The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/capability.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*
    2  *  Capabilities Linux Security Module
    3  *
    4  *  This is the default security module in case no other module is loaded.
    5  *
    6  *      This program is free software; you can redistribute it and/or modify
    7  *      it under the terms of the GNU General Public License as published by
    8  *      the Free Software Foundation; either version 2 of the License, or
    9  *      (at your option) any later version.
   10  *
   11  */
   12 
   13 #include <linux/security.h>
   14 
   15 static int cap_syslog(int type)
   16 {
   17         return 0;
   18 }
   19 
   20 static int cap_quotactl(int cmds, int type, int id, struct super_block *sb)
   21 {
   22         return 0;
   23 }
   24 
   25 static int cap_quota_on(struct dentry *dentry)
   26 {
   27         return 0;
   28 }
   29 
   30 static int cap_bprm_check_security(struct linux_binprm *bprm)
   31 {
   32         return 0;
   33 }
   34 
   35 static void cap_bprm_committing_creds(struct linux_binprm *bprm)
   36 {
   37 }
   38 
   39 static void cap_bprm_committed_creds(struct linux_binprm *bprm)
   40 {
   41 }
   42 
   43 static int cap_sb_alloc_security(struct super_block *sb)
   44 {
   45         return 0;
   46 }
   47 
   48 static void cap_sb_free_security(struct super_block *sb)
   49 {
   50 }
   51 
   52 static int cap_sb_copy_data(char *orig, char *copy)
   53 {
   54         return 0;
   55 }
   56 
   57 static int cap_sb_remount(struct super_block *sb, void *data)
   58 {
   59         return 0;
   60 }
   61 
   62 static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
   63 {
   64         return 0;
   65 }
   66 
   67 static int cap_sb_show_options(struct seq_file *m, struct super_block *sb)
   68 {
   69         return 0;
   70 }
   71 
   72 static int cap_sb_statfs(struct dentry *dentry)
   73 {
   74         return 0;
   75 }
   76 
   77 static int cap_sb_mount(const char *dev_name, struct path *path,
   78                         const char *type, unsigned long flags, void *data)
   79 {
   80         return 0;
   81 }
   82 
   83 static int cap_sb_umount(struct vfsmount *mnt, int flags)
   84 {
   85         return 0;
   86 }
   87 
   88 static int cap_sb_pivotroot(struct path *old_path, struct path *new_path)
   89 {
   90         return 0;
   91 }
   92 
   93 static int cap_sb_set_mnt_opts(struct super_block *sb,
   94                                struct security_mnt_opts *opts)
   95 {
   96         if (unlikely(opts->num_mnt_opts))
   97                 return -EOPNOTSUPP;
   98         return 0;
   99 }
  100 
  101 static void cap_sb_clone_mnt_opts(const struct super_block *oldsb,
  102                                   struct super_block *newsb)
  103 {
  104 }
  105 
  106 static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
  107 {
  108         return 0;
  109 }
  110 
  111 static int cap_inode_alloc_security(struct inode *inode)
  112 {
  113         return 0;
  114 }
  115 
  116 static void cap_inode_free_security(struct inode *inode)
  117 {
  118 }
  119 
  120 static int cap_inode_init_security(struct inode *inode, struct inode *dir,
  121                                    const struct qstr *qstr, char **name,
  122                                    void **value, size_t *len)
  123 {
  124         return -EOPNOTSUPP;
  125 }
  126 
  127 static int cap_inode_create(struct inode *inode, struct dentry *dentry,
  128                             umode_t mask)
  129 {
  130         return 0;
  131 }
  132 
  133 static int cap_inode_link(struct dentry *old_dentry, struct inode *inode,
  134                           struct dentry *new_dentry)
  135 {
  136         return 0;
  137 }
  138 
  139 static int cap_inode_unlink(struct inode *inode, struct dentry *dentry)
  140 {
  141         return 0;
  142 }
  143 
  144 static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
  145                              const char *name)
  146 {
  147         return 0;
  148 }
  149 
  150 static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
  151                            umode_t mask)
  152 {
  153         return 0;
  154 }
  155 
  156 static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
  157 {
  158         return 0;
  159 }
  160 
  161 static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
  162                            umode_t mode, dev_t dev)
  163 {
  164         return 0;
  165 }
  166 
  167 static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
  168                             struct inode *new_inode, struct dentry *new_dentry)
  169 {
  170         return 0;
  171 }
  172 
  173 static int cap_inode_readlink(struct dentry *dentry)
  174 {
  175         return 0;
  176 }
  177 
  178 static int cap_inode_follow_link(struct dentry *dentry,
  179                                  struct nameidata *nameidata)
  180 {
  181         return 0;
  182 }
  183 
  184 static int cap_inode_permission(struct inode *inode, int mask)
  185 {
  186         return 0;
  187 }
  188 
  189 static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr)
  190 {
  191         return 0;
  192 }
  193 
  194 static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
  195 {
  196         return 0;
  197 }
  198 
  199 static void cap_inode_post_setxattr(struct dentry *dentry, const char *name,
  200                                     const void *value, size_t size, int flags)
  201 {
  202 }
  203 
  204 static int cap_inode_getxattr(struct dentry *dentry, const char *name)
  205 {
  206         return 0;
  207 }
  208 
  209 static int cap_inode_listxattr(struct dentry *dentry)
  210 {
  211         return 0;
  212 }
  213 
  214 static int cap_inode_getsecurity(const struct inode *inode, const char *name,
  215                                  void **buffer, bool alloc)
  216 {
  217         return -EOPNOTSUPP;
  218 }
  219 
  220 static int cap_inode_setsecurity(struct inode *inode, const char *name,
  221                                  const void *value, size_t size, int flags)
  222 {
  223         return -EOPNOTSUPP;
  224 }
  225 
  226 static int cap_inode_listsecurity(struct inode *inode, char *buffer,
  227                                   size_t buffer_size)
  228 {
  229         return 0;
  230 }
  231 
  232 static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
  233 {
  234         *secid = 0;
  235 }
  236 
  237 #ifdef CONFIG_SECURITY_PATH
  238 static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
  239                           unsigned int dev)
  240 {
  241         return 0;
  242 }
  243 
  244 static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
  245 {
  246         return 0;
  247 }
  248 
  249 static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
  250 {
  251         return 0;
  252 }
  253 
  254 static int cap_path_unlink(struct path *dir, struct dentry *dentry)
  255 {
  256         return 0;
  257 }
  258 
  259 static int cap_path_symlink(struct path *dir, struct dentry *dentry,
  260                             const char *old_name)
  261 {
  262         return 0;
  263 }
  264 
  265 static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
  266                          struct dentry *new_dentry)
  267 {
  268         return 0;
  269 }
  270 
  271 static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
  272                            struct path *new_path, struct dentry *new_dentry)
  273 {
  274         return 0;
  275 }
  276 
  277 static int cap_path_truncate(struct path *path)
  278 {
  279         return 0;
  280 }
  281 
  282 static int cap_path_chmod(struct path *path, umode_t mode)
  283 {
  284         return 0;
  285 }
  286 
  287 static int cap_path_chown(struct path *path, kuid_t uid, kgid_t gid)
  288 {
  289         return 0;
  290 }
  291 
  292 static int cap_path_chroot(struct path *root)
  293 {
  294         return 0;
  295 }
  296 #endif
  297 
  298 static int cap_file_permission(struct file *file, int mask)
  299 {
  300         return 0;
  301 }
  302 
  303 static int cap_file_alloc_security(struct file *file)
  304 {
  305         return 0;
  306 }
  307 
  308 static void cap_file_free_security(struct file *file)
  309 {
  310 }
  311 
  312 static int cap_file_ioctl(struct file *file, unsigned int command,
  313                           unsigned long arg)
  314 {
  315         return 0;
  316 }
  317 
  318 static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
  319                              unsigned long prot)
  320 {
  321         return 0;
  322 }
  323 
  324 static int cap_file_lock(struct file *file, unsigned int cmd)
  325 {
  326         return 0;
  327 }
  328 
  329 static int cap_file_fcntl(struct file *file, unsigned int cmd,
  330                           unsigned long arg)
  331 {
  332         return 0;
  333 }
  334 
  335 static int cap_file_set_fowner(struct file *file)
  336 {
  337         return 0;
  338 }
  339 
  340 static int cap_file_send_sigiotask(struct task_struct *tsk,
  341                                    struct fown_struct *fown, int sig)
  342 {
  343         return 0;
  344 }
  345 
  346 static int cap_file_receive(struct file *file)
  347 {
  348         return 0;
  349 }
  350 
  351 static int cap_file_open(struct file *file, const struct cred *cred)
  352 {
  353         return 0;
  354 }
  355 
  356 static int cap_task_create(unsigned long clone_flags)
  357 {
  358         return 0;
  359 }
  360 
  361 static void cap_task_free(struct task_struct *task)
  362 {
  363 }
  364 
  365 static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
  366 {
  367         return 0;
  368 }
  369 
  370 static void cap_cred_free(struct cred *cred)
  371 {
  372 }
  373 
  374 static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
  375 {
  376         return 0;
  377 }
  378 
  379 static void cap_cred_transfer(struct cred *new, const struct cred *old)
  380 {
  381 }
  382 
  383 static int cap_kernel_act_as(struct cred *new, u32 secid)
  384 {
  385         return 0;
  386 }
  387 
  388 static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
  389 {
  390         return 0;
  391 }
  392 
  393 static int cap_kernel_module_request(char *kmod_name)
  394 {
  395         return 0;
  396 }
  397 
  398 static int cap_kernel_module_from_file(struct file *file)
  399 {
  400         return 0;
  401 }
  402 
  403 static int cap_task_setpgid(struct task_struct *p, pid_t pgid)
  404 {
  405         return 0;
  406 }
  407 
  408 static int cap_task_getpgid(struct task_struct *p)
  409 {
  410         return 0;
  411 }
  412 
  413 static int cap_task_getsid(struct task_struct *p)
  414 {
  415         return 0;
  416 }
  417 
  418 static void cap_task_getsecid(struct task_struct *p, u32 *secid)
  419 {
  420         *secid = 0;
  421 }
  422 
  423 static int cap_task_getioprio(struct task_struct *p)
  424 {
  425         return 0;
  426 }
  427 
  428 static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
  429                 struct rlimit *new_rlim)
  430 {
  431         return 0;
  432 }
  433 
  434 static int cap_task_getscheduler(struct task_struct *p)
  435 {
  436         return 0;
  437 }
  438 
  439 static int cap_task_movememory(struct task_struct *p)
  440 {
  441         return 0;
  442 }
  443 
  444 static int cap_task_wait(struct task_struct *p)
  445 {
  446         return 0;
  447 }
  448 
  449 static int cap_task_kill(struct task_struct *p, struct siginfo *info,
  450                          int sig, u32 secid)
  451 {
  452         return 0;
  453 }
  454 
  455 static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
  456 {
  457 }
  458 
  459 static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
  460 {
  461         return 0;
  462 }
  463 
  464 static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
  465 {
  466         *secid = 0;
  467 }
  468 
  469 static int cap_msg_msg_alloc_security(struct msg_msg *msg)
  470 {
  471         return 0;
  472 }
  473 
  474 static void cap_msg_msg_free_security(struct msg_msg *msg)
  475 {
  476 }
  477 
  478 static int cap_msg_queue_alloc_security(struct msg_queue *msq)
  479 {
  480         return 0;
  481 }
  482 
  483 static void cap_msg_queue_free_security(struct msg_queue *msq)
  484 {
  485 }
  486 
  487 static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg)
  488 {
  489         return 0;
  490 }
  491 
  492 static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd)
  493 {
  494         return 0;
  495 }
  496 
  497 static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
  498                                 int msgflg)
  499 {
  500         return 0;
  501 }
  502 
  503 static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
  504                                 struct task_struct *target, long type, int mode)
  505 {
  506         return 0;
  507 }
  508 
  509 static int cap_shm_alloc_security(struct shmid_kernel *shp)
  510 {
  511         return 0;
  512 }
  513 
  514 static void cap_shm_free_security(struct shmid_kernel *shp)
  515 {
  516 }
  517 
  518 static int cap_shm_associate(struct shmid_kernel *shp, int shmflg)
  519 {
  520         return 0;
  521 }
  522 
  523 static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd)
  524 {
  525         return 0;
  526 }
  527 
  528 static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
  529                          int shmflg)
  530 {
  531         return 0;
  532 }
  533 
  534 static int cap_sem_alloc_security(struct sem_array *sma)
  535 {
  536         return 0;
  537 }
  538 
  539 static void cap_sem_free_security(struct sem_array *sma)
  540 {
  541 }
  542 
  543 static int cap_sem_associate(struct sem_array *sma, int semflg)
  544 {
  545         return 0;
  546 }
  547 
  548 static int cap_sem_semctl(struct sem_array *sma, int cmd)
  549 {
  550         return 0;
  551 }
  552 
  553 static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
  554                          unsigned nsops, int alter)
  555 {
  556         return 0;
  557 }
  558 
  559 #ifdef CONFIG_SECURITY_NETWORK
  560 static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
  561                                    struct sock *newsk)
  562 {
  563         return 0;
  564 }
  565 
  566 static int cap_unix_may_send(struct socket *sock, struct socket *other)
  567 {
  568         return 0;
  569 }
  570 
  571 static int cap_socket_create(int family, int type, int protocol, int kern)
  572 {
  573         return 0;
  574 }
  575 
  576 static int cap_socket_post_create(struct socket *sock, int family, int type,
  577                                   int protocol, int kern)
  578 {
  579         return 0;
  580 }
  581 
  582 static int cap_socket_bind(struct socket *sock, struct sockaddr *address,
  583                            int addrlen)
  584 {
  585         return 0;
  586 }
  587 
  588 static int cap_socket_connect(struct socket *sock, struct sockaddr *address,
  589                               int addrlen)
  590 {
  591         return 0;
  592 }
  593 
  594 static int cap_socket_listen(struct socket *sock, int backlog)
  595 {
  596         return 0;
  597 }
  598 
  599 static int cap_socket_accept(struct socket *sock, struct socket *newsock)
  600 {
  601         return 0;
  602 }
  603 
  604 static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
  605 {
  606         return 0;
  607 }
  608 
  609 static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg,
  610                               int size, int flags)
  611 {
  612         return 0;
  613 }
  614 
  615 static int cap_socket_getsockname(struct socket *sock)
  616 {
  617         return 0;
  618 }
  619 
  620 static int cap_socket_getpeername(struct socket *sock)
  621 {
  622         return 0;
  623 }
  624 
  625 static int cap_socket_setsockopt(struct socket *sock, int level, int optname)
  626 {
  627         return 0;
  628 }
  629 
  630 static int cap_socket_getsockopt(struct socket *sock, int level, int optname)
  631 {
  632         return 0;
  633 }
  634 
  635 static int cap_socket_shutdown(struct socket *sock, int how)
  636 {
  637         return 0;
  638 }
  639 
  640 static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
  641 {
  642         return 0;
  643 }
  644 
  645 static int cap_socket_getpeersec_stream(struct socket *sock,
  646                                         char __user *optval,
  647                                         int __user *optlen, unsigned len)
  648 {
  649         return -ENOPROTOOPT;
  650 }
  651 
  652 static int cap_socket_getpeersec_dgram(struct socket *sock,
  653                                        struct sk_buff *skb, u32 *secid)
  654 {
  655         return -ENOPROTOOPT;
  656 }
  657 
  658 static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
  659 {
  660         return 0;
  661 }
  662 
  663 static void cap_sk_free_security(struct sock *sk)
  664 {
  665 }
  666 
  667 static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk)
  668 {
  669 }
  670 
  671 static void cap_sk_getsecid(struct sock *sk, u32 *secid)
  672 {
  673 }
  674 
  675 static void cap_sock_graft(struct sock *sk, struct socket *parent)
  676 {
  677 }
  678 
  679 static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb,
  680                                  struct request_sock *req)
  681 {
  682         return 0;
  683 }
  684 
  685 static void cap_inet_csk_clone(struct sock *newsk,
  686                                const struct request_sock *req)
  687 {
  688 }
  689 
  690 static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
  691 {
  692 }
  693 
  694 static int cap_secmark_relabel_packet(u32 secid)
  695 {
  696         return 0;
  697 }
  698 
  699 static void cap_secmark_refcount_inc(void)
  700 {
  701 }
  702 
  703 static void cap_secmark_refcount_dec(void)
  704 {
  705 }
  706 
  707 static void cap_req_classify_flow(const struct request_sock *req,
  708                                   struct flowi *fl)
  709 {
  710 }
  711 
  712 static int cap_tun_dev_alloc_security(void **security)
  713 {
  714         return 0;
  715 }
  716 
  717 static void cap_tun_dev_free_security(void *security)
  718 {
  719 }
  720 
  721 static int cap_tun_dev_create(void)
  722 {
  723         return 0;
  724 }
  725 
  726 static int cap_tun_dev_attach_queue(void *security)
  727 {
  728         return 0;
  729 }
  730 
  731 static int cap_tun_dev_attach(struct sock *sk, void *security)
  732 {
  733         return 0;
  734 }
  735 
  736 static int cap_tun_dev_open(void *security)
  737 {
  738         return 0;
  739 }
  740 #endif  /* CONFIG_SECURITY_NETWORK */
  741 
  742 #ifdef CONFIG_SECURITY_NETWORK_XFRM
  743 static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
  744                                           struct xfrm_user_sec_ctx *sec_ctx)
  745 {
  746         return 0;
  747 }
  748 
  749 static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
  750                                           struct xfrm_sec_ctx **new_ctxp)
  751 {
  752         return 0;
  753 }
  754 
  755 static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
  756 {
  757 }
  758 
  759 static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
  760 {
  761         return 0;
  762 }
  763 
  764 static int cap_xfrm_state_alloc_security(struct xfrm_state *x,
  765                                          struct xfrm_user_sec_ctx *sec_ctx,
  766                                          u32 secid)
  767 {
  768         return 0;
  769 }
  770 
  771 static void cap_xfrm_state_free_security(struct xfrm_state *x)
  772 {
  773 }
  774 
  775 static int cap_xfrm_state_delete_security(struct xfrm_state *x)
  776 {
  777         return 0;
  778 }
  779 
  780 static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
  781 {
  782         return 0;
  783 }
  784 
  785 static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
  786                                          struct xfrm_policy *xp,
  787                                          const struct flowi *fl)
  788 {
  789         return 1;
  790 }
  791 
  792 static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
  793 {
  794         return 0;
  795 }
  796 
  797 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
  798 static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
  799 {
  800 }
  801 
  802 static int cap_getprocattr(struct task_struct *p, char *name, char **value)
  803 {
  804         return -EINVAL;
  805 }
  806 
  807 static int cap_setprocattr(struct task_struct *p, char *name, void *value,
  808                            size_t size)
  809 {
  810         return -EINVAL;
  811 }
  812 
  813 static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
  814 {
  815         return -EOPNOTSUPP;
  816 }
  817 
  818 static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
  819 {
  820         *secid = 0;
  821         return 0;
  822 }
  823 
  824 static void cap_release_secctx(char *secdata, u32 seclen)
  825 {
  826 }
  827 
  828 static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
  829 {
  830         return 0;
  831 }
  832 
  833 static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
  834 {
  835         return 0;
  836 }
  837 
  838 static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
  839 {
  840         return 0;
  841 }
  842 #ifdef CONFIG_KEYS
  843 static int cap_key_alloc(struct key *key, const struct cred *cred,
  844                          unsigned long flags)
  845 {
  846         return 0;
  847 }
  848 
  849 static void cap_key_free(struct key *key)
  850 {
  851 }
  852 
  853 static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
  854                               key_perm_t perm)
  855 {
  856         return 0;
  857 }
  858 
  859 static int cap_key_getsecurity(struct key *key, char **_buffer)
  860 {
  861         *_buffer = NULL;
  862         return 0;
  863 }
  864 
  865 #endif /* CONFIG_KEYS */
  866 
  867 #ifdef CONFIG_AUDIT
  868 static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
  869 {
  870         return 0;
  871 }
  872 
  873 static int cap_audit_rule_known(struct audit_krule *krule)
  874 {
  875         return 0;
  876 }
  877 
  878 static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
  879                                 struct audit_context *actx)
  880 {
  881         return 0;
  882 }
  883 
  884 static void cap_audit_rule_free(void *lsmrule)
  885 {
  886 }
  887 #endif /* CONFIG_AUDIT */
  888 
  889 #define set_to_cap_if_null(ops, function)                               \
  890         do {                                                            \
  891                 if (!ops->function) {                                   \
  892                         ops->function = cap_##function;                 \
  893                         pr_debug("Had to override the " #function       \
  894                                  " security operation with the default.\n");\
  895                         }                                               \
  896         } while (0)
  897 
  898 void __init security_fixup_ops(struct security_operations *ops)
  899 {
  900         set_to_cap_if_null(ops, ptrace_access_check);
  901         set_to_cap_if_null(ops, ptrace_traceme);
  902         set_to_cap_if_null(ops, capget);
  903         set_to_cap_if_null(ops, capset);
  904         set_to_cap_if_null(ops, capable);
  905         set_to_cap_if_null(ops, quotactl);
  906         set_to_cap_if_null(ops, quota_on);
  907         set_to_cap_if_null(ops, syslog);
  908         set_to_cap_if_null(ops, settime);
  909         set_to_cap_if_null(ops, vm_enough_memory);
  910         set_to_cap_if_null(ops, bprm_set_creds);
  911         set_to_cap_if_null(ops, bprm_committing_creds);
  912         set_to_cap_if_null(ops, bprm_committed_creds);
  913         set_to_cap_if_null(ops, bprm_check_security);
  914         set_to_cap_if_null(ops, bprm_secureexec);
  915         set_to_cap_if_null(ops, sb_alloc_security);
  916         set_to_cap_if_null(ops, sb_free_security);
  917         set_to_cap_if_null(ops, sb_copy_data);
  918         set_to_cap_if_null(ops, sb_remount);
  919         set_to_cap_if_null(ops, sb_kern_mount);
  920         set_to_cap_if_null(ops, sb_show_options);
  921         set_to_cap_if_null(ops, sb_statfs);
  922         set_to_cap_if_null(ops, sb_mount);
  923         set_to_cap_if_null(ops, sb_umount);
  924         set_to_cap_if_null(ops, sb_pivotroot);
  925         set_to_cap_if_null(ops, sb_set_mnt_opts);
  926         set_to_cap_if_null(ops, sb_clone_mnt_opts);
  927         set_to_cap_if_null(ops, sb_parse_opts_str);
  928         set_to_cap_if_null(ops, inode_alloc_security);
  929         set_to_cap_if_null(ops, inode_free_security);
  930         set_to_cap_if_null(ops, inode_init_security);
  931         set_to_cap_if_null(ops, inode_create);
  932         set_to_cap_if_null(ops, inode_link);
  933         set_to_cap_if_null(ops, inode_unlink);
  934         set_to_cap_if_null(ops, inode_symlink);
  935         set_to_cap_if_null(ops, inode_mkdir);
  936         set_to_cap_if_null(ops, inode_rmdir);
  937         set_to_cap_if_null(ops, inode_mknod);
  938         set_to_cap_if_null(ops, inode_rename);
  939         set_to_cap_if_null(ops, inode_readlink);
  940         set_to_cap_if_null(ops, inode_follow_link);
  941         set_to_cap_if_null(ops, inode_permission);
  942         set_to_cap_if_null(ops, inode_setattr);
  943         set_to_cap_if_null(ops, inode_getattr);
  944         set_to_cap_if_null(ops, inode_setxattr);
  945         set_to_cap_if_null(ops, inode_post_setxattr);
  946         set_to_cap_if_null(ops, inode_getxattr);
  947         set_to_cap_if_null(ops, inode_listxattr);
  948         set_to_cap_if_null(ops, inode_removexattr);
  949         set_to_cap_if_null(ops, inode_need_killpriv);
  950         set_to_cap_if_null(ops, inode_killpriv);
  951         set_to_cap_if_null(ops, inode_getsecurity);
  952         set_to_cap_if_null(ops, inode_setsecurity);
  953         set_to_cap_if_null(ops, inode_listsecurity);
  954         set_to_cap_if_null(ops, inode_getsecid);
  955 #ifdef CONFIG_SECURITY_PATH
  956         set_to_cap_if_null(ops, path_mknod);
  957         set_to_cap_if_null(ops, path_mkdir);
  958         set_to_cap_if_null(ops, path_rmdir);
  959         set_to_cap_if_null(ops, path_unlink);
  960         set_to_cap_if_null(ops, path_symlink);
  961         set_to_cap_if_null(ops, path_link);
  962         set_to_cap_if_null(ops, path_rename);
  963         set_to_cap_if_null(ops, path_truncate);
  964         set_to_cap_if_null(ops, path_chmod);
  965         set_to_cap_if_null(ops, path_chown);
  966         set_to_cap_if_null(ops, path_chroot);
  967 #endif
  968         set_to_cap_if_null(ops, file_permission);
  969         set_to_cap_if_null(ops, file_alloc_security);
  970         set_to_cap_if_null(ops, file_free_security);
  971         set_to_cap_if_null(ops, file_ioctl);
  972         set_to_cap_if_null(ops, mmap_addr);
  973         set_to_cap_if_null(ops, mmap_file);
  974         set_to_cap_if_null(ops, file_mprotect);
  975         set_to_cap_if_null(ops, file_lock);
  976         set_to_cap_if_null(ops, file_fcntl);
  977         set_to_cap_if_null(ops, file_set_fowner);
  978         set_to_cap_if_null(ops, file_send_sigiotask);
  979         set_to_cap_if_null(ops, file_receive);
  980         set_to_cap_if_null(ops, file_open);
  981         set_to_cap_if_null(ops, task_create);
  982         set_to_cap_if_null(ops, task_free);
  983         set_to_cap_if_null(ops, cred_alloc_blank);
  984         set_to_cap_if_null(ops, cred_free);
  985         set_to_cap_if_null(ops, cred_prepare);
  986         set_to_cap_if_null(ops, cred_transfer);
  987         set_to_cap_if_null(ops, kernel_act_as);
  988         set_to_cap_if_null(ops, kernel_create_files_as);
  989         set_to_cap_if_null(ops, kernel_module_request);
  990         set_to_cap_if_null(ops, kernel_module_from_file);
  991         set_to_cap_if_null(ops, task_fix_setuid);
  992         set_to_cap_if_null(ops, task_setpgid);
  993         set_to_cap_if_null(ops, task_getpgid);
  994         set_to_cap_if_null(ops, task_getsid);
  995         set_to_cap_if_null(ops, task_getsecid);
  996         set_to_cap_if_null(ops, task_setnice);
  997         set_to_cap_if_null(ops, task_setioprio);
  998         set_to_cap_if_null(ops, task_getioprio);
  999         set_to_cap_if_null(ops, task_setrlimit);
 1000         set_to_cap_if_null(ops, task_setscheduler);
 1001         set_to_cap_if_null(ops, task_getscheduler);
 1002         set_to_cap_if_null(ops, task_movememory);
 1003         set_to_cap_if_null(ops, task_wait);
 1004         set_to_cap_if_null(ops, task_kill);
 1005         set_to_cap_if_null(ops, task_prctl);
 1006         set_to_cap_if_null(ops, task_to_inode);
 1007         set_to_cap_if_null(ops, ipc_permission);
 1008         set_to_cap_if_null(ops, ipc_getsecid);
 1009         set_to_cap_if_null(ops, msg_msg_alloc_security);
 1010         set_to_cap_if_null(ops, msg_msg_free_security);
 1011         set_to_cap_if_null(ops, msg_queue_alloc_security);
 1012         set_to_cap_if_null(ops, msg_queue_free_security);
 1013         set_to_cap_if_null(ops, msg_queue_associate);
 1014         set_to_cap_if_null(ops, msg_queue_msgctl);
 1015         set_to_cap_if_null(ops, msg_queue_msgsnd);
 1016         set_to_cap_if_null(ops, msg_queue_msgrcv);
 1017         set_to_cap_if_null(ops, shm_alloc_security);
 1018         set_to_cap_if_null(ops, shm_free_security);
 1019         set_to_cap_if_null(ops, shm_associate);
 1020         set_to_cap_if_null(ops, shm_shmctl);
 1021         set_to_cap_if_null(ops, shm_shmat);
 1022         set_to_cap_if_null(ops, sem_alloc_security);
 1023         set_to_cap_if_null(ops, sem_free_security);
 1024         set_to_cap_if_null(ops, sem_associate);
 1025         set_to_cap_if_null(ops, sem_semctl);
 1026         set_to_cap_if_null(ops, sem_semop);
 1027         set_to_cap_if_null(ops, netlink_send);
 1028         set_to_cap_if_null(ops, d_instantiate);
 1029         set_to_cap_if_null(ops, getprocattr);
 1030         set_to_cap_if_null(ops, setprocattr);
 1031         set_to_cap_if_null(ops, secid_to_secctx);
 1032         set_to_cap_if_null(ops, secctx_to_secid);
 1033         set_to_cap_if_null(ops, release_secctx);
 1034         set_to_cap_if_null(ops, inode_notifysecctx);
 1035         set_to_cap_if_null(ops, inode_setsecctx);
 1036         set_to_cap_if_null(ops, inode_getsecctx);
 1037 #ifdef CONFIG_SECURITY_NETWORK
 1038         set_to_cap_if_null(ops, unix_stream_connect);
 1039         set_to_cap_if_null(ops, unix_may_send);
 1040         set_to_cap_if_null(ops, socket_create);
 1041         set_to_cap_if_null(ops, socket_post_create);
 1042         set_to_cap_if_null(ops, socket_bind);
 1043         set_to_cap_if_null(ops, socket_connect);
 1044         set_to_cap_if_null(ops, socket_listen);
 1045         set_to_cap_if_null(ops, socket_accept);
 1046         set_to_cap_if_null(ops, socket_sendmsg);
 1047         set_to_cap_if_null(ops, socket_recvmsg);
 1048         set_to_cap_if_null(ops, socket_getsockname);
 1049         set_to_cap_if_null(ops, socket_getpeername);
 1050         set_to_cap_if_null(ops, socket_setsockopt);
 1051         set_to_cap_if_null(ops, socket_getsockopt);
 1052         set_to_cap_if_null(ops, socket_shutdown);
 1053         set_to_cap_if_null(ops, socket_sock_rcv_skb);
 1054         set_to_cap_if_null(ops, socket_getpeersec_stream);
 1055         set_to_cap_if_null(ops, socket_getpeersec_dgram);
 1056         set_to_cap_if_null(ops, sk_alloc_security);
 1057         set_to_cap_if_null(ops, sk_free_security);
 1058         set_to_cap_if_null(ops, sk_clone_security);
 1059         set_to_cap_if_null(ops, sk_getsecid);
 1060         set_to_cap_if_null(ops, sock_graft);
 1061         set_to_cap_if_null(ops, inet_conn_request);
 1062         set_to_cap_if_null(ops, inet_csk_clone);
 1063         set_to_cap_if_null(ops, inet_conn_established);
 1064         set_to_cap_if_null(ops, secmark_relabel_packet);
 1065         set_to_cap_if_null(ops, secmark_refcount_inc);
 1066         set_to_cap_if_null(ops, secmark_refcount_dec);
 1067         set_to_cap_if_null(ops, req_classify_flow);
 1068         set_to_cap_if_null(ops, tun_dev_alloc_security);
 1069         set_to_cap_if_null(ops, tun_dev_free_security);
 1070         set_to_cap_if_null(ops, tun_dev_create);
 1071         set_to_cap_if_null(ops, tun_dev_open);
 1072         set_to_cap_if_null(ops, tun_dev_attach_queue);
 1073         set_to_cap_if_null(ops, tun_dev_attach);
 1074 #endif  /* CONFIG_SECURITY_NETWORK */
 1075 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 1076         set_to_cap_if_null(ops, xfrm_policy_alloc_security);
 1077         set_to_cap_if_null(ops, xfrm_policy_clone_security);
 1078         set_to_cap_if_null(ops, xfrm_policy_free_security);
 1079         set_to_cap_if_null(ops, xfrm_policy_delete_security);
 1080         set_to_cap_if_null(ops, xfrm_state_alloc_security);
 1081         set_to_cap_if_null(ops, xfrm_state_free_security);
 1082         set_to_cap_if_null(ops, xfrm_state_delete_security);
 1083         set_to_cap_if_null(ops, xfrm_policy_lookup);
 1084         set_to_cap_if_null(ops, xfrm_state_pol_flow_match);
 1085         set_to_cap_if_null(ops, xfrm_decode_session);
 1086 #endif  /* CONFIG_SECURITY_NETWORK_XFRM */
 1087 #ifdef CONFIG_KEYS
 1088         set_to_cap_if_null(ops, key_alloc);
 1089         set_to_cap_if_null(ops, key_free);
 1090         set_to_cap_if_null(ops, key_permission);
 1091         set_to_cap_if_null(ops, key_getsecurity);
 1092 #endif  /* CONFIG_KEYS */
 1093 #ifdef CONFIG_AUDIT
 1094         set_to_cap_if_null(ops, audit_rule_init);
 1095         set_to_cap_if_null(ops, audit_rule_known);
 1096         set_to_cap_if_null(ops, audit_rule_match);
 1097         set_to_cap_if_null(ops, audit_rule_free);
 1098 #endif
 1099 }

Cache object: 77b94140ef10049dd6a9924ed29dfb4b


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.