1 /*
2 * Linux Security plug
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9 * Copyright (C) 2016 Mellanox Techonologies
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * Due to this file being licensed under the GPL there is controversy over
17 * whether this permits you to write a module that #includes this file
18 * without placing your module under the GPL. Please consult a lawyer for
19 * advice before doing this.
20 *
21 */
22
23 #ifndef __LINUX_SECURITY_H
24 #define __LINUX_SECURITY_H
25
26 #include <linux/kernel_read_file.h>
27 #include <linux/key.h>
28 #include <linux/capability.h>
29 #include <linux/fs.h>
30 #include <linux/slab.h>
31 #include <linux/err.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/sockptr.h>
35 #include <linux/bpf.h>
36 #include <uapi/linux/lsm.h>
37
38 struct linux_binprm;
39 struct cred;
40 struct rlimit;
41 struct kernel_siginfo;
42 struct sembuf;
43 struct kern_ipc_perm;
44 struct audit_context;
45 struct super_block;
46 struct inode;
47 struct dentry;
48 struct file;
49 struct vfsmount;
50 struct path;
51 struct qstr;
52 struct iattr;
53 struct fown_struct;
54 struct file_operations;
55 struct msg_msg;
56 struct xattr;
57 struct kernfs_node;
58 struct xfrm_sec_ctx;
59 struct mm_struct;
60 struct fs_context;
61 struct fs_parameter;
62 enum fs_value_type;
63 struct watch;
64 struct watch_notification;
65 struct lsm_ctx;
66
67 /* Default (no) options for the capable function */
68 #define CAP_OPT_NONE 0x0
69 /* If capable should audit the security request */
70 #define CAP_OPT_NOAUDIT BIT(1)
71 /* If capable is being called by a setid function */
72 #define CAP_OPT_INSETID BIT(2)
73
74 /* LSM Agnostic defines for security_sb_set_mnt_opts() flags */
75 #define SECURITY_LSM_NATIVE_LABELS 1
76
77 struct ctl_table;
78 struct audit_krule;
79 struct user_namespace;
80 struct timezone;
81
82 enum lsm_event {
83 LSM_POLICY_CHANGE,
84 };
85
86 struct dm_verity_digest {
87 const char *alg;
88 const u8 *digest;
89 size_t digest_len;
90 };
91
92 enum lsm_integrity_type {
93 LSM_INT_DMVERITY_SIG_VALID,
94 LSM_INT_DMVERITY_ROOTHASH,
95 LSM_INT_FSVERITY_BUILTINSIG_VALID,
96 };
97
98 /*
99 * These are reasons that can be passed to the security_locked_down()
100 * LSM hook. Lockdown reasons that protect kernel integrity (ie, the
101 * ability for userland to modify kernel code) are placed before
102 * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel
103 * confidentiality (ie, the ability for userland to extract
104 * information from the running kernel that would otherwise be
105 * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX.
106 *
107 * LSM authors should note that the semantics of any given lockdown
108 * reason are not guaranteed to be stable - the same reason may block
109 * one set of features in one kernel release, and a slightly different
110 * set of features in a later kernel release. LSMs that seek to expose
111 * lockdown policy at any level of granularity other than "none",
112 * "integrity" or "confidentiality" are responsible for either
113 * ensuring that they expose a consistent level of functionality to
114 * userland, or ensuring that userland is aware that this is
115 * potentially a moving target. It is easy to misuse this information
116 * in a way that could break userspace. Please be careful not to do
117 * so.
118 *
119 * If you add to this, remember to extend lockdown_reasons in
120 * security/lockdown/lockdown.c.
121 */
122 enum lockdown_reason {
123 LOCKDOWN_NONE,
124 LOCKDOWN_MODULE_SIGNATURE,
125 LOCKDOWN_DEV_MEM,
126 LOCKDOWN_EFI_TEST,
127 LOCKDOWN_KEXEC,
128 LOCKDOWN_HIBERNATION,
129 LOCKDOWN_PCI_ACCESS,
130 LOCKDOWN_IOPORT,
131 LOCKDOWN_MSR,
132 LOCKDOWN_ACPI_TABLES,
133 LOCKDOWN_DEVICE_TREE,
134 LOCKDOWN_PCMCIA_CIS,
135 LOCKDOWN_TIOCSSERIAL,
136 LOCKDOWN_MODULE_PARAMETERS,
137 LOCKDOWN_MMIOTRACE,
138 LOCKDOWN_DEBUGFS,
139 LOCKDOWN_XMON_WR,
140 LOCKDOWN_BPF_WRITE_USER,
141 LOCKDOWN_DBG_WRITE_KERNEL,
142 LOCKDOWN_RTAS_ERROR_INJECTION,
143 LOCKDOWN_INTEGRITY_MAX,
144 LOCKDOWN_KCORE,
145 LOCKDOWN_KPROBES,
146 LOCKDOWN_BPF_READ_KERNEL,
147 LOCKDOWN_DBG_READ_KERNEL,
148 LOCKDOWN_PERF,
149 LOCKDOWN_TRACEFS,
150 LOCKDOWN_XMON_RW,
151 LOCKDOWN_XFRM_SECRET,
152 LOCKDOWN_CONFIDENTIALITY_MAX,
153 };
154
155 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
156 extern u32 lsm_active_cnt;
157 extern const struct lsm_id *lsm_idlist[];
158
159 /* These functions are in security/commoncap.c */
160 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
161 int cap, unsigned int opts);
162 extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
163 extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
164 extern int cap_ptrace_traceme(struct task_struct *parent);
165 extern int cap_capget(const struct task_struct *target, kernel_cap_t *effective,
166 kernel_cap_t *inheritable, kernel_cap_t *permitted);
167 extern int cap_capset(struct cred *new, const struct cred *old,
168 const kernel_cap_t *effective,
169 const kernel_cap_t *inheritable,
170 const kernel_cap_t *permitted);
171 extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
172 int cap_inode_setxattr(struct dentry *dentry, const char *name,
173 const void *value, size_t size, int flags);
174 int cap_inode_removexattr(struct mnt_idmap *idmap,
175 struct dentry *dentry, const char *name);
176 int cap_inode_need_killpriv(struct dentry *dentry);
177 int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
178 int cap_inode_getsecurity(struct mnt_idmap *idmap,
179 struct inode *inode, const char *name, void **buffer,
180 bool alloc);
181 extern int cap_mmap_addr(unsigned long addr);
182 extern int cap_mmap_file(struct file *file, unsigned long reqprot,
183 unsigned long prot, unsigned long flags);
184 extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
185 extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
186 unsigned long arg4, unsigned long arg5);
187 extern int cap_task_setscheduler(struct task_struct *p);
188 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
189 extern int cap_task_setnice(struct task_struct *p, int nice);
190 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
191
192 struct msghdr;
193 struct sk_buff;
194 struct sock;
195 struct sockaddr;
196 struct socket;
197 struct flowi_common;
198 struct dst_entry;
199 struct xfrm_selector;
200 struct xfrm_policy;
201 struct xfrm_state;
202 struct xfrm_user_sec_ctx;
203 struct seq_file;
204 struct sctp_association;
205
206 #ifdef CONFIG_MMU
207 extern unsigned long mmap_min_addr;
208 extern unsigned long dac_mmap_min_addr;
209 #else
210 #define mmap_min_addr 0UL
211 #define dac_mmap_min_addr 0UL
212 #endif
213
214 /*
215 * Values used in the task_security_ops calls
216 */
217 /* setuid or setgid, id0 == uid or gid */
218 #define LSM_SETID_ID 1
219
220 /* setreuid or setregid, id0 == real, id1 == eff */
221 #define LSM_SETID_RE 2
222
223 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
224 #define LSM_SETID_RES 4
225
226 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
227 #define LSM_SETID_FS 8
228
229 /* Flags for security_task_prlimit(). */
230 #define LSM_PRLIMIT_READ 1
231 #define LSM_PRLIMIT_WRITE 2
232
233 /* forward declares to avoid warnings */
234 struct sched_param;
235 struct request_sock;
236
237 /* bprm->unsafe reasons */
238 #define LSM_UNSAFE_SHARE 1
239 #define LSM_UNSAFE_PTRACE 2
240 #define LSM_UNSAFE_NO_NEW_PRIVS 4
241
242 #ifdef CONFIG_MMU
243 extern int mmap_min_addr_handler(const struct ctl_table *table, int write,
244 void *buffer, size_t *lenp, loff_t *ppos);
245 #endif
246
247 /* security_inode_init_security callback function to write xattrs */
248 typedef int (*initxattrs) (struct inode *inode,
249 const struct xattr *xattr_array, void *fs_data);
250
251
252 /* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */
253 #define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM,
254 #define __data_id_stringify(dummy, str) #str,
255
256 enum kernel_load_data_id {
257 __kernel_read_file_id(__data_id_enumify)
258 };
259
260 static const char * const kernel_load_data_str[] = {
261 __kernel_read_file_id(__data_id_stringify)
262 };
263
kernel_load_data_id_str(enum kernel_load_data_id id)264 static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
265 {
266 if ((unsigned)id >= LOADING_MAX_ID)
267 return kernel_load_data_str[LOADING_UNKNOWN];
268
269 return kernel_load_data_str[id];
270 }
271
272 #ifdef CONFIG_SECURITY
273
274 int call_blocking_lsm_notifier(enum lsm_event event, void *data);
275 int register_blocking_lsm_notifier(struct notifier_block *nb);
276 int unregister_blocking_lsm_notifier(struct notifier_block *nb);
277
278 /* prototypes */
279 extern int security_init(void);
280 extern int early_security_init(void);
281 extern u64 lsm_name_to_attr(const char *name);
282
283 /* Security operations */
284 int security_binder_set_context_mgr(const struct cred *mgr);
285 int security_binder_transaction(const struct cred *from,
286 const struct cred *to);
287 int security_binder_transfer_binder(const struct cred *from,
288 const struct cred *to);
289 int security_binder_transfer_file(const struct cred *from,
290 const struct cred *to, const struct file *file);
291 int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
292 int security_ptrace_traceme(struct task_struct *parent);
293 int security_capget(const struct task_struct *target,
294 kernel_cap_t *effective,
295 kernel_cap_t *inheritable,
296 kernel_cap_t *permitted);
297 int security_capset(struct cred *new, const struct cred *old,
298 const kernel_cap_t *effective,
299 const kernel_cap_t *inheritable,
300 const kernel_cap_t *permitted);
301 int security_capable(const struct cred *cred,
302 struct user_namespace *ns,
303 int cap,
304 unsigned int opts);
305 int security_quotactl(int cmds, int type, int id, const struct super_block *sb);
306 int security_quota_on(struct dentry *dentry);
307 int security_syslog(int type);
308 int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
309 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
310 int security_bprm_creds_for_exec(struct linux_binprm *bprm);
311 int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
312 int security_bprm_check(struct linux_binprm *bprm);
313 void security_bprm_committing_creds(const struct linux_binprm *bprm);
314 void security_bprm_committed_creds(const struct linux_binprm *bprm);
315 int security_fs_context_submount(struct fs_context *fc, struct super_block *reference);
316 int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
317 int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
318 int security_sb_alloc(struct super_block *sb);
319 void security_sb_delete(struct super_block *sb);
320 void security_sb_free(struct super_block *sb);
321 void security_free_mnt_opts(void **mnt_opts);
322 int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
323 int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts);
324 int security_sb_remount(struct super_block *sb, void *mnt_opts);
325 int security_sb_kern_mount(const struct super_block *sb);
326 int security_sb_show_options(struct seq_file *m, struct super_block *sb);
327 int security_sb_statfs(struct dentry *dentry);
328 int security_sb_mount(const char *dev_name, const struct path *path,
329 const char *type, unsigned long flags, void *data);
330 int security_sb_umount(struct vfsmount *mnt, int flags);
331 int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
332 int security_sb_set_mnt_opts(struct super_block *sb,
333 void *mnt_opts,
334 unsigned long kern_flags,
335 unsigned long *set_kern_flags);
336 int security_sb_clone_mnt_opts(const struct super_block *oldsb,
337 struct super_block *newsb,
338 unsigned long kern_flags,
339 unsigned long *set_kern_flags);
340 int security_move_mount(const struct path *from_path, const struct path *to_path);
341 int security_dentry_init_security(struct dentry *dentry, int mode,
342 const struct qstr *name,
343 const char **xattr_name, void **ctx,
344 u32 *ctxlen);
345 int security_dentry_create_files_as(struct dentry *dentry, int mode,
346 struct qstr *name,
347 const struct cred *old,
348 struct cred *new);
349 int security_path_notify(const struct path *path, u64 mask,
350 unsigned int obj_type);
351 int security_inode_alloc(struct inode *inode, gfp_t gfp);
352 void security_inode_free(struct inode *inode);
353 int security_inode_init_security(struct inode *inode, struct inode *dir,
354 const struct qstr *qstr,
355 initxattrs initxattrs, void *fs_data);
356 int security_inode_init_security_anon(struct inode *inode,
357 const struct qstr *name,
358 const struct inode *context_inode);
359 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
360 void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
361 struct inode *inode);
362 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
363 struct dentry *new_dentry);
364 int security_inode_unlink(struct inode *dir, struct dentry *dentry);
365 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
366 const char *old_name);
367 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
368 int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
369 int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
370 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
371 struct inode *new_dir, struct dentry *new_dentry,
372 unsigned int flags);
373 int security_inode_readlink(struct dentry *dentry);
374 int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
375 bool rcu);
376 int security_inode_permission(struct inode *inode, int mask);
377 int security_inode_setattr(struct mnt_idmap *idmap,
378 struct dentry *dentry, struct iattr *attr);
379 void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
380 int ia_valid);
381 int security_inode_getattr(const struct path *path);
382 int security_inode_setxattr(struct mnt_idmap *idmap,
383 struct dentry *dentry, const char *name,
384 const void *value, size_t size, int flags);
385 int security_inode_set_acl(struct mnt_idmap *idmap,
386 struct dentry *dentry, const char *acl_name,
387 struct posix_acl *kacl);
388 void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name,
389 struct posix_acl *kacl);
390 int security_inode_get_acl(struct mnt_idmap *idmap,
391 struct dentry *dentry, const char *acl_name);
392 int security_inode_remove_acl(struct mnt_idmap *idmap,
393 struct dentry *dentry, const char *acl_name);
394 void security_inode_post_remove_acl(struct mnt_idmap *idmap,
395 struct dentry *dentry,
396 const char *acl_name);
397 void security_inode_post_setxattr(struct dentry *dentry, const char *name,
398 const void *value, size_t size, int flags);
399 int security_inode_getxattr(struct dentry *dentry, const char *name);
400 int security_inode_listxattr(struct dentry *dentry);
401 int security_inode_removexattr(struct mnt_idmap *idmap,
402 struct dentry *dentry, const char *name);
403 void security_inode_post_removexattr(struct dentry *dentry, const char *name);
404 int security_inode_need_killpriv(struct dentry *dentry);
405 int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
406 int security_inode_getsecurity(struct mnt_idmap *idmap,
407 struct inode *inode, const char *name,
408 void **buffer, bool alloc);
409 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
410 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
411 void security_inode_getsecid(struct inode *inode, u32 *secid);
412 int security_inode_copy_up(struct dentry *src, struct cred **new);
413 int security_inode_copy_up_xattr(struct dentry *src, const char *name);
414 int security_inode_setintegrity(const struct inode *inode,
415 enum lsm_integrity_type type, const void *value,
416 size_t size);
417 int security_kernfs_init_security(struct kernfs_node *kn_dir,
418 struct kernfs_node *kn);
419 int security_file_permission(struct file *file, int mask);
420 int security_file_alloc(struct file *file);
421 void security_file_release(struct file *file);
422 void security_file_free(struct file *file);
423 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
424 int security_file_ioctl_compat(struct file *file, unsigned int cmd,
425 unsigned long arg);
426 int security_mmap_file(struct file *file, unsigned long prot,
427 unsigned long flags);
428 int security_mmap_addr(unsigned long addr);
429 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
430 unsigned long prot);
431 int security_file_lock(struct file *file, unsigned int cmd);
432 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
433 void security_file_set_fowner(struct file *file);
434 int security_file_send_sigiotask(struct task_struct *tsk,
435 struct fown_struct *fown, int sig);
436 int security_file_receive(struct file *file);
437 int security_file_open(struct file *file);
438 int security_file_post_open(struct file *file, int mask);
439 int security_file_truncate(struct file *file);
440 int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
441 void security_task_free(struct task_struct *task);
442 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
443 void security_cred_free(struct cred *cred);
444 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
445 void security_transfer_creds(struct cred *new, const struct cred *old);
446 void security_cred_getsecid(const struct cred *c, u32 *secid);
447 int security_kernel_act_as(struct cred *new, u32 secid);
448 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
449 int security_kernel_module_request(char *kmod_name);
450 int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
451 int security_kernel_post_load_data(char *buf, loff_t size,
452 enum kernel_load_data_id id,
453 char *description);
454 int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
455 bool contents);
456 int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
457 enum kernel_read_file_id id);
458 int security_task_fix_setuid(struct cred *new, const struct cred *old,
459 int flags);
460 int security_task_fix_setgid(struct cred *new, const struct cred *old,
461 int flags);
462 int security_task_fix_setgroups(struct cred *new, const struct cred *old);
463 int security_task_setpgid(struct task_struct *p, pid_t pgid);
464 int security_task_getpgid(struct task_struct *p);
465 int security_task_getsid(struct task_struct *p);
466 void security_current_getsecid_subj(u32 *secid);
467 void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
468 int security_task_setnice(struct task_struct *p, int nice);
469 int security_task_setioprio(struct task_struct *p, int ioprio);
470 int security_task_getioprio(struct task_struct *p);
471 int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
472 unsigned int flags);
473 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
474 struct rlimit *new_rlim);
475 int security_task_setscheduler(struct task_struct *p);
476 int security_task_getscheduler(struct task_struct *p);
477 int security_task_movememory(struct task_struct *p);
478 int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
479 int sig, const struct cred *cred);
480 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
481 unsigned long arg4, unsigned long arg5);
482 void security_task_to_inode(struct task_struct *p, struct inode *inode);
483 int security_create_user_ns(const struct cred *cred);
484 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
485 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
486 int security_msg_msg_alloc(struct msg_msg *msg);
487 void security_msg_msg_free(struct msg_msg *msg);
488 int security_msg_queue_alloc(struct kern_ipc_perm *msq);
489 void security_msg_queue_free(struct kern_ipc_perm *msq);
490 int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
491 int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
492 int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
493 struct msg_msg *msg, int msqflg);
494 int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
495 struct task_struct *target, long type, int mode);
496 int security_shm_alloc(struct kern_ipc_perm *shp);
497 void security_shm_free(struct kern_ipc_perm *shp);
498 int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
499 int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
500 int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
501 int security_sem_alloc(struct kern_ipc_perm *sma);
502 void security_sem_free(struct kern_ipc_perm *sma);
503 int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
504 int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
505 int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
506 unsigned nsops, int alter);
507 void security_d_instantiate(struct dentry *dentry, struct inode *inode);
508 int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
509 u32 __user *size, u32 flags);
510 int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx,
511 u32 size, u32 flags);
512 int security_getprocattr(struct task_struct *p, int lsmid, const char *name,
513 char **value);
514 int security_setprocattr(int lsmid, const char *name, void *value, size_t size);
515 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
516 int security_ismaclabel(const char *name);
517 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
518 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
519 void security_release_secctx(char *secdata, u32 seclen);
520 void security_inode_invalidate_secctx(struct inode *inode);
521 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
522 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
523 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
524 int security_locked_down(enum lockdown_reason what);
525 int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
526 void *val, size_t val_len, u64 id, u64 flags);
527 int security_bdev_alloc(struct block_device *bdev);
528 void security_bdev_free(struct block_device *bdev);
529 int security_bdev_setintegrity(struct block_device *bdev,
530 enum lsm_integrity_type type, const void *value,
531 size_t size);
532 #else /* CONFIG_SECURITY */
533
call_blocking_lsm_notifier(enum lsm_event event,void * data)534 static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
535 {
536 return 0;
537 }
538
register_blocking_lsm_notifier(struct notifier_block * nb)539 static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
540 {
541 return 0;
542 }
543
unregister_blocking_lsm_notifier(struct notifier_block * nb)544 static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb)
545 {
546 return 0;
547 }
548
lsm_name_to_attr(const char * name)549 static inline u64 lsm_name_to_attr(const char *name)
550 {
551 return LSM_ATTR_UNDEF;
552 }
553
security_free_mnt_opts(void ** mnt_opts)554 static inline void security_free_mnt_opts(void **mnt_opts)
555 {
556 }
557
558 /*
559 * This is the default capabilities functionality. Most of these functions
560 * are just stubbed out, but a few must call the proper capable code.
561 */
562
security_init(void)563 static inline int security_init(void)
564 {
565 return 0;
566 }
567
early_security_init(void)568 static inline int early_security_init(void)
569 {
570 return 0;
571 }
572
security_binder_set_context_mgr(const struct cred * mgr)573 static inline int security_binder_set_context_mgr(const struct cred *mgr)
574 {
575 return 0;
576 }
577
security_binder_transaction(const struct cred * from,const struct cred * to)578 static inline int security_binder_transaction(const struct cred *from,
579 const struct cred *to)
580 {
581 return 0;
582 }
583
security_binder_transfer_binder(const struct cred * from,const struct cred * to)584 static inline int security_binder_transfer_binder(const struct cred *from,
585 const struct cred *to)
586 {
587 return 0;
588 }
589
security_binder_transfer_file(const struct cred * from,const struct cred * to,const struct file * file)590 static inline int security_binder_transfer_file(const struct cred *from,
591 const struct cred *to,
592 const struct file *file)
593 {
594 return 0;
595 }
596
security_ptrace_access_check(struct task_struct * child,unsigned int mode)597 static inline int security_ptrace_access_check(struct task_struct *child,
598 unsigned int mode)
599 {
600 return cap_ptrace_access_check(child, mode);
601 }
602
security_ptrace_traceme(struct task_struct * parent)603 static inline int security_ptrace_traceme(struct task_struct *parent)
604 {
605 return cap_ptrace_traceme(parent);
606 }
607
security_capget(const struct task_struct * target,kernel_cap_t * effective,kernel_cap_t * inheritable,kernel_cap_t * permitted)608 static inline int security_capget(const struct task_struct *target,
609 kernel_cap_t *effective,
610 kernel_cap_t *inheritable,
611 kernel_cap_t *permitted)
612 {
613 return cap_capget(target, effective, inheritable, permitted);
614 }
615
security_capset(struct cred * new,const struct cred * old,const kernel_cap_t * effective,const kernel_cap_t * inheritable,const kernel_cap_t * permitted)616 static inline int security_capset(struct cred *new,
617 const struct cred *old,
618 const kernel_cap_t *effective,
619 const kernel_cap_t *inheritable,
620 const kernel_cap_t *permitted)
621 {
622 return cap_capset(new, old, effective, inheritable, permitted);
623 }
624
security_capable(const struct cred * cred,struct user_namespace * ns,int cap,unsigned int opts)625 static inline int security_capable(const struct cred *cred,
626 struct user_namespace *ns,
627 int cap,
628 unsigned int opts)
629 {
630 return cap_capable(cred, ns, cap, opts);
631 }
632
security_quotactl(int cmds,int type,int id,const struct super_block * sb)633 static inline int security_quotactl(int cmds, int type, int id,
634 const struct super_block *sb)
635 {
636 return 0;
637 }
638
security_quota_on(struct dentry * dentry)639 static inline int security_quota_on(struct dentry *dentry)
640 {
641 return 0;
642 }
643
security_syslog(int type)644 static inline int security_syslog(int type)
645 {
646 return 0;
647 }
648
security_settime64(const struct timespec64 * ts,const struct timezone * tz)649 static inline int security_settime64(const struct timespec64 *ts,
650 const struct timezone *tz)
651 {
652 return cap_settime(ts, tz);
653 }
654
security_vm_enough_memory_mm(struct mm_struct * mm,long pages)655 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
656 {
657 return __vm_enough_memory(mm, pages, !cap_vm_enough_memory(mm, pages));
658 }
659
security_bprm_creds_for_exec(struct linux_binprm * bprm)660 static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
661 {
662 return 0;
663 }
664
security_bprm_creds_from_file(struct linux_binprm * bprm,const struct file * file)665 static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
666 const struct file *file)
667 {
668 return cap_bprm_creds_from_file(bprm, file);
669 }
670
security_bprm_check(struct linux_binprm * bprm)671 static inline int security_bprm_check(struct linux_binprm *bprm)
672 {
673 return 0;
674 }
675
security_bprm_committing_creds(const struct linux_binprm * bprm)676 static inline void security_bprm_committing_creds(const struct linux_binprm *bprm)
677 {
678 }
679
security_bprm_committed_creds(const struct linux_binprm * bprm)680 static inline void security_bprm_committed_creds(const struct linux_binprm *bprm)
681 {
682 }
683
security_fs_context_submount(struct fs_context * fc,struct super_block * reference)684 static inline int security_fs_context_submount(struct fs_context *fc,
685 struct super_block *reference)
686 {
687 return 0;
688 }
security_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)689 static inline int security_fs_context_dup(struct fs_context *fc,
690 struct fs_context *src_fc)
691 {
692 return 0;
693 }
security_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)694 static inline int security_fs_context_parse_param(struct fs_context *fc,
695 struct fs_parameter *param)
696 {
697 return -ENOPARAM;
698 }
699
security_sb_alloc(struct super_block * sb)700 static inline int security_sb_alloc(struct super_block *sb)
701 {
702 return 0;
703 }
704
security_sb_delete(struct super_block * sb)705 static inline void security_sb_delete(struct super_block *sb)
706 { }
707
security_sb_free(struct super_block * sb)708 static inline void security_sb_free(struct super_block *sb)
709 { }
710
security_sb_eat_lsm_opts(char * options,void ** mnt_opts)711 static inline int security_sb_eat_lsm_opts(char *options,
712 void **mnt_opts)
713 {
714 return 0;
715 }
716
security_sb_remount(struct super_block * sb,void * mnt_opts)717 static inline int security_sb_remount(struct super_block *sb,
718 void *mnt_opts)
719 {
720 return 0;
721 }
722
security_sb_mnt_opts_compat(struct super_block * sb,void * mnt_opts)723 static inline int security_sb_mnt_opts_compat(struct super_block *sb,
724 void *mnt_opts)
725 {
726 return 0;
727 }
728
729
security_sb_kern_mount(struct super_block * sb)730 static inline int security_sb_kern_mount(struct super_block *sb)
731 {
732 return 0;
733 }
734
security_sb_show_options(struct seq_file * m,struct super_block * sb)735 static inline int security_sb_show_options(struct seq_file *m,
736 struct super_block *sb)
737 {
738 return 0;
739 }
740
security_sb_statfs(struct dentry * dentry)741 static inline int security_sb_statfs(struct dentry *dentry)
742 {
743 return 0;
744 }
745
security_sb_mount(const char * dev_name,const struct path * path,const char * type,unsigned long flags,void * data)746 static inline int security_sb_mount(const char *dev_name, const struct path *path,
747 const char *type, unsigned long flags,
748 void *data)
749 {
750 return 0;
751 }
752
security_sb_umount(struct vfsmount * mnt,int flags)753 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
754 {
755 return 0;
756 }
757
security_sb_pivotroot(const struct path * old_path,const struct path * new_path)758 static inline int security_sb_pivotroot(const struct path *old_path,
759 const struct path *new_path)
760 {
761 return 0;
762 }
763
security_sb_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)764 static inline int security_sb_set_mnt_opts(struct super_block *sb,
765 void *mnt_opts,
766 unsigned long kern_flags,
767 unsigned long *set_kern_flags)
768 {
769 return 0;
770 }
771
security_sb_clone_mnt_opts(const struct super_block * oldsb,struct super_block * newsb,unsigned long kern_flags,unsigned long * set_kern_flags)772 static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
773 struct super_block *newsb,
774 unsigned long kern_flags,
775 unsigned long *set_kern_flags)
776 {
777 return 0;
778 }
779
security_move_mount(const struct path * from_path,const struct path * to_path)780 static inline int security_move_mount(const struct path *from_path,
781 const struct path *to_path)
782 {
783 return 0;
784 }
785
security_path_notify(const struct path * path,u64 mask,unsigned int obj_type)786 static inline int security_path_notify(const struct path *path, u64 mask,
787 unsigned int obj_type)
788 {
789 return 0;
790 }
791
security_inode_alloc(struct inode * inode,gfp_t gfp)792 static inline int security_inode_alloc(struct inode *inode, gfp_t gfp)
793 {
794 return 0;
795 }
796
security_inode_free(struct inode * inode)797 static inline void security_inode_free(struct inode *inode)
798 { }
799
security_dentry_init_security(struct dentry * dentry,int mode,const struct qstr * name,const char ** xattr_name,void ** ctx,u32 * ctxlen)800 static inline int security_dentry_init_security(struct dentry *dentry,
801 int mode,
802 const struct qstr *name,
803 const char **xattr_name,
804 void **ctx,
805 u32 *ctxlen)
806 {
807 return -EOPNOTSUPP;
808 }
809
security_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)810 static inline int security_dentry_create_files_as(struct dentry *dentry,
811 int mode, struct qstr *name,
812 const struct cred *old,
813 struct cred *new)
814 {
815 return 0;
816 }
817
818
security_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const initxattrs xattrs,void * fs_data)819 static inline int security_inode_init_security(struct inode *inode,
820 struct inode *dir,
821 const struct qstr *qstr,
822 const initxattrs xattrs,
823 void *fs_data)
824 {
825 return 0;
826 }
827
security_inode_init_security_anon(struct inode * inode,const struct qstr * name,const struct inode * context_inode)828 static inline int security_inode_init_security_anon(struct inode *inode,
829 const struct qstr *name,
830 const struct inode *context_inode)
831 {
832 return 0;
833 }
834
security_inode_create(struct inode * dir,struct dentry * dentry,umode_t mode)835 static inline int security_inode_create(struct inode *dir,
836 struct dentry *dentry,
837 umode_t mode)
838 {
839 return 0;
840 }
841
842 static inline void
security_inode_post_create_tmpfile(struct mnt_idmap * idmap,struct inode * inode)843 security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode)
844 { }
845
security_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)846 static inline int security_inode_link(struct dentry *old_dentry,
847 struct inode *dir,
848 struct dentry *new_dentry)
849 {
850 return 0;
851 }
852
security_inode_unlink(struct inode * dir,struct dentry * dentry)853 static inline int security_inode_unlink(struct inode *dir,
854 struct dentry *dentry)
855 {
856 return 0;
857 }
858
security_inode_symlink(struct inode * dir,struct dentry * dentry,const char * old_name)859 static inline int security_inode_symlink(struct inode *dir,
860 struct dentry *dentry,
861 const char *old_name)
862 {
863 return 0;
864 }
865
security_inode_mkdir(struct inode * dir,struct dentry * dentry,int mode)866 static inline int security_inode_mkdir(struct inode *dir,
867 struct dentry *dentry,
868 int mode)
869 {
870 return 0;
871 }
872
security_inode_rmdir(struct inode * dir,struct dentry * dentry)873 static inline int security_inode_rmdir(struct inode *dir,
874 struct dentry *dentry)
875 {
876 return 0;
877 }
878
security_inode_mknod(struct inode * dir,struct dentry * dentry,int mode,dev_t dev)879 static inline int security_inode_mknod(struct inode *dir,
880 struct dentry *dentry,
881 int mode, dev_t dev)
882 {
883 return 0;
884 }
885
security_inode_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)886 static inline int security_inode_rename(struct inode *old_dir,
887 struct dentry *old_dentry,
888 struct inode *new_dir,
889 struct dentry *new_dentry,
890 unsigned int flags)
891 {
892 return 0;
893 }
894
security_inode_readlink(struct dentry * dentry)895 static inline int security_inode_readlink(struct dentry *dentry)
896 {
897 return 0;
898 }
899
security_inode_follow_link(struct dentry * dentry,struct inode * inode,bool rcu)900 static inline int security_inode_follow_link(struct dentry *dentry,
901 struct inode *inode,
902 bool rcu)
903 {
904 return 0;
905 }
906
security_inode_permission(struct inode * inode,int mask)907 static inline int security_inode_permission(struct inode *inode, int mask)
908 {
909 return 0;
910 }
911
security_inode_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr)912 static inline int security_inode_setattr(struct mnt_idmap *idmap,
913 struct dentry *dentry,
914 struct iattr *attr)
915 {
916 return 0;
917 }
918
919 static inline void
security_inode_post_setattr(struct mnt_idmap * idmap,struct dentry * dentry,int ia_valid)920 security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
921 int ia_valid)
922 { }
923
security_inode_getattr(const struct path * path)924 static inline int security_inode_getattr(const struct path *path)
925 {
926 return 0;
927 }
928
security_inode_setxattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name,const void * value,size_t size,int flags)929 static inline int security_inode_setxattr(struct mnt_idmap *idmap,
930 struct dentry *dentry, const char *name, const void *value,
931 size_t size, int flags)
932 {
933 return cap_inode_setxattr(dentry, name, value, size, flags);
934 }
935
security_inode_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)936 static inline int security_inode_set_acl(struct mnt_idmap *idmap,
937 struct dentry *dentry,
938 const char *acl_name,
939 struct posix_acl *kacl)
940 {
941 return 0;
942 }
943
security_inode_post_set_acl(struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)944 static inline void security_inode_post_set_acl(struct dentry *dentry,
945 const char *acl_name,
946 struct posix_acl *kacl)
947 { }
948
security_inode_get_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)949 static inline int security_inode_get_acl(struct mnt_idmap *idmap,
950 struct dentry *dentry,
951 const char *acl_name)
952 {
953 return 0;
954 }
955
security_inode_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)956 static inline int security_inode_remove_acl(struct mnt_idmap *idmap,
957 struct dentry *dentry,
958 const char *acl_name)
959 {
960 return 0;
961 }
962
security_inode_post_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)963 static inline void security_inode_post_remove_acl(struct mnt_idmap *idmap,
964 struct dentry *dentry,
965 const char *acl_name)
966 { }
967
security_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)968 static inline void security_inode_post_setxattr(struct dentry *dentry,
969 const char *name, const void *value, size_t size, int flags)
970 { }
971
security_inode_getxattr(struct dentry * dentry,const char * name)972 static inline int security_inode_getxattr(struct dentry *dentry,
973 const char *name)
974 {
975 return 0;
976 }
977
security_inode_listxattr(struct dentry * dentry)978 static inline int security_inode_listxattr(struct dentry *dentry)
979 {
980 return 0;
981 }
982
security_inode_removexattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name)983 static inline int security_inode_removexattr(struct mnt_idmap *idmap,
984 struct dentry *dentry,
985 const char *name)
986 {
987 return cap_inode_removexattr(idmap, dentry, name);
988 }
989
security_inode_post_removexattr(struct dentry * dentry,const char * name)990 static inline void security_inode_post_removexattr(struct dentry *dentry,
991 const char *name)
992 { }
993
security_inode_need_killpriv(struct dentry * dentry)994 static inline int security_inode_need_killpriv(struct dentry *dentry)
995 {
996 return cap_inode_need_killpriv(dentry);
997 }
998
security_inode_killpriv(struct mnt_idmap * idmap,struct dentry * dentry)999 static inline int security_inode_killpriv(struct mnt_idmap *idmap,
1000 struct dentry *dentry)
1001 {
1002 return cap_inode_killpriv(idmap, dentry);
1003 }
1004
security_inode_getsecurity(struct mnt_idmap * idmap,struct inode * inode,const char * name,void ** buffer,bool alloc)1005 static inline int security_inode_getsecurity(struct mnt_idmap *idmap,
1006 struct inode *inode,
1007 const char *name, void **buffer,
1008 bool alloc)
1009 {
1010 return cap_inode_getsecurity(idmap, inode, name, buffer, alloc);
1011 }
1012
security_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)1013 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
1014 {
1015 return -EOPNOTSUPP;
1016 }
1017
security_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)1018 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
1019 {
1020 return 0;
1021 }
1022
security_inode_getsecid(struct inode * inode,u32 * secid)1023 static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
1024 {
1025 *secid = 0;
1026 }
1027
security_inode_copy_up(struct dentry * src,struct cred ** new)1028 static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
1029 {
1030 return 0;
1031 }
1032
security_inode_setintegrity(const struct inode * inode,enum lsm_integrity_type type,const void * value,size_t size)1033 static inline int security_inode_setintegrity(const struct inode *inode,
1034 enum lsm_integrity_type type,
1035 const void *value, size_t size)
1036 {
1037 return 0;
1038 }
1039
security_kernfs_init_security(struct kernfs_node * kn_dir,struct kernfs_node * kn)1040 static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
1041 struct kernfs_node *kn)
1042 {
1043 return 0;
1044 }
1045
security_inode_copy_up_xattr(struct dentry * src,const char * name)1046 static inline int security_inode_copy_up_xattr(struct dentry *src, const char *name)
1047 {
1048 return -EOPNOTSUPP;
1049 }
1050
security_file_permission(struct file * file,int mask)1051 static inline int security_file_permission(struct file *file, int mask)
1052 {
1053 return 0;
1054 }
1055
security_file_alloc(struct file * file)1056 static inline int security_file_alloc(struct file *file)
1057 {
1058 return 0;
1059 }
1060
security_file_release(struct file * file)1061 static inline void security_file_release(struct file *file)
1062 { }
1063
security_file_free(struct file * file)1064 static inline void security_file_free(struct file *file)
1065 { }
1066
security_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1067 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
1068 unsigned long arg)
1069 {
1070 return 0;
1071 }
1072
security_file_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)1073 static inline int security_file_ioctl_compat(struct file *file,
1074 unsigned int cmd,
1075 unsigned long arg)
1076 {
1077 return 0;
1078 }
1079
security_mmap_file(struct file * file,unsigned long prot,unsigned long flags)1080 static inline int security_mmap_file(struct file *file, unsigned long prot,
1081 unsigned long flags)
1082 {
1083 return 0;
1084 }
1085
security_mmap_addr(unsigned long addr)1086 static inline int security_mmap_addr(unsigned long addr)
1087 {
1088 return cap_mmap_addr(addr);
1089 }
1090
security_file_mprotect(struct vm_area_struct * vma,unsigned long reqprot,unsigned long prot)1091 static inline int security_file_mprotect(struct vm_area_struct *vma,
1092 unsigned long reqprot,
1093 unsigned long prot)
1094 {
1095 return 0;
1096 }
1097
security_file_lock(struct file * file,unsigned int cmd)1098 static inline int security_file_lock(struct file *file, unsigned int cmd)
1099 {
1100 return 0;
1101 }
1102
security_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)1103 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
1104 unsigned long arg)
1105 {
1106 return 0;
1107 }
1108
security_file_set_fowner(struct file * file)1109 static inline void security_file_set_fowner(struct file *file)
1110 {
1111 return;
1112 }
1113
security_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int sig)1114 static inline int security_file_send_sigiotask(struct task_struct *tsk,
1115 struct fown_struct *fown,
1116 int sig)
1117 {
1118 return 0;
1119 }
1120
security_file_receive(struct file * file)1121 static inline int security_file_receive(struct file *file)
1122 {
1123 return 0;
1124 }
1125
security_file_open(struct file * file)1126 static inline int security_file_open(struct file *file)
1127 {
1128 return 0;
1129 }
1130
security_file_post_open(struct file * file,int mask)1131 static inline int security_file_post_open(struct file *file, int mask)
1132 {
1133 return 0;
1134 }
1135
security_file_truncate(struct file * file)1136 static inline int security_file_truncate(struct file *file)
1137 {
1138 return 0;
1139 }
1140
security_task_alloc(struct task_struct * task,unsigned long clone_flags)1141 static inline int security_task_alloc(struct task_struct *task,
1142 unsigned long clone_flags)
1143 {
1144 return 0;
1145 }
1146
security_task_free(struct task_struct * task)1147 static inline void security_task_free(struct task_struct *task)
1148 { }
1149
security_cred_alloc_blank(struct cred * cred,gfp_t gfp)1150 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1151 {
1152 return 0;
1153 }
1154
security_cred_free(struct cred * cred)1155 static inline void security_cred_free(struct cred *cred)
1156 { }
1157
security_prepare_creds(struct cred * new,const struct cred * old,gfp_t gfp)1158 static inline int security_prepare_creds(struct cred *new,
1159 const struct cred *old,
1160 gfp_t gfp)
1161 {
1162 return 0;
1163 }
1164
security_transfer_creds(struct cred * new,const struct cred * old)1165 static inline void security_transfer_creds(struct cred *new,
1166 const struct cred *old)
1167 {
1168 }
1169
security_cred_getsecid(const struct cred * c,u32 * secid)1170 static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
1171 {
1172 *secid = 0;
1173 }
1174
security_kernel_act_as(struct cred * cred,u32 secid)1175 static inline int security_kernel_act_as(struct cred *cred, u32 secid)
1176 {
1177 return 0;
1178 }
1179
security_kernel_create_files_as(struct cred * cred,struct inode * inode)1180 static inline int security_kernel_create_files_as(struct cred *cred,
1181 struct inode *inode)
1182 {
1183 return 0;
1184 }
1185
security_kernel_module_request(char * kmod_name)1186 static inline int security_kernel_module_request(char *kmod_name)
1187 {
1188 return 0;
1189 }
1190
security_kernel_load_data(enum kernel_load_data_id id,bool contents)1191 static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
1192 {
1193 return 0;
1194 }
1195
security_kernel_post_load_data(char * buf,loff_t size,enum kernel_load_data_id id,char * description)1196 static inline int security_kernel_post_load_data(char *buf, loff_t size,
1197 enum kernel_load_data_id id,
1198 char *description)
1199 {
1200 return 0;
1201 }
1202
security_kernel_read_file(struct file * file,enum kernel_read_file_id id,bool contents)1203 static inline int security_kernel_read_file(struct file *file,
1204 enum kernel_read_file_id id,
1205 bool contents)
1206 {
1207 return 0;
1208 }
1209
security_kernel_post_read_file(struct file * file,char * buf,loff_t size,enum kernel_read_file_id id)1210 static inline int security_kernel_post_read_file(struct file *file,
1211 char *buf, loff_t size,
1212 enum kernel_read_file_id id)
1213 {
1214 return 0;
1215 }
1216
security_task_fix_setuid(struct cred * new,const struct cred * old,int flags)1217 static inline int security_task_fix_setuid(struct cred *new,
1218 const struct cred *old,
1219 int flags)
1220 {
1221 return cap_task_fix_setuid(new, old, flags);
1222 }
1223
security_task_fix_setgid(struct cred * new,const struct cred * old,int flags)1224 static inline int security_task_fix_setgid(struct cred *new,
1225 const struct cred *old,
1226 int flags)
1227 {
1228 return 0;
1229 }
1230
security_task_fix_setgroups(struct cred * new,const struct cred * old)1231 static inline int security_task_fix_setgroups(struct cred *new,
1232 const struct cred *old)
1233 {
1234 return 0;
1235 }
1236
security_task_setpgid(struct task_struct * p,pid_t pgid)1237 static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
1238 {
1239 return 0;
1240 }
1241
security_task_getpgid(struct task_struct * p)1242 static inline int security_task_getpgid(struct task_struct *p)
1243 {
1244 return 0;
1245 }
1246
security_task_getsid(struct task_struct * p)1247 static inline int security_task_getsid(struct task_struct *p)
1248 {
1249 return 0;
1250 }
1251
security_current_getsecid_subj(u32 * secid)1252 static inline void security_current_getsecid_subj(u32 *secid)
1253 {
1254 *secid = 0;
1255 }
1256
security_task_getsecid_obj(struct task_struct * p,u32 * secid)1257 static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
1258 {
1259 *secid = 0;
1260 }
1261
security_task_setnice(struct task_struct * p,int nice)1262 static inline int security_task_setnice(struct task_struct *p, int nice)
1263 {
1264 return cap_task_setnice(p, nice);
1265 }
1266
security_task_setioprio(struct task_struct * p,int ioprio)1267 static inline int security_task_setioprio(struct task_struct *p, int ioprio)
1268 {
1269 return cap_task_setioprio(p, ioprio);
1270 }
1271
security_task_getioprio(struct task_struct * p)1272 static inline int security_task_getioprio(struct task_struct *p)
1273 {
1274 return 0;
1275 }
1276
security_task_prlimit(const struct cred * cred,const struct cred * tcred,unsigned int flags)1277 static inline int security_task_prlimit(const struct cred *cred,
1278 const struct cred *tcred,
1279 unsigned int flags)
1280 {
1281 return 0;
1282 }
1283
security_task_setrlimit(struct task_struct * p,unsigned int resource,struct rlimit * new_rlim)1284 static inline int security_task_setrlimit(struct task_struct *p,
1285 unsigned int resource,
1286 struct rlimit *new_rlim)
1287 {
1288 return 0;
1289 }
1290
security_task_setscheduler(struct task_struct * p)1291 static inline int security_task_setscheduler(struct task_struct *p)
1292 {
1293 return cap_task_setscheduler(p);
1294 }
1295
security_task_getscheduler(struct task_struct * p)1296 static inline int security_task_getscheduler(struct task_struct *p)
1297 {
1298 return 0;
1299 }
1300
security_task_movememory(struct task_struct * p)1301 static inline int security_task_movememory(struct task_struct *p)
1302 {
1303 return 0;
1304 }
1305
security_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)1306 static inline int security_task_kill(struct task_struct *p,
1307 struct kernel_siginfo *info, int sig,
1308 const struct cred *cred)
1309 {
1310 return 0;
1311 }
1312
security_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5)1313 static inline int security_task_prctl(int option, unsigned long arg2,
1314 unsigned long arg3,
1315 unsigned long arg4,
1316 unsigned long arg5)
1317 {
1318 return cap_task_prctl(option, arg2, arg3, arg4, arg5);
1319 }
1320
security_task_to_inode(struct task_struct * p,struct inode * inode)1321 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
1322 { }
1323
security_create_user_ns(const struct cred * cred)1324 static inline int security_create_user_ns(const struct cred *cred)
1325 {
1326 return 0;
1327 }
1328
security_ipc_permission(struct kern_ipc_perm * ipcp,short flag)1329 static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
1330 short flag)
1331 {
1332 return 0;
1333 }
1334
security_ipc_getsecid(struct kern_ipc_perm * ipcp,u32 * secid)1335 static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
1336 {
1337 *secid = 0;
1338 }
1339
security_msg_msg_alloc(struct msg_msg * msg)1340 static inline int security_msg_msg_alloc(struct msg_msg *msg)
1341 {
1342 return 0;
1343 }
1344
security_msg_msg_free(struct msg_msg * msg)1345 static inline void security_msg_msg_free(struct msg_msg *msg)
1346 { }
1347
security_msg_queue_alloc(struct kern_ipc_perm * msq)1348 static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
1349 {
1350 return 0;
1351 }
1352
security_msg_queue_free(struct kern_ipc_perm * msq)1353 static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
1354 { }
1355
security_msg_queue_associate(struct kern_ipc_perm * msq,int msqflg)1356 static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
1357 int msqflg)
1358 {
1359 return 0;
1360 }
1361
security_msg_queue_msgctl(struct kern_ipc_perm * msq,int cmd)1362 static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
1363 {
1364 return 0;
1365 }
1366
security_msg_queue_msgsnd(struct kern_ipc_perm * msq,struct msg_msg * msg,int msqflg)1367 static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
1368 struct msg_msg *msg, int msqflg)
1369 {
1370 return 0;
1371 }
1372
security_msg_queue_msgrcv(struct kern_ipc_perm * msq,struct msg_msg * msg,struct task_struct * target,long type,int mode)1373 static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
1374 struct msg_msg *msg,
1375 struct task_struct *target,
1376 long type, int mode)
1377 {
1378 return 0;
1379 }
1380
security_shm_alloc(struct kern_ipc_perm * shp)1381 static inline int security_shm_alloc(struct kern_ipc_perm *shp)
1382 {
1383 return 0;
1384 }
1385
security_shm_free(struct kern_ipc_perm * shp)1386 static inline void security_shm_free(struct kern_ipc_perm *shp)
1387 { }
1388
security_shm_associate(struct kern_ipc_perm * shp,int shmflg)1389 static inline int security_shm_associate(struct kern_ipc_perm *shp,
1390 int shmflg)
1391 {
1392 return 0;
1393 }
1394
security_shm_shmctl(struct kern_ipc_perm * shp,int cmd)1395 static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
1396 {
1397 return 0;
1398 }
1399
security_shm_shmat(struct kern_ipc_perm * shp,char __user * shmaddr,int shmflg)1400 static inline int security_shm_shmat(struct kern_ipc_perm *shp,
1401 char __user *shmaddr, int shmflg)
1402 {
1403 return 0;
1404 }
1405
security_sem_alloc(struct kern_ipc_perm * sma)1406 static inline int security_sem_alloc(struct kern_ipc_perm *sma)
1407 {
1408 return 0;
1409 }
1410
security_sem_free(struct kern_ipc_perm * sma)1411 static inline void security_sem_free(struct kern_ipc_perm *sma)
1412 { }
1413
security_sem_associate(struct kern_ipc_perm * sma,int semflg)1414 static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
1415 {
1416 return 0;
1417 }
1418
security_sem_semctl(struct kern_ipc_perm * sma,int cmd)1419 static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
1420 {
1421 return 0;
1422 }
1423
security_sem_semop(struct kern_ipc_perm * sma,struct sembuf * sops,unsigned nsops,int alter)1424 static inline int security_sem_semop(struct kern_ipc_perm *sma,
1425 struct sembuf *sops, unsigned nsops,
1426 int alter)
1427 {
1428 return 0;
1429 }
1430
security_d_instantiate(struct dentry * dentry,struct inode * inode)1431 static inline void security_d_instantiate(struct dentry *dentry,
1432 struct inode *inode)
1433 { }
1434
security_getselfattr(unsigned int attr,struct lsm_ctx __user * ctx,size_t __user * size,u32 flags)1435 static inline int security_getselfattr(unsigned int attr,
1436 struct lsm_ctx __user *ctx,
1437 size_t __user *size, u32 flags)
1438 {
1439 return -EOPNOTSUPP;
1440 }
1441
security_setselfattr(unsigned int attr,struct lsm_ctx __user * ctx,size_t size,u32 flags)1442 static inline int security_setselfattr(unsigned int attr,
1443 struct lsm_ctx __user *ctx,
1444 size_t size, u32 flags)
1445 {
1446 return -EOPNOTSUPP;
1447 }
1448
security_getprocattr(struct task_struct * p,int lsmid,const char * name,char ** value)1449 static inline int security_getprocattr(struct task_struct *p, int lsmid,
1450 const char *name, char **value)
1451 {
1452 return -EINVAL;
1453 }
1454
security_setprocattr(int lsmid,char * name,void * value,size_t size)1455 static inline int security_setprocattr(int lsmid, char *name, void *value,
1456 size_t size)
1457 {
1458 return -EINVAL;
1459 }
1460
security_netlink_send(struct sock * sk,struct sk_buff * skb)1461 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
1462 {
1463 return 0;
1464 }
1465
security_ismaclabel(const char * name)1466 static inline int security_ismaclabel(const char *name)
1467 {
1468 return 0;
1469 }
1470
security_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)1471 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
1472 {
1473 return -EOPNOTSUPP;
1474 }
1475
security_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)1476 static inline int security_secctx_to_secid(const char *secdata,
1477 u32 seclen,
1478 u32 *secid)
1479 {
1480 return -EOPNOTSUPP;
1481 }
1482
security_release_secctx(char * secdata,u32 seclen)1483 static inline void security_release_secctx(char *secdata, u32 seclen)
1484 {
1485 }
1486
security_inode_invalidate_secctx(struct inode * inode)1487 static inline void security_inode_invalidate_secctx(struct inode *inode)
1488 {
1489 }
1490
security_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)1491 static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
1492 {
1493 return -EOPNOTSUPP;
1494 }
security_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)1495 static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
1496 {
1497 return -EOPNOTSUPP;
1498 }
security_inode_getsecctx(struct inode * inode,void ** ctx,u32 * ctxlen)1499 static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
1500 {
1501 return -EOPNOTSUPP;
1502 }
security_locked_down(enum lockdown_reason what)1503 static inline int security_locked_down(enum lockdown_reason what)
1504 {
1505 return 0;
1506 }
lsm_fill_user_ctx(struct lsm_ctx __user * uctx,u32 * uctx_len,void * val,size_t val_len,u64 id,u64 flags)1507 static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
1508 u32 *uctx_len, void *val, size_t val_len,
1509 u64 id, u64 flags)
1510 {
1511 return -EOPNOTSUPP;
1512 }
1513
security_bdev_alloc(struct block_device * bdev)1514 static inline int security_bdev_alloc(struct block_device *bdev)
1515 {
1516 return 0;
1517 }
1518
security_bdev_free(struct block_device * bdev)1519 static inline void security_bdev_free(struct block_device *bdev)
1520 {
1521 }
1522
security_bdev_setintegrity(struct block_device * bdev,enum lsm_integrity_type type,const void * value,size_t size)1523 static inline int security_bdev_setintegrity(struct block_device *bdev,
1524 enum lsm_integrity_type type,
1525 const void *value, size_t size)
1526 {
1527 return 0;
1528 }
1529
1530 #endif /* CONFIG_SECURITY */
1531
1532 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
1533 int security_post_notification(const struct cred *w_cred,
1534 const struct cred *cred,
1535 struct watch_notification *n);
1536 #else
security_post_notification(const struct cred * w_cred,const struct cred * cred,struct watch_notification * n)1537 static inline int security_post_notification(const struct cred *w_cred,
1538 const struct cred *cred,
1539 struct watch_notification *n)
1540 {
1541 return 0;
1542 }
1543 #endif
1544
1545 #if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
1546 int security_watch_key(struct key *key);
1547 #else
security_watch_key(struct key * key)1548 static inline int security_watch_key(struct key *key)
1549 {
1550 return 0;
1551 }
1552 #endif
1553
1554 #ifdef CONFIG_SECURITY_NETWORK
1555
1556 int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
1557 int security_unix_may_send(struct socket *sock, struct socket *other);
1558 int security_socket_create(int family, int type, int protocol, int kern);
1559 int security_socket_post_create(struct socket *sock, int family,
1560 int type, int protocol, int kern);
1561 int security_socket_socketpair(struct socket *socka, struct socket *sockb);
1562 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
1563 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
1564 int security_socket_listen(struct socket *sock, int backlog);
1565 int security_socket_accept(struct socket *sock, struct socket *newsock);
1566 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
1567 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1568 int size, int flags);
1569 int security_socket_getsockname(struct socket *sock);
1570 int security_socket_getpeername(struct socket *sock);
1571 int security_socket_getsockopt(struct socket *sock, int level, int optname);
1572 int security_socket_setsockopt(struct socket *sock, int level, int optname);
1573 int security_socket_shutdown(struct socket *sock, int how);
1574 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
1575 int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
1576 sockptr_t optlen, unsigned int len);
1577 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
1578 int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1579 void security_sk_free(struct sock *sk);
1580 void security_sk_clone(const struct sock *sk, struct sock *newsk);
1581 void security_sk_classify_flow(const struct sock *sk,
1582 struct flowi_common *flic);
1583 void security_req_classify_flow(const struct request_sock *req,
1584 struct flowi_common *flic);
1585 void security_sock_graft(struct sock*sk, struct socket *parent);
1586 int security_inet_conn_request(const struct sock *sk,
1587 struct sk_buff *skb, struct request_sock *req);
1588 void security_inet_csk_clone(struct sock *newsk,
1589 const struct request_sock *req);
1590 void security_inet_conn_established(struct sock *sk,
1591 struct sk_buff *skb);
1592 int security_secmark_relabel_packet(u32 secid);
1593 void security_secmark_refcount_inc(void);
1594 void security_secmark_refcount_dec(void);
1595 int security_tun_dev_alloc_security(void **security);
1596 void security_tun_dev_free_security(void *security);
1597 int security_tun_dev_create(void);
1598 int security_tun_dev_attach_queue(void *security);
1599 int security_tun_dev_attach(struct sock *sk, void *security);
1600 int security_tun_dev_open(void *security);
1601 int security_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb);
1602 int security_sctp_bind_connect(struct sock *sk, int optname,
1603 struct sockaddr *address, int addrlen);
1604 void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
1605 struct sock *newsk);
1606 int security_sctp_assoc_established(struct sctp_association *asoc,
1607 struct sk_buff *skb);
1608 int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk);
1609
1610 #else /* CONFIG_SECURITY_NETWORK */
security_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)1611 static inline int security_unix_stream_connect(struct sock *sock,
1612 struct sock *other,
1613 struct sock *newsk)
1614 {
1615 return 0;
1616 }
1617
security_unix_may_send(struct socket * sock,struct socket * other)1618 static inline int security_unix_may_send(struct socket *sock,
1619 struct socket *other)
1620 {
1621 return 0;
1622 }
1623
security_socket_create(int family,int type,int protocol,int kern)1624 static inline int security_socket_create(int family, int type,
1625 int protocol, int kern)
1626 {
1627 return 0;
1628 }
1629
security_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)1630 static inline int security_socket_post_create(struct socket *sock,
1631 int family,
1632 int type,
1633 int protocol, int kern)
1634 {
1635 return 0;
1636 }
1637
security_socket_socketpair(struct socket * socka,struct socket * sockb)1638 static inline int security_socket_socketpair(struct socket *socka,
1639 struct socket *sockb)
1640 {
1641 return 0;
1642 }
1643
security_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)1644 static inline int security_socket_bind(struct socket *sock,
1645 struct sockaddr *address,
1646 int addrlen)
1647 {
1648 return 0;
1649 }
1650
security_socket_connect(struct socket * sock,struct sockaddr * address,int addrlen)1651 static inline int security_socket_connect(struct socket *sock,
1652 struct sockaddr *address,
1653 int addrlen)
1654 {
1655 return 0;
1656 }
1657
security_socket_listen(struct socket * sock,int backlog)1658 static inline int security_socket_listen(struct socket *sock, int backlog)
1659 {
1660 return 0;
1661 }
1662
security_socket_accept(struct socket * sock,struct socket * newsock)1663 static inline int security_socket_accept(struct socket *sock,
1664 struct socket *newsock)
1665 {
1666 return 0;
1667 }
1668
security_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)1669 static inline int security_socket_sendmsg(struct socket *sock,
1670 struct msghdr *msg, int size)
1671 {
1672 return 0;
1673 }
1674
security_socket_recvmsg(struct socket * sock,struct msghdr * msg,int size,int flags)1675 static inline int security_socket_recvmsg(struct socket *sock,
1676 struct msghdr *msg, int size,
1677 int flags)
1678 {
1679 return 0;
1680 }
1681
security_socket_getsockname(struct socket * sock)1682 static inline int security_socket_getsockname(struct socket *sock)
1683 {
1684 return 0;
1685 }
1686
security_socket_getpeername(struct socket * sock)1687 static inline int security_socket_getpeername(struct socket *sock)
1688 {
1689 return 0;
1690 }
1691
security_socket_getsockopt(struct socket * sock,int level,int optname)1692 static inline int security_socket_getsockopt(struct socket *sock,
1693 int level, int optname)
1694 {
1695 return 0;
1696 }
1697
security_socket_setsockopt(struct socket * sock,int level,int optname)1698 static inline int security_socket_setsockopt(struct socket *sock,
1699 int level, int optname)
1700 {
1701 return 0;
1702 }
1703
security_socket_shutdown(struct socket * sock,int how)1704 static inline int security_socket_shutdown(struct socket *sock, int how)
1705 {
1706 return 0;
1707 }
security_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)1708 static inline int security_sock_rcv_skb(struct sock *sk,
1709 struct sk_buff *skb)
1710 {
1711 return 0;
1712 }
1713
security_socket_getpeersec_stream(struct socket * sock,sockptr_t optval,sockptr_t optlen,unsigned int len)1714 static inline int security_socket_getpeersec_stream(struct socket *sock,
1715 sockptr_t optval,
1716 sockptr_t optlen,
1717 unsigned int len)
1718 {
1719 return -ENOPROTOOPT;
1720 }
1721
security_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)1722 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
1723 {
1724 return -ENOPROTOOPT;
1725 }
1726
security_sk_alloc(struct sock * sk,int family,gfp_t priority)1727 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1728 {
1729 return 0;
1730 }
1731
security_sk_free(struct sock * sk)1732 static inline void security_sk_free(struct sock *sk)
1733 {
1734 }
1735
security_sk_clone(const struct sock * sk,struct sock * newsk)1736 static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
1737 {
1738 }
1739
security_sk_classify_flow(const struct sock * sk,struct flowi_common * flic)1740 static inline void security_sk_classify_flow(const struct sock *sk,
1741 struct flowi_common *flic)
1742 {
1743 }
1744
security_req_classify_flow(const struct request_sock * req,struct flowi_common * flic)1745 static inline void security_req_classify_flow(const struct request_sock *req,
1746 struct flowi_common *flic)
1747 {
1748 }
1749
security_sock_graft(struct sock * sk,struct socket * parent)1750 static inline void security_sock_graft(struct sock *sk, struct socket *parent)
1751 {
1752 }
1753
security_inet_conn_request(const struct sock * sk,struct sk_buff * skb,struct request_sock * req)1754 static inline int security_inet_conn_request(const struct sock *sk,
1755 struct sk_buff *skb, struct request_sock *req)
1756 {
1757 return 0;
1758 }
1759
security_inet_csk_clone(struct sock * newsk,const struct request_sock * req)1760 static inline void security_inet_csk_clone(struct sock *newsk,
1761 const struct request_sock *req)
1762 {
1763 }
1764
security_inet_conn_established(struct sock * sk,struct sk_buff * skb)1765 static inline void security_inet_conn_established(struct sock *sk,
1766 struct sk_buff *skb)
1767 {
1768 }
1769
security_secmark_relabel_packet(u32 secid)1770 static inline int security_secmark_relabel_packet(u32 secid)
1771 {
1772 return 0;
1773 }
1774
security_secmark_refcount_inc(void)1775 static inline void security_secmark_refcount_inc(void)
1776 {
1777 }
1778
security_secmark_refcount_dec(void)1779 static inline void security_secmark_refcount_dec(void)
1780 {
1781 }
1782
security_tun_dev_alloc_security(void ** security)1783 static inline int security_tun_dev_alloc_security(void **security)
1784 {
1785 return 0;
1786 }
1787
security_tun_dev_free_security(void * security)1788 static inline void security_tun_dev_free_security(void *security)
1789 {
1790 }
1791
security_tun_dev_create(void)1792 static inline int security_tun_dev_create(void)
1793 {
1794 return 0;
1795 }
1796
security_tun_dev_attach_queue(void * security)1797 static inline int security_tun_dev_attach_queue(void *security)
1798 {
1799 return 0;
1800 }
1801
security_tun_dev_attach(struct sock * sk,void * security)1802 static inline int security_tun_dev_attach(struct sock *sk, void *security)
1803 {
1804 return 0;
1805 }
1806
security_tun_dev_open(void * security)1807 static inline int security_tun_dev_open(void *security)
1808 {
1809 return 0;
1810 }
1811
security_sctp_assoc_request(struct sctp_association * asoc,struct sk_buff * skb)1812 static inline int security_sctp_assoc_request(struct sctp_association *asoc,
1813 struct sk_buff *skb)
1814 {
1815 return 0;
1816 }
1817
security_sctp_bind_connect(struct sock * sk,int optname,struct sockaddr * address,int addrlen)1818 static inline int security_sctp_bind_connect(struct sock *sk, int optname,
1819 struct sockaddr *address,
1820 int addrlen)
1821 {
1822 return 0;
1823 }
1824
security_sctp_sk_clone(struct sctp_association * asoc,struct sock * sk,struct sock * newsk)1825 static inline void security_sctp_sk_clone(struct sctp_association *asoc,
1826 struct sock *sk,
1827 struct sock *newsk)
1828 {
1829 }
1830
security_sctp_assoc_established(struct sctp_association * asoc,struct sk_buff * skb)1831 static inline int security_sctp_assoc_established(struct sctp_association *asoc,
1832 struct sk_buff *skb)
1833 {
1834 return 0;
1835 }
1836
security_mptcp_add_subflow(struct sock * sk,struct sock * ssk)1837 static inline int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
1838 {
1839 return 0;
1840 }
1841 #endif /* CONFIG_SECURITY_NETWORK */
1842
1843 #ifdef CONFIG_SECURITY_INFINIBAND
1844 int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
1845 int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
1846 int security_ib_alloc_security(void **sec);
1847 void security_ib_free_security(void *sec);
1848 #else /* CONFIG_SECURITY_INFINIBAND */
security_ib_pkey_access(void * sec,u64 subnet_prefix,u16 pkey)1849 static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
1850 {
1851 return 0;
1852 }
1853
security_ib_endport_manage_subnet(void * sec,const char * dev_name,u8 port_num)1854 static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
1855 {
1856 return 0;
1857 }
1858
security_ib_alloc_security(void ** sec)1859 static inline int security_ib_alloc_security(void **sec)
1860 {
1861 return 0;
1862 }
1863
security_ib_free_security(void * sec)1864 static inline void security_ib_free_security(void *sec)
1865 {
1866 }
1867 #endif /* CONFIG_SECURITY_INFINIBAND */
1868
1869 #ifdef CONFIG_SECURITY_NETWORK_XFRM
1870
1871 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1872 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
1873 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
1874 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
1875 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
1876 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1877 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1878 struct xfrm_sec_ctx *polsec, u32 secid);
1879 int security_xfrm_state_delete(struct xfrm_state *x);
1880 void security_xfrm_state_free(struct xfrm_state *x);
1881 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);
1882 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1883 struct xfrm_policy *xp,
1884 const struct flowi_common *flic);
1885 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
1886 void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
1887
1888 #else /* CONFIG_SECURITY_NETWORK_XFRM */
1889
security_xfrm_policy_alloc(struct xfrm_sec_ctx ** ctxp,struct xfrm_user_sec_ctx * sec_ctx,gfp_t gfp)1890 static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
1891 struct xfrm_user_sec_ctx *sec_ctx,
1892 gfp_t gfp)
1893 {
1894 return 0;
1895 }
1896
security_xfrm_policy_clone(struct xfrm_sec_ctx * old,struct xfrm_sec_ctx ** new_ctxp)1897 static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
1898 {
1899 return 0;
1900 }
1901
security_xfrm_policy_free(struct xfrm_sec_ctx * ctx)1902 static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
1903 {
1904 }
1905
security_xfrm_policy_delete(struct xfrm_sec_ctx * ctx)1906 static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
1907 {
1908 return 0;
1909 }
1910
security_xfrm_state_alloc(struct xfrm_state * x,struct xfrm_user_sec_ctx * sec_ctx)1911 static inline int security_xfrm_state_alloc(struct xfrm_state *x,
1912 struct xfrm_user_sec_ctx *sec_ctx)
1913 {
1914 return 0;
1915 }
1916
security_xfrm_state_alloc_acquire(struct xfrm_state * x,struct xfrm_sec_ctx * polsec,u32 secid)1917 static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1918 struct xfrm_sec_ctx *polsec, u32 secid)
1919 {
1920 return 0;
1921 }
1922
security_xfrm_state_free(struct xfrm_state * x)1923 static inline void security_xfrm_state_free(struct xfrm_state *x)
1924 {
1925 }
1926
security_xfrm_state_delete(struct xfrm_state * x)1927 static inline int security_xfrm_state_delete(struct xfrm_state *x)
1928 {
1929 return 0;
1930 }
1931
security_xfrm_policy_lookup(struct xfrm_sec_ctx * ctx,u32 fl_secid)1932 static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
1933 {
1934 return 0;
1935 }
1936
security_xfrm_state_pol_flow_match(struct xfrm_state * x,struct xfrm_policy * xp,const struct flowi_common * flic)1937 static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1938 struct xfrm_policy *xp,
1939 const struct flowi_common *flic)
1940 {
1941 return 1;
1942 }
1943
security_xfrm_decode_session(struct sk_buff * skb,u32 * secid)1944 static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
1945 {
1946 return 0;
1947 }
1948
security_skb_classify_flow(struct sk_buff * skb,struct flowi_common * flic)1949 static inline void security_skb_classify_flow(struct sk_buff *skb,
1950 struct flowi_common *flic)
1951 {
1952 }
1953
1954 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1955
1956 #ifdef CONFIG_SECURITY_PATH
1957 int security_path_unlink(const struct path *dir, struct dentry *dentry);
1958 int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
1959 int security_path_rmdir(const struct path *dir, struct dentry *dentry);
1960 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
1961 unsigned int dev);
1962 void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry);
1963 int security_path_truncate(const struct path *path);
1964 int security_path_symlink(const struct path *dir, struct dentry *dentry,
1965 const char *old_name);
1966 int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
1967 struct dentry *new_dentry);
1968 int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1969 const struct path *new_dir, struct dentry *new_dentry,
1970 unsigned int flags);
1971 int security_path_chmod(const struct path *path, umode_t mode);
1972 int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
1973 int security_path_chroot(const struct path *path);
1974 #else /* CONFIG_SECURITY_PATH */
security_path_unlink(const struct path * dir,struct dentry * dentry)1975 static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
1976 {
1977 return 0;
1978 }
1979
security_path_mkdir(const struct path * dir,struct dentry * dentry,umode_t mode)1980 static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
1981 umode_t mode)
1982 {
1983 return 0;
1984 }
1985
security_path_rmdir(const struct path * dir,struct dentry * dentry)1986 static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
1987 {
1988 return 0;
1989 }
1990
security_path_mknod(const struct path * dir,struct dentry * dentry,umode_t mode,unsigned int dev)1991 static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
1992 umode_t mode, unsigned int dev)
1993 {
1994 return 0;
1995 }
1996
security_path_post_mknod(struct mnt_idmap * idmap,struct dentry * dentry)1997 static inline void security_path_post_mknod(struct mnt_idmap *idmap,
1998 struct dentry *dentry)
1999 { }
2000
security_path_truncate(const struct path * path)2001 static inline int security_path_truncate(const struct path *path)
2002 {
2003 return 0;
2004 }
2005
security_path_symlink(const struct path * dir,struct dentry * dentry,const char * old_name)2006 static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
2007 const char *old_name)
2008 {
2009 return 0;
2010 }
2011
security_path_link(struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry)2012 static inline int security_path_link(struct dentry *old_dentry,
2013 const struct path *new_dir,
2014 struct dentry *new_dentry)
2015 {
2016 return 0;
2017 }
2018
security_path_rename(const struct path * old_dir,struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry,unsigned int flags)2019 static inline int security_path_rename(const struct path *old_dir,
2020 struct dentry *old_dentry,
2021 const struct path *new_dir,
2022 struct dentry *new_dentry,
2023 unsigned int flags)
2024 {
2025 return 0;
2026 }
2027
security_path_chmod(const struct path * path,umode_t mode)2028 static inline int security_path_chmod(const struct path *path, umode_t mode)
2029 {
2030 return 0;
2031 }
2032
security_path_chown(const struct path * path,kuid_t uid,kgid_t gid)2033 static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
2034 {
2035 return 0;
2036 }
2037
security_path_chroot(const struct path * path)2038 static inline int security_path_chroot(const struct path *path)
2039 {
2040 return 0;
2041 }
2042 #endif /* CONFIG_SECURITY_PATH */
2043
2044 #ifdef CONFIG_KEYS
2045 #ifdef CONFIG_SECURITY
2046
2047 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
2048 void security_key_free(struct key *key);
2049 int security_key_permission(key_ref_t key_ref, const struct cred *cred,
2050 enum key_need_perm need_perm);
2051 int security_key_getsecurity(struct key *key, char **_buffer);
2052 void security_key_post_create_or_update(struct key *keyring, struct key *key,
2053 const void *payload, size_t payload_len,
2054 unsigned long flags, bool create);
2055
2056 #else
2057
security_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)2058 static inline int security_key_alloc(struct key *key,
2059 const struct cred *cred,
2060 unsigned long flags)
2061 {
2062 return 0;
2063 }
2064
security_key_free(struct key * key)2065 static inline void security_key_free(struct key *key)
2066 {
2067 }
2068
security_key_permission(key_ref_t key_ref,const struct cred * cred,enum key_need_perm need_perm)2069 static inline int security_key_permission(key_ref_t key_ref,
2070 const struct cred *cred,
2071 enum key_need_perm need_perm)
2072 {
2073 return 0;
2074 }
2075
security_key_getsecurity(struct key * key,char ** _buffer)2076 static inline int security_key_getsecurity(struct key *key, char **_buffer)
2077 {
2078 *_buffer = NULL;
2079 return 0;
2080 }
2081
security_key_post_create_or_update(struct key * keyring,struct key * key,const void * payload,size_t payload_len,unsigned long flags,bool create)2082 static inline void security_key_post_create_or_update(struct key *keyring,
2083 struct key *key,
2084 const void *payload,
2085 size_t payload_len,
2086 unsigned long flags,
2087 bool create)
2088 { }
2089
2090 #endif
2091 #endif /* CONFIG_KEYS */
2092
2093 #ifdef CONFIG_AUDIT
2094 #ifdef CONFIG_SECURITY
2095 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
2096 gfp_t gfp);
2097 int security_audit_rule_known(struct audit_krule *krule);
2098 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
2099 void security_audit_rule_free(void *lsmrule);
2100
2101 #else
2102
security_audit_rule_init(u32 field,u32 op,char * rulestr,void ** lsmrule,gfp_t gfp)2103 static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
2104 void **lsmrule, gfp_t gfp)
2105 {
2106 return 0;
2107 }
2108
security_audit_rule_known(struct audit_krule * krule)2109 static inline int security_audit_rule_known(struct audit_krule *krule)
2110 {
2111 return 0;
2112 }
2113
security_audit_rule_match(u32 secid,u32 field,u32 op,void * lsmrule)2114 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
2115 void *lsmrule)
2116 {
2117 return 0;
2118 }
2119
security_audit_rule_free(void * lsmrule)2120 static inline void security_audit_rule_free(void *lsmrule)
2121 { }
2122
2123 #endif /* CONFIG_SECURITY */
2124 #endif /* CONFIG_AUDIT */
2125
2126 #ifdef CONFIG_SECURITYFS
2127
2128 extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
2129 struct dentry *parent, void *data,
2130 const struct file_operations *fops);
2131 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2132 struct dentry *securityfs_create_symlink(const char *name,
2133 struct dentry *parent,
2134 const char *target,
2135 const struct inode_operations *iops);
2136 extern void securityfs_remove(struct dentry *dentry);
2137 extern void securityfs_recursive_remove(struct dentry *dentry);
2138
2139 #else /* CONFIG_SECURITYFS */
2140
securityfs_create_dir(const char * name,struct dentry * parent)2141 static inline struct dentry *securityfs_create_dir(const char *name,
2142 struct dentry *parent)
2143 {
2144 return ERR_PTR(-ENODEV);
2145 }
2146
securityfs_create_file(const char * name,umode_t mode,struct dentry * parent,void * data,const struct file_operations * fops)2147 static inline struct dentry *securityfs_create_file(const char *name,
2148 umode_t mode,
2149 struct dentry *parent,
2150 void *data,
2151 const struct file_operations *fops)
2152 {
2153 return ERR_PTR(-ENODEV);
2154 }
2155
securityfs_create_symlink(const char * name,struct dentry * parent,const char * target,const struct inode_operations * iops)2156 static inline struct dentry *securityfs_create_symlink(const char *name,
2157 struct dentry *parent,
2158 const char *target,
2159 const struct inode_operations *iops)
2160 {
2161 return ERR_PTR(-ENODEV);
2162 }
2163
securityfs_remove(struct dentry * dentry)2164 static inline void securityfs_remove(struct dentry *dentry)
2165 {}
2166
2167 #endif
2168
2169 #ifdef CONFIG_BPF_SYSCALL
2170 union bpf_attr;
2171 struct bpf_map;
2172 struct bpf_prog;
2173 struct bpf_token;
2174 #ifdef CONFIG_SECURITY
2175 extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size);
2176 extern int security_bpf_map(struct bpf_map *map, fmode_t fmode);
2177 extern int security_bpf_prog(struct bpf_prog *prog);
2178 extern int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
2179 struct bpf_token *token);
2180 extern void security_bpf_map_free(struct bpf_map *map);
2181 extern int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
2182 struct bpf_token *token);
2183 extern void security_bpf_prog_free(struct bpf_prog *prog);
2184 extern int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
2185 const struct path *path);
2186 extern void security_bpf_token_free(struct bpf_token *token);
2187 extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd);
2188 extern int security_bpf_token_capable(const struct bpf_token *token, int cap);
2189 #else
security_bpf(int cmd,union bpf_attr * attr,unsigned int size)2190 static inline int security_bpf(int cmd, union bpf_attr *attr,
2191 unsigned int size)
2192 {
2193 return 0;
2194 }
2195
security_bpf_map(struct bpf_map * map,fmode_t fmode)2196 static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode)
2197 {
2198 return 0;
2199 }
2200
security_bpf_prog(struct bpf_prog * prog)2201 static inline int security_bpf_prog(struct bpf_prog *prog)
2202 {
2203 return 0;
2204 }
2205
security_bpf_map_create(struct bpf_map * map,union bpf_attr * attr,struct bpf_token * token)2206 static inline int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
2207 struct bpf_token *token)
2208 {
2209 return 0;
2210 }
2211
security_bpf_map_free(struct bpf_map * map)2212 static inline void security_bpf_map_free(struct bpf_map *map)
2213 { }
2214
security_bpf_prog_load(struct bpf_prog * prog,union bpf_attr * attr,struct bpf_token * token)2215 static inline int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
2216 struct bpf_token *token)
2217 {
2218 return 0;
2219 }
2220
security_bpf_prog_free(struct bpf_prog * prog)2221 static inline void security_bpf_prog_free(struct bpf_prog *prog)
2222 { }
2223
security_bpf_token_create(struct bpf_token * token,union bpf_attr * attr,const struct path * path)2224 static inline int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
2225 const struct path *path)
2226 {
2227 return 0;
2228 }
2229
security_bpf_token_free(struct bpf_token * token)2230 static inline void security_bpf_token_free(struct bpf_token *token)
2231 { }
2232
security_bpf_token_cmd(const struct bpf_token * token,enum bpf_cmd cmd)2233 static inline int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
2234 {
2235 return 0;
2236 }
2237
security_bpf_token_capable(const struct bpf_token * token,int cap)2238 static inline int security_bpf_token_capable(const struct bpf_token *token, int cap)
2239 {
2240 return 0;
2241 }
2242 #endif /* CONFIG_SECURITY */
2243 #endif /* CONFIG_BPF_SYSCALL */
2244
2245 #ifdef CONFIG_PERF_EVENTS
2246 struct perf_event_attr;
2247 struct perf_event;
2248
2249 #ifdef CONFIG_SECURITY
2250 extern int security_perf_event_open(struct perf_event_attr *attr, int type);
2251 extern int security_perf_event_alloc(struct perf_event *event);
2252 extern void security_perf_event_free(struct perf_event *event);
2253 extern int security_perf_event_read(struct perf_event *event);
2254 extern int security_perf_event_write(struct perf_event *event);
2255 #else
security_perf_event_open(struct perf_event_attr * attr,int type)2256 static inline int security_perf_event_open(struct perf_event_attr *attr,
2257 int type)
2258 {
2259 return 0;
2260 }
2261
security_perf_event_alloc(struct perf_event * event)2262 static inline int security_perf_event_alloc(struct perf_event *event)
2263 {
2264 return 0;
2265 }
2266
security_perf_event_free(struct perf_event * event)2267 static inline void security_perf_event_free(struct perf_event *event)
2268 {
2269 }
2270
security_perf_event_read(struct perf_event * event)2271 static inline int security_perf_event_read(struct perf_event *event)
2272 {
2273 return 0;
2274 }
2275
security_perf_event_write(struct perf_event * event)2276 static inline int security_perf_event_write(struct perf_event *event)
2277 {
2278 return 0;
2279 }
2280 #endif /* CONFIG_SECURITY */
2281 #endif /* CONFIG_PERF_EVENTS */
2282
2283 #ifdef CONFIG_IO_URING
2284 #ifdef CONFIG_SECURITY
2285 extern int security_uring_override_creds(const struct cred *new);
2286 extern int security_uring_sqpoll(void);
2287 extern int security_uring_cmd(struct io_uring_cmd *ioucmd);
2288 #else
security_uring_override_creds(const struct cred * new)2289 static inline int security_uring_override_creds(const struct cred *new)
2290 {
2291 return 0;
2292 }
security_uring_sqpoll(void)2293 static inline int security_uring_sqpoll(void)
2294 {
2295 return 0;
2296 }
security_uring_cmd(struct io_uring_cmd * ioucmd)2297 static inline int security_uring_cmd(struct io_uring_cmd *ioucmd)
2298 {
2299 return 0;
2300 }
2301 #endif /* CONFIG_SECURITY */
2302 #endif /* CONFIG_IO_URING */
2303
2304 #ifdef CONFIG_SECURITY
2305 extern void security_initramfs_populated(void);
2306 #else
security_initramfs_populated(void)2307 static inline void security_initramfs_populated(void)
2308 {
2309 }
2310 #endif /* CONFIG_SECURITY */
2311
2312 #endif /* ! __LINUX_SECURITY_H */
2313