1 /* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2016 Mellanox Techonologies 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * Due to this file being licensed under the GPL there is controversy over 17 * whether this permits you to write a module that #includes this file 18 * without placing your module under the GPL. Please consult a lawyer for 19 * advice before doing this. 20 * 21 */ 22 23 #ifndef __LINUX_SECURITY_H 24 #define __LINUX_SECURITY_H 25 26 #include <linux/kernel_read_file.h> 27 #include <linux/key.h> 28 #include <linux/capability.h> 29 #include <linux/fs.h> 30 #include <linux/slab.h> 31 #include <linux/err.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/sockptr.h> 35 #include <linux/bpf.h> 36 #include <uapi/linux/lsm.h> 37 38 struct linux_binprm; 39 struct cred; 40 struct rlimit; 41 struct kernel_siginfo; 42 struct sembuf; 43 struct kern_ipc_perm; 44 struct audit_context; 45 struct super_block; 46 struct inode; 47 struct dentry; 48 struct file; 49 struct vfsmount; 50 struct path; 51 struct qstr; 52 struct iattr; 53 struct fown_struct; 54 struct file_operations; 55 struct msg_msg; 56 struct xattr; 57 struct kernfs_node; 58 struct xfrm_sec_ctx; 59 struct mm_struct; 60 struct fs_context; 61 struct fs_parameter; 62 enum fs_value_type; 63 struct watch; 64 struct watch_notification; 65 struct lsm_ctx; 66 67 /* Default (no) options for the capable function */ 68 #define CAP_OPT_NONE 0x0 69 /* If capable should audit the security request */ 70 #define CAP_OPT_NOAUDIT BIT(1) 71 /* If capable is being called by a setid function */ 72 #define CAP_OPT_INSETID BIT(2) 73 74 /* LSM Agnostic defines for security_sb_set_mnt_opts() flags */ 75 #define SECURITY_LSM_NATIVE_LABELS 1 76 77 struct ctl_table; 78 struct audit_krule; 79 struct user_namespace; 80 struct timezone; 81 82 enum lsm_event { 83 LSM_POLICY_CHANGE, 84 }; 85 86 struct dm_verity_digest { 87 const char *alg; 88 const u8 *digest; 89 size_t digest_len; 90 }; 91 92 enum lsm_integrity_type { 93 LSM_INT_DMVERITY_SIG_VALID, 94 LSM_INT_DMVERITY_ROOTHASH, 95 LSM_INT_FSVERITY_BUILTINSIG_VALID, 96 }; 97 98 /* 99 * These are reasons that can be passed to the security_locked_down() 100 * LSM hook. Lockdown reasons that protect kernel integrity (ie, the 101 * ability for userland to modify kernel code) are placed before 102 * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel 103 * confidentiality (ie, the ability for userland to extract 104 * information from the running kernel that would otherwise be 105 * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX. 106 * 107 * LSM authors should note that the semantics of any given lockdown 108 * reason are not guaranteed to be stable - the same reason may block 109 * one set of features in one kernel release, and a slightly different 110 * set of features in a later kernel release. LSMs that seek to expose 111 * lockdown policy at any level of granularity other than "none", 112 * "integrity" or "confidentiality" are responsible for either 113 * ensuring that they expose a consistent level of functionality to 114 * userland, or ensuring that userland is aware that this is 115 * potentially a moving target. It is easy to misuse this information 116 * in a way that could break userspace. Please be careful not to do 117 * so. 118 * 119 * If you add to this, remember to extend lockdown_reasons in 120 * security/lockdown/lockdown.c. 121 */ 122 enum lockdown_reason { 123 LOCKDOWN_NONE, 124 LOCKDOWN_MODULE_SIGNATURE, 125 LOCKDOWN_DEV_MEM, 126 LOCKDOWN_EFI_TEST, 127 LOCKDOWN_KEXEC, 128 LOCKDOWN_HIBERNATION, 129 LOCKDOWN_PCI_ACCESS, 130 LOCKDOWN_IOPORT, 131 LOCKDOWN_MSR, 132 LOCKDOWN_ACPI_TABLES, 133 LOCKDOWN_DEVICE_TREE, 134 LOCKDOWN_PCMCIA_CIS, 135 LOCKDOWN_TIOCSSERIAL, 136 LOCKDOWN_MODULE_PARAMETERS, 137 LOCKDOWN_MMIOTRACE, 138 LOCKDOWN_DEBUGFS, 139 LOCKDOWN_XMON_WR, 140 LOCKDOWN_BPF_WRITE_USER, 141 LOCKDOWN_DBG_WRITE_KERNEL, 142 LOCKDOWN_RTAS_ERROR_INJECTION, 143 LOCKDOWN_INTEGRITY_MAX, 144 LOCKDOWN_KCORE, 145 LOCKDOWN_KPROBES, 146 LOCKDOWN_BPF_READ_KERNEL, 147 LOCKDOWN_DBG_READ_KERNEL, 148 LOCKDOWN_PERF, 149 LOCKDOWN_TRACEFS, 150 LOCKDOWN_XMON_RW, 151 LOCKDOWN_XFRM_SECRET, 152 LOCKDOWN_CONFIDENTIALITY_MAX, 153 }; 154 155 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; 156 extern u32 lsm_active_cnt; 157 extern const struct lsm_id *lsm_idlist[]; 158 159 /* These functions are in security/commoncap.c */ 160 extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 161 int cap, unsigned int opts); 162 extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); 163 extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 164 extern int cap_ptrace_traceme(struct task_struct *parent); 165 extern int cap_capget(const struct task_struct *target, kernel_cap_t *effective, 166 kernel_cap_t *inheritable, kernel_cap_t *permitted); 167 extern int cap_capset(struct cred *new, const struct cred *old, 168 const kernel_cap_t *effective, 169 const kernel_cap_t *inheritable, 170 const kernel_cap_t *permitted); 171 extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file); 172 int cap_inode_setxattr(struct dentry *dentry, const char *name, 173 const void *value, size_t size, int flags); 174 int cap_inode_removexattr(struct mnt_idmap *idmap, 175 struct dentry *dentry, const char *name); 176 int cap_inode_need_killpriv(struct dentry *dentry); 177 int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry); 178 int cap_inode_getsecurity(struct mnt_idmap *idmap, 179 struct inode *inode, const char *name, void **buffer, 180 bool alloc); 181 extern int cap_mmap_addr(unsigned long addr); 182 extern int cap_mmap_file(struct file *file, unsigned long reqprot, 183 unsigned long prot, unsigned long flags); 184 extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 185 extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 186 unsigned long arg4, unsigned long arg5); 187 extern int cap_task_setscheduler(struct task_struct *p); 188 extern int cap_task_setioprio(struct task_struct *p, int ioprio); 189 extern int cap_task_setnice(struct task_struct *p, int nice); 190 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 191 192 struct msghdr; 193 struct sk_buff; 194 struct sock; 195 struct sockaddr; 196 struct socket; 197 struct flowi_common; 198 struct dst_entry; 199 struct xfrm_selector; 200 struct xfrm_policy; 201 struct xfrm_state; 202 struct xfrm_user_sec_ctx; 203 struct seq_file; 204 struct sctp_association; 205 206 #ifdef CONFIG_MMU 207 extern unsigned long mmap_min_addr; 208 extern unsigned long dac_mmap_min_addr; 209 #else 210 #define mmap_min_addr 0UL 211 #define dac_mmap_min_addr 0UL 212 #endif 213 214 /* 215 * Values used in the task_security_ops calls 216 */ 217 /* setuid or setgid, id0 == uid or gid */ 218 #define LSM_SETID_ID 1 219 220 /* setreuid or setregid, id0 == real, id1 == eff */ 221 #define LSM_SETID_RE 2 222 223 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 224 #define LSM_SETID_RES 4 225 226 /* setfsuid or setfsgid, id0 == fsuid or fsgid */ 227 #define LSM_SETID_FS 8 228 229 /* Flags for security_task_prlimit(). */ 230 #define LSM_PRLIMIT_READ 1 231 #define LSM_PRLIMIT_WRITE 2 232 233 /* forward declares to avoid warnings */ 234 struct sched_param; 235 struct request_sock; 236 237 /* bprm->unsafe reasons */ 238 #define LSM_UNSAFE_SHARE 1 239 #define LSM_UNSAFE_PTRACE 2 240 #define LSM_UNSAFE_NO_NEW_PRIVS 4 241 242 #ifdef CONFIG_MMU 243 extern int mmap_min_addr_handler(const struct ctl_table *table, int write, 244 void *buffer, size_t *lenp, loff_t *ppos); 245 #endif 246 247 /* security_inode_init_security callback function to write xattrs */ 248 typedef int (*initxattrs) (struct inode *inode, 249 const struct xattr *xattr_array, void *fs_data); 250 251 252 /* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */ 253 #define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM, 254 #define __data_id_stringify(dummy, str) #str, 255 256 enum kernel_load_data_id { 257 __kernel_read_file_id(__data_id_enumify) 258 }; 259 260 static const char * const kernel_load_data_str[] = { 261 __kernel_read_file_id(__data_id_stringify) 262 }; 263 kernel_load_data_id_str(enum kernel_load_data_id id)264 static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id) 265 { 266 if ((unsigned)id >= LOADING_MAX_ID) 267 return kernel_load_data_str[LOADING_UNKNOWN]; 268 269 return kernel_load_data_str[id]; 270 } 271 272 #ifdef CONFIG_SECURITY 273 274 int call_blocking_lsm_notifier(enum lsm_event event, void *data); 275 int register_blocking_lsm_notifier(struct notifier_block *nb); 276 int unregister_blocking_lsm_notifier(struct notifier_block *nb); 277 278 /* prototypes */ 279 extern int security_init(void); 280 extern int early_security_init(void); 281 extern u64 lsm_name_to_attr(const char *name); 282 283 /* Security operations */ 284 int security_binder_set_context_mgr(const struct cred *mgr); 285 int security_binder_transaction(const struct cred *from, 286 const struct cred *to); 287 int security_binder_transfer_binder(const struct cred *from, 288 const struct cred *to); 289 int security_binder_transfer_file(const struct cred *from, 290 const struct cred *to, const struct file *file); 291 int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 292 int security_ptrace_traceme(struct task_struct *parent); 293 int security_capget(const struct task_struct *target, 294 kernel_cap_t *effective, 295 kernel_cap_t *inheritable, 296 kernel_cap_t *permitted); 297 int security_capset(struct cred *new, const struct cred *old, 298 const kernel_cap_t *effective, 299 const kernel_cap_t *inheritable, 300 const kernel_cap_t *permitted); 301 int security_capable(const struct cred *cred, 302 struct user_namespace *ns, 303 int cap, 304 unsigned int opts); 305 int security_quotactl(int cmds, int type, int id, const struct super_block *sb); 306 int security_quota_on(struct dentry *dentry); 307 int security_syslog(int type); 308 int security_settime64(const struct timespec64 *ts, const struct timezone *tz); 309 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 310 int security_bprm_creds_for_exec(struct linux_binprm *bprm); 311 int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file); 312 int security_bprm_check(struct linux_binprm *bprm); 313 void security_bprm_committing_creds(const struct linux_binprm *bprm); 314 void security_bprm_committed_creds(const struct linux_binprm *bprm); 315 int security_fs_context_submount(struct fs_context *fc, struct super_block *reference); 316 int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc); 317 int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param); 318 int security_sb_alloc(struct super_block *sb); 319 void security_sb_delete(struct super_block *sb); 320 void security_sb_free(struct super_block *sb); 321 void security_free_mnt_opts(void **mnt_opts); 322 int security_sb_eat_lsm_opts(char *options, void **mnt_opts); 323 int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts); 324 int security_sb_remount(struct super_block *sb, void *mnt_opts); 325 int security_sb_kern_mount(const struct super_block *sb); 326 int security_sb_show_options(struct seq_file *m, struct super_block *sb); 327 int security_sb_statfs(struct dentry *dentry); 328 int security_sb_mount(const char *dev_name, const struct path *path, 329 const char *type, unsigned long flags, void *data); 330 int security_sb_umount(struct vfsmount *mnt, int flags); 331 int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 332 int security_sb_set_mnt_opts(struct super_block *sb, 333 void *mnt_opts, 334 unsigned long kern_flags, 335 unsigned long *set_kern_flags); 336 int security_sb_clone_mnt_opts(const struct super_block *oldsb, 337 struct super_block *newsb, 338 unsigned long kern_flags, 339 unsigned long *set_kern_flags); 340 int security_move_mount(const struct path *from_path, const struct path *to_path); 341 int security_dentry_init_security(struct dentry *dentry, int mode, 342 const struct qstr *name, 343 const char **xattr_name, void **ctx, 344 u32 *ctxlen); 345 int security_dentry_create_files_as(struct dentry *dentry, int mode, 346 struct qstr *name, 347 const struct cred *old, 348 struct cred *new); 349 int security_path_notify(const struct path *path, u64 mask, 350 unsigned int obj_type); 351 int security_inode_alloc(struct inode *inode, gfp_t gfp); 352 void security_inode_free(struct inode *inode); 353 int security_inode_init_security(struct inode *inode, struct inode *dir, 354 const struct qstr *qstr, 355 initxattrs initxattrs, void *fs_data); 356 int security_inode_init_security_anon(struct inode *inode, 357 const struct qstr *name, 358 const struct inode *context_inode); 359 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 360 void security_inode_post_create_tmpfile(struct mnt_idmap *idmap, 361 struct inode *inode); 362 int security_inode_link(struct dentry *old_dentry, struct inode *dir, 363 struct dentry *new_dentry); 364 int security_inode_unlink(struct inode *dir, struct dentry *dentry); 365 int security_inode_symlink(struct inode *dir, struct dentry *dentry, 366 const char *old_name); 367 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 368 int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 369 int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 370 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 371 struct inode *new_dir, struct dentry *new_dentry, 372 unsigned int flags); 373 int security_inode_readlink(struct dentry *dentry); 374 int security_inode_follow_link(struct dentry *dentry, struct inode *inode, 375 bool rcu); 376 int security_inode_permission(struct inode *inode, int mask); 377 int security_inode_setattr(struct mnt_idmap *idmap, 378 struct dentry *dentry, struct iattr *attr); 379 void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 380 int ia_valid); 381 int security_inode_getattr(const struct path *path); 382 int security_inode_setxattr(struct mnt_idmap *idmap, 383 struct dentry *dentry, const char *name, 384 const void *value, size_t size, int flags); 385 int security_inode_set_acl(struct mnt_idmap *idmap, 386 struct dentry *dentry, const char *acl_name, 387 struct posix_acl *kacl); 388 void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name, 389 struct posix_acl *kacl); 390 int security_inode_get_acl(struct mnt_idmap *idmap, 391 struct dentry *dentry, const char *acl_name); 392 int security_inode_remove_acl(struct mnt_idmap *idmap, 393 struct dentry *dentry, const char *acl_name); 394 void security_inode_post_remove_acl(struct mnt_idmap *idmap, 395 struct dentry *dentry, 396 const char *acl_name); 397 void security_inode_post_setxattr(struct dentry *dentry, const char *name, 398 const void *value, size_t size, int flags); 399 int security_inode_getxattr(struct dentry *dentry, const char *name); 400 int security_inode_listxattr(struct dentry *dentry); 401 int security_inode_removexattr(struct mnt_idmap *idmap, 402 struct dentry *dentry, const char *name); 403 void security_inode_post_removexattr(struct dentry *dentry, const char *name); 404 int security_inode_need_killpriv(struct dentry *dentry); 405 int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry); 406 int security_inode_getsecurity(struct mnt_idmap *idmap, 407 struct inode *inode, const char *name, 408 void **buffer, bool alloc); 409 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 410 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 411 void security_inode_getsecid(struct inode *inode, u32 *secid); 412 int security_inode_copy_up(struct dentry *src, struct cred **new); 413 int security_inode_copy_up_xattr(struct dentry *src, const char *name); 414 int security_inode_setintegrity(const struct inode *inode, 415 enum lsm_integrity_type type, const void *value, 416 size_t size); 417 int security_kernfs_init_security(struct kernfs_node *kn_dir, 418 struct kernfs_node *kn); 419 int security_file_permission(struct file *file, int mask); 420 int security_file_alloc(struct file *file); 421 void security_file_release(struct file *file); 422 void security_file_free(struct file *file); 423 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 424 int security_file_ioctl_compat(struct file *file, unsigned int cmd, 425 unsigned long arg); 426 int security_mmap_file(struct file *file, unsigned long prot, 427 unsigned long flags); 428 int security_mmap_addr(unsigned long addr); 429 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 430 unsigned long prot); 431 int security_file_lock(struct file *file, unsigned int cmd); 432 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 433 void security_file_set_fowner(struct file *file); 434 int security_file_send_sigiotask(struct task_struct *tsk, 435 struct fown_struct *fown, int sig); 436 int security_file_receive(struct file *file); 437 int security_file_open(struct file *file); 438 int security_file_post_open(struct file *file, int mask); 439 int security_file_truncate(struct file *file); 440 int security_task_alloc(struct task_struct *task, unsigned long clone_flags); 441 void security_task_free(struct task_struct *task); 442 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 443 void security_cred_free(struct cred *cred); 444 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 445 void security_transfer_creds(struct cred *new, const struct cred *old); 446 void security_cred_getsecid(const struct cred *c, u32 *secid); 447 int security_kernel_act_as(struct cred *new, u32 secid); 448 int security_kernel_create_files_as(struct cred *new, struct inode *inode); 449 int security_kernel_module_request(char *kmod_name); 450 int security_kernel_load_data(enum kernel_load_data_id id, bool contents); 451 int security_kernel_post_load_data(char *buf, loff_t size, 452 enum kernel_load_data_id id, 453 char *description); 454 int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, 455 bool contents); 456 int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 457 enum kernel_read_file_id id); 458 int security_task_fix_setuid(struct cred *new, const struct cred *old, 459 int flags); 460 int security_task_fix_setgid(struct cred *new, const struct cred *old, 461 int flags); 462 int security_task_fix_setgroups(struct cred *new, const struct cred *old); 463 int security_task_setpgid(struct task_struct *p, pid_t pgid); 464 int security_task_getpgid(struct task_struct *p); 465 int security_task_getsid(struct task_struct *p); 466 void security_current_getsecid_subj(u32 *secid); 467 void security_task_getsecid_obj(struct task_struct *p, u32 *secid); 468 int security_task_setnice(struct task_struct *p, int nice); 469 int security_task_setioprio(struct task_struct *p, int ioprio); 470 int security_task_getioprio(struct task_struct *p); 471 int security_task_prlimit(const struct cred *cred, const struct cred *tcred, 472 unsigned int flags); 473 int security_task_setrlimit(struct task_struct *p, unsigned int resource, 474 struct rlimit *new_rlim); 475 int security_task_setscheduler(struct task_struct *p); 476 int security_task_getscheduler(struct task_struct *p); 477 int security_task_movememory(struct task_struct *p); 478 int security_task_kill(struct task_struct *p, struct kernel_siginfo *info, 479 int sig, const struct cred *cred); 480 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 481 unsigned long arg4, unsigned long arg5); 482 void security_task_to_inode(struct task_struct *p, struct inode *inode); 483 int security_create_user_ns(const struct cred *cred); 484 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 485 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 486 int security_msg_msg_alloc(struct msg_msg *msg); 487 void security_msg_msg_free(struct msg_msg *msg); 488 int security_msg_queue_alloc(struct kern_ipc_perm *msq); 489 void security_msg_queue_free(struct kern_ipc_perm *msq); 490 int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg); 491 int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd); 492 int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 493 struct msg_msg *msg, int msqflg); 494 int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, 495 struct task_struct *target, long type, int mode); 496 int security_shm_alloc(struct kern_ipc_perm *shp); 497 void security_shm_free(struct kern_ipc_perm *shp); 498 int security_shm_associate(struct kern_ipc_perm *shp, int shmflg); 499 int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd); 500 int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg); 501 int security_sem_alloc(struct kern_ipc_perm *sma); 502 void security_sem_free(struct kern_ipc_perm *sma); 503 int security_sem_associate(struct kern_ipc_perm *sma, int semflg); 504 int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); 505 int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, 506 unsigned nsops, int alter); 507 void security_d_instantiate(struct dentry *dentry, struct inode *inode); 508 int security_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, 509 u32 __user *size, u32 flags); 510 int security_setselfattr(unsigned int attr, struct lsm_ctx __user *ctx, 511 u32 size, u32 flags); 512 int security_getprocattr(struct task_struct *p, int lsmid, const char *name, 513 char **value); 514 int security_setprocattr(int lsmid, const char *name, void *value, size_t size); 515 int security_netlink_send(struct sock *sk, struct sk_buff *skb); 516 int security_ismaclabel(const char *name); 517 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 518 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 519 void security_release_secctx(char *secdata, u32 seclen); 520 void security_inode_invalidate_secctx(struct inode *inode); 521 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 522 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 523 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 524 int security_locked_down(enum lockdown_reason what); 525 int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len, 526 void *val, size_t val_len, u64 id, u64 flags); 527 int security_bdev_alloc(struct block_device *bdev); 528 void security_bdev_free(struct block_device *bdev); 529 int security_bdev_setintegrity(struct block_device *bdev, 530 enum lsm_integrity_type type, const void *value, 531 size_t size); 532 #else /* CONFIG_SECURITY */ 533 call_blocking_lsm_notifier(enum lsm_event event,void * data)534 static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) 535 { 536 return 0; 537 } 538 register_blocking_lsm_notifier(struct notifier_block * nb)539 static inline int register_blocking_lsm_notifier(struct notifier_block *nb) 540 { 541 return 0; 542 } 543 unregister_blocking_lsm_notifier(struct notifier_block * nb)544 static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) 545 { 546 return 0; 547 } 548 lsm_name_to_attr(const char * name)549 static inline u64 lsm_name_to_attr(const char *name) 550 { 551 return LSM_ATTR_UNDEF; 552 } 553 security_free_mnt_opts(void ** mnt_opts)554 static inline void security_free_mnt_opts(void **mnt_opts) 555 { 556 } 557 558 /* 559 * This is the default capabilities functionality. Most of these functions 560 * are just stubbed out, but a few must call the proper capable code. 561 */ 562 security_init(void)563 static inline int security_init(void) 564 { 565 return 0; 566 } 567 early_security_init(void)568 static inline int early_security_init(void) 569 { 570 return 0; 571 } 572 security_binder_set_context_mgr(const struct cred * mgr)573 static inline int security_binder_set_context_mgr(const struct cred *mgr) 574 { 575 return 0; 576 } 577 security_binder_transaction(const struct cred * from,const struct cred * to)578 static inline int security_binder_transaction(const struct cred *from, 579 const struct cred *to) 580 { 581 return 0; 582 } 583 security_binder_transfer_binder(const struct cred * from,const struct cred * to)584 static inline int security_binder_transfer_binder(const struct cred *from, 585 const struct cred *to) 586 { 587 return 0; 588 } 589 security_binder_transfer_file(const struct cred * from,const struct cred * to,const struct file * file)590 static inline int security_binder_transfer_file(const struct cred *from, 591 const struct cred *to, 592 const struct file *file) 593 { 594 return 0; 595 } 596 security_ptrace_access_check(struct task_struct * child,unsigned int mode)597 static inline int security_ptrace_access_check(struct task_struct *child, 598 unsigned int mode) 599 { 600 return cap_ptrace_access_check(child, mode); 601 } 602 security_ptrace_traceme(struct task_struct * parent)603 static inline int security_ptrace_traceme(struct task_struct *parent) 604 { 605 return cap_ptrace_traceme(parent); 606 } 607 security_capget(const struct task_struct * target,kernel_cap_t * effective,kernel_cap_t * inheritable,kernel_cap_t * permitted)608 static inline int security_capget(const struct task_struct *target, 609 kernel_cap_t *effective, 610 kernel_cap_t *inheritable, 611 kernel_cap_t *permitted) 612 { 613 return cap_capget(target, effective, inheritable, permitted); 614 } 615 security_capset(struct cred * new,const struct cred * old,const kernel_cap_t * effective,const kernel_cap_t * inheritable,const kernel_cap_t * permitted)616 static inline int security_capset(struct cred *new, 617 const struct cred *old, 618 const kernel_cap_t *effective, 619 const kernel_cap_t *inheritable, 620 const kernel_cap_t *permitted) 621 { 622 return cap_capset(new, old, effective, inheritable, permitted); 623 } 624 security_capable(const struct cred * cred,struct user_namespace * ns,int cap,unsigned int opts)625 static inline int security_capable(const struct cred *cred, 626 struct user_namespace *ns, 627 int cap, 628 unsigned int opts) 629 { 630 return cap_capable(cred, ns, cap, opts); 631 } 632 security_quotactl(int cmds,int type,int id,const struct super_block * sb)633 static inline int security_quotactl(int cmds, int type, int id, 634 const struct super_block *sb) 635 { 636 return 0; 637 } 638 security_quota_on(struct dentry * dentry)639 static inline int security_quota_on(struct dentry *dentry) 640 { 641 return 0; 642 } 643 security_syslog(int type)644 static inline int security_syslog(int type) 645 { 646 return 0; 647 } 648 security_settime64(const struct timespec64 * ts,const struct timezone * tz)649 static inline int security_settime64(const struct timespec64 *ts, 650 const struct timezone *tz) 651 { 652 return cap_settime(ts, tz); 653 } 654 security_vm_enough_memory_mm(struct mm_struct * mm,long pages)655 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 656 { 657 return __vm_enough_memory(mm, pages, !cap_vm_enough_memory(mm, pages)); 658 } 659 security_bprm_creds_for_exec(struct linux_binprm * bprm)660 static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm) 661 { 662 return 0; 663 } 664 security_bprm_creds_from_file(struct linux_binprm * bprm,const struct file * file)665 static inline int security_bprm_creds_from_file(struct linux_binprm *bprm, 666 const struct file *file) 667 { 668 return cap_bprm_creds_from_file(bprm, file); 669 } 670 security_bprm_check(struct linux_binprm * bprm)671 static inline int security_bprm_check(struct linux_binprm *bprm) 672 { 673 return 0; 674 } 675 security_bprm_committing_creds(const struct linux_binprm * bprm)676 static inline void security_bprm_committing_creds(const struct linux_binprm *bprm) 677 { 678 } 679 security_bprm_committed_creds(const struct linux_binprm * bprm)680 static inline void security_bprm_committed_creds(const struct linux_binprm *bprm) 681 { 682 } 683 security_fs_context_submount(struct fs_context * fc,struct super_block * reference)684 static inline int security_fs_context_submount(struct fs_context *fc, 685 struct super_block *reference) 686 { 687 return 0; 688 } security_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)689 static inline int security_fs_context_dup(struct fs_context *fc, 690 struct fs_context *src_fc) 691 { 692 return 0; 693 } security_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)694 static inline int security_fs_context_parse_param(struct fs_context *fc, 695 struct fs_parameter *param) 696 { 697 return -ENOPARAM; 698 } 699 security_sb_alloc(struct super_block * sb)700 static inline int security_sb_alloc(struct super_block *sb) 701 { 702 return 0; 703 } 704 security_sb_delete(struct super_block * sb)705 static inline void security_sb_delete(struct super_block *sb) 706 { } 707 security_sb_free(struct super_block * sb)708 static inline void security_sb_free(struct super_block *sb) 709 { } 710 security_sb_eat_lsm_opts(char * options,void ** mnt_opts)711 static inline int security_sb_eat_lsm_opts(char *options, 712 void **mnt_opts) 713 { 714 return 0; 715 } 716 security_sb_remount(struct super_block * sb,void * mnt_opts)717 static inline int security_sb_remount(struct super_block *sb, 718 void *mnt_opts) 719 { 720 return 0; 721 } 722 security_sb_mnt_opts_compat(struct super_block * sb,void * mnt_opts)723 static inline int security_sb_mnt_opts_compat(struct super_block *sb, 724 void *mnt_opts) 725 { 726 return 0; 727 } 728 729 security_sb_kern_mount(struct super_block * sb)730 static inline int security_sb_kern_mount(struct super_block *sb) 731 { 732 return 0; 733 } 734 security_sb_show_options(struct seq_file * m,struct super_block * sb)735 static inline int security_sb_show_options(struct seq_file *m, 736 struct super_block *sb) 737 { 738 return 0; 739 } 740 security_sb_statfs(struct dentry * dentry)741 static inline int security_sb_statfs(struct dentry *dentry) 742 { 743 return 0; 744 } 745 security_sb_mount(const char * dev_name,const struct path * path,const char * type,unsigned long flags,void * data)746 static inline int security_sb_mount(const char *dev_name, const struct path *path, 747 const char *type, unsigned long flags, 748 void *data) 749 { 750 return 0; 751 } 752 security_sb_umount(struct vfsmount * mnt,int flags)753 static inline int security_sb_umount(struct vfsmount *mnt, int flags) 754 { 755 return 0; 756 } 757 security_sb_pivotroot(const struct path * old_path,const struct path * new_path)758 static inline int security_sb_pivotroot(const struct path *old_path, 759 const struct path *new_path) 760 { 761 return 0; 762 } 763 security_sb_set_mnt_opts(struct super_block * sb,void * mnt_opts,unsigned long kern_flags,unsigned long * set_kern_flags)764 static inline int security_sb_set_mnt_opts(struct super_block *sb, 765 void *mnt_opts, 766 unsigned long kern_flags, 767 unsigned long *set_kern_flags) 768 { 769 return 0; 770 } 771 security_sb_clone_mnt_opts(const struct super_block * oldsb,struct super_block * newsb,unsigned long kern_flags,unsigned long * set_kern_flags)772 static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 773 struct super_block *newsb, 774 unsigned long kern_flags, 775 unsigned long *set_kern_flags) 776 { 777 return 0; 778 } 779 security_move_mount(const struct path * from_path,const struct path * to_path)780 static inline int security_move_mount(const struct path *from_path, 781 const struct path *to_path) 782 { 783 return 0; 784 } 785 security_path_notify(const struct path * path,u64 mask,unsigned int obj_type)786 static inline int security_path_notify(const struct path *path, u64 mask, 787 unsigned int obj_type) 788 { 789 return 0; 790 } 791 security_inode_alloc(struct inode * inode,gfp_t gfp)792 static inline int security_inode_alloc(struct inode *inode, gfp_t gfp) 793 { 794 return 0; 795 } 796 security_inode_free(struct inode * inode)797 static inline void security_inode_free(struct inode *inode) 798 { } 799 security_dentry_init_security(struct dentry * dentry,int mode,const struct qstr * name,const char ** xattr_name,void ** ctx,u32 * ctxlen)800 static inline int security_dentry_init_security(struct dentry *dentry, 801 int mode, 802 const struct qstr *name, 803 const char **xattr_name, 804 void **ctx, 805 u32 *ctxlen) 806 { 807 return -EOPNOTSUPP; 808 } 809 security_dentry_create_files_as(struct dentry * dentry,int mode,struct qstr * name,const struct cred * old,struct cred * new)810 static inline int security_dentry_create_files_as(struct dentry *dentry, 811 int mode, struct qstr *name, 812 const struct cred *old, 813 struct cred *new) 814 { 815 return 0; 816 } 817 818 security_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,const initxattrs xattrs,void * fs_data)819 static inline int security_inode_init_security(struct inode *inode, 820 struct inode *dir, 821 const struct qstr *qstr, 822 const initxattrs xattrs, 823 void *fs_data) 824 { 825 return 0; 826 } 827 security_inode_init_security_anon(struct inode * inode,const struct qstr * name,const struct inode * context_inode)828 static inline int security_inode_init_security_anon(struct inode *inode, 829 const struct qstr *name, 830 const struct inode *context_inode) 831 { 832 return 0; 833 } 834 security_inode_create(struct inode * dir,struct dentry * dentry,umode_t mode)835 static inline int security_inode_create(struct inode *dir, 836 struct dentry *dentry, 837 umode_t mode) 838 { 839 return 0; 840 } 841 842 static inline void security_inode_post_create_tmpfile(struct mnt_idmap * idmap,struct inode * inode)843 security_inode_post_create_tmpfile(struct mnt_idmap *idmap, struct inode *inode) 844 { } 845 security_inode_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)846 static inline int security_inode_link(struct dentry *old_dentry, 847 struct inode *dir, 848 struct dentry *new_dentry) 849 { 850 return 0; 851 } 852 security_inode_unlink(struct inode * dir,struct dentry * dentry)853 static inline int security_inode_unlink(struct inode *dir, 854 struct dentry *dentry) 855 { 856 return 0; 857 } 858 security_inode_symlink(struct inode * dir,struct dentry * dentry,const char * old_name)859 static inline int security_inode_symlink(struct inode *dir, 860 struct dentry *dentry, 861 const char *old_name) 862 { 863 return 0; 864 } 865 security_inode_mkdir(struct inode * dir,struct dentry * dentry,int mode)866 static inline int security_inode_mkdir(struct inode *dir, 867 struct dentry *dentry, 868 int mode) 869 { 870 return 0; 871 } 872 security_inode_rmdir(struct inode * dir,struct dentry * dentry)873 static inline int security_inode_rmdir(struct inode *dir, 874 struct dentry *dentry) 875 { 876 return 0; 877 } 878 security_inode_mknod(struct inode * dir,struct dentry * dentry,int mode,dev_t dev)879 static inline int security_inode_mknod(struct inode *dir, 880 struct dentry *dentry, 881 int mode, dev_t dev) 882 { 883 return 0; 884 } 885 security_inode_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)886 static inline int security_inode_rename(struct inode *old_dir, 887 struct dentry *old_dentry, 888 struct inode *new_dir, 889 struct dentry *new_dentry, 890 unsigned int flags) 891 { 892 return 0; 893 } 894 security_inode_readlink(struct dentry * dentry)895 static inline int security_inode_readlink(struct dentry *dentry) 896 { 897 return 0; 898 } 899 security_inode_follow_link(struct dentry * dentry,struct inode * inode,bool rcu)900 static inline int security_inode_follow_link(struct dentry *dentry, 901 struct inode *inode, 902 bool rcu) 903 { 904 return 0; 905 } 906 security_inode_permission(struct inode * inode,int mask)907 static inline int security_inode_permission(struct inode *inode, int mask) 908 { 909 return 0; 910 } 911 security_inode_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr)912 static inline int security_inode_setattr(struct mnt_idmap *idmap, 913 struct dentry *dentry, 914 struct iattr *attr) 915 { 916 return 0; 917 } 918 919 static inline void security_inode_post_setattr(struct mnt_idmap * idmap,struct dentry * dentry,int ia_valid)920 security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 921 int ia_valid) 922 { } 923 security_inode_getattr(const struct path * path)924 static inline int security_inode_getattr(const struct path *path) 925 { 926 return 0; 927 } 928 security_inode_setxattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name,const void * value,size_t size,int flags)929 static inline int security_inode_setxattr(struct mnt_idmap *idmap, 930 struct dentry *dentry, const char *name, const void *value, 931 size_t size, int flags) 932 { 933 return cap_inode_setxattr(dentry, name, value, size, flags); 934 } 935 security_inode_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)936 static inline int security_inode_set_acl(struct mnt_idmap *idmap, 937 struct dentry *dentry, 938 const char *acl_name, 939 struct posix_acl *kacl) 940 { 941 return 0; 942 } 943 security_inode_post_set_acl(struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)944 static inline void security_inode_post_set_acl(struct dentry *dentry, 945 const char *acl_name, 946 struct posix_acl *kacl) 947 { } 948 security_inode_get_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)949 static inline int security_inode_get_acl(struct mnt_idmap *idmap, 950 struct dentry *dentry, 951 const char *acl_name) 952 { 953 return 0; 954 } 955 security_inode_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)956 static inline int security_inode_remove_acl(struct mnt_idmap *idmap, 957 struct dentry *dentry, 958 const char *acl_name) 959 { 960 return 0; 961 } 962 security_inode_post_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)963 static inline void security_inode_post_remove_acl(struct mnt_idmap *idmap, 964 struct dentry *dentry, 965 const char *acl_name) 966 { } 967 security_inode_post_setxattr(struct dentry * dentry,const char * name,const void * value,size_t size,int flags)968 static inline void security_inode_post_setxattr(struct dentry *dentry, 969 const char *name, const void *value, size_t size, int flags) 970 { } 971 security_inode_getxattr(struct dentry * dentry,const char * name)972 static inline int security_inode_getxattr(struct dentry *dentry, 973 const char *name) 974 { 975 return 0; 976 } 977 security_inode_listxattr(struct dentry * dentry)978 static inline int security_inode_listxattr(struct dentry *dentry) 979 { 980 return 0; 981 } 982 security_inode_removexattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name)983 static inline int security_inode_removexattr(struct mnt_idmap *idmap, 984 struct dentry *dentry, 985 const char *name) 986 { 987 return cap_inode_removexattr(idmap, dentry, name); 988 } 989 security_inode_post_removexattr(struct dentry * dentry,const char * name)990 static inline void security_inode_post_removexattr(struct dentry *dentry, 991 const char *name) 992 { } 993 security_inode_need_killpriv(struct dentry * dentry)994 static inline int security_inode_need_killpriv(struct dentry *dentry) 995 { 996 return cap_inode_need_killpriv(dentry); 997 } 998 security_inode_killpriv(struct mnt_idmap * idmap,struct dentry * dentry)999 static inline int security_inode_killpriv(struct mnt_idmap *idmap, 1000 struct dentry *dentry) 1001 { 1002 return cap_inode_killpriv(idmap, dentry); 1003 } 1004 security_inode_getsecurity(struct mnt_idmap * idmap,struct inode * inode,const char * name,void ** buffer,bool alloc)1005 static inline int security_inode_getsecurity(struct mnt_idmap *idmap, 1006 struct inode *inode, 1007 const char *name, void **buffer, 1008 bool alloc) 1009 { 1010 return cap_inode_getsecurity(idmap, inode, name, buffer, alloc); 1011 } 1012 security_inode_setsecurity(struct inode * inode,const char * name,const void * value,size_t size,int flags)1013 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 1014 { 1015 return -EOPNOTSUPP; 1016 } 1017 security_inode_listsecurity(struct inode * inode,char * buffer,size_t buffer_size)1018 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 1019 { 1020 return 0; 1021 } 1022 security_inode_getsecid(struct inode * inode,u32 * secid)1023 static inline void security_inode_getsecid(struct inode *inode, u32 *secid) 1024 { 1025 *secid = 0; 1026 } 1027 security_inode_copy_up(struct dentry * src,struct cred ** new)1028 static inline int security_inode_copy_up(struct dentry *src, struct cred **new) 1029 { 1030 return 0; 1031 } 1032 security_inode_setintegrity(const struct inode * inode,enum lsm_integrity_type type,const void * value,size_t size)1033 static inline int security_inode_setintegrity(const struct inode *inode, 1034 enum lsm_integrity_type type, 1035 const void *value, size_t size) 1036 { 1037 return 0; 1038 } 1039 security_kernfs_init_security(struct kernfs_node * kn_dir,struct kernfs_node * kn)1040 static inline int security_kernfs_init_security(struct kernfs_node *kn_dir, 1041 struct kernfs_node *kn) 1042 { 1043 return 0; 1044 } 1045 security_inode_copy_up_xattr(struct dentry * src,const char * name)1046 static inline int security_inode_copy_up_xattr(struct dentry *src, const char *name) 1047 { 1048 return -EOPNOTSUPP; 1049 } 1050 security_file_permission(struct file * file,int mask)1051 static inline int security_file_permission(struct file *file, int mask) 1052 { 1053 return 0; 1054 } 1055 security_file_alloc(struct file * file)1056 static inline int security_file_alloc(struct file *file) 1057 { 1058 return 0; 1059 } 1060 security_file_release(struct file * file)1061 static inline void security_file_release(struct file *file) 1062 { } 1063 security_file_free(struct file * file)1064 static inline void security_file_free(struct file *file) 1065 { } 1066 security_file_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1067 static inline int security_file_ioctl(struct file *file, unsigned int cmd, 1068 unsigned long arg) 1069 { 1070 return 0; 1071 } 1072 security_file_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)1073 static inline int security_file_ioctl_compat(struct file *file, 1074 unsigned int cmd, 1075 unsigned long arg) 1076 { 1077 return 0; 1078 } 1079 security_mmap_file(struct file * file,unsigned long prot,unsigned long flags)1080 static inline int security_mmap_file(struct file *file, unsigned long prot, 1081 unsigned long flags) 1082 { 1083 return 0; 1084 } 1085 security_mmap_addr(unsigned long addr)1086 static inline int security_mmap_addr(unsigned long addr) 1087 { 1088 return cap_mmap_addr(addr); 1089 } 1090 security_file_mprotect(struct vm_area_struct * vma,unsigned long reqprot,unsigned long prot)1091 static inline int security_file_mprotect(struct vm_area_struct *vma, 1092 unsigned long reqprot, 1093 unsigned long prot) 1094 { 1095 return 0; 1096 } 1097 security_file_lock(struct file * file,unsigned int cmd)1098 static inline int security_file_lock(struct file *file, unsigned int cmd) 1099 { 1100 return 0; 1101 } 1102 security_file_fcntl(struct file * file,unsigned int cmd,unsigned long arg)1103 static inline int security_file_fcntl(struct file *file, unsigned int cmd, 1104 unsigned long arg) 1105 { 1106 return 0; 1107 } 1108 security_file_set_fowner(struct file * file)1109 static inline void security_file_set_fowner(struct file *file) 1110 { 1111 return; 1112 } 1113 security_file_send_sigiotask(struct task_struct * tsk,struct fown_struct * fown,int sig)1114 static inline int security_file_send_sigiotask(struct task_struct *tsk, 1115 struct fown_struct *fown, 1116 int sig) 1117 { 1118 return 0; 1119 } 1120 security_file_receive(struct file * file)1121 static inline int security_file_receive(struct file *file) 1122 { 1123 return 0; 1124 } 1125 security_file_open(struct file * file)1126 static inline int security_file_open(struct file *file) 1127 { 1128 return 0; 1129 } 1130 security_file_post_open(struct file * file,int mask)1131 static inline int security_file_post_open(struct file *file, int mask) 1132 { 1133 return 0; 1134 } 1135 security_file_truncate(struct file * file)1136 static inline int security_file_truncate(struct file *file) 1137 { 1138 return 0; 1139 } 1140 security_task_alloc(struct task_struct * task,unsigned long clone_flags)1141 static inline int security_task_alloc(struct task_struct *task, 1142 unsigned long clone_flags) 1143 { 1144 return 0; 1145 } 1146 security_task_free(struct task_struct * task)1147 static inline void security_task_free(struct task_struct *task) 1148 { } 1149 security_cred_alloc_blank(struct cred * cred,gfp_t gfp)1150 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1151 { 1152 return 0; 1153 } 1154 security_cred_free(struct cred * cred)1155 static inline void security_cred_free(struct cred *cred) 1156 { } 1157 security_prepare_creds(struct cred * new,const struct cred * old,gfp_t gfp)1158 static inline int security_prepare_creds(struct cred *new, 1159 const struct cred *old, 1160 gfp_t gfp) 1161 { 1162 return 0; 1163 } 1164 security_transfer_creds(struct cred * new,const struct cred * old)1165 static inline void security_transfer_creds(struct cred *new, 1166 const struct cred *old) 1167 { 1168 } 1169 security_cred_getsecid(const struct cred * c,u32 * secid)1170 static inline void security_cred_getsecid(const struct cred *c, u32 *secid) 1171 { 1172 *secid = 0; 1173 } 1174 security_kernel_act_as(struct cred * cred,u32 secid)1175 static inline int security_kernel_act_as(struct cred *cred, u32 secid) 1176 { 1177 return 0; 1178 } 1179 security_kernel_create_files_as(struct cred * cred,struct inode * inode)1180 static inline int security_kernel_create_files_as(struct cred *cred, 1181 struct inode *inode) 1182 { 1183 return 0; 1184 } 1185 security_kernel_module_request(char * kmod_name)1186 static inline int security_kernel_module_request(char *kmod_name) 1187 { 1188 return 0; 1189 } 1190 security_kernel_load_data(enum kernel_load_data_id id,bool contents)1191 static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents) 1192 { 1193 return 0; 1194 } 1195 security_kernel_post_load_data(char * buf,loff_t size,enum kernel_load_data_id id,char * description)1196 static inline int security_kernel_post_load_data(char *buf, loff_t size, 1197 enum kernel_load_data_id id, 1198 char *description) 1199 { 1200 return 0; 1201 } 1202 security_kernel_read_file(struct file * file,enum kernel_read_file_id id,bool contents)1203 static inline int security_kernel_read_file(struct file *file, 1204 enum kernel_read_file_id id, 1205 bool contents) 1206 { 1207 return 0; 1208 } 1209 security_kernel_post_read_file(struct file * file,char * buf,loff_t size,enum kernel_read_file_id id)1210 static inline int security_kernel_post_read_file(struct file *file, 1211 char *buf, loff_t size, 1212 enum kernel_read_file_id id) 1213 { 1214 return 0; 1215 } 1216 security_task_fix_setuid(struct cred * new,const struct cred * old,int flags)1217 static inline int security_task_fix_setuid(struct cred *new, 1218 const struct cred *old, 1219 int flags) 1220 { 1221 return cap_task_fix_setuid(new, old, flags); 1222 } 1223 security_task_fix_setgid(struct cred * new,const struct cred * old,int flags)1224 static inline int security_task_fix_setgid(struct cred *new, 1225 const struct cred *old, 1226 int flags) 1227 { 1228 return 0; 1229 } 1230 security_task_fix_setgroups(struct cred * new,const struct cred * old)1231 static inline int security_task_fix_setgroups(struct cred *new, 1232 const struct cred *old) 1233 { 1234 return 0; 1235 } 1236 security_task_setpgid(struct task_struct * p,pid_t pgid)1237 static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 1238 { 1239 return 0; 1240 } 1241 security_task_getpgid(struct task_struct * p)1242 static inline int security_task_getpgid(struct task_struct *p) 1243 { 1244 return 0; 1245 } 1246 security_task_getsid(struct task_struct * p)1247 static inline int security_task_getsid(struct task_struct *p) 1248 { 1249 return 0; 1250 } 1251 security_current_getsecid_subj(u32 * secid)1252 static inline void security_current_getsecid_subj(u32 *secid) 1253 { 1254 *secid = 0; 1255 } 1256 security_task_getsecid_obj(struct task_struct * p,u32 * secid)1257 static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) 1258 { 1259 *secid = 0; 1260 } 1261 security_task_setnice(struct task_struct * p,int nice)1262 static inline int security_task_setnice(struct task_struct *p, int nice) 1263 { 1264 return cap_task_setnice(p, nice); 1265 } 1266 security_task_setioprio(struct task_struct * p,int ioprio)1267 static inline int security_task_setioprio(struct task_struct *p, int ioprio) 1268 { 1269 return cap_task_setioprio(p, ioprio); 1270 } 1271 security_task_getioprio(struct task_struct * p)1272 static inline int security_task_getioprio(struct task_struct *p) 1273 { 1274 return 0; 1275 } 1276 security_task_prlimit(const struct cred * cred,const struct cred * tcred,unsigned int flags)1277 static inline int security_task_prlimit(const struct cred *cred, 1278 const struct cred *tcred, 1279 unsigned int flags) 1280 { 1281 return 0; 1282 } 1283 security_task_setrlimit(struct task_struct * p,unsigned int resource,struct rlimit * new_rlim)1284 static inline int security_task_setrlimit(struct task_struct *p, 1285 unsigned int resource, 1286 struct rlimit *new_rlim) 1287 { 1288 return 0; 1289 } 1290 security_task_setscheduler(struct task_struct * p)1291 static inline int security_task_setscheduler(struct task_struct *p) 1292 { 1293 return cap_task_setscheduler(p); 1294 } 1295 security_task_getscheduler(struct task_struct * p)1296 static inline int security_task_getscheduler(struct task_struct *p) 1297 { 1298 return 0; 1299 } 1300 security_task_movememory(struct task_struct * p)1301 static inline int security_task_movememory(struct task_struct *p) 1302 { 1303 return 0; 1304 } 1305 security_task_kill(struct task_struct * p,struct kernel_siginfo * info,int sig,const struct cred * cred)1306 static inline int security_task_kill(struct task_struct *p, 1307 struct kernel_siginfo *info, int sig, 1308 const struct cred *cred) 1309 { 1310 return 0; 1311 } 1312 security_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5)1313 static inline int security_task_prctl(int option, unsigned long arg2, 1314 unsigned long arg3, 1315 unsigned long arg4, 1316 unsigned long arg5) 1317 { 1318 return cap_task_prctl(option, arg2, arg3, arg4, arg5); 1319 } 1320 security_task_to_inode(struct task_struct * p,struct inode * inode)1321 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 1322 { } 1323 security_create_user_ns(const struct cred * cred)1324 static inline int security_create_user_ns(const struct cred *cred) 1325 { 1326 return 0; 1327 } 1328 security_ipc_permission(struct kern_ipc_perm * ipcp,short flag)1329 static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 1330 short flag) 1331 { 1332 return 0; 1333 } 1334 security_ipc_getsecid(struct kern_ipc_perm * ipcp,u32 * secid)1335 static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 1336 { 1337 *secid = 0; 1338 } 1339 security_msg_msg_alloc(struct msg_msg * msg)1340 static inline int security_msg_msg_alloc(struct msg_msg *msg) 1341 { 1342 return 0; 1343 } 1344 security_msg_msg_free(struct msg_msg * msg)1345 static inline void security_msg_msg_free(struct msg_msg *msg) 1346 { } 1347 security_msg_queue_alloc(struct kern_ipc_perm * msq)1348 static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq) 1349 { 1350 return 0; 1351 } 1352 security_msg_queue_free(struct kern_ipc_perm * msq)1353 static inline void security_msg_queue_free(struct kern_ipc_perm *msq) 1354 { } 1355 security_msg_queue_associate(struct kern_ipc_perm * msq,int msqflg)1356 static inline int security_msg_queue_associate(struct kern_ipc_perm *msq, 1357 int msqflg) 1358 { 1359 return 0; 1360 } 1361 security_msg_queue_msgctl(struct kern_ipc_perm * msq,int cmd)1362 static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) 1363 { 1364 return 0; 1365 } 1366 security_msg_queue_msgsnd(struct kern_ipc_perm * msq,struct msg_msg * msg,int msqflg)1367 static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 1368 struct msg_msg *msg, int msqflg) 1369 { 1370 return 0; 1371 } 1372 security_msg_queue_msgrcv(struct kern_ipc_perm * msq,struct msg_msg * msg,struct task_struct * target,long type,int mode)1373 static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, 1374 struct msg_msg *msg, 1375 struct task_struct *target, 1376 long type, int mode) 1377 { 1378 return 0; 1379 } 1380 security_shm_alloc(struct kern_ipc_perm * shp)1381 static inline int security_shm_alloc(struct kern_ipc_perm *shp) 1382 { 1383 return 0; 1384 } 1385 security_shm_free(struct kern_ipc_perm * shp)1386 static inline void security_shm_free(struct kern_ipc_perm *shp) 1387 { } 1388 security_shm_associate(struct kern_ipc_perm * shp,int shmflg)1389 static inline int security_shm_associate(struct kern_ipc_perm *shp, 1390 int shmflg) 1391 { 1392 return 0; 1393 } 1394 security_shm_shmctl(struct kern_ipc_perm * shp,int cmd)1395 static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 1396 { 1397 return 0; 1398 } 1399 security_shm_shmat(struct kern_ipc_perm * shp,char __user * shmaddr,int shmflg)1400 static inline int security_shm_shmat(struct kern_ipc_perm *shp, 1401 char __user *shmaddr, int shmflg) 1402 { 1403 return 0; 1404 } 1405 security_sem_alloc(struct kern_ipc_perm * sma)1406 static inline int security_sem_alloc(struct kern_ipc_perm *sma) 1407 { 1408 return 0; 1409 } 1410 security_sem_free(struct kern_ipc_perm * sma)1411 static inline void security_sem_free(struct kern_ipc_perm *sma) 1412 { } 1413 security_sem_associate(struct kern_ipc_perm * sma,int semflg)1414 static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg) 1415 { 1416 return 0; 1417 } 1418 security_sem_semctl(struct kern_ipc_perm * sma,int cmd)1419 static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) 1420 { 1421 return 0; 1422 } 1423 security_sem_semop(struct kern_ipc_perm * sma,struct sembuf * sops,unsigned nsops,int alter)1424 static inline int security_sem_semop(struct kern_ipc_perm *sma, 1425 struct sembuf *sops, unsigned nsops, 1426 int alter) 1427 { 1428 return 0; 1429 } 1430 security_d_instantiate(struct dentry * dentry,struct inode * inode)1431 static inline void security_d_instantiate(struct dentry *dentry, 1432 struct inode *inode) 1433 { } 1434 security_getselfattr(unsigned int attr,struct lsm_ctx __user * ctx,size_t __user * size,u32 flags)1435 static inline int security_getselfattr(unsigned int attr, 1436 struct lsm_ctx __user *ctx, 1437 size_t __user *size, u32 flags) 1438 { 1439 return -EOPNOTSUPP; 1440 } 1441 security_setselfattr(unsigned int attr,struct lsm_ctx __user * ctx,size_t size,u32 flags)1442 static inline int security_setselfattr(unsigned int attr, 1443 struct lsm_ctx __user *ctx, 1444 size_t size, u32 flags) 1445 { 1446 return -EOPNOTSUPP; 1447 } 1448 security_getprocattr(struct task_struct * p,int lsmid,const char * name,char ** value)1449 static inline int security_getprocattr(struct task_struct *p, int lsmid, 1450 const char *name, char **value) 1451 { 1452 return -EINVAL; 1453 } 1454 security_setprocattr(int lsmid,char * name,void * value,size_t size)1455 static inline int security_setprocattr(int lsmid, char *name, void *value, 1456 size_t size) 1457 { 1458 return -EINVAL; 1459 } 1460 security_netlink_send(struct sock * sk,struct sk_buff * skb)1461 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1462 { 1463 return 0; 1464 } 1465 security_ismaclabel(const char * name)1466 static inline int security_ismaclabel(const char *name) 1467 { 1468 return 0; 1469 } 1470 security_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)1471 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1472 { 1473 return -EOPNOTSUPP; 1474 } 1475 security_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)1476 static inline int security_secctx_to_secid(const char *secdata, 1477 u32 seclen, 1478 u32 *secid) 1479 { 1480 return -EOPNOTSUPP; 1481 } 1482 security_release_secctx(char * secdata,u32 seclen)1483 static inline void security_release_secctx(char *secdata, u32 seclen) 1484 { 1485 } 1486 security_inode_invalidate_secctx(struct inode * inode)1487 static inline void security_inode_invalidate_secctx(struct inode *inode) 1488 { 1489 } 1490 security_inode_notifysecctx(struct inode * inode,void * ctx,u32 ctxlen)1491 static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1492 { 1493 return -EOPNOTSUPP; 1494 } security_inode_setsecctx(struct dentry * dentry,void * ctx,u32 ctxlen)1495 static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1496 { 1497 return -EOPNOTSUPP; 1498 } security_inode_getsecctx(struct inode * inode,void ** ctx,u32 * ctxlen)1499 static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1500 { 1501 return -EOPNOTSUPP; 1502 } security_locked_down(enum lockdown_reason what)1503 static inline int security_locked_down(enum lockdown_reason what) 1504 { 1505 return 0; 1506 } lsm_fill_user_ctx(struct lsm_ctx __user * uctx,u32 * uctx_len,void * val,size_t val_len,u64 id,u64 flags)1507 static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, 1508 u32 *uctx_len, void *val, size_t val_len, 1509 u64 id, u64 flags) 1510 { 1511 return -EOPNOTSUPP; 1512 } 1513 security_bdev_alloc(struct block_device * bdev)1514 static inline int security_bdev_alloc(struct block_device *bdev) 1515 { 1516 return 0; 1517 } 1518 security_bdev_free(struct block_device * bdev)1519 static inline void security_bdev_free(struct block_device *bdev) 1520 { 1521 } 1522 security_bdev_setintegrity(struct block_device * bdev,enum lsm_integrity_type type,const void * value,size_t size)1523 static inline int security_bdev_setintegrity(struct block_device *bdev, 1524 enum lsm_integrity_type type, 1525 const void *value, size_t size) 1526 { 1527 return 0; 1528 } 1529 1530 #endif /* CONFIG_SECURITY */ 1531 1532 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) 1533 int security_post_notification(const struct cred *w_cred, 1534 const struct cred *cred, 1535 struct watch_notification *n); 1536 #else security_post_notification(const struct cred * w_cred,const struct cred * cred,struct watch_notification * n)1537 static inline int security_post_notification(const struct cred *w_cred, 1538 const struct cred *cred, 1539 struct watch_notification *n) 1540 { 1541 return 0; 1542 } 1543 #endif 1544 1545 #if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS) 1546 int security_watch_key(struct key *key); 1547 #else security_watch_key(struct key * key)1548 static inline int security_watch_key(struct key *key) 1549 { 1550 return 0; 1551 } 1552 #endif 1553 1554 #ifdef CONFIG_SECURITY_NETWORK 1555 1556 int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1557 int security_unix_may_send(struct socket *sock, struct socket *other); 1558 int security_socket_create(int family, int type, int protocol, int kern); 1559 int security_socket_post_create(struct socket *sock, int family, 1560 int type, int protocol, int kern); 1561 int security_socket_socketpair(struct socket *socka, struct socket *sockb); 1562 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1563 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1564 int security_socket_listen(struct socket *sock, int backlog); 1565 int security_socket_accept(struct socket *sock, struct socket *newsock); 1566 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1567 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1568 int size, int flags); 1569 int security_socket_getsockname(struct socket *sock); 1570 int security_socket_getpeername(struct socket *sock); 1571 int security_socket_getsockopt(struct socket *sock, int level, int optname); 1572 int security_socket_setsockopt(struct socket *sock, int level, int optname); 1573 int security_socket_shutdown(struct socket *sock, int how); 1574 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1575 int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, 1576 sockptr_t optlen, unsigned int len); 1577 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1578 int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1579 void security_sk_free(struct sock *sk); 1580 void security_sk_clone(const struct sock *sk, struct sock *newsk); 1581 void security_sk_classify_flow(const struct sock *sk, 1582 struct flowi_common *flic); 1583 void security_req_classify_flow(const struct request_sock *req, 1584 struct flowi_common *flic); 1585 void security_sock_graft(struct sock*sk, struct socket *parent); 1586 int security_inet_conn_request(const struct sock *sk, 1587 struct sk_buff *skb, struct request_sock *req); 1588 void security_inet_csk_clone(struct sock *newsk, 1589 const struct request_sock *req); 1590 void security_inet_conn_established(struct sock *sk, 1591 struct sk_buff *skb); 1592 int security_secmark_relabel_packet(u32 secid); 1593 void security_secmark_refcount_inc(void); 1594 void security_secmark_refcount_dec(void); 1595 int security_tun_dev_alloc_security(void **security); 1596 void security_tun_dev_free_security(void *security); 1597 int security_tun_dev_create(void); 1598 int security_tun_dev_attach_queue(void *security); 1599 int security_tun_dev_attach(struct sock *sk, void *security); 1600 int security_tun_dev_open(void *security); 1601 int security_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb); 1602 int security_sctp_bind_connect(struct sock *sk, int optname, 1603 struct sockaddr *address, int addrlen); 1604 void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk, 1605 struct sock *newsk); 1606 int security_sctp_assoc_established(struct sctp_association *asoc, 1607 struct sk_buff *skb); 1608 int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk); 1609 1610 #else /* CONFIG_SECURITY_NETWORK */ security_unix_stream_connect(struct sock * sock,struct sock * other,struct sock * newsk)1611 static inline int security_unix_stream_connect(struct sock *sock, 1612 struct sock *other, 1613 struct sock *newsk) 1614 { 1615 return 0; 1616 } 1617 security_unix_may_send(struct socket * sock,struct socket * other)1618 static inline int security_unix_may_send(struct socket *sock, 1619 struct socket *other) 1620 { 1621 return 0; 1622 } 1623 security_socket_create(int family,int type,int protocol,int kern)1624 static inline int security_socket_create(int family, int type, 1625 int protocol, int kern) 1626 { 1627 return 0; 1628 } 1629 security_socket_post_create(struct socket * sock,int family,int type,int protocol,int kern)1630 static inline int security_socket_post_create(struct socket *sock, 1631 int family, 1632 int type, 1633 int protocol, int kern) 1634 { 1635 return 0; 1636 } 1637 security_socket_socketpair(struct socket * socka,struct socket * sockb)1638 static inline int security_socket_socketpair(struct socket *socka, 1639 struct socket *sockb) 1640 { 1641 return 0; 1642 } 1643 security_socket_bind(struct socket * sock,struct sockaddr * address,int addrlen)1644 static inline int security_socket_bind(struct socket *sock, 1645 struct sockaddr *address, 1646 int addrlen) 1647 { 1648 return 0; 1649 } 1650 security_socket_connect(struct socket * sock,struct sockaddr * address,int addrlen)1651 static inline int security_socket_connect(struct socket *sock, 1652 struct sockaddr *address, 1653 int addrlen) 1654 { 1655 return 0; 1656 } 1657 security_socket_listen(struct socket * sock,int backlog)1658 static inline int security_socket_listen(struct socket *sock, int backlog) 1659 { 1660 return 0; 1661 } 1662 security_socket_accept(struct socket * sock,struct socket * newsock)1663 static inline int security_socket_accept(struct socket *sock, 1664 struct socket *newsock) 1665 { 1666 return 0; 1667 } 1668 security_socket_sendmsg(struct socket * sock,struct msghdr * msg,int size)1669 static inline int security_socket_sendmsg(struct socket *sock, 1670 struct msghdr *msg, int size) 1671 { 1672 return 0; 1673 } 1674 security_socket_recvmsg(struct socket * sock,struct msghdr * msg,int size,int flags)1675 static inline int security_socket_recvmsg(struct socket *sock, 1676 struct msghdr *msg, int size, 1677 int flags) 1678 { 1679 return 0; 1680 } 1681 security_socket_getsockname(struct socket * sock)1682 static inline int security_socket_getsockname(struct socket *sock) 1683 { 1684 return 0; 1685 } 1686 security_socket_getpeername(struct socket * sock)1687 static inline int security_socket_getpeername(struct socket *sock) 1688 { 1689 return 0; 1690 } 1691 security_socket_getsockopt(struct socket * sock,int level,int optname)1692 static inline int security_socket_getsockopt(struct socket *sock, 1693 int level, int optname) 1694 { 1695 return 0; 1696 } 1697 security_socket_setsockopt(struct socket * sock,int level,int optname)1698 static inline int security_socket_setsockopt(struct socket *sock, 1699 int level, int optname) 1700 { 1701 return 0; 1702 } 1703 security_socket_shutdown(struct socket * sock,int how)1704 static inline int security_socket_shutdown(struct socket *sock, int how) 1705 { 1706 return 0; 1707 } security_sock_rcv_skb(struct sock * sk,struct sk_buff * skb)1708 static inline int security_sock_rcv_skb(struct sock *sk, 1709 struct sk_buff *skb) 1710 { 1711 return 0; 1712 } 1713 security_socket_getpeersec_stream(struct socket * sock,sockptr_t optval,sockptr_t optlen,unsigned int len)1714 static inline int security_socket_getpeersec_stream(struct socket *sock, 1715 sockptr_t optval, 1716 sockptr_t optlen, 1717 unsigned int len) 1718 { 1719 return -ENOPROTOOPT; 1720 } 1721 security_socket_getpeersec_dgram(struct socket * sock,struct sk_buff * skb,u32 * secid)1722 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1723 { 1724 return -ENOPROTOOPT; 1725 } 1726 security_sk_alloc(struct sock * sk,int family,gfp_t priority)1727 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1728 { 1729 return 0; 1730 } 1731 security_sk_free(struct sock * sk)1732 static inline void security_sk_free(struct sock *sk) 1733 { 1734 } 1735 security_sk_clone(const struct sock * sk,struct sock * newsk)1736 static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1737 { 1738 } 1739 security_sk_classify_flow(const struct sock * sk,struct flowi_common * flic)1740 static inline void security_sk_classify_flow(const struct sock *sk, 1741 struct flowi_common *flic) 1742 { 1743 } 1744 security_req_classify_flow(const struct request_sock * req,struct flowi_common * flic)1745 static inline void security_req_classify_flow(const struct request_sock *req, 1746 struct flowi_common *flic) 1747 { 1748 } 1749 security_sock_graft(struct sock * sk,struct socket * parent)1750 static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1751 { 1752 } 1753 security_inet_conn_request(const struct sock * sk,struct sk_buff * skb,struct request_sock * req)1754 static inline int security_inet_conn_request(const struct sock *sk, 1755 struct sk_buff *skb, struct request_sock *req) 1756 { 1757 return 0; 1758 } 1759 security_inet_csk_clone(struct sock * newsk,const struct request_sock * req)1760 static inline void security_inet_csk_clone(struct sock *newsk, 1761 const struct request_sock *req) 1762 { 1763 } 1764 security_inet_conn_established(struct sock * sk,struct sk_buff * skb)1765 static inline void security_inet_conn_established(struct sock *sk, 1766 struct sk_buff *skb) 1767 { 1768 } 1769 security_secmark_relabel_packet(u32 secid)1770 static inline int security_secmark_relabel_packet(u32 secid) 1771 { 1772 return 0; 1773 } 1774 security_secmark_refcount_inc(void)1775 static inline void security_secmark_refcount_inc(void) 1776 { 1777 } 1778 security_secmark_refcount_dec(void)1779 static inline void security_secmark_refcount_dec(void) 1780 { 1781 } 1782 security_tun_dev_alloc_security(void ** security)1783 static inline int security_tun_dev_alloc_security(void **security) 1784 { 1785 return 0; 1786 } 1787 security_tun_dev_free_security(void * security)1788 static inline void security_tun_dev_free_security(void *security) 1789 { 1790 } 1791 security_tun_dev_create(void)1792 static inline int security_tun_dev_create(void) 1793 { 1794 return 0; 1795 } 1796 security_tun_dev_attach_queue(void * security)1797 static inline int security_tun_dev_attach_queue(void *security) 1798 { 1799 return 0; 1800 } 1801 security_tun_dev_attach(struct sock * sk,void * security)1802 static inline int security_tun_dev_attach(struct sock *sk, void *security) 1803 { 1804 return 0; 1805 } 1806 security_tun_dev_open(void * security)1807 static inline int security_tun_dev_open(void *security) 1808 { 1809 return 0; 1810 } 1811 security_sctp_assoc_request(struct sctp_association * asoc,struct sk_buff * skb)1812 static inline int security_sctp_assoc_request(struct sctp_association *asoc, 1813 struct sk_buff *skb) 1814 { 1815 return 0; 1816 } 1817 security_sctp_bind_connect(struct sock * sk,int optname,struct sockaddr * address,int addrlen)1818 static inline int security_sctp_bind_connect(struct sock *sk, int optname, 1819 struct sockaddr *address, 1820 int addrlen) 1821 { 1822 return 0; 1823 } 1824 security_sctp_sk_clone(struct sctp_association * asoc,struct sock * sk,struct sock * newsk)1825 static inline void security_sctp_sk_clone(struct sctp_association *asoc, 1826 struct sock *sk, 1827 struct sock *newsk) 1828 { 1829 } 1830 security_sctp_assoc_established(struct sctp_association * asoc,struct sk_buff * skb)1831 static inline int security_sctp_assoc_established(struct sctp_association *asoc, 1832 struct sk_buff *skb) 1833 { 1834 return 0; 1835 } 1836 security_mptcp_add_subflow(struct sock * sk,struct sock * ssk)1837 static inline int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk) 1838 { 1839 return 0; 1840 } 1841 #endif /* CONFIG_SECURITY_NETWORK */ 1842 1843 #ifdef CONFIG_SECURITY_INFINIBAND 1844 int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey); 1845 int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num); 1846 int security_ib_alloc_security(void **sec); 1847 void security_ib_free_security(void *sec); 1848 #else /* CONFIG_SECURITY_INFINIBAND */ security_ib_pkey_access(void * sec,u64 subnet_prefix,u16 pkey)1849 static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey) 1850 { 1851 return 0; 1852 } 1853 security_ib_endport_manage_subnet(void * sec,const char * dev_name,u8 port_num)1854 static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num) 1855 { 1856 return 0; 1857 } 1858 security_ib_alloc_security(void ** sec)1859 static inline int security_ib_alloc_security(void **sec) 1860 { 1861 return 0; 1862 } 1863 security_ib_free_security(void * sec)1864 static inline void security_ib_free_security(void *sec) 1865 { 1866 } 1867 #endif /* CONFIG_SECURITY_INFINIBAND */ 1868 1869 #ifdef CONFIG_SECURITY_NETWORK_XFRM 1870 1871 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1872 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1873 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1874 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1875 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1876 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1877 int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1878 struct xfrm_sec_ctx *polsec, u32 secid); 1879 int security_xfrm_state_delete(struct xfrm_state *x); 1880 void security_xfrm_state_free(struct xfrm_state *x); 1881 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid); 1882 int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1883 struct xfrm_policy *xp, 1884 const struct flowi_common *flic); 1885 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1886 void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic); 1887 1888 #else /* CONFIG_SECURITY_NETWORK_XFRM */ 1889 security_xfrm_policy_alloc(struct xfrm_sec_ctx ** ctxp,struct xfrm_user_sec_ctx * sec_ctx,gfp_t gfp)1890 static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1891 struct xfrm_user_sec_ctx *sec_ctx, 1892 gfp_t gfp) 1893 { 1894 return 0; 1895 } 1896 security_xfrm_policy_clone(struct xfrm_sec_ctx * old,struct xfrm_sec_ctx ** new_ctxp)1897 static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1898 { 1899 return 0; 1900 } 1901 security_xfrm_policy_free(struct xfrm_sec_ctx * ctx)1902 static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1903 { 1904 } 1905 security_xfrm_policy_delete(struct xfrm_sec_ctx * ctx)1906 static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1907 { 1908 return 0; 1909 } 1910 security_xfrm_state_alloc(struct xfrm_state * x,struct xfrm_user_sec_ctx * sec_ctx)1911 static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1912 struct xfrm_user_sec_ctx *sec_ctx) 1913 { 1914 return 0; 1915 } 1916 security_xfrm_state_alloc_acquire(struct xfrm_state * x,struct xfrm_sec_ctx * polsec,u32 secid)1917 static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1918 struct xfrm_sec_ctx *polsec, u32 secid) 1919 { 1920 return 0; 1921 } 1922 security_xfrm_state_free(struct xfrm_state * x)1923 static inline void security_xfrm_state_free(struct xfrm_state *x) 1924 { 1925 } 1926 security_xfrm_state_delete(struct xfrm_state * x)1927 static inline int security_xfrm_state_delete(struct xfrm_state *x) 1928 { 1929 return 0; 1930 } 1931 security_xfrm_policy_lookup(struct xfrm_sec_ctx * ctx,u32 fl_secid)1932 static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 1933 { 1934 return 0; 1935 } 1936 security_xfrm_state_pol_flow_match(struct xfrm_state * x,struct xfrm_policy * xp,const struct flowi_common * flic)1937 static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1938 struct xfrm_policy *xp, 1939 const struct flowi_common *flic) 1940 { 1941 return 1; 1942 } 1943 security_xfrm_decode_session(struct sk_buff * skb,u32 * secid)1944 static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1945 { 1946 return 0; 1947 } 1948 security_skb_classify_flow(struct sk_buff * skb,struct flowi_common * flic)1949 static inline void security_skb_classify_flow(struct sk_buff *skb, 1950 struct flowi_common *flic) 1951 { 1952 } 1953 1954 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1955 1956 #ifdef CONFIG_SECURITY_PATH 1957 int security_path_unlink(const struct path *dir, struct dentry *dentry); 1958 int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); 1959 int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1960 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1961 unsigned int dev); 1962 void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry); 1963 int security_path_truncate(const struct path *path); 1964 int security_path_symlink(const struct path *dir, struct dentry *dentry, 1965 const char *old_name); 1966 int security_path_link(struct dentry *old_dentry, const struct path *new_dir, 1967 struct dentry *new_dentry); 1968 int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, 1969 const struct path *new_dir, struct dentry *new_dentry, 1970 unsigned int flags); 1971 int security_path_chmod(const struct path *path, umode_t mode); 1972 int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); 1973 int security_path_chroot(const struct path *path); 1974 #else /* CONFIG_SECURITY_PATH */ security_path_unlink(const struct path * dir,struct dentry * dentry)1975 static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) 1976 { 1977 return 0; 1978 } 1979 security_path_mkdir(const struct path * dir,struct dentry * dentry,umode_t mode)1980 static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, 1981 umode_t mode) 1982 { 1983 return 0; 1984 } 1985 security_path_rmdir(const struct path * dir,struct dentry * dentry)1986 static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) 1987 { 1988 return 0; 1989 } 1990 security_path_mknod(const struct path * dir,struct dentry * dentry,umode_t mode,unsigned int dev)1991 static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, 1992 umode_t mode, unsigned int dev) 1993 { 1994 return 0; 1995 } 1996 security_path_post_mknod(struct mnt_idmap * idmap,struct dentry * dentry)1997 static inline void security_path_post_mknod(struct mnt_idmap *idmap, 1998 struct dentry *dentry) 1999 { } 2000 security_path_truncate(const struct path * path)2001 static inline int security_path_truncate(const struct path *path) 2002 { 2003 return 0; 2004 } 2005 security_path_symlink(const struct path * dir,struct dentry * dentry,const char * old_name)2006 static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, 2007 const char *old_name) 2008 { 2009 return 0; 2010 } 2011 security_path_link(struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry)2012 static inline int security_path_link(struct dentry *old_dentry, 2013 const struct path *new_dir, 2014 struct dentry *new_dentry) 2015 { 2016 return 0; 2017 } 2018 security_path_rename(const struct path * old_dir,struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry,unsigned int flags)2019 static inline int security_path_rename(const struct path *old_dir, 2020 struct dentry *old_dentry, 2021 const struct path *new_dir, 2022 struct dentry *new_dentry, 2023 unsigned int flags) 2024 { 2025 return 0; 2026 } 2027 security_path_chmod(const struct path * path,umode_t mode)2028 static inline int security_path_chmod(const struct path *path, umode_t mode) 2029 { 2030 return 0; 2031 } 2032 security_path_chown(const struct path * path,kuid_t uid,kgid_t gid)2033 static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 2034 { 2035 return 0; 2036 } 2037 security_path_chroot(const struct path * path)2038 static inline int security_path_chroot(const struct path *path) 2039 { 2040 return 0; 2041 } 2042 #endif /* CONFIG_SECURITY_PATH */ 2043 2044 #ifdef CONFIG_KEYS 2045 #ifdef CONFIG_SECURITY 2046 2047 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 2048 void security_key_free(struct key *key); 2049 int security_key_permission(key_ref_t key_ref, const struct cred *cred, 2050 enum key_need_perm need_perm); 2051 int security_key_getsecurity(struct key *key, char **_buffer); 2052 void security_key_post_create_or_update(struct key *keyring, struct key *key, 2053 const void *payload, size_t payload_len, 2054 unsigned long flags, bool create); 2055 2056 #else 2057 security_key_alloc(struct key * key,const struct cred * cred,unsigned long flags)2058 static inline int security_key_alloc(struct key *key, 2059 const struct cred *cred, 2060 unsigned long flags) 2061 { 2062 return 0; 2063 } 2064 security_key_free(struct key * key)2065 static inline void security_key_free(struct key *key) 2066 { 2067 } 2068 security_key_permission(key_ref_t key_ref,const struct cred * cred,enum key_need_perm need_perm)2069 static inline int security_key_permission(key_ref_t key_ref, 2070 const struct cred *cred, 2071 enum key_need_perm need_perm) 2072 { 2073 return 0; 2074 } 2075 security_key_getsecurity(struct key * key,char ** _buffer)2076 static inline int security_key_getsecurity(struct key *key, char **_buffer) 2077 { 2078 *_buffer = NULL; 2079 return 0; 2080 } 2081 security_key_post_create_or_update(struct key * keyring,struct key * key,const void * payload,size_t payload_len,unsigned long flags,bool create)2082 static inline void security_key_post_create_or_update(struct key *keyring, 2083 struct key *key, 2084 const void *payload, 2085 size_t payload_len, 2086 unsigned long flags, 2087 bool create) 2088 { } 2089 2090 #endif 2091 #endif /* CONFIG_KEYS */ 2092 2093 #ifdef CONFIG_AUDIT 2094 #ifdef CONFIG_SECURITY 2095 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, 2096 gfp_t gfp); 2097 int security_audit_rule_known(struct audit_krule *krule); 2098 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); 2099 void security_audit_rule_free(void *lsmrule); 2100 2101 #else 2102 security_audit_rule_init(u32 field,u32 op,char * rulestr,void ** lsmrule,gfp_t gfp)2103 static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 2104 void **lsmrule, gfp_t gfp) 2105 { 2106 return 0; 2107 } 2108 security_audit_rule_known(struct audit_krule * krule)2109 static inline int security_audit_rule_known(struct audit_krule *krule) 2110 { 2111 return 0; 2112 } 2113 security_audit_rule_match(u32 secid,u32 field,u32 op,void * lsmrule)2114 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 2115 void *lsmrule) 2116 { 2117 return 0; 2118 } 2119 security_audit_rule_free(void * lsmrule)2120 static inline void security_audit_rule_free(void *lsmrule) 2121 { } 2122 2123 #endif /* CONFIG_SECURITY */ 2124 #endif /* CONFIG_AUDIT */ 2125 2126 #ifdef CONFIG_SECURITYFS 2127 2128 extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 2129 struct dentry *parent, void *data, 2130 const struct file_operations *fops); 2131 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 2132 struct dentry *securityfs_create_symlink(const char *name, 2133 struct dentry *parent, 2134 const char *target, 2135 const struct inode_operations *iops); 2136 extern void securityfs_remove(struct dentry *dentry); 2137 extern void securityfs_recursive_remove(struct dentry *dentry); 2138 2139 #else /* CONFIG_SECURITYFS */ 2140 securityfs_create_dir(const char * name,struct dentry * parent)2141 static inline struct dentry *securityfs_create_dir(const char *name, 2142 struct dentry *parent) 2143 { 2144 return ERR_PTR(-ENODEV); 2145 } 2146 securityfs_create_file(const char * name,umode_t mode,struct dentry * parent,void * data,const struct file_operations * fops)2147 static inline struct dentry *securityfs_create_file(const char *name, 2148 umode_t mode, 2149 struct dentry *parent, 2150 void *data, 2151 const struct file_operations *fops) 2152 { 2153 return ERR_PTR(-ENODEV); 2154 } 2155 securityfs_create_symlink(const char * name,struct dentry * parent,const char * target,const struct inode_operations * iops)2156 static inline struct dentry *securityfs_create_symlink(const char *name, 2157 struct dentry *parent, 2158 const char *target, 2159 const struct inode_operations *iops) 2160 { 2161 return ERR_PTR(-ENODEV); 2162 } 2163 securityfs_remove(struct dentry * dentry)2164 static inline void securityfs_remove(struct dentry *dentry) 2165 {} 2166 2167 #endif 2168 2169 #ifdef CONFIG_BPF_SYSCALL 2170 union bpf_attr; 2171 struct bpf_map; 2172 struct bpf_prog; 2173 struct bpf_token; 2174 #ifdef CONFIG_SECURITY 2175 extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size); 2176 extern int security_bpf_map(struct bpf_map *map, fmode_t fmode); 2177 extern int security_bpf_prog(struct bpf_prog *prog); 2178 extern int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr, 2179 struct bpf_token *token); 2180 extern void security_bpf_map_free(struct bpf_map *map); 2181 extern int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr, 2182 struct bpf_token *token); 2183 extern void security_bpf_prog_free(struct bpf_prog *prog); 2184 extern int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 2185 const struct path *path); 2186 extern void security_bpf_token_free(struct bpf_token *token); 2187 extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd); 2188 extern int security_bpf_token_capable(const struct bpf_token *token, int cap); 2189 #else security_bpf(int cmd,union bpf_attr * attr,unsigned int size)2190 static inline int security_bpf(int cmd, union bpf_attr *attr, 2191 unsigned int size) 2192 { 2193 return 0; 2194 } 2195 security_bpf_map(struct bpf_map * map,fmode_t fmode)2196 static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode) 2197 { 2198 return 0; 2199 } 2200 security_bpf_prog(struct bpf_prog * prog)2201 static inline int security_bpf_prog(struct bpf_prog *prog) 2202 { 2203 return 0; 2204 } 2205 security_bpf_map_create(struct bpf_map * map,union bpf_attr * attr,struct bpf_token * token)2206 static inline int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr, 2207 struct bpf_token *token) 2208 { 2209 return 0; 2210 } 2211 security_bpf_map_free(struct bpf_map * map)2212 static inline void security_bpf_map_free(struct bpf_map *map) 2213 { } 2214 security_bpf_prog_load(struct bpf_prog * prog,union bpf_attr * attr,struct bpf_token * token)2215 static inline int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr, 2216 struct bpf_token *token) 2217 { 2218 return 0; 2219 } 2220 security_bpf_prog_free(struct bpf_prog * prog)2221 static inline void security_bpf_prog_free(struct bpf_prog *prog) 2222 { } 2223 security_bpf_token_create(struct bpf_token * token,union bpf_attr * attr,const struct path * path)2224 static inline int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 2225 const struct path *path) 2226 { 2227 return 0; 2228 } 2229 security_bpf_token_free(struct bpf_token * token)2230 static inline void security_bpf_token_free(struct bpf_token *token) 2231 { } 2232 security_bpf_token_cmd(const struct bpf_token * token,enum bpf_cmd cmd)2233 static inline int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd) 2234 { 2235 return 0; 2236 } 2237 security_bpf_token_capable(const struct bpf_token * token,int cap)2238 static inline int security_bpf_token_capable(const struct bpf_token *token, int cap) 2239 { 2240 return 0; 2241 } 2242 #endif /* CONFIG_SECURITY */ 2243 #endif /* CONFIG_BPF_SYSCALL */ 2244 2245 #ifdef CONFIG_PERF_EVENTS 2246 struct perf_event_attr; 2247 struct perf_event; 2248 2249 #ifdef CONFIG_SECURITY 2250 extern int security_perf_event_open(struct perf_event_attr *attr, int type); 2251 extern int security_perf_event_alloc(struct perf_event *event); 2252 extern void security_perf_event_free(struct perf_event *event); 2253 extern int security_perf_event_read(struct perf_event *event); 2254 extern int security_perf_event_write(struct perf_event *event); 2255 #else security_perf_event_open(struct perf_event_attr * attr,int type)2256 static inline int security_perf_event_open(struct perf_event_attr *attr, 2257 int type) 2258 { 2259 return 0; 2260 } 2261 security_perf_event_alloc(struct perf_event * event)2262 static inline int security_perf_event_alloc(struct perf_event *event) 2263 { 2264 return 0; 2265 } 2266 security_perf_event_free(struct perf_event * event)2267 static inline void security_perf_event_free(struct perf_event *event) 2268 { 2269 } 2270 security_perf_event_read(struct perf_event * event)2271 static inline int security_perf_event_read(struct perf_event *event) 2272 { 2273 return 0; 2274 } 2275 security_perf_event_write(struct perf_event * event)2276 static inline int security_perf_event_write(struct perf_event *event) 2277 { 2278 return 0; 2279 } 2280 #endif /* CONFIG_SECURITY */ 2281 #endif /* CONFIG_PERF_EVENTS */ 2282 2283 #ifdef CONFIG_IO_URING 2284 #ifdef CONFIG_SECURITY 2285 extern int security_uring_override_creds(const struct cred *new); 2286 extern int security_uring_sqpoll(void); 2287 extern int security_uring_cmd(struct io_uring_cmd *ioucmd); 2288 #else security_uring_override_creds(const struct cred * new)2289 static inline int security_uring_override_creds(const struct cred *new) 2290 { 2291 return 0; 2292 } security_uring_sqpoll(void)2293 static inline int security_uring_sqpoll(void) 2294 { 2295 return 0; 2296 } security_uring_cmd(struct io_uring_cmd * ioucmd)2297 static inline int security_uring_cmd(struct io_uring_cmd *ioucmd) 2298 { 2299 return 0; 2300 } 2301 #endif /* CONFIG_SECURITY */ 2302 #endif /* CONFIG_IO_URING */ 2303 2304 #ifdef CONFIG_SECURITY 2305 extern void security_initramfs_populated(void); 2306 #else security_initramfs_populated(void)2307 static inline void security_initramfs_populated(void) 2308 { 2309 } 2310 #endif /* CONFIG_SECURITY */ 2311 2312 #endif /* ! __LINUX_SECURITY_H */ 2313