void *mnt_opts)
704{
705 return 0;
706}
707
708
a10d7c22 709static inline int security_sb_kern_mount(struct super_block *sb)
1da177e4
LT		 710{
711 return 0;
712}
713
2069f457
EP		 714static inline int security_sb_show_options(struct seq_file *m,
715 struct super_block *sb)
716{
717 return 0;
718}
719
7b41b173 720static inline int security_sb_statfs(struct dentry *dentry)
1da177e4
LT		 721{
722 return 0;
723}
724
8a04c43b 725static inline int security_sb_mount(const char *dev_name, const struct path *path,
808d4e3c 726 const char *type, unsigned long flags,
1da177e4
LT		 727 void *data)
728{
729 return 0;
730}
731
7b41b173 732static inline int security_sb_umount(struct vfsmount *mnt, int flags)
1da177e4
LT		 733{
734 return 0;
735}
736
3b73b68c
AV		 737static inline int security_sb_pivotroot(const struct path *old_path,
738 const struct path *new_path)
1da177e4
LT		 739{
740 return 0;
741}
742
e0007529 743static inline int security_sb_set_mnt_opts(struct super_block *sb,
204cc0cc 744 void *mnt_opts,
649f6e77
DQ		 745 unsigned long kern_flags,
746 unsigned long *set_kern_flags)
e0007529
EP		 747{
748 return 0;
749}
750
094f7b69 751static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
0b4d3452
SM		 752 struct super_block *newsb,
753 unsigned long kern_flags,
754 unsigned long *set_kern_flags)
094f7b69
JL		 755{
756 return 0;
757}
e0007529 758
2db154b3
DH		 759static inline int security_move_mount(const struct path *from_path,
760 const struct path *to_path)
761{
762 return 0;
763}
764
ac5656d8
AG		 765static inline int security_path_notify(const struct path *path, u64 mask,
766 unsigned int obj_type)
767{
768 return 0;
769}
770
7b41b173 771static inline int security_inode_alloc(struct inode *inode)
1da177e4
LT		 772{
773 return 0;
774}
775
7b41b173 776static inline void security_inode_free(struct inode *inode)
1da177e4 777{ }
5e41ff9e 778
d47be3df
DQ		 779static inline int security_dentry_init_security(struct dentry *dentry,
780 int mode,
4f3ccd76 781 const struct qstr *name,
15bf3239 782 const char **xattr_name,
d47be3df
DQ		 783 void **ctx,
784 u32 *ctxlen)
785{
786 return -EOPNOTSUPP;
787}
788
2602625b
VG		 789static inline int security_dentry_create_files_as(struct dentry *dentry,
790 int mode, struct qstr *name,
791 const struct cred *old,
792 struct cred *new)
793{
794 return 0;
795}
796
d47be3df 797
7b41b173 798static inline int security_inode_init_security(struct inode *inode,
5e41ff9e 799 struct inode *dir,
2a7dba39 800 const struct qstr *qstr,
fbff6610 801 const initxattrs xattrs,
9d8f13ba 802 void *fs_data)
5e41ff9e 803{
1e39f384 804 return 0;
215b674b
LG		 805}
806
807static inline int security_inode_init_security_anon(struct inode *inode,
808 const struct qstr *name,
809 const struct inode *context_inode)
810{
811 return 0;
5e41ff9e 812}
7b41b173
EP		 813
814static inline int security_inode_create(struct inode *dir,
1da177e4 815 struct dentry *dentry,
4acdaf27 816 umode_t mode)
1da177e4
LT		 817{
818 return 0;
819}
820
a7811e34
RS		 821static inline void
822security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode)
823{ }
824
7b41b173 825static inline int security_inode_link(struct dentry *old_dentry,
1da177e4
LT		 826 struct inode *dir,
827 struct dentry *new_dentry)
828{
829 return 0;
830}
831
7b41b173 832static inline int security_inode_unlink(struct inode *dir,
1da177e4
LT		 833 struct dentry *dentry)
834{
835 return 0;
836}
837
7b41b173 838static inline int security_inode_symlink(struct inode *dir,
1da177e4
LT		 839 struct dentry *dentry,
840 const char *old_name)
841{
842 return 0;
843}
844
7b41b173 845static inline int security_inode_mkdir(struct inode *dir,
1da177e4
LT		 846 struct dentry *dentry,
847 int mode)
848{
849 return 0;
850}
851
7b41b173 852static inline int security_inode_rmdir(struct inode *dir,
1da177e4
LT		 853 struct dentry *dentry)
854{
855 return 0;
856}
857
7b41b173 858static inline int security_inode_mknod(struct inode *dir,
1da177e4
LT		 859 struct dentry *dentry,
860 int mode, dev_t dev)
861{
862 return 0;
863}
864
7b41b173 865static inline int security_inode_rename(struct inode *old_dir,
1da177e4
LT		 866 struct dentry *old_dentry,
867 struct inode *new_dir,
0b3974eb
MS		 868 struct dentry *new_dentry,
869 unsigned int flags)
1da177e4
LT		 870{
871 return 0;
872}
873
7b41b173 874static inline int security_inode_readlink(struct dentry *dentry)
1da177e4
LT		 875{
876 return 0;
877}
878
bda0be7a
N		 879static inline int security_inode_follow_link(struct dentry *dentry,
880 struct inode *inode,
881 bool rcu)
1da177e4
LT		 882{
883 return 0;
884}
885
b77b0646 886static inline int security_inode_permission(struct inode *inode, int mask)
1da177e4
LT		 887{
888 return 0;
889}
890
c1632a0f 891static inline int security_inode_setattr(struct mnt_idmap *idmap,
0e363cf3
CB		 892 struct dentry *dentry,
893 struct iattr *attr)
1da177e4
LT		 894{
895 return 0;
896}
897
77fa6f31
RS		 898static inline void
899security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
900 int ia_valid)
901{ }
902
3f7036a0 903static inline int security_inode_getattr(const struct path *path)
1da177e4
LT		 904{
905 return 0;
906}
907
39f60c1c 908static inline int security_inode_setxattr(struct mnt_idmap *idmap,
71bc356f
CB		 909 struct dentry *dentry, const char *name, const void *value,
910 size_t size, int flags)
1da177e4
LT		 911{
912 return cap_inode_setxattr(dentry, name, value, size, flags);
913}
914
700b7940 915static inline int security_inode_set_acl(struct mnt_idmap *idmap,
72b3897e
CB		 916 struct dentry *dentry,
917 const char *acl_name,
918 struct posix_acl *kacl)
919{
920 return 0;
921}
922
8b9d0b82
RS		 923static inline void security_inode_post_set_acl(struct dentry *dentry,
924 const char *acl_name,
925 struct posix_acl *kacl)
926{ }
927
700b7940 928static inline int security_inode_get_acl(struct mnt_idmap *idmap,
72b3897e
CB		 929 struct dentry *dentry,
930 const char *acl_name)
931{
932 return 0;
933}
934
700b7940 935static inline int security_inode_remove_acl(struct mnt_idmap *idmap,
72b3897e
CB		 936 struct dentry *dentry,
937 const char *acl_name)
938{
939 return 0;
940}
941
2d705d80
RS		 942static inline void security_inode_post_remove_acl(struct mnt_idmap *idmap,
943 struct dentry *dentry,
944 const char *acl_name)
945{ }
946
8f0cfa52
DH		 947static inline void security_inode_post_setxattr(struct dentry *dentry,
948 const char *name, const void *value, size_t size, int flags)
1da177e4
LT		 949{ }
950
8f0cfa52
DH		 951static inline int security_inode_getxattr(struct dentry *dentry,
952 const char *name)
1da177e4
LT		 953{
954 return 0;
955}
956
7b41b173 957static inline int security_inode_listxattr(struct dentry *dentry)
1da177e4
LT		 958{
959 return 0;
960}
961
39f60c1c 962static inline int security_inode_removexattr(struct mnt_idmap *idmap,
71bc356f
CB		 963 struct dentry *dentry,
964 const char *name)
1da177e4 965{
39f60c1c 966 return cap_inode_removexattr(idmap, dentry, name);
1da177e4
LT		 967}
968
dae52cbf
RS		 969static inline void security_inode_post_removexattr(struct dentry *dentry,
970 const char *name)
971{ }
972
b5376771
SH		 973static inline int security_inode_need_killpriv(struct dentry *dentry)
974{
975 return cap_inode_need_killpriv(dentry);
976}
977
39f60c1c 978static inline int security_inode_killpriv(struct mnt_idmap *idmap,
71bc356f 979 struct dentry *dentry)
b5376771 980{
39f60c1c 981 return cap_inode_killpriv(idmap, dentry);
b5376771
SH		 982}
983
4609e1f1 984static inline int security_inode_getsecurity(struct mnt_idmap *idmap,
71bc356f
CB		 985 struct inode *inode,
986 const char *name, void **buffer,
987 bool alloc)
1da177e4 988{
4609e1f1 989 return cap_inode_getsecurity(idmap, inode, name, buffer, alloc);
1da177e4
LT		 990}
991
992static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
993{
994 return -EOPNOTSUPP;
995}
996
997static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
998{
999 return 0;
1000}
1001
d6335d77 1002static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
8a076191
AD		 1003{
1004 *secid = 0;
1005}
1006
d8ad8b49
VG		 1007static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
1008{
1009 return 0;
1010}
1011
b230d5ab
OM		 1012static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
1013 struct kernfs_node *kn)
1014{
1015 return 0;
1016}
1017
121ab822
VG		 1018static inline int security_inode_copy_up_xattr(const char *name)
1019{
1020 return -EOPNOTSUPP;
1021}
1022
7b41b173 1023static inline int security_file_permission(struct file *file, int mask)
1da177e4
LT		 1024{
1025 return 0;
1026}
1027
7b41b173 1028static inline int security_file_alloc(struct file *file)
1da177e4
LT		 1029{
1030 return 0;
1031}
1032
f09068b5
RS		 1033static inline void security_file_release(struct file *file)
1034{ }
1035
7b41b173 1036static inline void security_file_free(struct file *file)
1da177e4
LT		 1037{ }
1038
7b41b173
EP		 1039static inline int security_file_ioctl(struct file *file, unsigned int cmd,
1040 unsigned long arg)
1da177e4
LT		 1041{
1042 return 0;
1043}
1044
f1bb47a3
AP		 1045static inline int security_file_ioctl_compat(struct file *file,
1046 unsigned int cmd,
1047 unsigned long arg)
1048{
1049 return 0;
1050}
1051
8b3ec681 1052static inline int security_mmap_file(struct file *file, unsigned long prot,
e5467859
AV		 1053 unsigned long flags)
1054{
1055 return 0;
1056}
1057
1058static inline int security_mmap_addr(unsigned long addr)
1da177e4 1059{
d007794a 1060 return cap_mmap_addr(addr);
1da177e4
LT		 1061}
1062
7b41b173
EP		 1063static inline int security_file_mprotect(struct vm_area_struct *vma,
1064 unsigned long reqprot,
1065 unsigned long prot)
1da177e4
LT		 1066{
1067 return 0;
1068}
1069
7b41b173 1070static inline int security_file_lock(struct file *file, unsigned int cmd)
1da177e4
LT		 1071{
1072 return 0;
1073}
1074
7b41b173
EP		 1075static inline int security_file_fcntl(struct file *file, unsigned int cmd,
1076 unsigned long arg)
1da177e4
LT		 1077{
1078 return 0;
1079}
1080
e0b93edd 1081static inline void security_file_set_fowner(struct file *file)
1da177e4 1082{
e0b93edd 1083 return;
1da177e4
LT		 1084}
1085
7b41b173
EP		 1086static inline int security_file_send_sigiotask(struct task_struct *tsk,
1087 struct fown_struct *fown,
1088 int sig)
1da177e4
LT		 1089{
1090 return 0;
1091}
1092
7b41b173 1093static inline int security_file_receive(struct file *file)
1da177e4
LT		 1094{
1095 return 0;
1096}
1097
e3f20ae2 1098static inline int security_file_open(struct file *file)
788e7dd4
YN		 1099{
1100 return 0;
1101}
1102
8f46ff57
RS		 1103static inline int security_file_post_open(struct file *file, int mask)
1104{
1105 return 0;
1106}
1107
3350607d
GN		 1108static inline int security_file_truncate(struct file *file)
1109{
1110 return 0;
1111}
1112
e4e55b47
TH		 1113static inline int security_task_alloc(struct task_struct *task,
1114 unsigned long clone_flags)
1115{
1116 return 0;
1117}
1118
1a2a4d06
KC		 1119static inline void security_task_free(struct task_struct *task)
1120{ }
1121
945af7c3
DH		 1122static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1123{
1124 return 0;
1125}
ee18d64c 1126
d84f4f99
DH		 1127static inline void security_cred_free(struct cred *cred)
1128{ }
1129
1130static inline int security_prepare_creds(struct cred *new,
1131 const struct cred *old,
1132 gfp_t gfp)
1da177e4
LT		 1133{
1134 return 0;
1135}
1136
ee18d64c
DH		 1137static inline void security_transfer_creds(struct cred *new,
1138 const struct cred *old)
1139{
1140}
1141
4d5b5539
TK		 1142static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
1143{
1144 *secid = 0;
1145}
1146
3a3b7ce9
DH		 1147static inline int security_kernel_act_as(struct cred *cred, u32 secid)
1148{
1149 return 0;
1150}
1151
1152static inline int security_kernel_create_files_as(struct cred *cred,
1153 struct inode *inode)
1154{
1155 return 0;
1156}
1157
dd8dbf2e 1158static inline int security_kernel_module_request(char *kmod_name)
9188499c
EP		 1159{
1160 return 0;
1da177e4
LT		 1161}
1162
b64fcae7
KC		 1163static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
1164{
1165 return 0;
1166}
1167
1168static inline int security_kernel_post_load_data(char *buf, loff_t size,
1169 enum kernel_load_data_id id,
1170 char *description)
377179cd
MZ		 1171{
1172 return 0;
1173}
1174
39eeb4fb 1175static inline int security_kernel_read_file(struct file *file,
2039bda1
KC		 1176 enum kernel_read_file_id id,
1177 bool contents)
39eeb4fb
MZ		 1178{
1179 return 0;
1180}
1181
b44a7dfc 1182static inline int security_kernel_post_read_file(struct file *file,
bc8ca5b9
MZ		 1183 char *buf, loff_t size,
1184 enum kernel_read_file_id id)
b44a7dfc
MZ		 1185{
1186 return 0;
1187}
1188
d84f4f99
DH		 1189static inline int security_task_fix_setuid(struct cred *new,
1190 const struct cred *old,
1191 int flags)
1da177e4 1192{
d84f4f99 1193 return cap_task_fix_setuid(new, old, flags);
1da177e4
LT		 1194}
1195
39030e13
TC		 1196static inline int security_task_fix_setgid(struct cred *new,
1197 const struct cred *old,
1198 int flags)
1199{
1200 return 0;
1201}
1202
fcfe0ac2
MM		 1203static inline int security_task_fix_setgroups(struct cred *new,
1204 const struct cred *old)
1205{
1206 return 0;
1207}
1208
7b41b173 1209static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
1da177e4
LT		 1210{
1211 return 0;
1212}
1213
7b41b173 1214static inline int security_task_getpgid(struct task_struct *p)
1da177e4
LT		 1215{
1216 return 0;
1217}
1218
7b41b173 1219static inline int security_task_getsid(struct task_struct *p)
1da177e4
LT		 1220{
1221 return 0;
1222}
1223
6326948f 1224static inline void security_current_getsecid_subj(u32 *secid)
4ebd7651
PM		 1225{
1226 *secid = 0;
1227}
1228
1229static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
8a076191
AD		 1230{
1231 *secid = 0;
1232}
f9008e4c 1233
7b41b173 1234static inline int security_task_setnice(struct task_struct *p, int nice)
1da177e4 1235{
b5376771 1236 return cap_task_setnice(p, nice);
1da177e4
LT		 1237}
1238
7b41b173 1239static inline int security_task_setioprio(struct task_struct *p, int ioprio)
03e68060 1240{
b5376771 1241 return cap_task_setioprio(p, ioprio);
03e68060
JM		 1242}
1243
7b41b173 1244static inline int security_task_getioprio(struct task_struct *p)
a1836a42
DQ		 1245{
1246 return 0;
1247}
1248
791ec491
SS		 1249static inline int security_task_prlimit(const struct cred *cred,
1250 const struct cred *tcred,
1251 unsigned int flags)
1252{
1253 return 0;
1254}
1255
8fd00b4d
JS		 1256static inline int security_task_setrlimit(struct task_struct *p,
1257 unsigned int resource,
7b41b173 1258 struct rlimit *new_rlim)
1da177e4
LT		 1259{
1260 return 0;
1261}
1262
b0ae1981 1263static inline int security_task_setscheduler(struct task_struct *p)
1da177e4 1264{
b0ae1981 1265 return cap_task_setscheduler(p);
1da177e4
LT		 1266}
1267
7b41b173 1268static inline int security_task_getscheduler(struct task_struct *p)
1da177e4
LT		 1269{
1270 return 0;
1271}
1272
7b41b173 1273static inline int security_task_movememory(struct task_struct *p)
35601547
DQ		 1274{
1275 return 0;
1276}
1277
7b41b173 1278static inline int security_task_kill(struct task_struct *p,
ae7795bc 1279 struct kernel_siginfo *info, int sig,
6b4f3d01 1280 const struct cred *cred)
1da177e4 1281{
aedb60a6 1282 return 0;
1da177e4
LT		 1283}
1284
7b41b173
EP		 1285static inline int security_task_prctl(int option, unsigned long arg2,
1286 unsigned long arg3,
1287 unsigned long arg4,
d84f4f99 1288 unsigned long arg5)
1da177e4 1289{
b7f76ea2 1290 return cap_task_prctl(option, arg2, arg3, arg4, arg5);
1da177e4
LT		 1291}
1292
1293static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
1294{ }
1295
7cd4c5c2
FL		 1296static inline int security_create_user_ns(const struct cred *cred)
1297{
1298 return 0;
1299}
1300
7b41b173
EP		 1301static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
1302 short flag)
1da177e4
LT		 1303{
1304 return 0;
1305}
1306
8a076191
AD		 1307static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
1308{
1309 *secid = 0;
1310}
1311
7b41b173 1312static inline int security_msg_msg_alloc(struct msg_msg *msg)
1da177e4
LT		 1313{
1314 return 0;
1315}
1316
7b41b173 1317static inline void security_msg_msg_free(struct msg_msg *msg)
1da177e4
LT		 1318{ }
1319
d8c6e854 1320static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1da177e4
LT		 1321{
1322 return 0;
1323}
1324
d8c6e854 1325static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
1da177e4
LT		 1326{ }
1327
d8c6e854 1328static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
7b41b173 1329 int msqflg)
1da177e4
LT		 1330{
1331 return 0;
1332}
1333
d8c6e854 1334static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1da177e4
LT		 1335{
1336 return 0;
1337}
1338
d8c6e854 1339static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
7b41b173 1340 struct msg_msg *msg, int msqflg)
1da177e4
LT		 1341{
1342 return 0;
1343}
1344
d8c6e854 1345static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
7b41b173
EP		 1346 struct msg_msg *msg,
1347 struct task_struct *target,
1348 long type, int mode)
1da177e4
LT		 1349{
1350 return 0;
1351}
1352
7191adff 1353static inline int security_shm_alloc(struct kern_ipc_perm *shp)
1da177e4
LT		 1354{
1355 return 0;
1356}
1357
7191adff 1358static inline void security_shm_free(struct kern_ipc_perm *shp)
1da177e4
LT		 1359{ }
1360
7191adff 1361static inline int security_shm_associate(struct kern_ipc_perm *shp,
7b41b173 1362 int shmflg)
1da177e4
LT		 1363{
1364 return 0;
1365}
1366
7191adff 1367static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
1da177e4
LT		 1368{
1369 return 0;
1370}
1371
7191adff 1372static inline int security_shm_shmat(struct kern_ipc_perm *shp,
7b41b173 1373 char __user *shmaddr, int shmflg)
1da177e4
LT		 1374{
1375 return 0;
1376}
1377
aefad959 1378static inline int security_sem_alloc(struct kern_ipc_perm *sma)
1da177e4
LT		 1379{
1380 return 0;
1381}
1382
aefad959 1383static inline void security_sem_free(struct kern_ipc_perm *sma)
1da177e4
LT		 1384{ }
1385
aefad959 1386static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
1da177e4
LT		 1387{
1388 return 0;
1389}
1390
aefad959 1391static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
1da177e4
LT		 1392{
1393 return 0;
1394}
1395
aefad959 1396static inline int security_sem_semop(struct kern_ipc_perm *sma,
7b41b173
EP		 1397 struct sembuf *sops, unsigned nsops,
1398 int alter)
1da177e4
LT		 1399{
1400 return 0;
1401}
1402
6d9c939d
CS		 1403static inline void security_d_instantiate(struct dentry *dentry,
1404 struct inode *inode)
1da177e4
LT		 1405{ }
1406
a04a1198
CS		 1407static inline int security_getselfattr(unsigned int attr,
1408 struct lsm_ctx __user *ctx,
1409 size_t __user *size, u32 flags)
1410{
1411 return -EOPNOTSUPP;
1412}
1413
1414static inline int security_setselfattr(unsigned int attr,
1415 struct lsm_ctx __user *ctx,
1416 size_t size, u32 flags)
1417{
1418 return -EOPNOTSUPP;
1419}
1420
267c068e 1421static inline int security_getprocattr(struct task_struct *p, int lsmid,
c8e477c6 1422 const char *name, char **value)
1da177e4
LT		 1423{
1424 return -EINVAL;
1425}
1426
267c068e
CS		 1427static inline int security_setprocattr(int lsmid, char *name, void *value,
1428 size_t size)
1da177e4
LT		 1429{
1430 return -EINVAL;
1431}
1432
7b41b173 1433static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
1da177e4 1434{
b1d9e6b0 1435 return 0;
1da177e4
LT		 1436}
1437
746df9b5
DQ		 1438static inline int security_ismaclabel(const char *name)
1439{
1440 return 0;
1441}
1442
dc49c1f9
CZ		 1443static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
1444{
1445 return -EOPNOTSUPP;
1446}
1447
7bf570dc 1448static inline int security_secctx_to_secid(const char *secdata,
63cb3449
DH		 1449 u32 seclen,
1450 u32 *secid)
1451{
1452 return -EOPNOTSUPP;
1453}
1454
dc49c1f9
CZ		 1455static inline void security_release_secctx(char *secdata, u32 seclen)
1456{
dc49c1f9 1457}
1ee65e37 1458
6f3be9f5
AG		 1459static inline void security_inode_invalidate_secctx(struct inode *inode)
1460{
1461}
1462
1ee65e37
DQ		 1463static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
1464{
1465 return -EOPNOTSUPP;
1466}
1467static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
1468{
1469 return -EOPNOTSUPP;
1470}
1471static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
1472{
1473 return -EOPNOTSUPP;
1474}
9e47d31d
MG		 1475static inline int security_locked_down(enum lockdown_reason what)
1476{
1477 return 0;
1478}
d7cf3412
PM		 1479static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
1480 size_t *uctx_len, void *val, size_t val_len,
1481 u64 id, u64 flags)
e1ca7129
CS		 1482{
1483 return -EOPNOTSUPP;
1484}
1da177e4
LT		 1485#endif /* CONFIG_SECURITY */
1486
344fa64e
DH		 1487#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
1488int security_post_notification(const struct cred *w_cred,
1489 const struct cred *cred,
1490 struct watch_notification *n);
1491#else
1492static inline int security_post_notification(const struct cred *w_cred,
1493 const struct cred *cred,
1494 struct watch_notification *n)
1495{
1496 return 0;
1497}
1498#endif
1499
998f5040
DH		 1500#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
1501int security_watch_key(struct key *key);
1502#else
1503static inline int security_watch_key(struct key *key)
1504{
1505 return 0;
1506}
1507#endif
1508
1da177e4 1509#ifdef CONFIG_SECURITY_NETWORK
4237c75c 1510
3610cda5 1511int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
20510f2f
JM		 1512int security_unix_may_send(struct socket *sock, struct socket *other);
1513int security_socket_create(int family, int type, int protocol, int kern);
1514int security_socket_post_create(struct socket *sock, int family,
1515 int type, int protocol, int kern);
aae7cfcb 1516int security_socket_socketpair(struct socket *socka, struct socket *sockb);
20510f2f
JM		 1517int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
1518int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
1519int security_socket_listen(struct socket *sock, int backlog);
1520int security_socket_accept(struct socket *sock, struct socket *newsock);
20510f2f
JM		 1521int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
1522int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1523 int size, int flags);
1524int security_socket_getsockname(struct socket *sock);
1525int security_socket_getpeername(struct socket *sock);
1526int security_socket_getsockopt(struct socket *sock, int level, int optname);
1527int security_socket_setsockopt(struct socket *sock, int level, int optname);
1528int security_socket_shutdown(struct socket *sock, int how);
1529int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
b10b9c34
PM		 1530int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
1531 sockptr_t optlen, unsigned int len);
20510f2f
JM		 1532int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
1533int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1534void security_sk_free(struct sock *sk);
1535void security_sk_clone(const struct sock *sk, struct sock *newsk);
5b52ad34
GN		 1536void security_sk_classify_flow(const struct sock *sk,
1537 struct flowi_common *flic);
3df98d79
PM		 1538void security_req_classify_flow(const struct request_sock *req,
1539 struct flowi_common *flic);
20510f2f 1540void security_sock_graft(struct sock*sk, struct socket *parent);
41dd9596 1541int security_inet_conn_request(const struct sock *sk,
20510f2f
JM		 1542 struct sk_buff *skb, struct request_sock *req);
1543void security_inet_csk_clone(struct sock *newsk,
1544 const struct request_sock *req);
1545void security_inet_conn_established(struct sock *sk,
1546 struct sk_buff *skb);
2606fd1f
EP		 1547int security_secmark_relabel_packet(u32 secid);
1548void security_secmark_refcount_inc(void);
1549void security_secmark_refcount_dec(void);
5dbbaf2d
PM		 1550int security_tun_dev_alloc_security(void **security);
1551void security_tun_dev_free_security(void *security);
2b980dbd 1552int security_tun_dev_create(void);
5dbbaf2d
PM		 1553int security_tun_dev_attach_queue(void *security);
1554int security_tun_dev_attach(struct sock *sk, void *security);
1555int security_tun_dev_open(void *security);
c081d53f 1556int security_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb);
72e89f50
RH		 1557int security_sctp_bind_connect(struct sock *sk, int optname,
1558 struct sockaddr *address, int addrlen);
c081d53f 1559void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
72e89f50 1560 struct sock *newsk);
5e50f5d4
OM		 1561int security_sctp_assoc_established(struct sctp_association *asoc,
1562 struct sk_buff *skb);
e3d9387f 1563int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk);
6b877699 1564
1da177e4 1565#else /* CONFIG_SECURITY_NETWORK */
3610cda5
DM		 1566static inline int security_unix_stream_connect(struct sock *sock,
1567 struct sock *other,
7b41b173 1568 struct sock *newsk)
1da177e4
LT		 1569{
1570 return 0;
1571}
1572
7b41b173
EP		 1573static inline int security_unix_may_send(struct socket *sock,
1574 struct socket *other)
1da177e4
LT		 1575{
1576 return 0;
1577}
1578
7b41b173
EP		 1579static inline int security_socket_create(int family, int type,
1580 int protocol, int kern)
1da177e4
LT		 1581{
1582 return 0;
1583}
1584
7b41b173 1585static inline int security_socket_post_create(struct socket *sock,
7420ed23
VY		 1586 int family,
1587 int type,
1588 int protocol, int kern)
1da177e4 1589{
7420ed23 1590 return 0;
1da177e4
LT		 1591}
1592
aae7cfcb
DH		 1593static inline int security_socket_socketpair(struct socket *socka,
1594 struct socket *sockb)
1595{
1596 return 0;
1597}
1598
7b41b173
EP		 1599static inline int security_socket_bind(struct socket *sock,
1600 struct sockaddr *address,
1da177e4
LT		 1601 int addrlen)
1602{
1603 return 0;
1604}
1605
7b41b173
EP		 1606static inline int security_socket_connect(struct socket *sock,
1607 struct sockaddr *address,
1da177e4
LT		 1608 int addrlen)
1609{
1610 return 0;
1611}
1612
7b41b173 1613static inline int security_socket_listen(struct socket *sock, int backlog)
1da177e4
LT		 1614{
1615 return 0;
1616}
1617
7b41b173
EP		 1618static inline int security_socket_accept(struct socket *sock,
1619 struct socket *newsock)
1da177e4
LT		 1620{
1621 return 0;
1622}
1623
7b41b173
EP		 1624static inline int security_socket_sendmsg(struct socket *sock,
1625 struct msghdr *msg, int size)
1da177e4
LT		 1626{
1627 return 0;
1628}
1629
7b41b173
EP		 1630static inline int security_socket_recvmsg(struct socket *sock,
1631 struct msghdr *msg, int size,
1da177e4
LT		 1632 int flags)
1633{
1634 return 0;
1635}
1636
7b41b173 1637static inline int security_socket_getsockname(struct socket *sock)
1da177e4
LT		 1638{
1639 return 0;
1640}
1641
7b41b173 1642static inline int security_socket_getpeername(struct socket *sock)
1da177e4
LT		 1643{
1644 return 0;
1645}
1646
7b41b173 1647static inline int security_socket_getsockopt(struct socket *sock,
1da177e4
LT		 1648 int level, int optname)
1649{
1650 return 0;
1651}
1652
7b41b173 1653static inline int security_socket_setsockopt(struct socket *sock,
1da177e4
LT		 1654 int level, int optname)
1655{
1656 return 0;
1657}
1658
7b41b173 1659static inline int security_socket_shutdown(struct socket *sock, int how)
1da177e4
LT		 1660{
1661 return 0;
1662}
7b41b173
EP		 1663static inline int security_sock_rcv_skb(struct sock *sk,
1664 struct sk_buff *skb)
1da177e4
LT		 1665{
1666 return 0;
1667}
1668
b10b9c34
PM		 1669static inline int security_socket_getpeersec_stream(struct socket *sock,
1670 sockptr_t optval,
1671 sockptr_t optlen,
1672 unsigned int len)
2c7946a7
CZ		 1673{
1674 return -ENOPROTOOPT;
1675}
1676
dc49c1f9 1677static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
1da177e4
LT		 1678{
1679 return -ENOPROTOOPT;
1680}
1681
dd0fc66f 1682static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1da177e4
LT		 1683{
1684 return 0;
1685}
1686
1687static inline void security_sk_free(struct sock *sk)
892c141e
VY		 1688{
1689}
1690
1691static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
1da177e4
LT		 1692{
1693}
df71837d 1694
5b52ad34 1695static inline void security_sk_classify_flow(const struct sock *sk,
3df98d79 1696 struct flowi_common *flic)
df71837d 1697{
df71837d 1698}
4237c75c 1699
3df98d79
PM		 1700static inline void security_req_classify_flow(const struct request_sock *req,
1701 struct flowi_common *flic)
4237c75c
VY		 1702{
1703}
1704
7b41b173 1705static inline void security_sock_graft(struct sock *sk, struct socket *parent)
4237c75c
VY		 1706{
1707}
1708
41dd9596 1709static inline int security_inet_conn_request(const struct sock *sk,
4237c75c
VY		 1710 struct sk_buff *skb, struct request_sock *req)
1711{
1712 return 0;
1713}
1714
1715static inline void security_inet_csk_clone(struct sock *newsk,
1716 const struct request_sock *req)
1717{
1718}
6b877699
VY		 1719
1720static inline void security_inet_conn_established(struct sock *sk,
1721 struct sk_buff *skb)
1722{
1723}
2b980dbd 1724
2606fd1f
EP		 1725static inline int security_secmark_relabel_packet(u32 secid)
1726{
1727 return 0;
1728}
1729
1730static inline void security_secmark_refcount_inc(void)
1731{
1732}
1733
1734static inline void security_secmark_refcount_dec(void)
1735{
1736}
1737
5dbbaf2d
PM		 1738static inline int security_tun_dev_alloc_security(void **security)
1739{
1740 return 0;
1741}
1742
1743static inline void security_tun_dev_free_security(void *security)
1744{
1745}
1746
2b980dbd
PM		 1747static inline int security_tun_dev_create(void)
1748{
1749 return 0;
1750}
1751
5dbbaf2d
PM		 1752static inline int security_tun_dev_attach_queue(void *security)
1753{
1754 return 0;
1755}
1756
1757static inline int security_tun_dev_attach(struct sock *sk, void *security)
2b980dbd 1758{
5dbbaf2d 1759 return 0;
2b980dbd
PM		 1760}
1761
5dbbaf2d 1762static inline int security_tun_dev_open(void *security)
2b980dbd
PM		 1763{
1764 return 0;
1765}
72e89f50 1766
c081d53f 1767static inline int security_sctp_assoc_request(struct sctp_association *asoc,
72e89f50
RH		 1768 struct sk_buff *skb)
1769{
1770 return 0;
1771}
1772
1773static inline int security_sctp_bind_connect(struct sock *sk, int optname,
1774 struct sockaddr *address,
1775 int addrlen)
1776{
1777 return 0;
1778}
1779
c081d53f 1780static inline void security_sctp_sk_clone(struct sctp_association *asoc,
72e89f50
RH		 1781 struct sock *sk,
1782 struct sock *newsk)
1783{
1784}
5e50f5d4
OM		 1785
1786static inline int security_sctp_assoc_established(struct sctp_association *asoc,
1787 struct sk_buff *skb)
1788{
1789 return 0;
1790}
e3d9387f
PA		 1791
1792static inline int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
1793{
1794 return 0;
1795}
1da177e4
LT		 1796#endif /* CONFIG_SECURITY_NETWORK */
1797
d291f1a6
DJ		 1798#ifdef CONFIG_SECURITY_INFINIBAND
1799int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
47a2b338 1800int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
d291f1a6
DJ		 1801int security_ib_alloc_security(void **sec);
1802void security_ib_free_security(void *sec);
1803#else /* CONFIG_SECURITY_INFINIBAND */
1804static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
1805{
1806 return 0;
1807}
1808
47a2b338
DJ		 1809static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
1810{
1811 return 0;
1812}
1813
d291f1a6
DJ		 1814static inline int security_ib_alloc_security(void **sec)
1815{
1816 return 0;
1817}
1818
1819static inline void security_ib_free_security(void *sec)
1820{
1821}
1822#endif /* CONFIG_SECURITY_INFINIBAND */
1823
df71837d 1824#ifdef CONFIG_SECURITY_NETWORK_XFRM
beb8d13b 1825
52a4c640
NA		 1826int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1827 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
03e1ad7b
PM		 1828int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
1829void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
1830int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
20510f2f
JM		 1831int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1832int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1833 struct xfrm_sec_ctx *polsec, u32 secid);
1834int security_xfrm_state_delete(struct xfrm_state *x);
1835void security_xfrm_state_free(struct xfrm_state *x);
8a922805 1836int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);
20510f2f 1837int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
e33f7704 1838 struct xfrm_policy *xp,
3df98d79 1839 const struct flowi_common *flic);
20510f2f 1840int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
3df98d79 1841void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
beb8d13b 1842
df71837d 1843#else /* CONFIG_SECURITY_NETWORK_XFRM */
20510f2f 1844
52a4c640
NA		 1845static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1846 struct xfrm_user_sec_ctx *sec_ctx,
1847 gfp_t gfp)
df71837d
TJ		 1848{
1849 return 0;
1850}
1851
03e1ad7b 1852static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
df71837d
TJ		 1853{
1854 return 0;
1855}
1856
03e1ad7b 1857static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
df71837d
TJ		 1858{
1859}
1860
03e1ad7b 1861static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
c8c05a8e
CZ		 1862{
1863 return 0;
1864}
1865
e0d1caa7
VY		 1866static inline int security_xfrm_state_alloc(struct xfrm_state *x,
1867 struct xfrm_user_sec_ctx *sec_ctx)
1868{
1869 return 0;
1870}
1871
1872static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1873 struct xfrm_sec_ctx *polsec, u32 secid)
df71837d
TJ		 1874{
1875 return 0;
1876}
1877
1878static inline void security_xfrm_state_free(struct xfrm_state *x)
1879{
1880}
1881
6f68dc37 1882static inline int security_xfrm_state_delete(struct xfrm_state *x)
c8c05a8e
CZ		 1883{
1884 return 0;
1885}
1886
8a922805 1887static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
df71837d
TJ		 1888{
1889 return 0;
1890}
e0d1caa7
VY		 1891
1892static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3df98d79
PM		 1893 struct xfrm_policy *xp,
1894 const struct flowi_common *flic)
e0d1caa7
VY		 1895{
1896 return 1;
1897}
1898
beb8d13b 1899static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
e0d1caa7
VY		 1900{
1901 return 0;
1902}
1903
3df98d79
PM		 1904static inline void security_skb_classify_flow(struct sk_buff *skb,
1905 struct flowi_common *flic)
beb8d13b
VY		 1906{
1907}
1908
df71837d
TJ		 1909#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1910
be6d3e56 1911#ifdef CONFIG_SECURITY_PATH
989f74e0 1912int security_path_unlink(const struct path *dir, struct dentry *dentry);
d3607752 1913int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
989f74e0 1914int security_path_rmdir(const struct path *dir, struct dentry *dentry);
d3607752 1915int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
be6d3e56 1916 unsigned int dev);
08abce60 1917void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry);
81f4c506 1918int security_path_truncate(const struct path *path);
d3607752 1919int security_path_symlink(const struct path *dir, struct dentry *dentry,
be6d3e56 1920 const char *old_name);
3ccee46a 1921int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
be6d3e56 1922 struct dentry *new_dentry);
3ccee46a
AV		 1923int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1924 const struct path *new_dir, struct dentry *new_dentry,
0b3974eb 1925 unsigned int flags);
be01f9f2 1926int security_path_chmod(const struct path *path, umode_t mode);
7fd25dac 1927int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
77b286c0 1928int security_path_chroot(const struct path *path);
be6d3e56 1929#else /* CONFIG_SECURITY_PATH */
989f74e0 1930static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
be6d3e56
KT		 1931{
1932 return 0;
1933}
1934
d3607752 1935static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
4572befe 1936 umode_t mode)
be6d3e56
KT		 1937{
1938 return 0;
1939}
1940
989f74e0 1941static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
be6d3e56
KT		 1942{
1943 return 0;
1944}
1945
d3607752 1946static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
04fc66e7 1947 umode_t mode, unsigned int dev)
be6d3e56
KT		 1948{
1949 return 0;
1950}
1951
08abce60
RS		 1952static inline void security_path_post_mknod(struct mnt_idmap *idmap,
1953 struct dentry *dentry)
1954{ }
1955
81f4c506 1956static inline int security_path_truncate(const struct path *path)
be6d3e56
KT		 1957{
1958 return 0;
1959}
1960
d3607752 1961static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
be6d3e56
KT		 1962 const char *old_name)
1963{
1964 return 0;
1965}
1966
1967static inline int security_path_link(struct dentry *old_dentry,
3ccee46a 1968 const struct path *new_dir,
be6d3e56
KT		 1969 struct dentry *new_dentry)
1970{
1971 return 0;
1972}
1973
3ccee46a 1974static inline int security_path_rename(const struct path *old_dir,
be6d3e56 1975 struct dentry *old_dentry,
3ccee46a 1976 const struct path *new_dir,
0b3974eb
MS		 1977 struct dentry *new_dentry,
1978 unsigned int flags)
be6d3e56
KT		 1979{
1980 return 0;
1981}
89eda068 1982
be01f9f2 1983static inline int security_path_chmod(const struct path *path, umode_t mode)
89eda068
TH		 1984{
1985 return 0;
1986}
1987
7fd25dac 1988static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
89eda068
TH		 1989{
1990 return 0;
1991}
8b8efb44 1992
77b286c0 1993static inline int security_path_chroot(const struct path *path)
8b8efb44
TH		 1994{
1995 return 0;
1996}
be6d3e56
KT		 1997#endif /* CONFIG_SECURITY_PATH */
1998
29db9190
DH		 1999#ifdef CONFIG_KEYS
2000#ifdef CONFIG_SECURITY
29db9190 2001
d84f4f99 2002int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
20510f2f 2003void security_key_free(struct key *key);
8c0637e9
DH		 2004int security_key_permission(key_ref_t key_ref, const struct cred *cred,
2005 enum key_need_perm need_perm);
70a5bb72 2006int security_key_getsecurity(struct key *key, char **_buffer);
29db9190
DH		 2007
2008#else
2009
d720024e 2010static inline int security_key_alloc(struct key *key,
d84f4f99 2011 const struct cred *cred,
7e047ef5 2012 unsigned long flags)
29db9190
DH		 2013{
2014 return 0;
2015}
2016
2017static inline void security_key_free(struct key *key)
2018{
2019}
2020
2021static inline int security_key_permission(key_ref_t key_ref,
d84f4f99 2022 const struct cred *cred,
8c0637e9 2023 enum key_need_perm need_perm)
29db9190
DH		 2024{
2025 return 0;
2026}
2027
70a5bb72
DH		 2028static inline int security_key_getsecurity(struct key *key, char **_buffer)
2029{
2030 *_buffer = NULL;
2031 return 0;
be1d6a5f 2032}
ee18d64c 2033
29db9190
DH		 2034#endif
2035#endif /* CONFIG_KEYS */
2036
03d37d25
AD		 2037#ifdef CONFIG_AUDIT
2038#ifdef CONFIG_SECURITY
2039int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
2040int security_audit_rule_known(struct audit_krule *krule);
90462a5b 2041int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
03d37d25
AD		 2042void security_audit_rule_free(void *lsmrule);
2043
2044#else
2045
2046static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
2047 void **lsmrule)
2048{
2049 return 0;
2050}
2051
2052static inline int security_audit_rule_known(struct audit_krule *krule)
2053{
2054 return 0;
2055}
2056
2057static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
90462a5b 2058 void *lsmrule)
03d37d25
AD		 2059{
2060 return 0;
2061}
2062
2063static inline void security_audit_rule_free(void *lsmrule)
2064{ }
2065
2066#endif /* CONFIG_SECURITY */
2067#endif /* CONFIG_AUDIT */
2068
da31894e
EP		 2069#ifdef CONFIG_SECURITYFS
2070
52ef0c04 2071extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
da31894e
EP		 2072 struct dentry *parent, void *data,
2073 const struct file_operations *fops);
2074extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
6623ec7c
JJ		 2075struct dentry *securityfs_create_symlink(const char *name,
2076 struct dentry *parent,
2077 const char *target,
2078 const struct inode_operations *iops);
da31894e
EP		 2079extern void securityfs_remove(struct dentry *dentry);
2080
2081#else /* CONFIG_SECURITYFS */
2082
2083static inline struct dentry *securityfs_create_dir(const char *name,
2084 struct dentry *parent)
2085{
2086 return ERR_PTR(-ENODEV);
2087}
2088
2089static inline struct dentry *securityfs_create_file(const char *name,
52ef0c04 2090 umode_t mode,
da31894e
EP		 2091 struct dentry *parent,
2092 void *data,
2093 const struct file_operations *fops)
2094{
2095 return ERR_PTR(-ENODEV);
2096}
2097
6623ec7c
JJ		 2098static inline struct dentry *securityfs_create_symlink(const char *name,
2099 struct dentry *parent,
2100 const char *target,
2101 const struct inode_operations *iops)
2102{
2103 return ERR_PTR(-ENODEV);
2104}
2105
da31894e
EP		 2106static inline void securityfs_remove(struct dentry *dentry)
2107{}
2108
2109#endif
2110
afdb09c7 2111#ifdef CONFIG_BPF_SYSCALL
1495dc9f
JK		 2112union bpf_attr;
2113struct bpf_map;
2114struct bpf_prog;
2115struct bpf_prog_aux;
afdb09c7
CF		 2116#ifdef CONFIG_SECURITY
2117extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size);
2118extern int security_bpf_map(struct bpf_map *map, fmode_t fmode);
2119extern int security_bpf_prog(struct bpf_prog *prog);
2120extern int security_bpf_map_alloc(struct bpf_map *map);
2121extern void security_bpf_map_free(struct bpf_map *map);
2122extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux);
2123extern void security_bpf_prog_free(struct bpf_prog_aux *aux);
2124#else
2125static inline int security_bpf(int cmd, union bpf_attr *attr,
2126 unsigned int size)
2127{
2128 return 0;
2129}
2130
2131static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode)
2132{
2133 return 0;
2134}
2135
2136static inline int security_bpf_prog(struct bpf_prog *prog)
2137{
2138 return 0;
2139}
2140
2141static inline int security_bpf_map_alloc(struct bpf_map *map)
2142{
2143 return 0;
2144}
2145
2146static inline void security_bpf_map_free(struct bpf_map *map)
2147{ }
2148
2149static inline int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
2150{
2151 return 0;
2152}
2153
2154static inline void security_bpf_prog_free(struct bpf_prog_aux *aux)
2155{ }
2156#endif /* CONFIG_SECURITY */
2157#endif /* CONFIG_BPF_SYSCALL */
2158
da97e184
JFG		 2159#ifdef CONFIG_PERF_EVENTS
2160struct perf_event_attr;
ae79d558 2161struct perf_event;
da97e184
JFG		 2162
2163#ifdef CONFIG_SECURITY
2164extern int security_perf_event_open(struct perf_event_attr *attr, int type);
2165extern int security_perf_event_alloc(struct perf_event *event);
2166extern void security_perf_event_free(struct perf_event *event);
2167extern int security_perf_event_read(struct perf_event *event);
2168extern int security_perf_event_write(struct perf_event *event);
2169#else
2170static inline int security_perf_event_open(struct perf_event_attr *attr,
2171 int type)
2172{
2173 return 0;
2174}
2175
2176static inline int security_perf_event_alloc(struct perf_event *event)
2177{
2178 return 0;
2179}
2180
2181static inline void security_perf_event_free(struct perf_event *event)
2182{
2183}
2184
2185static inline int security_perf_event_read(struct perf_event *event)
2186{
2187 return 0;
2188}
1da177e4 2189
da97e184
JFG		 2190static inline int security_perf_event_write(struct perf_event *event)
2191{
2192 return 0;
2193}
2194#endif /* CONFIG_SECURITY */
2195#endif /* CONFIG_PERF_EVENTS */
2196
cdc1404a
PM		 2197#ifdef CONFIG_IO_URING
2198#ifdef CONFIG_SECURITY
2199extern int security_uring_override_creds(const struct cred *new);
2200extern int security_uring_sqpoll(void);
2a584012 2201extern int security_uring_cmd(struct io_uring_cmd *ioucmd);
cdc1404a
PM		 2202#else
2203static inline int security_uring_override_creds(const struct cred *new)
2204{
2205 return 0;
2206}
2207static inline int security_uring_sqpoll(void)
2208{
2209 return 0;
2210}
2a584012
LC		 2211static inline int security_uring_cmd(struct io_uring_cmd *ioucmd)
2212{
2213 return 0;
2214}
cdc1404a
PM		 2215#endif /* CONFIG_SECURITY */
2216#endif /* CONFIG_IO_URING */
2217
da97e184 2218#endif /* ! __LINUX_SECURITY_H */
Linux 6.x block layer and io_uring tree(s)