1  /*
2   * Linux Security plug
3   *
4   * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5   * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6   * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7   * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8   * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9   * Copyright (C) 2016 Mellanox Techonologies
10   *
11   *	This program is free software; you can redistribute it and/or modify
12   *	it under the terms of the GNU General Public License as published by
13   *	the Free Software Foundation; either version 2 of the License, or
14   *	(at your option) any later version.
15   *
16   *	Due to this file being licensed under the GPL there is controversy over
17   *	whether this permits you to write a module that #includes this file
18   *	without placing your module under the GPL.  Please consult a lawyer for
19   *	advice before doing this.
20   *
21   */
22  
23  #ifndef __LINUX_SECURITY_H
24  #define __LINUX_SECURITY_H
25  
26  #include <linux/kernel_read_file.h>
27  #include <linux/key.h>
28  #include <linux/capability.h>
29  #include <linux/fs.h>
30  #include <linux/slab.h>
31  #include <linux/err.h>
32  #include <linux/string.h>
33  #include <linux/mm.h>
34  #include <linux/sockptr.h>
35  #include <linux/bpf.h>
36  #include <uapi/linux/lsm.h>
37  
38  struct linux_binprm;
39  struct cred;
40  struct rlimit;
41  struct kernel_siginfo;
42  struct sembuf;
43  struct kern_ipc_perm;
44  struct audit_context;
45  struct super_block;
46  struct inode;
47  struct dentry;
48  struct file;
49  struct vfsmount;
50  struct path;
51  struct qstr;
52  struct iattr;
53  struct fown_struct;
54  struct file_operations;
55  struct msg_msg;
56  struct xattr;
57  struct kernfs_node;
58  struct xfrm_sec_ctx;
59  struct mm_struct;
60  struct fs_context;
61  struct fs_parameter;
62  enum fs_value_type;
63  struct watch;
64  struct watch_notification;
65  struct lsm_ctx;
66  
67  /* Default (no) options for the capable function */
68  #define CAP_OPT_NONE 0x0
69  /* If capable should audit the security request */
70  #define CAP_OPT_NOAUDIT BIT(1)
71  /* If capable is being called by a setid function */
72  #define CAP_OPT_INSETID BIT(2)
73  
74  /* LSM Agnostic defines for security_sb_set_mnt_opts() flags */
75  #define SECURITY_LSM_NATIVE_LABELS	1
76  
77  struct ctl_table;
78  struct audit_krule;
79  struct user_namespace;
80  struct timezone;
81  
82  enum lsm_event {
83  	LSM_POLICY_CHANGE,
84  };
85  
86  struct dm_verity_digest {
87  	const char *alg;
88  	const u8 *digest;
89  	size_t digest_len;
90  };
91  
92  enum lsm_integrity_type {
93  	LSM_INT_DMVERITY_SIG_VALID,
94  	LSM_INT_DMVERITY_ROOTHASH,
95  	LSM_INT_FSVERITY_BUILTINSIG_VALID,
96  };
97  
98  /*
99   * These are reasons that can be passed to the security_locked_down()
100   * LSM hook. Lockdown reasons that protect kernel integrity (ie, the
101   * ability for userland to modify kernel code) are placed before
102   * LOCKDOWN_INTEGRITY_MAX.  Lockdown reasons that protect kernel
103   * confidentiality (ie, the ability for userland to extract
104   * information from the running kernel that would otherwise be
105   * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX.
106   *
107   * LSM authors should note that the semantics of any given lockdown
108   * reason are not guaranteed to be stable - the same reason may block
109   * one set of features in one kernel release, and a slightly different
110   * set of features in a later kernel release. LSMs that seek to expose
111   * lockdown policy at any level of granularity other than "none",
112   * "integrity" or "confidentiality" are responsible for either
113   * ensuring that they expose a consistent level of functionality to
114   * userland, or ensuring that userland is aware that this is
115   * potentially a moving target. It is easy to misuse this information
116   * in a way that could break userspace. Please be careful not to do
117   * so.
118   *
119   * If you add to this, remember to extend lockdown_reasons in
120   * security/lockdown/lockdown.c.
121   */
122  enum lockdown_reason {
123  	LOCKDOWN_NONE,
124  	LOCKDOWN_MODULE_SIGNATURE,
125  	LOCKDOWN_DEV_MEM,
126  	LOCKDOWN_EFI_TEST,
127  	LOCKDOWN_KEXEC,
128  	LOCKDOWN_HIBERNATION,
129  	LOCKDOWN_PCI_ACCESS,
130  	LOCKDOWN_IOPORT,
131  	LOCKDOWN_MSR,
132  	LOCKDOWN_ACPI_TABLES,
133  	LOCKDOWN_DEVICE_TREE,
134  	LOCKDOWN_PCMCIA_CIS,
135  	LOCKDOWN_TIOCSSERIAL,
136  	LOCKDOWN_MODULE_PARAMETERS,
137  	LOCKDOWN_MMIOTRACE,
138  	LOCKDOWN_DEBUGFS,
139  	LOCKDOWN_XMON_WR,
140  	LOCKDOWN_BPF_WRITE_USER,
141  	LOCKDOWN_DBG_WRITE_KERNEL,
142  	LOCKDOWN_RTAS_ERROR_INJECTION,
143  	LOCKDOWN_INTEGRITY_MAX,
144  	LOCKDOWN_KCORE,
145  	LOCKDOWN_KPROBES,
146  	LOCKDOWN_BPF_READ_KERNEL,
147  	LOCKDOWN_DBG_READ_KERNEL,
148  	LOCKDOWN_PERF,
149  	LOCKDOWN_TRACEFS,
150  	LOCKDOWN_XMON_RW,
151  	LOCKDOWN_XFRM_SECRET,
152  	LOCKDOWN_CONFIDENTIALITY_MAX,
153  };
154  
155  extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
156  extern u32 lsm_active_cnt;
157  extern const struct lsm_id *lsm_idlist[];
158  
159  /* These functions are in security/commoncap.c */
160  extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
161  		       int cap, unsigned int opts);
162  extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
163  extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
164  extern int cap_ptrace_traceme(struct task_struct *parent);
165  extern int cap_capget(const struct task_struct *target, kernel_cap_t *effective,
166  		      kernel_cap_t *inheritable, kernel_cap_t *permitted);
167  extern int cap_capset(struct cred *new, const struct cred *old,
168  		      const kernel_cap_t *effective,
169  		      const kernel_cap_t *inheritable,
170  		      const kernel_cap_t *permitted);
171  extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
172  int cap_inode_setxattr(struct dentry *dentry, const char *name,
173  		       const void *value, size_t size, int flags);
174  int cap_inode_removexattr(struct mnt_idmap *idmap,
175  			  struct dentry *dentry, const char *name);
176  int cap_inode_need_killpriv(struct dentry *dentry);
177  int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
178  int cap_inode_getsecurity(struct mnt_idmap *idmap,
179  			  struct inode *inode, const char *name, void **buffer,
180  			  bool alloc);
181  extern int cap_mmap_addr(unsigned long addr);
182  extern int cap_mmap_file(struct file *file, unsigned long reqprot,
183  			 unsigned long prot, unsigned long flags);
184  extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
185  extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
186  			  unsigned long arg4, unsigned long arg5);
187  extern int cap_task_setscheduler(struct task_struct *p);
188  extern int cap_task_setioprio(struct task_struct *p, int ioprio);
189  extern int cap_task_setnice(struct task_struct *p, int nice);
190  extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
191  
192  struct msghdr;
193  struct sk_buff;
194  struct sock;
195  struct sockaddr;
196  struct socket;
197  struct flowi_common;
198  struct dst_entry;
199  struct xfrm_selector;
200  struct xfrm_policy;
201  struct xfrm_state;
202  struct xfrm_user_sec_ctx;
203  struct seq_file;
204  struct sctp_association;
205  
206  #ifdef CONFIG_MMU
207  extern unsigned long mmap_min_addr;
208  extern unsigned long dac_mmap_min_addr;
209  #else
210  #define mmap_min_addr		0UL
211  #define dac_mmap_min_addr	0UL
212  #endif
213  
214  /*
215   * Values used in the task_security_ops calls
216   */
217  /* setuid or setgid, id0 == uid or gid */
218  #define LSM_SETID_ID	1
219  
220  /* setreuid or setregid, id0 == real, id1 == eff */
221  #define LSM_SETID_RE	2
222  
223  /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
224  #define LSM_SETID_RES	4
225  
226  /* setfsuid or setfsgid, id0 == fsuid or fsgid */
227  #define LSM_SETID_FS	8
228  
229  /* Flags for security_task_prlimit(). */
230  #define LSM_PRLIMIT_READ  1
231  #define LSM_PRLIMIT_WRITE 2
232  
233  /* forward declares to avoid warnings */
234  struct sched_param;
235  struct request_sock;
236  
237  /* bprm->unsafe reasons */
238  #define LSM_UNSAFE_SHARE	1
239  #define LSM_UNSAFE_PTRACE	2
240  #define LSM_UNSAFE_NO_NEW_PRIVS	4
241  
242  #ifdef CONFIG_MMU
243  extern int mmap_min_addr_handler(const struct ctl_table *table, int write,
244  				 void *buffer, size_t *lenp, loff_t *ppos);
245  #endif
246  
247  /* security_inode_init_security callback function to write xattrs */
248  typedef int (*initxattrs) (struct inode *inode,
249  			   const struct xattr *xattr_array, void *fs_data);
250  
251  
252  /* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */
253  #define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM,
254  #define __data_id_stringify(dummy, str) #str,
255  
256  enum kernel_load_data_id {
257  	__kernel_read_file_id(__data_id_enumify)
258  };
259  
260  static const char * const kernel_load_data_str[] = {
261  	__kernel_read_file_id(__data_id_stringify)
262  };
263  
kernel_load_data_id_str(enum kernel_load_data_id id)264  static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
265  {
266  	if ((unsigned)id >= LOADING_MAX_ID)
267  		return kernel_load_data_str[LOADING_UNKNOWN];
268  
269  	return kernel_load_data_str[id];
270  }
271  
272  #ifdef CONFIG_SECURITY
273  
274  int call_blocking_lsm_notifier(enum lsm_event event, void *data);
275  int register_blocking_lsm_notifier(struct notifier_block *nb);
276  int unregister_blocking_lsm_notifier(struct notifier_block *nb);
277  
278  /* prototypes */
279  extern int security_init(void);
280  extern int early_security_init(void);
281  extern u64 lsm_name_to_attr(const char *name);
282  
283  /* Security operations */
284  int security_binder_set_context_mgr(const struct cred *mgr);
285  int security_binder_transaction(const struct cred *from,
286  				const struct cred *to);
287  int security_binder_transfer_binder(const struct cred *from,
288  				    const struct cred *to);
289  int security_binder_transfer_file(const struct cred *from,
290  				  const struct cred *to, const struct file *file);
291  int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
292  int security_ptrace_traceme(struct task_struct *parent);
293  int security_capget(const struct task_struct *target,
294  		    kernel_cap_t *effective,
295  		    kernel_cap_t *inheritable,
296  		    kernel_cap_t *permitted);
297  int security_capset(struct cred *new, const struct cred *old,
298  		    const kernel_cap_t *effective,
299  		    const kernel_cap_t *inheritable,
300  		    const kernel_cap_t *permitted);
301  int security_capable(const struct cred *cred,
302  		       struct user_namespace *ns,
303  		       int cap,
304  		       unsigned int opts);
305  int security_quotactl(int cmds, int type, int id, const struct super_block *sb);
306  int security_quota_on(struct dentry *dentry);
307  int security_syslog(int type);
308  int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
309  int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
310  int security_bprm_creds_for_exec(struct linux_binprm *bprm);
311  int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
312  int security_bprm_check(struct linux_binprm *bprm);
313  void security_bprm_committing_creds(const struct linux_binprm *bprm);
314  void security_bprm_committed_creds(const struct linux_binprm *bprm);
315  int security_fs_context_submount(struct fs_context *fc, struct super_block *reference);
316  int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
317  int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
318  int security_sb_alloc(struct super_block *sb);
319  void security_sb_delete(struct super_block *sb);
320  void security_sb_free(struct super_block *sb);
321  void security_free_mnt_opts(void **mnt_opts);
322  int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
323  int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts);
324  int security_sb_remount(struct super_block *sb, void *mnt_opts);
325  int security_sb_kern_mount(const struct super_block *sb);
326  int security_sb_show_options(struct seq_file *m, struct super_block *sb);
327  int security_sb_statfs(struct dentry *dentry);
328  int security_sb_mount(const char *dev_name, const struct path *path,
329  		      const char *type, unsigned long flags, void *data);
330  int security_sb_umount(struct vfsmount *mnt, int flags);
331  int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
332  int security_sb_set_mnt_opts(struct super_block *sb,
333  				void *mnt_opts,
334  				unsigned long kern_flags,
335  				unsigned long *set_kern_flags);
336  int security_sb_clone_mnt_opts(const struct super_block *oldsb,
337  				struct super_block *newsb,
338  				unsigned long kern_flags,
339  				unsigned long *set_kern_flags);
340  int security_move_mount(const struct path *from_path, const struct path *to_path);
341  int security_dentry_init_security(struct dentry *dentry, int mode,
342  				  const struct qstr *name,
343  				  const char **xattr_name, void **ctx,
344  				  u32 *ctxlen);
345  int security_dentry_create_files_as(struct dentry *dentry, int mode,
346  					struct qstr *name,
347  					const struct cred *old,
348  					struct cred *new);
349  int security_path_notify(const struct path *path, u64 mask,
350  					unsigned int obj_type);
351  int security_inode_alloc(struct inode *inode, gfp_t gfp);
352  void security_inode_free(struct inode *inode);
353  int security_inode_init_security(struct inode *inode, struct inode *dir,
354  				 const struct qstr *qstr,
355  				 initxattrs initxattrs, void *fs_data);
356  int security_inode_init_security_anon(struct inode *inode,
357  				      const struct qstr *name,
358  				      const struct inode *context_inode);
359  int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
360  void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
361  					struct inode *inode);
362  int security_inode_link(struct dentry *old_dentry, struct inode *dir,
363  			 struct dentry *new_dentry);
364  int security_inode_unlink(struct inode *dir, struct dentry *dentry);
365  int security_inode_symlink(struct inode *dir, struct dentry *dentry,
366  			   const char *old_name);
367  int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
368  int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
369  int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
370  int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
371  			  struct inode *new_dir, struct dentry *new_dentry,
372  			  unsigned int flags);
373  int security_inode_readlink(struct dentry *dentry);
374  int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
375  			       bool rcu);
376  int security_inode_permission(struct inode *inode, int mask);
377  int security_inode_setattr(struct mnt_idmap *idmap,
378  			   struct dentry *dentry, struct iattr *attr);
379  void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
380  				 int ia_valid);
381  int security_inode_getattr(const struct path *path);
382  int security_inode_setxattr(struct mnt_idmap *idmap,
383  			    struct dentry *dentry, const char *name,
384  			    const void *value, size_t size, int flags);
385  int security_inode_set_acl(struct mnt_idmap *idmap,
386  			   struct dentry *dentry, const char *acl_name,
387  			   struct posix_acl *kacl);
388  void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name,
389  				 struct posix_acl *kacl);
390  int security_inode_get_acl(struct mnt_idmap *idmap,
391  			   struct dentry *dentry, const char *acl_name);
392  int security_inode_remove_acl(struct mnt_idmap *idmap,
393  			      struct dentry *dentry, const char *acl_name);
394  void security_inode_post_remove_acl(struct mnt_idmap *idmap,
395  				    struct dentry *dentry,
396  				    const char *acl_name);
397  void security_inode_post_setxattr(struct dentry *dentry, const char *name,
398  				  const void *value, size_t size, int flags);
399  int security_inode_getxattr(struct dentry *dentry, const char *name);
400  int security_inode_listxattr(struct dentry *dentry);
401  int security_inode_removexattr(struct mnt_idmap *idmap,
402  			       struct dentry *dentry, const char *name);
403  void security_inode_post_removexattr(struct dentry *dentry, const char *name);
404  int security_inode_need_killpriv(struct dentry *dentry);
405  int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
406  int security_inode_getsecurity(struct mnt_idmap *idmap,
407  			       struct inode *inode, const char *name,
408  			       void **buffer, bool alloc);
409  int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
410  int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
411  void security_inode_getsecid(struct inode *inode, u32 *secid);
412  int security_inode_copy_up(struct dentry *src, struct cred **new);
413  int security_inode_copy_up_xattr(struct dentry *src, const char *name);
414  int security_inode_setintegrity(const struct inode *inode,
415  				enum lsm_integrity_type type, const void *value,
416  				size_t size);
417  int security_kernfs_init_security(struct kernfs_node *kn_dir,
418  				  struct kernfs_node *kn);
419  int security_file_permission(struct file *file, int mask);
420  int security_file_alloc(struct file *file);
421  void security_file_release(struct file *file);
422  void security_file_free(struct file *file);
423  int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
424  int security_file_ioctl_compat(struct file *file, unsigned int cmd,
425  			       unsigned long arg);
426  int security_mmap_file(struct file *file, unsigned long prot,
427  			unsigned long flags);
428  int security_mmap_addr(unsigned long addr);
429  int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
430  			   unsigned long prot);
431  int security_file_lock(struct file *file, unsigned int cmd);
432  int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
433  void security_file_set_fowner(struct file *file);
434  int security_file_send_sigiotask(struct task_struct *tsk,
435  				 struct fown_struct *fown, int sig);
436  int security_file_receive(struct file *file);
437  int security_file_open(struct file *file);
438  int security_file_post_open(struct file *file, int mask);
439  int security_file_truncate(struct file *file);
440  int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
441  void security_task_free(struct task_struct *task);
442  int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
443  void security_cred_free(struct cred *cred);
444  int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
445  void security_transfer_creds(struct cred *new, const struct cred *old);
446  void security_cred_getsecid(const struct cred *c, u32 *secid);
447  int security_kernel_act_as(struct cred *new, u32 secid);
448  int security_kernel_create_files_as(struct cred *new, struct inode *inode);
449  int security_kernel_module_request(char *kmod_name);
450  int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
451  int security_kernel_post_load_data(char *buf, loff_t size,
452  				   enum kernel_load_data_id id,
453  				   char *description);
454  int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
455  			      bool contents);
456  int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
457  				   enum kernel_read_file_id id);
458  int security_task_fix_setuid(struct cred *new, const struct cred *old,
459  			     int flags);
460  int security_task_fix_setgid(struct cred *new, const struct cred *old,
461  			     int flags);
462  int security_task_fix_setgroups(struct cred *new, const struct cred *old);
463  int security_task_setpgid(struct task_struct *p, pid_t pgid);
464  int security_task_getpgid(struct task_struct *p);
465  int security_task_getsid(struct task_struct *p);
466  void security_current_getsecid_subj(u32 *secid);
467  void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
468  int security_task_setnice(struct task_struct *p, int nice);
469  int security_task_setioprio(struct task_struct *p, int ioprio);
470  int security_task_getioprio(struct task_struct *p);
471  int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
472  			  unsigned int flags);
473  int security_task_setrlimit(struct task_struct *p, unsigned int resource,
474  		struct rlimit *new_rlim);
475  int security_task_setscheduler(struct task_struct *p);
476  int security_task_getscheduler(struct task_struct *p);
477  int security_task_movememory(struct task_struct *p);
478  int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
479  			int sig, const struct cred *cred);
480  int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
481  			unsigned long arg4, unsigned long arg5);
482  void security_task_to_inode(struct task_struct *p, struct inode *inode);
483  int security_create_user_ns(const struct cred *cred);
484  int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
485  void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
486  int security_msg_msg_alloc(struct msg_msg *msg);
487  void security_msg_msg_free(struct msg_msg *msg);
488  int security_msg_queue_alloc(struct kern_ipc_perm *msq);
489  void security_msg_queue_free(struct kern_ipc_perm *msq);
490  int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
491  int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
492  int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
493  			      struct msg_msg *msg, int msqflg);
494  int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
495  			      struct task_struct *target, long type, int mode);
496  int security_shm_alloc(struct kern_ipc_perm *shp);
497  void security_shm_free(struct kern_ipc_perm *shp);
498  int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
499  int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
500  int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
501  int security_sem_alloc(struct kern_ipc_perm *sma);
502  void security_sem_free(struct kern_ipc_perm *sma);
503  int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
504  int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
505  int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
506  			unsigned nsops, int alter);
507  void security_d_instantiate(struct dentry *dentry, struct inode *inode);
508  int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
509  			 u32 __user *size, u32 flags);
510  int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
511  			 u32 size, u32 flags);
512  int security_getprocattr(struct task_struct *p, int lsmid, const char *name,
513  			 char **value);
514  int security_setprocattr(int lsmid, const char *name, void *value, size_t size);
515  int security_netlink_send(struct sock *sk, struct sk_buff *skb);
516  int security_ismaclabel(const char *name);
517  int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
518  int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
519  void security_release_secctx(char *secdata, u32 seclen);
520  void security_inode_invalidate_secctx(struct inode *inode);
521  int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
522  int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
523  int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
524  int security_locked_down(enum lockdown_reason what);
525  int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
526  		      void *val, size_t val_len, u64 id, u64 flags);
527  int security_bdev_alloc(struct block_device *bdev);
528  void security_bdev_free(struct block_device *bdev);
529  int security_bdev_setintegrity(struct block_device *bdev,
530  			       enum lsm_integrity_type type, const void *value,
531  			       size_t size);
532  #else /* CONFIG_SECURITY */
533  
call_blocking_lsm_notifier(enum lsm_event event,void * data)534  static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
535  {
536  	return 0;
537  }
538  
register_blocking_lsm_notifier(struct notifier_block * nb)539  static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
540  {
541  	return 0;
542  }
543  
unregister_blocking_lsm_notifier(struct notifier_block * nb)544  static inline  int unregister_blocking_lsm_notifier(struct notifier_block *nb)
545  {
546  	return 0;
547  }
548  
lsm_name_to_attr(const char * name)549  static inline u64 lsm_name_to_attr(const char *name)
550  {
551  	return LSM_ATTR_UNDEF;
552  }
553  
security_free_mnt_opts(void ** mnt_opts)554  static inline void security_free_mnt_opts(void **mnt_opts)
555  {
556  }
557  
558  /*
559   * This is the default capabilities functionality.  Most of these functions
560   * are just stubbed out, but a few must call the proper capable code.
561   */
562  
security_init(void)563  static inline int security_init(void)
564  {
565  	return 0;
566  }
567  
early_security_init(void)568  static inline int early_security_init(void)
569  {
570  	return 0;
571  }
572  
security_binder_set_context_mgr(const struct cred * mgr)573  static inline int security_binder_set_context_mgr(const struct cred *mgr)
574  {
575  	return 0;
576  }
577  
security_binder_transaction(const struct cred * from,const struct cred * to)578  static inline int security_binder_transaction(const struct cred *from,
579  					      const struct cred *to)
580  {
581  	return 0;
582  }
583  
security_binder_transfer_binder(const struct cred * from,const struct cred * to)584  static inline int security_binder_transfer_binder(const struct cred *from,
585  						  const struct cred *to)
586  {
587  	return 0;
588  }
589  
security_binder_transfer_file(const struct cred * from,const struct cred * to,const struct file * file)590  static inline int security_binder_transfer_file(const struct cred *from,
591  						const struct cred *to,
592  						const struct file *file)
593  {
594  	return 0;
595  }
596  
security_ptrace_access_check(struct task_struct * child,unsigned int mode)597  static inline int security_ptrace_access_check(struct task_struct *child,
598  					     unsigned int mode)
599  {
600  	return cap_ptrace_access_check(child, mode);
601  }
602  
security_ptrace_traceme(struct task_struct * parent)603  static inline int security_ptrace_traceme(struct task_struct *parent)
604  {
605  	return cap_ptrace_traceme(parent);
606  }
607  
security_capget(const struct task_struct * target,kernel_cap_t * effective,kernel_cap_t * inheritable,kernel_cap_t * permitted)608  static inline int security_capget(const struct task_struct *target,
609  				   kernel_cap_t *effective,
610  				   kernel_cap_t *inheritable,
611  				   kernel_cap_t *permitted)
612  {
613  	return cap_capget(target, effective, inheritable, permitted);
614  }
615  
security_capset(struct cred * new,const struct cred * old,const kernel_cap_t * effective,const kernel_cap_t * inheritable,const kernel_cap_t * permitted)616  static inline int security_capset(struct cred *new,
617  				   const struct cred *old,
618  				   const kernel_cap_t *effective,
619  				   const kernel_cap_t *inheritable,
620  				   const kernel_cap_t *permitted)
621  {
622  	return cap_capset(new, old, effective, inheritable, permitted);
623  }
624  
security_capable(const struct cred * cred,struct user_namespace * ns,int cap,unsigned int opts)625  static inline int security_capable(const struct cred *cred,
626  				   struct user_namespace *ns,
627  				   int cap,
628  				   unsigned int opts)
629  {
630  	return cap_capable(cred, ns, cap, opts);
631  }
632  
security_quotactl(int cmds,int type,int id,const struct super_block * sb)633  static inline int security_quotactl(int cmds, int type, int id,
634  				     const struct super_block *sb)
635  {
636  	return 0;
637  }
638  
security_quota_on(struct dentry * dentry)639  static inline int security_quota_on(struct dentry *dentry)
640  {
641  	return 0;
642  }
643  
security_syslog(int type)644  static inline int security_syslog(int type)
645  {
646  	return 0;
647  }
648  
security_settime64(const struct timespec64 * ts,const struct timezone * tz)649  static inline int security_settime64(const struct timespec64 *ts,
650  				     const struct timezone *tz)
651  {
652  	return cap_settime(ts, tz);
653  }
654  
security_vm_enough_memory_mm(struct mm_struct * mm,long pages)655  static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
656  {
657  	return __vm_enough_memory(mm, pages, !cap_vm_enough_memory(mm, pages));
658  }
659  
security_bprm_creds_for_exec(struct linux_binprm * bprm)660  static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
661  {
662  	return 0;
663  }
664  
security_bprm_creds_from_file(struct linux_binprm * bprm,const struct file * file)665  static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
666  						const struct file *file)
667  {
668  	return cap_bprm_creds_from_file(bprm, file);
669  }
670  
security_bprm_check(struct linux_binprm * bprm)671  static inline int security_bprm_check(struct linux_binprm *bprm)
672  {
673  	return 0;
674  }
675  
security_bprm_committing_creds(const struct linux_binprm * bprm)676  static inline void security_bprm_committing_creds(const struct linux_binprm *bprm)
677  {
678  }
679  
security_bprm_committed_creds(const struct linux_binprm * bprm)680  static inline void security_bprm_committed_creds(const struct linux_binprm *bprm)
681  {
682  }
683  
security_fs_context_submount(struct fs_context * fc,struct super_block * reference)684  static inline int security_fs_context_submount(struct fs_context *fc,
685  					   struct super_block *reference)
686  {
687  	return 0;
688  }
security_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)689  static inline int security_fs_context_dup(struct fs_context *fc,
690  					  struct fs_context *src_fc)
691  {
692  	return 0;
693  }
security_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)694  static inline int security_fs_context_parse_param(struct fs_context *fc,
695  						  struct fs_parameter *param)
696  {
697  	return -ENOPARAM;
698  }
699  
security_sb_alloc(struct super_block * sb)700  static inline int security_sb_alloc(struct super_block *sb)
701  {
702  	return 0;
703  }
704  
security_sb_delete(struct super_block * sb)705  static inline void security_sb_delete(struct super_block *sb)
706  { }
707  
security_sb_free(struct super_block * sb)708  static inline void security_sb_free(struct super_block *sb)
709  { }
710  
security_sb_eat_lsm_opts(char * options,void ** mnt_opts)711  static inline int security_sb_eat_lsm_opts(char *options,
712  					   void **mnt_opts)
713  {
714  	return 0;
715  }
716  
security_sb_remount(struct super_block * sb,void * mnt_opts)717  static inline int security_sb_remount(struct super_block *sb,
718  				      void *mnt_opts)
719  {
720  	return 0;
721  }
722  
security_sb_mnt_opts_compat(struct super_block * sb,void * mnt_opts)723  static inline int security_sb_mnt_opts_compat(struct super_block *sb,
724  					      void *mnt_opts)
725  {
726  	return 0;
727  }
728  
729  
security_sb_kern_mount(struct super_block * sb)730  static inline int security_sb_kern_mount(struct super_block *sb)
731  {
732  	return 0;
733  }
734  
security_sb_show_options(struct seq_file * m,struct super_block * sb)735  static inline int security_sb_show_options(struct seq_file *m,
736  					   struct super_block *sb)
737  {
738  	return 0;
739  }
740  
security_sb_statfs(struct dentry * dentry)741  static inline int security_sb_statfs(struct dentry *dentry)
742  {
743  	return 0;
744  }
745  
security_sb_mount(const char * dev_name,const struct path * path,const char * type,unsigned long flags,void * data)746  static inline int security_sb_mount(const char *dev_name, const struct path *path,
747  				    const char *type, unsigned long flags,
748  				    void *data)
749  {
750  	return 0;
751  }
752  
security_sb_umount(struct vfsmount * mnt,int flags)753  static inline int security_sb_umount(struct vfsmount *mnt, int flags)
754  {
755  	return 0;
756  }
757  
security_sb_pivotroot(const struct path * old_path,const struct path * new_path)758  static inline int security_sb_pivotroot(const struct path *old_path,
759  					const struct path *new_path)
760  {
761  	return 0;
762  }
763  
security_sb_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)764  static inline int security_sb_set_mnt_opts(struct super_block *sb,
765  					   void *mnt_opts,
766  					   unsigned long kern_flags,
767  					   unsigned long *set_kern_flags)
768  {
769  	return 0;
770  }
771  
security_sb_clone_mnt_opts(const struct super_block * oldsb,struct super_block * newsb,unsigned long kern_flags,unsigned long * set_kern_flags)772  static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
773  					      struct super_block *newsb,
774  					      unsigned long kern_flags,
775  					      unsigned long *set_kern_flags)
776  {
777  	return 0;
778  }
779  
security_move_mount(const struct path * from_path,const struct path * to_path)780  static inline int security_move_mount(const struct path *from_path,
781  				      const struct path *to_path)
782  {
783  	return 0;
784  }
785  
security_path_notify(const struct path * path,u64 mask,unsigned int obj_type)786  static inline int security_path_notify(const struct path *path, u64 mask,
787  				unsigned int obj_type)
788  {
789  	return 0;
790  }
791  
security_inode_alloc(struct inode * inode,gfp_t gfp)792  static inline int security_inode_alloc(struct inode *inode, gfp_t gfp)
793  {
794  	return 0;
795  }
796  
security_inode_free(struct inode * inode)797  static inline void security_inode_free(struct inode *inode)
798  { }
799  
security_dentry_init_security(struct dentry * dentry,int mode,const struct qstr * name,const char ** xattr_name,void ** ctx,u32 * ctxlen)800  static inline int security_dentry_init_security(struct dentry *dentry,
801  						 int mode,
802  						 const struct qstr *name,
803  						 const char **xattr_name,
804  						 void **ctx,
805  						 u32 *ctxlen)
806  {
807  	return -EOPNOTSUPP;
808  }
809  
security_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)810  static inline int security_dentry_create_files_as(struct dentry *dentry,
811  						  int mode, struct qstr *name,
812  						  const struct cred *old,
813  						  struct cred *new)
814  {
815  	return 0;
816  }
817  
818  
security_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const initxattrs xattrs,void * fs_data)819  static inline int security_inode_init_security(struct inode *inode,
820  						struct inode *dir,
821  						const struct qstr *qstr,
822  						const initxattrs xattrs,
823  						void *fs_data)
824  {
825  	return 0;
826  }
827  
security_inode_init_security_anon(struct inode * inode,const struct qstr * name,const struct inode * context_inode)828  static inline int security_inode_init_security_anon(struct inode *inode,
829  						    const struct qstr *name,
830  						    const struct inode *context_inode)
831  {
832  	return 0;
833  }
834  
security_inode_create(struct inode * dir,struct dentry * dentry,umode_t mode)835  static inline int security_inode_create(struct inode *dir,
836  					 struct dentry *dentry,
837  					 umode_t mode)
838  {
839  	return 0;
840  }
841  
842  static inline void
security_inode_post_create_tmpfile(struct mnt_idmap * idmap,struct inode * inode)843  security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode)
844  { }
845  
security_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)846  static inline int security_inode_link(struct dentry *old_dentry,
847  				       struct inode *dir,
848  				       struct dentry *new_dentry)
849  {
850  	return 0;
851  }
852  
security_inode_unlink(struct inode * dir,struct dentry * dentry)853  static inline int security_inode_unlink(struct inode *dir,
854  					 struct dentry *dentry)
855  {
856  	return 0;
857  }
858  
security_inode_symlink(struct inode * dir,struct dentry * dentry,const char * old_name)859  static inline int security_inode_symlink(struct inode *dir,
860  					  struct dentry *dentry,
861  					  const char *old_name)
862  {
863  	return 0;
864  }
865  
security_inode_mkdir(struct inode * dir,struct dentry * dentry,int mode)866  static inline int security_inode_mkdir(struct inode *dir,
867  					struct dentry *dentry,
868  					int mode)
869  {
870  	return 0;
871  }
872  
security_inode_rmdir(struct inode * dir,struct dentry * dentry)873  static inline int security_inode_rmdir(struct inode *dir,
874  					struct dentry *dentry)
875  {
876  	return 0;
877  }
878  
security_inode_mknod(struct inode * dir,struct dentry * dentry,int mode,dev_t dev)879  static inline int security_inode_mknod(struct inode *dir,
880  					struct dentry *dentry,
881  					int mode, dev_t dev)
882  {
883  	return 0;
884  }
885  
security_inode_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)886  static inline int security_inode_rename(struct inode *old_dir,
887  					 struct dentry *old_dentry,
888  					 struct inode *new_dir,
889  					 struct dentry *new_dentry,
890  					 unsigned int flags)
891  {
892  	return 0;
893  }
894  
security_inode_readlink(struct dentry * dentry)895  static inline int security_inode_readlink(struct dentry *dentry)
896  {
897  	return 0;
898  }
899  
security_inode_follow_link(struct dentry * dentry,struct inode * inode,bool rcu)900  static inline int security_inode_follow_link(struct dentry *dentry,
901  					     struct inode *inode,
902  					     bool rcu)
903  {
904  	return 0;
905  }
906  
security_inode_permission(struct inode * inode,int mask)907  static inline int security_inode_permission(struct inode *inode, int mask)
908  {
909  	return 0;
910  }
911  
security_inode_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr)912  static inline int security_inode_setattr(struct mnt_idmap *idmap,
913  					 struct dentry *dentry,
914  					 struct iattr *attr)
915  {
916  	return 0;
917  }
918  
919  static inline void
security_inode_post_setattr(struct mnt_idmap * idmap,struct dentry * dentry,int ia_valid)920  security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
921  			    int ia_valid)
922  { }
923  
security_inode_getattr(const struct path * path)924  static inline int security_inode_getattr(const struct path *path)
925  {
926  	return 0;
927  }
928  
security_inode_setxattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name,const void * value,size_t size,int flags)929  static inline int security_inode_setxattr(struct mnt_idmap *idmap,
930  		struct dentry *dentry, const char *name, const void *value,
931  		size_t size, int flags)
932  {
933  	return cap_inode_setxattr(dentry, name, value, size, flags);
934  }
935  
security_inode_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)936  static inline int security_inode_set_acl(struct mnt_idmap *idmap,
937  					 struct dentry *dentry,
938  					 const char *acl_name,
939  					 struct posix_acl *kacl)
940  {
941  	return 0;
942  }
943  
security_inode_post_set_acl(struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)944  static inline void security_inode_post_set_acl(struct dentry *dentry,
945  					       const char *acl_name,
946  					       struct posix_acl *kacl)
947  { }
948  
security_inode_get_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)949  static inline int security_inode_get_acl(struct mnt_idmap *idmap,
950  					 struct dentry *dentry,
951  					 const char *acl_name)
952  {
953  	return 0;
954  }
955  
security_inode_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)956  static inline int security_inode_remove_acl(struct mnt_idmap *idmap,
957  					    struct dentry *dentry,
958  					    const char *acl_name)
959  {
960  	return 0;
961  }
962  
security_inode_post_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)963  static inline void security_inode_post_remove_acl(struct mnt_idmap *idmap,
964  						  struct dentry *dentry,
965  						  const char *acl_name)
966  { }
967  
security_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)968  static inline void security_inode_post_setxattr(struct dentry *dentry,
969  		const char *name, const void *value, size_t size, int flags)
970  { }
971  
security_inode_getxattr(struct dentry * dentry,const char * name)972  static inline int security_inode_getxattr(struct dentry *dentry,
973  			const char *name)
974  {
975  	return 0;
976  }
977  
security_inode_listxattr(struct dentry * dentry)978  static inline int security_inode_listxattr(struct dentry *dentry)
979  {
980  	return 0;
981  }
982  
security_inode_removexattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name)983  static inline int security_inode_removexattr(struct mnt_idmap *idmap,
984  					     struct dentry *dentry,
985  					     const char *name)
986  {
987  	return cap_inode_removexattr(idmap, dentry, name);
988  }
989  
security_inode_post_removexattr(struct dentry * dentry,const char * name)990  static inline void security_inode_post_removexattr(struct dentry *dentry,
991  						   const char *name)
992  { }
993  
security_inode_need_killpriv(struct dentry * dentry)994  static inline int security_inode_need_killpriv(struct dentry *dentry)
995  {
996  	return cap_inode_need_killpriv(dentry);
997  }
998  
security_inode_killpriv(struct mnt_idmap * idmap,struct dentry * dentry)999  static inline int security_inode_killpriv(struct mnt_idmap *idmap,
1000  					  struct dentry *dentry)
1001  {
1002  	return cap_inode_killpriv(idmap, dentry);
1003  }
1004  
security_inode_getsecurity(struct mnt_idmap * idmap,struct inode * inode,const char * name,void ** buffer,bool alloc)1005  static inline int security_inode_getsecurity(struct mnt_idmap *idmap,
1006  					     struct inode *inode,
1007  					     const char *name, void **buffer,
1008  					     bool alloc)
1009  {
1010  	return cap_inode_getsecurity(idmap, inode, name, buffer, alloc);
1011  }
1012  
security_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)1013  static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
1014  {
1015  	return -EOPNOTSUPP;
1016  }
1017  
security_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)1018  static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
1019  {
1020  	return 0;
1021  }
1022  
security_inode_getsecid(struct inode * inode,u32 * secid)1023  static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
1024  {
1025  	*secid = 0;
1026  }
1027  
security_inode_copy_up(struct dentry * src,struct cred ** new)1028  static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
1029  {
1030  	return 0;
1031  }
1032  
security_inode_setintegrity(const struct inode * inode,enum lsm_integrity_type type,const void * value,size_t size)1033  static inline int security_inode_setintegrity(const struct inode *inode,
1034  					      enum lsm_integrity_type type,
1035  					      const void *value, size_t size)
1036  {
1037  	return 0;
1038  }
1039  
security_kernfs_init_security(struct kernfs_node * kn_dir,struct kernfs_node * kn)1040  static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
1041  						struct kernfs_node *kn)
1042  {
1043  	return 0;
1044  }
1045  
security_inode_copy_up_xattr(struct dentry * src,const char * name)1046  static inline int security_inode_copy_up_xattr(struct dentry *src, const char *name)
1047  {
1048  	return -EOPNOTSUPP;
1049  }
1050  
security_file_permission(struct file * file,int mask)1051  static inline int security_file_permission(struct file *file, int mask)
1052  {
1053  	return 0;
1054  }
1055  
security_file_alloc(struct file * file)1056  static inline int security_file_alloc(struct file *file)
1057  {
1058  	return 0;
1059  }
1060  
security_file_release(struct file * file)1061  static inline void security_file_release(struct file *file)
1062  { }
1063  
security_file_free(struct file * file)1064  static inline void security_file_free(struct file *file)
1065  { }
1066  
security_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1067  static inline int security_file_ioctl(struct file *file, unsigned int cmd,
1068  				      unsigned long arg)
1069  {
1070  	return 0;
1071  }
1072  
security_file_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)1073  static inline int security_file_ioctl_compat(struct file *file,
1074  					     unsigned int cmd,
1075  					     unsigned long arg)
1076  {
1077  	return 0;
1078  }
1079  
security_mmap_file(struct file * file,unsigned long prot,unsigned long flags)1080  static inline int security_mmap_file(struct file *file, unsigned long prot,
1081  				     unsigned long flags)
1082  {
1083  	return 0;
1084  }
1085  
security_mmap_addr(unsigned long addr)1086  static inline int security_mmap_addr(unsigned long addr)
1087  {
1088  	return cap_mmap_addr(addr);
1089  }
1090  
security_file_mprotect(struct vm_area_struct * vma,unsigned long reqprot,unsigned long prot)1091  static inline int security_file_mprotect(struct vm_area_struct *vma,
1092  					 unsigned long reqprot,
1093  					 unsigned long prot)
1094  {
1095  	return 0;
1096  }
1097  
security_file_lock(struct file * file,unsigned int cmd)1098  static inline int security_file_lock(struct file *file, unsigned int cmd)
1099  {
1100  	return 0;
1101  }
1102  
security_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)1103  static inline int security_file_fcntl(struct file *file, unsigned int cmd,
1104  				      unsigned long arg)
1105  {
1106  	return 0;
1107  }
1108  
security_file_set_fowner(struct file * file)1109  static inline void security_file_set_fowner(struct file *file)
1110  {
1111  	return;
1112  }
1113  
security_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int sig)1114  static inline int security_file_send_sigiotask(struct task_struct *tsk,
1115  					       struct fown_struct *fown,
1116  					       int sig)
1117  {
1118  	return 0;
1119  }
1120  
security_file_receive(struct file * file)1121  static inline int security_file_receive(struct file *file)
1122  {
1123  	return 0;
1124  }
1125  
security_file_open(struct file * file)1126  static inline int security_file_open(struct file *file)
1127  {
1128  	return 0;
1129  }
1130  
security_file_post_open(struct file * file,int mask)1131  static inline int security_file_post_open(struct file *file, int mask)
1132  {
1133  	return 0;
1134  }
1135  
security_file_truncate(struct file * file)1136  static inline int security_file_truncate(struct file *file)
1137  {
1138  	return 0;
1139  }
1140  
security_task_alloc(struct task_struct * task,unsigned long clone_flags)1141  static inline int security_task_alloc(struct task_struct *task,
1142  				      unsigned long clone_flags)
1143  {
1144  	return 0;
1145  }
1146  
security_task_free(struct task_struct * task)1147  static inline void security_task_free(struct task_struct *task)
1148  { }
1149  
security_cred_alloc_blank(struct cred * cred,gfp_t gfp)1150  static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1151  {
1152  	return 0;
1153  }
1154  
security_cred_free(struct cred * cred)1155  static inline void security_cred_free(struct cred *cred)
1156  { }
1157  
security_prepare_creds(struct cred * new,const struct cred * old,gfp_t gfp)1158  static inline int security_prepare_creds(struct cred *new,
1159  					 const struct cred *old,
1160  					 gfp_t gfp)
1161  {
1162  	return 0;
1163  }
1164  
security_transfer_creds(struct cred * new,const struct cred * old)1165  static inline void security_transfer_creds(struct cred *new,
1166  					   const struct cred *old)
1167  {
1168  }
1169  
security_cred_getsecid(const struct cred * c,u32 * secid)1170  static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
1171  {
1172  	*secid = 0;
1173  }
1174  
security_kernel_act_as(struct cred * cred,u32 secid)1175  static inline int security_kernel_act_as(struct cred *cred, u32 secid)
1176  {
1177  	return 0;
1178  }
1179  
security_kernel_create_files_as(struct cred * cred,struct inode * inode)1180  static inline int security_kernel_create_files_as(struct cred *cred,
1181  						  struct inode *inode)
1182  {
1183  	return 0;
1184  }
1185  
security_kernel_module_request(char * kmod_name)1186  static inline int security_kernel_module_request(char *kmod_name)
1187  {
1188  	return 0;
1189  }
1190  
security_kernel_load_data(enum kernel_load_data_id id,bool contents)1191  static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
1192  {
1193  	return 0;
1194  }
1195  
security_kernel_post_load_data(char * buf,loff_t size,enum kernel_load_data_id id,char * description)1196  static inline int security_kernel_post_load_data(char *buf, loff_t size,
1197  						 enum kernel_load_data_id id,
1198  						 char *description)
1199  {
1200  	return 0;
1201  }
1202  
security_kernel_read_file(struct file * file,enum kernel_read_file_id id,bool contents)1203  static inline int security_kernel_read_file(struct file *file,
1204  					    enum kernel_read_file_id id,
1205  					    bool contents)
1206  {
1207  	return 0;
1208  }
1209  
security_kernel_post_read_file(struct file * file,char * buf,loff_t size,enum kernel_read_file_id id)1210  static inline int security_kernel_post_read_file(struct file *file,
1211  						 char *buf, loff_t size,
1212  						 enum kernel_read_file_id id)
1213  {
1214  	return 0;
1215  }
1216  
security_task_fix_setuid(struct cred * new,const struct cred * old,int flags)1217  static inline int security_task_fix_setuid(struct cred *new,
1218  					   const struct cred *old,
1219  					   int flags)
1220  {
1221  	return cap_task_fix_setuid(new, old, flags);
1222  }
1223  
security_task_fix_setgid(struct cred * new,const struct cred * old,int flags)1224  static inline int security_task_fix_setgid(struct cred *new,
1225  					   const struct cred *old,
1226  					   int flags)
1227  {
1228  	return 0;
1229  }
1230  
security_task_fix_setgroups(struct cred * new,const struct cred * old)1231  static inline int security_task_fix_setgroups(struct cred *new,
1232  					   const struct cred *old)
1233  {
1234  	return 0;
1235  }
1236  
security_task_setpgid(struct task_struct * p,pid_t pgid)1237  static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
1238  {
1239  	return 0;
1240  }
1241  
security_task_getpgid(struct task_struct * p)1242  static inline int security_task_getpgid(struct task_struct *p)
1243  {
1244  	return 0;
1245  }
1246  
security_task_getsid(struct task_struct * p)1247  static inline int security_task_getsid(struct task_struct *p)
1248  {
1249  	return 0;
1250  }
1251  
security_current_getsecid_subj(u32 * secid)1252  static inline void security_current_getsecid_subj(u32 *secid)
1253  {
1254  	*secid = 0;
1255  }
1256  
security_task_getsecid_obj(struct task_struct * p,u32 * secid)1257  static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
1258  {
1259  	*secid = 0;
1260  }
1261  
security_task_setnice(struct task_struct * p,int nice)1262  static inline int security_task_setnice(struct task_struct *p, int nice)
1263  {
1264  	return cap_task_setnice(p, nice);
1265  }
1266  
security_task_setioprio(struct task_struct * p,int ioprio)1267  static inline int security_task_setioprio(struct task_struct *p, int ioprio)
1268  {
1269  	return cap_task_setioprio(p, ioprio);
1270  }
1271  
security_task_getioprio(struct task_struct * p)1272  static inline int security_task_getioprio(struct task_struct *p)
1273  {
1274  	return 0;
1275  }
1276  
security_task_prlimit(const struct cred * cred,const struct cred * tcred,unsigned int flags)1277  static inline int security_task_prlimit(const struct cred *cred,
1278  					const struct cred *tcred,
1279  					unsigned int flags)
1280  {
1281  	return 0;
1282  }
1283  
security_task_setrlimit(struct task_struct * p,unsigned int resource,struct rlimit * new_rlim)1284  static inline int security_task_setrlimit(struct task_struct *p,
1285  					  unsigned int resource,
1286  					  struct rlimit *new_rlim)
1287  {
1288  	return 0;
1289  }
1290  
security_task_setscheduler(struct task_struct * p)1291  static inline int security_task_setscheduler(struct task_struct *p)
1292  {
1293  	return cap_task_setscheduler(p);
1294  }
1295  
security_task_getscheduler(struct task_struct * p)1296  static inline int security_task_getscheduler(struct task_struct *p)
1297  {
1298  	return 0;
1299  }
1300  
security_task_movememory(struct task_struct * p)1301  static inline int security_task_movememory(struct task_struct *p)
1302  {
1303  	return 0;
1304  }
1305  
security_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)1306  static inline int security_task_kill(struct task_struct *p,
1307  				     struct kernel_siginfo *info, int sig,
1308  				     const struct cred *cred)
1309  {
1310  	return 0;
1311  }
1312  
security_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5)1313  static inline int security_task_prctl(int option, unsigned long arg2,
1314  				      unsigned long arg3,
1315  				      unsigned long arg4,
1316  				      unsigned long arg5)
1317  {
1318  	return cap_task_prctl(option, arg2, arg3, arg4, arg5);
1319  }
1320  
security_task_to_inode(struct task_struct * p,struct inode * inode)1321  static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
1322  { }
1323  
security_create_user_ns(const struct cred * cred)1324  static inline int security_create_user_ns(const struct cred *cred)
1325  {
1326  	return 0;
1327  }
1328  
security_ipc_permission(struct kern_ipc_perm * ipcp,short flag)1329  static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
1330  					  short flag)
1331  {
1332  	return 0;
1333  }
1334  
security_ipc_getsecid(struct kern_ipc_perm * ipcp,u32 * secid)1335  static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
1336  {
1337  	*secid = 0;
1338  }
1339  
security_msg_msg_alloc(struct msg_msg * msg)1340  static inline int security_msg_msg_alloc(struct msg_msg *msg)
1341  {
1342  	return 0;
1343  }
1344  
security_msg_msg_free(struct msg_msg * msg)1345  static inline void security_msg_msg_free(struct msg_msg *msg)
1346  { }
1347  
security_msg_queue_alloc(struct kern_ipc_perm * msq)1348  static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1349  {
1350  	return 0;
1351  }
1352  
security_msg_queue_free(struct kern_ipc_perm * msq)1353  static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
1354  { }
1355  
security_msg_queue_associate(struct kern_ipc_perm * msq,int msqflg)1356  static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
1357  					       int msqflg)
1358  {
1359  	return 0;
1360  }
1361  
security_msg_queue_msgctl(struct kern_ipc_perm * msq,int cmd)1362  static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1363  {
1364  	return 0;
1365  }
1366  
security_msg_queue_msgsnd(struct kern_ipc_perm * msq,struct msg_msg * msg,int msqflg)1367  static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
1368  					    struct msg_msg *msg, int msqflg)
1369  {
1370  	return 0;
1371  }
1372  
security_msg_queue_msgrcv(struct kern_ipc_perm * msq,struct msg_msg * msg,struct task_struct * target,long type,int mode)1373  static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
1374  					    struct msg_msg *msg,
1375  					    struct task_struct *target,
1376  					    long type, int mode)
1377  {
1378  	return 0;
1379  }
1380  
security_shm_alloc(struct kern_ipc_perm * shp)1381  static inline int security_shm_alloc(struct kern_ipc_perm *shp)
1382  {
1383  	return 0;
1384  }
1385  
security_shm_free(struct kern_ipc_perm * shp)1386  static inline void security_shm_free(struct kern_ipc_perm *shp)
1387  { }
1388  
security_shm_associate(struct kern_ipc_perm * shp,int shmflg)1389  static inline int security_shm_associate(struct kern_ipc_perm *shp,
1390  					 int shmflg)
1391  {
1392  	return 0;
1393  }
1394  
security_shm_shmctl(struct kern_ipc_perm * shp,int cmd)1395  static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
1396  {
1397  	return 0;
1398  }
1399  
security_shm_shmat(struct kern_ipc_perm * shp,char __user * shmaddr,int shmflg)1400  static inline int security_shm_shmat(struct kern_ipc_perm *shp,
1401  				     char __user *shmaddr, int shmflg)
1402  {
1403  	return 0;
1404  }
1405  
security_sem_alloc(struct kern_ipc_perm * sma)1406  static inline int security_sem_alloc(struct kern_ipc_perm *sma)
1407  {
1408  	return 0;
1409  }
1410  
security_sem_free(struct kern_ipc_perm * sma)1411  static inline void security_sem_free(struct kern_ipc_perm *sma)
1412  { }
1413  
security_sem_associate(struct kern_ipc_perm * sma,int semflg)1414  static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
1415  {
1416  	return 0;
1417  }
1418  
security_sem_semctl(struct kern_ipc_perm * sma,int cmd)1419  static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
1420  {
1421  	return 0;
1422  }
1423  
security_sem_semop(struct kern_ipc_perm * sma,struct sembuf * sops,unsigned nsops,int alter)1424  static inline int security_sem_semop(struct kern_ipc_perm *sma,
1425  				     struct sembuf *sops, unsigned nsops,
1426  				     int alter)
1427  {
1428  	return 0;
1429  }
1430  
security_d_instantiate(struct dentry * dentry,struct inode * inode)1431  static inline void security_d_instantiate(struct dentry *dentry,
1432  					  struct inode *inode)
1433  { }
1434  
security_getselfattr(unsigned int attr,struct lsm_ctx __user * ctx,size_t __user * size,u32 flags)1435  static inline int security_getselfattr(unsigned int attr,
1436  				       struct lsm_ctx __user *ctx,
1437  				       size_t __user *size, u32 flags)
1438  {
1439  	return -EOPNOTSUPP;
1440  }
1441  
security_setselfattr(unsigned int attr,struct lsm_ctx __user * ctx,size_t size,u32 flags)1442  static inline int security_setselfattr(unsigned int attr,
1443  				       struct lsm_ctx __user *ctx,
1444  				       size_t size, u32 flags)
1445  {
1446  	return -EOPNOTSUPP;
1447  }
1448  
security_getprocattr(struct task_struct * p,int lsmid,const char * name,char ** value)1449  static inline int security_getprocattr(struct task_struct *p, int lsmid,
1450  				       const char *name, char **value)
1451  {
1452  	return -EINVAL;
1453  }
1454  
security_setprocattr(int lsmid,char * name,void * value,size_t size)1455  static inline int security_setprocattr(int lsmid, char *name, void *value,
1456  				       size_t size)
1457  {
1458  	return -EINVAL;
1459  }
1460  
security_netlink_send(struct sock * sk,struct sk_buff * skb)1461  static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
1462  {
1463  	return 0;
1464  }
1465  
security_ismaclabel(const char * name)1466  static inline int security_ismaclabel(const char *name)
1467  {
1468  	return 0;
1469  }
1470  
security_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)1471  static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
1472  {
1473  	return -EOPNOTSUPP;
1474  }
1475  
security_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)1476  static inline int security_secctx_to_secid(const char *secdata,
1477  					   u32 seclen,
1478  					   u32 *secid)
1479  {
1480  	return -EOPNOTSUPP;
1481  }
1482  
security_release_secctx(char * secdata,u32 seclen)1483  static inline void security_release_secctx(char *secdata, u32 seclen)
1484  {
1485  }
1486  
security_inode_invalidate_secctx(struct inode * inode)1487  static inline void security_inode_invalidate_secctx(struct inode *inode)
1488  {
1489  }
1490  
security_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)1491  static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
1492  {
1493  	return -EOPNOTSUPP;
1494  }
security_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)1495  static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
1496  {
1497  	return -EOPNOTSUPP;
1498  }
security_inode_getsecctx(struct inode * inode,void ** ctx,u32 * ctxlen)1499  static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
1500  {
1501  	return -EOPNOTSUPP;
1502  }
security_locked_down(enum lockdown_reason what)1503  static inline int security_locked_down(enum lockdown_reason what)
1504  {
1505  	return 0;
1506  }
lsm_fill_user_ctx(struct lsm_ctx __user * uctx,u32 * uctx_len,void * val,size_t val_len,u64 id,u64 flags)1507  static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
1508  				    u32 *uctx_len, void *val, size_t val_len,
1509  				    u64 id, u64 flags)
1510  {
1511  	return -EOPNOTSUPP;
1512  }
1513  
security_bdev_alloc(struct block_device * bdev)1514  static inline int security_bdev_alloc(struct block_device *bdev)
1515  {
1516  	return 0;
1517  }
1518  
security_bdev_free(struct block_device * bdev)1519  static inline void security_bdev_free(struct block_device *bdev)
1520  {
1521  }
1522  
security_bdev_setintegrity(struct block_device * bdev,enum lsm_integrity_type type,const void * value,size_t size)1523  static inline int security_bdev_setintegrity(struct block_device *bdev,
1524  					     enum lsm_integrity_type type,
1525  					     const void *value, size_t size)
1526  {
1527  	return 0;
1528  }
1529  
1530  #endif	/* CONFIG_SECURITY */
1531  
1532  #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
1533  int security_post_notification(const struct cred *w_cred,
1534  			       const struct cred *cred,
1535  			       struct watch_notification *n);
1536  #else
security_post_notification(const struct cred * w_cred,const struct cred * cred,struct watch_notification * n)1537  static inline int security_post_notification(const struct cred *w_cred,
1538  					     const struct cred *cred,
1539  					     struct watch_notification *n)
1540  {
1541  	return 0;
1542  }
1543  #endif
1544  
1545  #if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
1546  int security_watch_key(struct key *key);
1547  #else
security_watch_key(struct key * key)1548  static inline int security_watch_key(struct key *key)
1549  {
1550  	return 0;
1551  }
1552  #endif
1553  
1554  #ifdef CONFIG_SECURITY_NETWORK
1555  
1556  int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
1557  int security_unix_may_send(struct socket *sock,  struct socket *other);
1558  int security_socket_create(int family, int type, int protocol, int kern);
1559  int security_socket_post_create(struct socket *sock, int family,
1560  				int type, int protocol, int kern);
1561  int security_socket_socketpair(struct socket *socka, struct socket *sockb);
1562  int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
1563  int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
1564  int security_socket_listen(struct socket *sock, int backlog);
1565  int security_socket_accept(struct socket *sock, struct socket *newsock);
1566  int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
1567  int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1568  			    int size, int flags);
1569  int security_socket_getsockname(struct socket *sock);
1570  int security_socket_getpeername(struct socket *sock);
1571  int security_socket_getsockopt(struct socket *sock, int level, int optname);
1572  int security_socket_setsockopt(struct socket *sock, int level, int optname);
1573  int security_socket_shutdown(struct socket *sock, int how);
1574  int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
1575  int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
1576  				      sockptr_t optlen, unsigned int len);
1577  int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
1578  int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1579  void security_sk_free(struct sock *sk);
1580  void security_sk_clone(const struct sock *sk, struct sock *newsk);
1581  void security_sk_classify_flow(const struct sock *sk,
1582  			       struct flowi_common *flic);
1583  void security_req_classify_flow(const struct request_sock *req,
1584  				struct flowi_common *flic);
1585  void security_sock_graft(struct sock*sk, struct socket *parent);
1586  int security_inet_conn_request(const struct sock *sk,
1587  			struct sk_buff *skb, struct request_sock *req);
1588  void security_inet_csk_clone(struct sock *newsk,
1589  			const struct request_sock *req);
1590  void security_inet_conn_established(struct sock *sk,
1591  			struct sk_buff *skb);
1592  int security_secmark_relabel_packet(u32 secid);
1593  void security_secmark_refcount_inc(void);
1594  void security_secmark_refcount_dec(void);
1595  int security_tun_dev_alloc_security(void **security);
1596  void security_tun_dev_free_security(void *security);
1597  int security_tun_dev_create(void);
1598  int security_tun_dev_attach_queue(void *security);
1599  int security_tun_dev_attach(struct sock *sk, void *security);
1600  int security_tun_dev_open(void *security);
1601  int security_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb);
1602  int security_sctp_bind_connect(struct sock *sk, int optname,
1603  			       struct sockaddr *address, int addrlen);
1604  void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
1605  			    struct sock *newsk);
1606  int security_sctp_assoc_established(struct sctp_association *asoc,
1607  				    struct sk_buff *skb);
1608  int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk);
1609  
1610  #else	/* CONFIG_SECURITY_NETWORK */
security_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)1611  static inline int security_unix_stream_connect(struct sock *sock,
1612  					       struct sock *other,
1613  					       struct sock *newsk)
1614  {
1615  	return 0;
1616  }
1617  
security_unix_may_send(struct socket * sock,struct socket * other)1618  static inline int security_unix_may_send(struct socket *sock,
1619  					 struct socket *other)
1620  {
1621  	return 0;
1622  }
1623  
security_socket_create(int family,int type,int protocol,int kern)1624  static inline int security_socket_create(int family, int type,
1625  					 int protocol, int kern)
1626  {
1627  	return 0;
1628  }
1629  
security_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)1630  static inline int security_socket_post_create(struct socket *sock,
1631  					      int family,
1632  					      int type,
1633  					      int protocol, int kern)
1634  {
1635  	return 0;
1636  }
1637  
security_socket_socketpair(struct socket * socka,struct socket * sockb)1638  static inline int security_socket_socketpair(struct socket *socka,
1639  					     struct socket *sockb)
1640  {
1641  	return 0;
1642  }
1643  
security_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)1644  static inline int security_socket_bind(struct socket *sock,
1645  				       struct sockaddr *address,
1646  				       int addrlen)
1647  {
1648  	return 0;
1649  }
1650  
security_socket_connect(struct socket * sock,struct sockaddr * address,int addrlen)1651  static inline int security_socket_connect(struct socket *sock,
1652  					  struct sockaddr *address,
1653  					  int addrlen)
1654  {
1655  	return 0;
1656  }
1657  
security_socket_listen(struct socket * sock,int backlog)1658  static inline int security_socket_listen(struct socket *sock, int backlog)
1659  {
1660  	return 0;
1661  }
1662  
security_socket_accept(struct socket * sock,struct socket * newsock)1663  static inline int security_socket_accept(struct socket *sock,
1664  					 struct socket *newsock)
1665  {
1666  	return 0;
1667  }
1668  
security_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)1669  static inline int security_socket_sendmsg(struct socket *sock,
1670  					  struct msghdr *msg, int size)
1671  {
1672  	return 0;
1673  }
1674  
security_socket_recvmsg(struct socket * sock,struct msghdr * msg,int size,int flags)1675  static inline int security_socket_recvmsg(struct socket *sock,
1676  					  struct msghdr *msg, int size,
1677  					  int flags)
1678  {
1679  	return 0;
1680  }
1681  
security_socket_getsockname(struct socket * sock)1682  static inline int security_socket_getsockname(struct socket *sock)
1683  {
1684  	return 0;
1685  }
1686  
security_socket_getpeername(struct socket * sock)1687  static inline int security_socket_getpeername(struct socket *sock)
1688  {
1689  	return 0;
1690  }
1691  
security_socket_getsockopt(struct socket * sock,int level,int optname)1692  static inline int security_socket_getsockopt(struct socket *sock,
1693  					     int level, int optname)
1694  {
1695  	return 0;
1696  }
1697  
security_socket_setsockopt(struct socket * sock,int level,int optname)1698  static inline int security_socket_setsockopt(struct socket *sock,
1699  					     int level, int optname)
1700  {
1701  	return 0;
1702  }
1703  
security_socket_shutdown(struct socket * sock,int how)1704  static inline int security_socket_shutdown(struct socket *sock, int how)
1705  {
1706  	return 0;
1707  }
security_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)1708  static inline int security_sock_rcv_skb(struct sock *sk,
1709  					struct sk_buff *skb)
1710  {
1711  	return 0;
1712  }
1713  
security_socket_getpeersec_stream(struct socket * sock,sockptr_t optval,sockptr_t optlen,unsigned int len)1714  static inline int security_socket_getpeersec_stream(struct socket *sock,
1715  						    sockptr_t optval,
1716  						    sockptr_t optlen,
1717  						    unsigned int len)
1718  {
1719  	return -ENOPROTOOPT;
1720  }
1721  
security_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)1722  static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
1723  {
1724  	return -ENOPROTOOPT;
1725  }
1726  
security_sk_alloc(struct sock * sk,int family,gfp_t priority)1727  static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1728  {
1729  	return 0;
1730  }
1731  
security_sk_free(struct sock * sk)1732  static inline void security_sk_free(struct sock *sk)
1733  {
1734  }
1735  
security_sk_clone(const struct sock * sk,struct sock * newsk)1736  static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
1737  {
1738  }
1739  
security_sk_classify_flow(const struct sock * sk,struct flowi_common * flic)1740  static inline void security_sk_classify_flow(const struct sock *sk,
1741  					     struct flowi_common *flic)
1742  {
1743  }
1744  
security_req_classify_flow(const struct request_sock * req,struct flowi_common * flic)1745  static inline void security_req_classify_flow(const struct request_sock *req,
1746  					      struct flowi_common *flic)
1747  {
1748  }
1749  
security_sock_graft(struct sock * sk,struct socket * parent)1750  static inline void security_sock_graft(struct sock *sk, struct socket *parent)
1751  {
1752  }
1753  
security_inet_conn_request(const struct sock * sk,struct sk_buff * skb,struct request_sock * req)1754  static inline int security_inet_conn_request(const struct sock *sk,
1755  			struct sk_buff *skb, struct request_sock *req)
1756  {
1757  	return 0;
1758  }
1759  
security_inet_csk_clone(struct sock * newsk,const struct request_sock * req)1760  static inline void security_inet_csk_clone(struct sock *newsk,
1761  			const struct request_sock *req)
1762  {
1763  }
1764  
security_inet_conn_established(struct sock * sk,struct sk_buff * skb)1765  static inline void security_inet_conn_established(struct sock *sk,
1766  			struct sk_buff *skb)
1767  {
1768  }
1769  
security_secmark_relabel_packet(u32 secid)1770  static inline int security_secmark_relabel_packet(u32 secid)
1771  {
1772  	return 0;
1773  }
1774  
security_secmark_refcount_inc(void)1775  static inline void security_secmark_refcount_inc(void)
1776  {
1777  }
1778  
security_secmark_refcount_dec(void)1779  static inline void security_secmark_refcount_dec(void)
1780  {
1781  }
1782  
security_tun_dev_alloc_security(void ** security)1783  static inline int security_tun_dev_alloc_security(void **security)
1784  {
1785  	return 0;
1786  }
1787  
security_tun_dev_free_security(void * security)1788  static inline void security_tun_dev_free_security(void *security)
1789  {
1790  }
1791  
security_tun_dev_create(void)1792  static inline int security_tun_dev_create(void)
1793  {
1794  	return 0;
1795  }
1796  
security_tun_dev_attach_queue(void * security)1797  static inline int security_tun_dev_attach_queue(void *security)
1798  {
1799  	return 0;
1800  }
1801  
security_tun_dev_attach(struct sock * sk,void * security)1802  static inline int security_tun_dev_attach(struct sock *sk, void *security)
1803  {
1804  	return 0;
1805  }
1806  
security_tun_dev_open(void * security)1807  static inline int security_tun_dev_open(void *security)
1808  {
1809  	return 0;
1810  }
1811  
security_sctp_assoc_request(struct sctp_association * asoc,struct sk_buff * skb)1812  static inline int security_sctp_assoc_request(struct sctp_association *asoc,
1813  					      struct sk_buff *skb)
1814  {
1815  	return 0;
1816  }
1817  
security_sctp_bind_connect(struct sock * sk,int optname,struct sockaddr * address,int addrlen)1818  static inline int security_sctp_bind_connect(struct sock *sk, int optname,
1819  					     struct sockaddr *address,
1820  					     int addrlen)
1821  {
1822  	return 0;
1823  }
1824  
security_sctp_sk_clone(struct sctp_association * asoc,struct sock * sk,struct sock * newsk)1825  static inline void security_sctp_sk_clone(struct sctp_association *asoc,
1826  					  struct sock *sk,
1827  					  struct sock *newsk)
1828  {
1829  }
1830  
security_sctp_assoc_established(struct sctp_association * asoc,struct sk_buff * skb)1831  static inline int security_sctp_assoc_established(struct sctp_association *asoc,
1832  						  struct sk_buff *skb)
1833  {
1834  	return 0;
1835  }
1836  
security_mptcp_add_subflow(struct sock * sk,struct sock * ssk)1837  static inline int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
1838  {
1839  	return 0;
1840  }
1841  #endif	/* CONFIG_SECURITY_NETWORK */
1842  
1843  #ifdef CONFIG_SECURITY_INFINIBAND
1844  int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
1845  int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
1846  int security_ib_alloc_security(void **sec);
1847  void security_ib_free_security(void *sec);
1848  #else	/* CONFIG_SECURITY_INFINIBAND */
security_ib_pkey_access(void * sec,u64 subnet_prefix,u16 pkey)1849  static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
1850  {
1851  	return 0;
1852  }
1853  
security_ib_endport_manage_subnet(void * sec,const char * dev_name,u8 port_num)1854  static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
1855  {
1856  	return 0;
1857  }
1858  
security_ib_alloc_security(void ** sec)1859  static inline int security_ib_alloc_security(void **sec)
1860  {
1861  	return 0;
1862  }
1863  
security_ib_free_security(void * sec)1864  static inline void security_ib_free_security(void *sec)
1865  {
1866  }
1867  #endif	/* CONFIG_SECURITY_INFINIBAND */
1868  
1869  #ifdef CONFIG_SECURITY_NETWORK_XFRM
1870  
1871  int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1872  			       struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
1873  int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
1874  void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
1875  int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
1876  int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1877  int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1878  				      struct xfrm_sec_ctx *polsec, u32 secid);
1879  int security_xfrm_state_delete(struct xfrm_state *x);
1880  void security_xfrm_state_free(struct xfrm_state *x);
1881  int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);
1882  int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1883  				       struct xfrm_policy *xp,
1884  				       const struct flowi_common *flic);
1885  int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
1886  void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
1887  
1888  #else	/* CONFIG_SECURITY_NETWORK_XFRM */
1889  
security_xfrm_policy_alloc(struct xfrm_sec_ctx ** ctxp,struct xfrm_user_sec_ctx * sec_ctx,gfp_t gfp)1890  static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1891  					     struct xfrm_user_sec_ctx *sec_ctx,
1892  					     gfp_t gfp)
1893  {
1894  	return 0;
1895  }
1896  
security_xfrm_policy_clone(struct xfrm_sec_ctx * old,struct xfrm_sec_ctx ** new_ctxp)1897  static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
1898  {
1899  	return 0;
1900  }
1901  
security_xfrm_policy_free(struct xfrm_sec_ctx * ctx)1902  static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
1903  {
1904  }
1905  
security_xfrm_policy_delete(struct xfrm_sec_ctx * ctx)1906  static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
1907  {
1908  	return 0;
1909  }
1910  
security_xfrm_state_alloc(struct xfrm_state * x,struct xfrm_user_sec_ctx * sec_ctx)1911  static inline int security_xfrm_state_alloc(struct xfrm_state *x,
1912  					struct xfrm_user_sec_ctx *sec_ctx)
1913  {
1914  	return 0;
1915  }
1916  
security_xfrm_state_alloc_acquire(struct xfrm_state * x,struct xfrm_sec_ctx * polsec,u32 secid)1917  static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1918  					struct xfrm_sec_ctx *polsec, u32 secid)
1919  {
1920  	return 0;
1921  }
1922  
security_xfrm_state_free(struct xfrm_state * x)1923  static inline void security_xfrm_state_free(struct xfrm_state *x)
1924  {
1925  }
1926  
security_xfrm_state_delete(struct xfrm_state * x)1927  static inline int security_xfrm_state_delete(struct xfrm_state *x)
1928  {
1929  	return 0;
1930  }
1931  
security_xfrm_policy_lookup(struct xfrm_sec_ctx * ctx,u32 fl_secid)1932  static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
1933  {
1934  	return 0;
1935  }
1936  
security_xfrm_state_pol_flow_match(struct xfrm_state * x,struct xfrm_policy * xp,const struct flowi_common * flic)1937  static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1938  						     struct xfrm_policy *xp,
1939  						     const struct flowi_common *flic)
1940  {
1941  	return 1;
1942  }
1943  
security_xfrm_decode_session(struct sk_buff * skb,u32 * secid)1944  static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
1945  {
1946  	return 0;
1947  }
1948  
security_skb_classify_flow(struct sk_buff * skb,struct flowi_common * flic)1949  static inline void security_skb_classify_flow(struct sk_buff *skb,
1950  					      struct flowi_common *flic)
1951  {
1952  }
1953  
1954  #endif	/* CONFIG_SECURITY_NETWORK_XFRM */
1955  
1956  #ifdef CONFIG_SECURITY_PATH
1957  int security_path_unlink(const struct path *dir, struct dentry *dentry);
1958  int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
1959  int security_path_rmdir(const struct path *dir, struct dentry *dentry);
1960  int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
1961  			unsigned int dev);
1962  void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry);
1963  int security_path_truncate(const struct path *path);
1964  int security_path_symlink(const struct path *dir, struct dentry *dentry,
1965  			  const char *old_name);
1966  int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
1967  		       struct dentry *new_dentry);
1968  int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1969  			 const struct path *new_dir, struct dentry *new_dentry,
1970  			 unsigned int flags);
1971  int security_path_chmod(const struct path *path, umode_t mode);
1972  int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
1973  int security_path_chroot(const struct path *path);
1974  #else	/* CONFIG_SECURITY_PATH */
security_path_unlink(const struct path * dir,struct dentry * dentry)1975  static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
1976  {
1977  	return 0;
1978  }
1979  
security_path_mkdir(const struct path * dir,struct dentry * dentry,umode_t mode)1980  static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
1981  				      umode_t mode)
1982  {
1983  	return 0;
1984  }
1985  
security_path_rmdir(const struct path * dir,struct dentry * dentry)1986  static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
1987  {
1988  	return 0;
1989  }
1990  
security_path_mknod(const struct path * dir,struct dentry * dentry,umode_t mode,unsigned int dev)1991  static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
1992  				      umode_t mode, unsigned int dev)
1993  {
1994  	return 0;
1995  }
1996  
security_path_post_mknod(struct mnt_idmap * idmap,struct dentry * dentry)1997  static inline void security_path_post_mknod(struct mnt_idmap *idmap,
1998  					    struct dentry *dentry)
1999  { }
2000  
security_path_truncate(const struct path * path)2001  static inline int security_path_truncate(const struct path *path)
2002  {
2003  	return 0;
2004  }
2005  
security_path_symlink(const struct path * dir,struct dentry * dentry,const char * old_name)2006  static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
2007  					const char *old_name)
2008  {
2009  	return 0;
2010  }
2011  
security_path_link(struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry)2012  static inline int security_path_link(struct dentry *old_dentry,
2013  				     const struct path *new_dir,
2014  				     struct dentry *new_dentry)
2015  {
2016  	return 0;
2017  }
2018  
security_path_rename(const struct path * old_dir,struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry,unsigned int flags)2019  static inline int security_path_rename(const struct path *old_dir,
2020  				       struct dentry *old_dentry,
2021  				       const struct path *new_dir,
2022  				       struct dentry *new_dentry,
2023  				       unsigned int flags)
2024  {
2025  	return 0;
2026  }
2027  
security_path_chmod(const struct path * path,umode_t mode)2028  static inline int security_path_chmod(const struct path *path, umode_t mode)
2029  {
2030  	return 0;
2031  }
2032  
security_path_chown(const struct path * path,kuid_t uid,kgid_t gid)2033  static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
2034  {
2035  	return 0;
2036  }
2037  
security_path_chroot(const struct path * path)2038  static inline int security_path_chroot(const struct path *path)
2039  {
2040  	return 0;
2041  }
2042  #endif	/* CONFIG_SECURITY_PATH */
2043  
2044  #ifdef CONFIG_KEYS
2045  #ifdef CONFIG_SECURITY
2046  
2047  int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
2048  void security_key_free(struct key *key);
2049  int security_key_permission(key_ref_t key_ref, const struct cred *cred,
2050  			    enum key_need_perm need_perm);
2051  int security_key_getsecurity(struct key *key, char **_buffer);
2052  void security_key_post_create_or_update(struct key *keyring, struct key *key,
2053  					const void *payload, size_t payload_len,
2054  					unsigned long flags, bool create);
2055  
2056  #else
2057  
security_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)2058  static inline int security_key_alloc(struct key *key,
2059  				     const struct cred *cred,
2060  				     unsigned long flags)
2061  {
2062  	return 0;
2063  }
2064  
security_key_free(struct key * key)2065  static inline void security_key_free(struct key *key)
2066  {
2067  }
2068  
security_key_permission(key_ref_t key_ref,const struct cred * cred,enum key_need_perm need_perm)2069  static inline int security_key_permission(key_ref_t key_ref,
2070  					  const struct cred *cred,
2071  					  enum key_need_perm need_perm)
2072  {
2073  	return 0;
2074  }
2075  
security_key_getsecurity(struct key * key,char ** _buffer)2076  static inline int security_key_getsecurity(struct key *key, char **_buffer)
2077  {
2078  	*_buffer = NULL;
2079  	return 0;
2080  }
2081  
security_key_post_create_or_update(struct key * keyring,struct key * key,const void * payload,size_t payload_len,unsigned long flags,bool create)2082  static inline void security_key_post_create_or_update(struct key *keyring,
2083  						      struct key *key,
2084  						      const void *payload,
2085  						      size_t payload_len,
2086  						      unsigned long flags,
2087  						      bool create)
2088  { }
2089  
2090  #endif
2091  #endif /* CONFIG_KEYS */
2092  
2093  #ifdef CONFIG_AUDIT
2094  #ifdef CONFIG_SECURITY
2095  int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
2096  			     gfp_t gfp);
2097  int security_audit_rule_known(struct audit_krule *krule);
2098  int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
2099  void security_audit_rule_free(void *lsmrule);
2100  
2101  #else
2102  
security_audit_rule_init(u32 field,u32 op,char * rulestr,void ** lsmrule,gfp_t gfp)2103  static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
2104  					   void **lsmrule, gfp_t gfp)
2105  {
2106  	return 0;
2107  }
2108  
security_audit_rule_known(struct audit_krule * krule)2109  static inline int security_audit_rule_known(struct audit_krule *krule)
2110  {
2111  	return 0;
2112  }
2113  
security_audit_rule_match(u32 secid,u32 field,u32 op,void * lsmrule)2114  static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
2115  					    void *lsmrule)
2116  {
2117  	return 0;
2118  }
2119  
security_audit_rule_free(void * lsmrule)2120  static inline void security_audit_rule_free(void *lsmrule)
2121  { }
2122  
2123  #endif /* CONFIG_SECURITY */
2124  #endif /* CONFIG_AUDIT */
2125  
2126  #ifdef CONFIG_SECURITYFS
2127  
2128  extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
2129  					     struct dentry *parent, void *data,
2130  					     const struct file_operations *fops);
2131  extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2132  struct dentry *securityfs_create_symlink(const char *name,
2133  					 struct dentry *parent,
2134  					 const char *target,
2135  					 const struct inode_operations *iops);
2136  extern void securityfs_remove(struct dentry *dentry);
2137  extern void securityfs_recursive_remove(struct dentry *dentry);
2138  
2139  #else /* CONFIG_SECURITYFS */
2140  
securityfs_create_dir(const char * name,struct dentry * parent)2141  static inline struct dentry *securityfs_create_dir(const char *name,
2142  						   struct dentry *parent)
2143  {
2144  	return ERR_PTR(-ENODEV);
2145  }
2146  
securityfs_create_file(const char * name,umode_t mode,struct dentry * parent,void * data,const struct file_operations * fops)2147  static inline struct dentry *securityfs_create_file(const char *name,
2148  						    umode_t mode,
2149  						    struct dentry *parent,
2150  						    void *data,
2151  						    const struct file_operations *fops)
2152  {
2153  	return ERR_PTR(-ENODEV);
2154  }
2155  
securityfs_create_symlink(const char * name,struct dentry * parent,const char * target,const struct inode_operations * iops)2156  static inline struct dentry *securityfs_create_symlink(const char *name,
2157  					struct dentry *parent,
2158  					const char *target,
2159  					const struct inode_operations *iops)
2160  {
2161  	return ERR_PTR(-ENODEV);
2162  }
2163  
securityfs_remove(struct dentry * dentry)2164  static inline void securityfs_remove(struct dentry *dentry)
2165  {}
2166  
2167  #endif
2168  
2169  #ifdef CONFIG_BPF_SYSCALL
2170  union bpf_attr;
2171  struct bpf_map;
2172  struct bpf_prog;
2173  struct bpf_token;
2174  #ifdef CONFIG_SECURITY
2175  extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size);
2176  extern int security_bpf_map(struct bpf_map *map, fmode_t fmode);
2177  extern int security_bpf_prog(struct bpf_prog *prog);
2178  extern int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
2179  				   struct bpf_token *token);
2180  extern void security_bpf_map_free(struct bpf_map *map);
2181  extern int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
2182  				  struct bpf_token *token);
2183  extern void security_bpf_prog_free(struct bpf_prog *prog);
2184  extern int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
2185  				     const struct path *path);
2186  extern void security_bpf_token_free(struct bpf_token *token);
2187  extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd);
2188  extern int security_bpf_token_capable(const struct bpf_token *token, int cap);
2189  #else
security_bpf(int cmd,union bpf_attr * attr,unsigned int size)2190  static inline int security_bpf(int cmd, union bpf_attr *attr,
2191  					     unsigned int size)
2192  {
2193  	return 0;
2194  }
2195  
security_bpf_map(struct bpf_map * map,fmode_t fmode)2196  static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode)
2197  {
2198  	return 0;
2199  }
2200  
security_bpf_prog(struct bpf_prog * prog)2201  static inline int security_bpf_prog(struct bpf_prog *prog)
2202  {
2203  	return 0;
2204  }
2205  
security_bpf_map_create(struct bpf_map * map,union bpf_attr * attr,struct bpf_token * token)2206  static inline int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
2207  					  struct bpf_token *token)
2208  {
2209  	return 0;
2210  }
2211  
security_bpf_map_free(struct bpf_map * map)2212  static inline void security_bpf_map_free(struct bpf_map *map)
2213  { }
2214  
security_bpf_prog_load(struct bpf_prog * prog,union bpf_attr * attr,struct bpf_token * token)2215  static inline int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
2216  					 struct bpf_token *token)
2217  {
2218  	return 0;
2219  }
2220  
security_bpf_prog_free(struct bpf_prog * prog)2221  static inline void security_bpf_prog_free(struct bpf_prog *prog)
2222  { }
2223  
security_bpf_token_create(struct bpf_token * token,union bpf_attr * attr,const struct path * path)2224  static inline int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
2225  					    const struct path *path)
2226  {
2227  	return 0;
2228  }
2229  
security_bpf_token_free(struct bpf_token * token)2230  static inline void security_bpf_token_free(struct bpf_token *token)
2231  { }
2232  
security_bpf_token_cmd(const struct bpf_token * token,enum bpf_cmd cmd)2233  static inline int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
2234  {
2235  	return 0;
2236  }
2237  
security_bpf_token_capable(const struct bpf_token * token,int cap)2238  static inline int security_bpf_token_capable(const struct bpf_token *token, int cap)
2239  {
2240  	return 0;
2241  }
2242  #endif /* CONFIG_SECURITY */
2243  #endif /* CONFIG_BPF_SYSCALL */
2244  
2245  #ifdef CONFIG_PERF_EVENTS
2246  struct perf_event_attr;
2247  struct perf_event;
2248  
2249  #ifdef CONFIG_SECURITY
2250  extern int security_perf_event_open(struct perf_event_attr *attr, int type);
2251  extern int security_perf_event_alloc(struct perf_event *event);
2252  extern void security_perf_event_free(struct perf_event *event);
2253  extern int security_perf_event_read(struct perf_event *event);
2254  extern int security_perf_event_write(struct perf_event *event);
2255  #else
security_perf_event_open(struct perf_event_attr * attr,int type)2256  static inline int security_perf_event_open(struct perf_event_attr *attr,
2257  					   int type)
2258  {
2259  	return 0;
2260  }
2261  
security_perf_event_alloc(struct perf_event * event)2262  static inline int security_perf_event_alloc(struct perf_event *event)
2263  {
2264  	return 0;
2265  }
2266  
security_perf_event_free(struct perf_event * event)2267  static inline void security_perf_event_free(struct perf_event *event)
2268  {
2269  }
2270  
security_perf_event_read(struct perf_event * event)2271  static inline int security_perf_event_read(struct perf_event *event)
2272  {
2273  	return 0;
2274  }
2275  
security_perf_event_write(struct perf_event * event)2276  static inline int security_perf_event_write(struct perf_event *event)
2277  {
2278  	return 0;
2279  }
2280  #endif /* CONFIG_SECURITY */
2281  #endif /* CONFIG_PERF_EVENTS */
2282  
2283  #ifdef CONFIG_IO_URING
2284  #ifdef CONFIG_SECURITY
2285  extern int security_uring_override_creds(const struct cred *new);
2286  extern int security_uring_sqpoll(void);
2287  extern int security_uring_cmd(struct io_uring_cmd *ioucmd);
2288  #else
security_uring_override_creds(const struct cred * new)2289  static inline int security_uring_override_creds(const struct cred *new)
2290  {
2291  	return 0;
2292  }
security_uring_sqpoll(void)2293  static inline int security_uring_sqpoll(void)
2294  {
2295  	return 0;
2296  }
security_uring_cmd(struct io_uring_cmd * ioucmd)2297  static inline int security_uring_cmd(struct io_uring_cmd *ioucmd)
2298  {
2299  	return 0;
2300  }
2301  #endif /* CONFIG_SECURITY */
2302  #endif /* CONFIG_IO_URING */
2303  
2304  #ifdef CONFIG_SECURITY
2305  extern void security_initramfs_populated(void);
2306  #else
security_initramfs_populated(void)2307  static inline void security_initramfs_populated(void)
2308  {
2309  }
2310  #endif /* CONFIG_SECURITY */
2311  
2312  #endif /* ! __LINUX_SECURITY_H */
2313