Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/dummy.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Stub functions for the default security function pointers in case no 3 * security model is loaded. 4 * 5 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> 7 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 */ 14 15 #undef DEBUG 16 17 #include <linux/capability.h> 18 #include <linux/kernel.h> 19 #include <linux/mman.h> 20 #include <linux/pagemap.h> 21 #include <linux/swap.h> 22 #include <linux/security.h> 23 #include <linux/skbuff.h> 24 #include <linux/netlink.h> 25 #include <net/sock.h> 26 #include <linux/xattr.h> 27 #include <linux/hugetlb.h> 28 #include <linux/ptrace.h> 29 #include <linux/file.h> 30 #include <linux/prctl.h> 31 #include <linux/securebits.h> 32 33 static int dummy_ptrace (struct task_struct *parent, struct task_struct *child) 34 { 35 return 0; 36 } 37 38 static int dummy_capget (struct task_struct *target, kernel_cap_t * effective, 39 kernel_cap_t * inheritable, kernel_cap_t * permitted) 40 { 41 if (target->euid == 0) { 42 cap_set_full(*permitted); 43 cap_set_init_eff(*effective); 44 } else { 45 cap_clear(*permitted); 46 cap_clear(*effective); 47 } 48 49 cap_clear(*inheritable); 50 51 if (target->fsuid != 0) { 52 *permitted = cap_drop_fs_set(*permitted); 53 *effective = cap_drop_fs_set(*effective); 54 } 55 return 0; 56 } 57 58 static int dummy_capset_check (struct task_struct *target, 59 kernel_cap_t * effective, 60 kernel_cap_t * inheritable, 61 kernel_cap_t * permitted) 62 { 63 return -EPERM; 64 } 65 66 static void dummy_capset_set (struct task_struct *target, 67 kernel_cap_t * effective, 68 kernel_cap_t * inheritable, 69 kernel_cap_t * permitted) 70 { 71 return; 72 } 73 74 static int dummy_acct (struct file *file) 75 { 76 return 0; 77 } 78 79 static int dummy_capable (struct task_struct *tsk, int cap) 80 { 81 if (cap_raised (tsk->cap_effective, cap)) 82 return 0; 83 return -EPERM; 84 } 85 86 static int dummy_sysctl (ctl_table * table, int op) 87 { 88 return 0; 89 } 90 91 static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb) 92 { 93 return 0; 94 } 95 96 static int dummy_quota_on (struct dentry *dentry) 97 { 98 return 0; 99 } 100 101 static int dummy_syslog (int type) 102 { 103 if ((type != 3 && type != 10) && current->euid) 104 return -EPERM; 105 return 0; 106 } 107 108 static int dummy_settime(struct timespec *ts, struct timezone *tz) 109 { 110 if (!capable(CAP_SYS_TIME)) 111 return -EPERM; 112 return 0; 113 } 114 115 static int dummy_vm_enough_memory(struct mm_struct *mm, long pages) 116 { 117 int cap_sys_admin = 0; 118 119 if (dummy_capable(current, CAP_SYS_ADMIN) == 0) 120 cap_sys_admin = 1; 121 return __vm_enough_memory(mm, pages, cap_sys_admin); 122 } 123 124 static int dummy_bprm_alloc_security (struct linux_binprm *bprm) 125 { 126 return 0; 127 } 128 129 static void dummy_bprm_free_security (struct linux_binprm *bprm) 130 { 131 return; 132 } 133 134 static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) 135 { 136 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) { 137 set_dumpable(current->mm, suid_dumpable); 138 139 if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) { 140 bprm->e_uid = current->uid; 141 bprm->e_gid = current->gid; 142 } 143 } 144 145 current->suid = current->euid = current->fsuid = bprm->e_uid; 146 current->sgid = current->egid = current->fsgid = bprm->e_gid; 147 148 dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); 149 } 150 151 static void dummy_bprm_post_apply_creds (struct linux_binprm *bprm) 152 { 153 return; 154 } 155 156 static int dummy_bprm_set_security (struct linux_binprm *bprm) 157 { 158 return 0; 159 } 160 161 static int dummy_bprm_check_security (struct linux_binprm *bprm) 162 { 163 return 0; 164 } 165 166 static int dummy_bprm_secureexec (struct linux_binprm *bprm) 167 { 168 /* The new userland will simply use the value provided 169 in the AT_SECURE field to decide whether secure mode 170 is required. Hence, this logic is required to preserve 171 the legacy decision algorithm used by the old userland. */ 172 return (current->euid != current->uid || 173 current->egid != current->gid); 174 } 175 176 static int dummy_sb_alloc_security (struct super_block *sb) 177 { 178 return 0; 179 } 180 181 static void dummy_sb_free_security (struct super_block *sb) 182 { 183 return; 184 } 185 186 static int dummy_sb_copy_data (char *orig, char *copy) 187 { 188 return 0; 189 } 190 191 static int dummy_sb_kern_mount (struct super_block *sb, void *data) 192 { 193 return 0; 194 } 195 196 static int dummy_sb_statfs (struct dentry *dentry) 197 { 198 return 0; 199 } 200 201 static int dummy_sb_mount (char *dev_name, struct path *path, char *type, 202 unsigned long flags, void *data) 203 { 204 return 0; 205 } 206 207 static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path) 208 { 209 return 0; 210 } 211 212 static int dummy_sb_umount (struct vfsmount *mnt, int flags) 213 { 214 return 0; 215 } 216 217 static void dummy_sb_umount_close (struct vfsmount *mnt) 218 { 219 return; 220 } 221 222 static void dummy_sb_umount_busy (struct vfsmount *mnt) 223 { 224 return; 225 } 226 227 static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags, 228 void *data) 229 { 230 return; 231 } 232 233 234 static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path) 235 { 236 return; 237 } 238 239 static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path) 240 { 241 return 0; 242 } 243 244 static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path) 245 { 246 return; 247 } 248 249 static int dummy_sb_get_mnt_opts(const struct super_block *sb, 250 struct security_mnt_opts *opts) 251 { 252 security_init_mnt_opts(opts); 253 return 0; 254 } 255 256 static int dummy_sb_set_mnt_opts(struct super_block *sb, 257 struct security_mnt_opts *opts) 258 { 259 if (unlikely(opts->num_mnt_opts)) 260 return -EOPNOTSUPP; 261 return 0; 262 } 263 264 static void dummy_sb_clone_mnt_opts(const struct super_block *oldsb, 265 struct super_block *newsb) 266 { 267 return; 268 } 269 270 static int dummy_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 271 { 272 return 0; 273 } 274 275 static int dummy_inode_alloc_security (struct inode *inode) 276 { 277 return 0; 278 } 279 280 static void dummy_inode_free_security (struct inode *inode) 281 { 282 return; 283 } 284 285 static int dummy_inode_init_security (struct inode *inode, struct inode *dir, 286 char **name, void **value, size_t *len) 287 { 288 return -EOPNOTSUPP; 289 } 290 291 static int dummy_inode_create (struct inode *inode, struct dentry *dentry, 292 int mask) 293 { 294 return 0; 295 } 296 297 static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, 298 struct dentry *new_dentry) 299 { 300 return 0; 301 } 302 303 static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry) 304 { 305 return 0; 306 } 307 308 static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry, 309 const char *name) 310 { 311 return 0; 312 } 313 314 static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry, 315 int mask) 316 { 317 return 0; 318 } 319 320 static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry) 321 { 322 return 0; 323 } 324 325 static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry, 326 int mode, dev_t dev) 327 { 328 return 0; 329 } 330 331 static int dummy_inode_rename (struct inode *old_inode, 332 struct dentry *old_dentry, 333 struct inode *new_inode, 334 struct dentry *new_dentry) 335 { 336 return 0; 337 } 338 339 static int dummy_inode_readlink (struct dentry *dentry) 340 { 341 return 0; 342 } 343 344 static int dummy_inode_follow_link (struct dentry *dentry, 345 struct nameidata *nameidata) 346 { 347 return 0; 348 } 349 350 static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd) 351 { 352 return 0; 353 } 354 355 static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr) 356 { 357 return 0; 358 } 359 360 static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry) 361 { 362 return 0; 363 } 364 365 static void dummy_inode_delete (struct inode *ino) 366 { 367 return; 368 } 369 370 static int dummy_inode_setxattr (struct dentry *dentry, const char *name, 371 const void *value, size_t size, int flags) 372 { 373 if (!strncmp(name, XATTR_SECURITY_PREFIX, 374 sizeof(XATTR_SECURITY_PREFIX) - 1) && 375 !capable(CAP_SYS_ADMIN)) 376 return -EPERM; 377 return 0; 378 } 379 380 static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name, 381 const void *value, size_t size, 382 int flags) 383 { 384 } 385 386 static int dummy_inode_getxattr (struct dentry *dentry, const char *name) 387 { 388 return 0; 389 } 390 391 static int dummy_inode_listxattr (struct dentry *dentry) 392 { 393 return 0; 394 } 395 396 static int dummy_inode_removexattr (struct dentry *dentry, const char *name) 397 { 398 if (!strncmp(name, XATTR_SECURITY_PREFIX, 399 sizeof(XATTR_SECURITY_PREFIX) - 1) && 400 !capable(CAP_SYS_ADMIN)) 401 return -EPERM; 402 return 0; 403 } 404 405 static int dummy_inode_need_killpriv(struct dentry *dentry) 406 { 407 return 0; 408 } 409 410 static int dummy_inode_killpriv(struct dentry *dentry) 411 { 412 return 0; 413 } 414 415 static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) 416 { 417 return -EOPNOTSUPP; 418 } 419 420 static int dummy_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 421 { 422 return -EOPNOTSUPP; 423 } 424 425 static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 426 { 427 return 0; 428 } 429 430 static void dummy_inode_getsecid(const struct inode *inode, u32 *secid) 431 { 432 *secid = 0; 433 } 434 435 static int dummy_file_permission (struct file *file, int mask) 436 { 437 return 0; 438 } 439 440 static int dummy_file_alloc_security (struct file *file) 441 { 442 return 0; 443 } 444 445 static void dummy_file_free_security (struct file *file) 446 { 447 return; 448 } 449 450 static int dummy_file_ioctl (struct file *file, unsigned int command, 451 unsigned long arg) 452 { 453 return 0; 454 } 455 456 static int dummy_file_mmap (struct file *file, unsigned long reqprot, 457 unsigned long prot, 458 unsigned long flags, 459 unsigned long addr, 460 unsigned long addr_only) 461 { 462 if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) 463 return -EACCES; 464 return 0; 465 } 466 467 static int dummy_file_mprotect (struct vm_area_struct *vma, 468 unsigned long reqprot, 469 unsigned long prot) 470 { 471 return 0; 472 } 473 474 static int dummy_file_lock (struct file *file, unsigned int cmd) 475 { 476 return 0; 477 } 478 479 static int dummy_file_fcntl (struct file *file, unsigned int cmd, 480 unsigned long arg) 481 { 482 return 0; 483 } 484 485 static int dummy_file_set_fowner (struct file *file) 486 { 487 return 0; 488 } 489 490 static int dummy_file_send_sigiotask (struct task_struct *tsk, 491 struct fown_struct *fown, int sig) 492 { 493 return 0; 494 } 495 496 static int dummy_file_receive (struct file *file) 497 { 498 return 0; 499 } 500 501 static int dummy_dentry_open (struct file *file) 502 { 503 return 0; 504 } 505 506 static int dummy_task_create (unsigned long clone_flags) 507 { 508 return 0; 509 } 510 511 static int dummy_task_alloc_security (struct task_struct *p) 512 { 513 return 0; 514 } 515 516 static void dummy_task_free_security (struct task_struct *p) 517 { 518 return; 519 } 520 521 static int dummy_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) 522 { 523 return 0; 524 } 525 526 static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) 527 { 528 dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); 529 return 0; 530 } 531 532 static int dummy_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) 533 { 534 return 0; 535 } 536 537 static int dummy_task_setpgid (struct task_struct *p, pid_t pgid) 538 { 539 return 0; 540 } 541 542 static int dummy_task_getpgid (struct task_struct *p) 543 { 544 return 0; 545 } 546 547 static int dummy_task_getsid (struct task_struct *p) 548 { 549 return 0; 550 } 551 552 static void dummy_task_getsecid (struct task_struct *p, u32 *secid) 553 { 554 *secid = 0; 555 } 556 557 static int dummy_task_setgroups (struct group_info *group_info) 558 { 559 return 0; 560 } 561 562 static int dummy_task_setnice (struct task_struct *p, int nice) 563 { 564 return 0; 565 } 566 567 static int dummy_task_setioprio (struct task_struct *p, int ioprio) 568 { 569 return 0; 570 } 571 572 static int dummy_task_getioprio (struct task_struct *p) 573 { 574 return 0; 575 } 576 577 static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) 578 { 579 return 0; 580 } 581 582 static int dummy_task_setscheduler (struct task_struct *p, int policy, 583 struct sched_param *lp) 584 { 585 return 0; 586 } 587 588 static int dummy_task_getscheduler (struct task_struct *p) 589 { 590 return 0; 591 } 592 593 static int dummy_task_movememory (struct task_struct *p) 594 { 595 return 0; 596 } 597 598 static int dummy_task_wait (struct task_struct *p) 599 { 600 return 0; 601 } 602 603 static int dummy_task_kill (struct task_struct *p, struct siginfo *info, 604 int sig, u32 secid) 605 { 606 return 0; 607 } 608 609 static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3, 610 unsigned long arg4, unsigned long arg5, long *rc_p) 611 { 612 switch (option) { 613 case PR_CAPBSET_READ: 614 *rc_p = (cap_valid(arg2) ? 1 : -EINVAL); 615 break; 616 case PR_GET_KEEPCAPS: 617 *rc_p = issecure(SECURE_KEEP_CAPS); 618 break; 619 case PR_SET_KEEPCAPS: 620 if (arg2 > 1) 621 *rc_p = -EINVAL; 622 else if (arg2) 623 current->securebits |= issecure_mask(SECURE_KEEP_CAPS); 624 else 625 current->securebits &= 626 ~issecure_mask(SECURE_KEEP_CAPS); 627 break; 628 default: 629 return 0; 630 } 631 632 return 1; 633 } 634 635 static void dummy_task_reparent_to_init (struct task_struct *p) 636 { 637 p->euid = p->fsuid = 0; 638 return; 639 } 640 641 static void dummy_task_to_inode(struct task_struct *p, struct inode *inode) 642 { } 643 644 static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) 645 { 646 return 0; 647 } 648 649 static void dummy_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 650 { 651 *secid = 0; 652 } 653 654 static int dummy_msg_msg_alloc_security (struct msg_msg *msg) 655 { 656 return 0; 657 } 658 659 static void dummy_msg_msg_free_security (struct msg_msg *msg) 660 { 661 return; 662 } 663 664 static int dummy_msg_queue_alloc_security (struct msg_queue *msq) 665 { 666 return 0; 667 } 668 669 static void dummy_msg_queue_free_security (struct msg_queue *msq) 670 { 671 return; 672 } 673 674 static int dummy_msg_queue_associate (struct msg_queue *msq, 675 int msqflg) 676 { 677 return 0; 678 } 679 680 static int dummy_msg_queue_msgctl (struct msg_queue *msq, int cmd) 681 { 682 return 0; 683 } 684 685 static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg, 686 int msgflg) 687 { 688 return 0; 689 } 690 691 static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg, 692 struct task_struct *target, long type, 693 int mode) 694 { 695 return 0; 696 } 697 698 static int dummy_shm_alloc_security (struct shmid_kernel *shp) 699 { 700 return 0; 701 } 702 703 static void dummy_shm_free_security (struct shmid_kernel *shp) 704 { 705 return; 706 } 707 708 static int dummy_shm_associate (struct shmid_kernel *shp, int shmflg) 709 { 710 return 0; 711 } 712 713 static int dummy_shm_shmctl (struct shmid_kernel *shp, int cmd) 714 { 715 return 0; 716 } 717 718 static int dummy_shm_shmat (struct shmid_kernel *shp, char __user *shmaddr, 719 int shmflg) 720 { 721 return 0; 722 } 723 724 static int dummy_sem_alloc_security (struct sem_array *sma) 725 { 726 return 0; 727 } 728 729 static void dummy_sem_free_security (struct sem_array *sma) 730 { 731 return; 732 } 733 734 static int dummy_sem_associate (struct sem_array *sma, int semflg) 735 { 736 return 0; 737 } 738 739 static int dummy_sem_semctl (struct sem_array *sma, int cmd) 740 { 741 return 0; 742 } 743 744 static int dummy_sem_semop (struct sem_array *sma, 745 struct sembuf *sops, unsigned nsops, int alter) 746 { 747 return 0; 748 } 749 750 static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb) 751 { 752 NETLINK_CB(skb).eff_cap = current->cap_effective; 753 return 0; 754 } 755 756 static int dummy_netlink_recv (struct sk_buff *skb, int cap) 757 { 758 if (!cap_raised (NETLINK_CB (skb).eff_cap, cap)) 759 return -EPERM; 760 return 0; 761 } 762 763 #ifdef CONFIG_SECURITY_NETWORK 764 static int dummy_unix_stream_connect (struct socket *sock, 765 struct socket *other, 766 struct sock *newsk) 767 { 768 return 0; 769 } 770 771 static int dummy_unix_may_send (struct socket *sock, 772 struct socket *other) 773 { 774 return 0; 775 } 776 777 static int dummy_socket_create (int family, int type, 778 int protocol, int kern) 779 { 780 return 0; 781 } 782 783 static int dummy_socket_post_create (struct socket *sock, int family, int type, 784 int protocol, int kern) 785 { 786 return 0; 787 } 788 789 static int dummy_socket_bind (struct socket *sock, struct sockaddr *address, 790 int addrlen) 791 { 792 return 0; 793 } 794 795 static int dummy_socket_connect (struct socket *sock, struct sockaddr *address, 796 int addrlen) 797 { 798 return 0; 799 } 800 801 static int dummy_socket_listen (struct socket *sock, int backlog) 802 { 803 return 0; 804 } 805 806 static int dummy_socket_accept (struct socket *sock, struct socket *newsock) 807 { 808 return 0; 809 } 810 811 static void dummy_socket_post_accept (struct socket *sock, 812 struct socket *newsock) 813 { 814 return; 815 } 816 817 static int dummy_socket_sendmsg (struct socket *sock, struct msghdr *msg, 818 int size) 819 { 820 return 0; 821 } 822 823 static int dummy_socket_recvmsg (struct socket *sock, struct msghdr *msg, 824 int size, int flags) 825 { 826 return 0; 827 } 828 829 static int dummy_socket_getsockname (struct socket *sock) 830 { 831 return 0; 832 } 833 834 static int dummy_socket_getpeername (struct socket *sock) 835 { 836 return 0; 837 } 838 839 static int dummy_socket_setsockopt (struct socket *sock, int level, int optname) 840 { 841 return 0; 842 } 843 844 static int dummy_socket_getsockopt (struct socket *sock, int level, int optname) 845 { 846 return 0; 847 } 848 849 static int dummy_socket_shutdown (struct socket *sock, int how) 850 { 851 return 0; 852 } 853 854 static int dummy_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb) 855 { 856 return 0; 857 } 858 859 static int dummy_socket_getpeersec_stream(struct socket *sock, char __user *optval, 860 int __user *optlen, unsigned len) 861 { 862 return -ENOPROTOOPT; 863 } 864 865 static int dummy_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 866 { 867 return -ENOPROTOOPT; 868 } 869 870 static inline int dummy_sk_alloc_security (struct sock *sk, int family, gfp_t priority) 871 { 872 return 0; 873 } 874 875 static inline void dummy_sk_free_security (struct sock *sk) 876 { 877 } 878 879 static inline void dummy_sk_clone_security (const struct sock *sk, struct sock *newsk) 880 { 881 } 882 883 static inline void dummy_sk_getsecid(struct sock *sk, u32 *secid) 884 { 885 } 886 887 static inline void dummy_sock_graft(struct sock* sk, struct socket *parent) 888 { 889 } 890 891 static inline int dummy_inet_conn_request(struct sock *sk, 892 struct sk_buff *skb, struct request_sock *req) 893 { 894 return 0; 895 } 896 897 static inline void dummy_inet_csk_clone(struct sock *newsk, 898 const struct request_sock *req) 899 { 900 } 901 902 static inline void dummy_inet_conn_established(struct sock *sk, 903 struct sk_buff *skb) 904 { 905 } 906 907 static inline void dummy_req_classify_flow(const struct request_sock *req, 908 struct flowi *fl) 909 { 910 } 911 #endif /* CONFIG_SECURITY_NETWORK */ 912 913 #ifdef CONFIG_SECURITY_NETWORK_XFRM 914 static int dummy_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp, 915 struct xfrm_user_sec_ctx *sec_ctx) 916 { 917 return 0; 918 } 919 920 static inline int dummy_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx, 921 struct xfrm_sec_ctx **new_ctxp) 922 { 923 return 0; 924 } 925 926 static void dummy_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx) 927 { 928 } 929 930 static int dummy_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx) 931 { 932 return 0; 933 } 934 935 static int dummy_xfrm_state_alloc_security(struct xfrm_state *x, 936 struct xfrm_user_sec_ctx *sec_ctx, u32 secid) 937 { 938 return 0; 939 } 940 941 static void dummy_xfrm_state_free_security(struct xfrm_state *x) 942 { 943 } 944 945 static int dummy_xfrm_state_delete_security(struct xfrm_state *x) 946 { 947 return 0; 948 } 949 950 static int dummy_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, 951 u32 sk_sid, u8 dir) 952 { 953 return 0; 954 } 955 956 static int dummy_xfrm_state_pol_flow_match(struct xfrm_state *x, 957 struct xfrm_policy *xp, struct flowi *fl) 958 { 959 return 1; 960 } 961 962 static int dummy_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall) 963 { 964 return 0; 965 } 966 967 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 968 static int dummy_register_security (const char *name, struct security_operations *ops) 969 { 970 return -EINVAL; 971 } 972 973 static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) 974 { 975 return; 976 } 977 978 static int dummy_getprocattr(struct task_struct *p, char *name, char **value) 979 { 980 return -EINVAL; 981 } 982 983 static int dummy_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 984 { 985 return -EINVAL; 986 } 987 988 static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 989 { 990 return -EOPNOTSUPP; 991 } 992 993 static int dummy_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 994 { 995 return -EOPNOTSUPP; 996 } 997 998 static void dummy_release_secctx(char *secdata, u32 seclen) 999 { 1000 } 1001 1002 #ifdef CONFIG_KEYS 1003 static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx, 1004 unsigned long flags) 1005 { 1006 return 0; 1007 } 1008 1009 static inline void dummy_key_free(struct key *key) 1010 { 1011 } 1012 1013 static inline int dummy_key_permission(key_ref_t key_ref, 1014 struct task_struct *context, 1015 key_perm_t perm) 1016 { 1017 return 0; 1018 } 1019 1020 static int dummy_key_getsecurity(struct key *key, char **_buffer) 1021 { 1022 *_buffer = NULL; 1023 return 0; 1024 } 1025 1026 #endif /* CONFIG_KEYS */ 1027 1028 #ifdef CONFIG_AUDIT 1029 static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr, 1030 void **lsmrule) 1031 { 1032 return 0; 1033 } 1034 1035 static inline int dummy_audit_rule_known(struct audit_krule *krule) 1036 { 1037 return 0; 1038 } 1039 1040 static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op, 1041 void *lsmrule, 1042 struct audit_context *actx) 1043 { 1044 return 0; 1045 } 1046 1047 static inline void dummy_audit_rule_free(void *lsmrule) 1048 { } 1049 1050 #endif /* CONFIG_AUDIT */ 1051 1052 struct security_operations dummy_security_ops = { 1053 .name = "dummy", 1054 }; 1055 1056 #define set_to_dummy_if_null(ops, function) \ 1057 do { \ 1058 if (!ops->function) { \ 1059 ops->function = dummy_##function; \ 1060 pr_debug("Had to override the " #function \ 1061 " security operation with the dummy one.\n");\ 1062 } \ 1063 } while (0) 1064 1065 void security_fixup_ops (struct security_operations *ops) 1066 { 1067 set_to_dummy_if_null(ops, ptrace); 1068 set_to_dummy_if_null(ops, capget); 1069 set_to_dummy_if_null(ops, capset_check); 1070 set_to_dummy_if_null(ops, capset_set); 1071 set_to_dummy_if_null(ops, acct); 1072 set_to_dummy_if_null(ops, capable); 1073 set_to_dummy_if_null(ops, quotactl); 1074 set_to_dummy_if_null(ops, quota_on); 1075 set_to_dummy_if_null(ops, sysctl); 1076 set_to_dummy_if_null(ops, syslog); 1077 set_to_dummy_if_null(ops, settime); 1078 set_to_dummy_if_null(ops, vm_enough_memory); 1079 set_to_dummy_if_null(ops, bprm_alloc_security); 1080 set_to_dummy_if_null(ops, bprm_free_security); 1081 set_to_dummy_if_null(ops, bprm_apply_creds); 1082 set_to_dummy_if_null(ops, bprm_post_apply_creds); 1083 set_to_dummy_if_null(ops, bprm_set_security); 1084 set_to_dummy_if_null(ops, bprm_check_security); 1085 set_to_dummy_if_null(ops, bprm_secureexec); 1086 set_to_dummy_if_null(ops, sb_alloc_security); 1087 set_to_dummy_if_null(ops, sb_free_security); 1088 set_to_dummy_if_null(ops, sb_copy_data); 1089 set_to_dummy_if_null(ops, sb_kern_mount); 1090 set_to_dummy_if_null(ops, sb_statfs); 1091 set_to_dummy_if_null(ops, sb_mount); 1092 set_to_dummy_if_null(ops, sb_check_sb); 1093 set_to_dummy_if_null(ops, sb_umount); 1094 set_to_dummy_if_null(ops, sb_umount_close); 1095 set_to_dummy_if_null(ops, sb_umount_busy); 1096 set_to_dummy_if_null(ops, sb_post_remount); 1097 set_to_dummy_if_null(ops, sb_post_addmount); 1098 set_to_dummy_if_null(ops, sb_pivotroot); 1099 set_to_dummy_if_null(ops, sb_post_pivotroot); 1100 set_to_dummy_if_null(ops, sb_get_mnt_opts); 1101 set_to_dummy_if_null(ops, sb_set_mnt_opts); 1102 set_to_dummy_if_null(ops, sb_clone_mnt_opts); 1103 set_to_dummy_if_null(ops, sb_parse_opts_str); 1104 set_to_dummy_if_null(ops, inode_alloc_security); 1105 set_to_dummy_if_null(ops, inode_free_security); 1106 set_to_dummy_if_null(ops, inode_init_security); 1107 set_to_dummy_if_null(ops, inode_create); 1108 set_to_dummy_if_null(ops, inode_link); 1109 set_to_dummy_if_null(ops, inode_unlink); 1110 set_to_dummy_if_null(ops, inode_symlink); 1111 set_to_dummy_if_null(ops, inode_mkdir); 1112 set_to_dummy_if_null(ops, inode_rmdir); 1113 set_to_dummy_if_null(ops, inode_mknod); 1114 set_to_dummy_if_null(ops, inode_rename); 1115 set_to_dummy_if_null(ops, inode_readlink); 1116 set_to_dummy_if_null(ops, inode_follow_link); 1117 set_to_dummy_if_null(ops, inode_permission); 1118 set_to_dummy_if_null(ops, inode_setattr); 1119 set_to_dummy_if_null(ops, inode_getattr); 1120 set_to_dummy_if_null(ops, inode_delete); 1121 set_to_dummy_if_null(ops, inode_setxattr); 1122 set_to_dummy_if_null(ops, inode_post_setxattr); 1123 set_to_dummy_if_null(ops, inode_getxattr); 1124 set_to_dummy_if_null(ops, inode_listxattr); 1125 set_to_dummy_if_null(ops, inode_removexattr); 1126 set_to_dummy_if_null(ops, inode_need_killpriv); 1127 set_to_dummy_if_null(ops, inode_killpriv); 1128 set_to_dummy_if_null(ops, inode_getsecurity); 1129 set_to_dummy_if_null(ops, inode_setsecurity); 1130 set_to_dummy_if_null(ops, inode_listsecurity); 1131 set_to_dummy_if_null(ops, inode_getsecid); 1132 set_to_dummy_if_null(ops, file_permission); 1133 set_to_dummy_if_null(ops, file_alloc_security); 1134 set_to_dummy_if_null(ops, file_free_security); 1135 set_to_dummy_if_null(ops, file_ioctl); 1136 set_to_dummy_if_null(ops, file_mmap); 1137 set_to_dummy_if_null(ops, file_mprotect); 1138 set_to_dummy_if_null(ops, file_lock); 1139 set_to_dummy_if_null(ops, file_fcntl); 1140 set_to_dummy_if_null(ops, file_set_fowner); 1141 set_to_dummy_if_null(ops, file_send_sigiotask); 1142 set_to_dummy_if_null(ops, file_receive); 1143 set_to_dummy_if_null(ops, dentry_open); 1144 set_to_dummy_if_null(ops, task_create); 1145 set_to_dummy_if_null(ops, task_alloc_security); 1146 set_to_dummy_if_null(ops, task_free_security); 1147 set_to_dummy_if_null(ops, task_setuid); 1148 set_to_dummy_if_null(ops, task_post_setuid); 1149 set_to_dummy_if_null(ops, task_setgid); 1150 set_to_dummy_if_null(ops, task_setpgid); 1151 set_to_dummy_if_null(ops, task_getpgid); 1152 set_to_dummy_if_null(ops, task_getsid); 1153 set_to_dummy_if_null(ops, task_getsecid); 1154 set_to_dummy_if_null(ops, task_setgroups); 1155 set_to_dummy_if_null(ops, task_setnice); 1156 set_to_dummy_if_null(ops, task_setioprio); 1157 set_to_dummy_if_null(ops, task_getioprio); 1158 set_to_dummy_if_null(ops, task_setrlimit); 1159 set_to_dummy_if_null(ops, task_setscheduler); 1160 set_to_dummy_if_null(ops, task_getscheduler); 1161 set_to_dummy_if_null(ops, task_movememory); 1162 set_to_dummy_if_null(ops, task_wait); 1163 set_to_dummy_if_null(ops, task_kill); 1164 set_to_dummy_if_null(ops, task_prctl); 1165 set_to_dummy_if_null(ops, task_reparent_to_init); 1166 set_to_dummy_if_null(ops, task_to_inode); 1167 set_to_dummy_if_null(ops, ipc_permission); 1168 set_to_dummy_if_null(ops, ipc_getsecid); 1169 set_to_dummy_if_null(ops, msg_msg_alloc_security); 1170 set_to_dummy_if_null(ops, msg_msg_free_security); 1171 set_to_dummy_if_null(ops, msg_queue_alloc_security); 1172 set_to_dummy_if_null(ops, msg_queue_free_security); 1173 set_to_dummy_if_null(ops, msg_queue_associate); 1174 set_to_dummy_if_null(ops, msg_queue_msgctl); 1175 set_to_dummy_if_null(ops, msg_queue_msgsnd); 1176 set_to_dummy_if_null(ops, msg_queue_msgrcv); 1177 set_to_dummy_if_null(ops, shm_alloc_security); 1178 set_to_dummy_if_null(ops, shm_free_security); 1179 set_to_dummy_if_null(ops, shm_associate); 1180 set_to_dummy_if_null(ops, shm_shmctl); 1181 set_to_dummy_if_null(ops, shm_shmat); 1182 set_to_dummy_if_null(ops, sem_alloc_security); 1183 set_to_dummy_if_null(ops, sem_free_security); 1184 set_to_dummy_if_null(ops, sem_associate); 1185 set_to_dummy_if_null(ops, sem_semctl); 1186 set_to_dummy_if_null(ops, sem_semop); 1187 set_to_dummy_if_null(ops, netlink_send); 1188 set_to_dummy_if_null(ops, netlink_recv); 1189 set_to_dummy_if_null(ops, register_security); 1190 set_to_dummy_if_null(ops, d_instantiate); 1191 set_to_dummy_if_null(ops, getprocattr); 1192 set_to_dummy_if_null(ops, setprocattr); 1193 set_to_dummy_if_null(ops, secid_to_secctx); 1194 set_to_dummy_if_null(ops, secctx_to_secid); 1195 set_to_dummy_if_null(ops, release_secctx); 1196 #ifdef CONFIG_SECURITY_NETWORK 1197 set_to_dummy_if_null(ops, unix_stream_connect); 1198 set_to_dummy_if_null(ops, unix_may_send); 1199 set_to_dummy_if_null(ops, socket_create); 1200 set_to_dummy_if_null(ops, socket_post_create); 1201 set_to_dummy_if_null(ops, socket_bind); 1202 set_to_dummy_if_null(ops, socket_connect); 1203 set_to_dummy_if_null(ops, socket_listen); 1204 set_to_dummy_if_null(ops, socket_accept); 1205 set_to_dummy_if_null(ops, socket_post_accept); 1206 set_to_dummy_if_null(ops, socket_sendmsg); 1207 set_to_dummy_if_null(ops, socket_recvmsg); 1208 set_to_dummy_if_null(ops, socket_getsockname); 1209 set_to_dummy_if_null(ops, socket_getpeername); 1210 set_to_dummy_if_null(ops, socket_setsockopt); 1211 set_to_dummy_if_null(ops, socket_getsockopt); 1212 set_to_dummy_if_null(ops, socket_shutdown); 1213 set_to_dummy_if_null(ops, socket_sock_rcv_skb); 1214 set_to_dummy_if_null(ops, socket_getpeersec_stream); 1215 set_to_dummy_if_null(ops, socket_getpeersec_dgram); 1216 set_to_dummy_if_null(ops, sk_alloc_security); 1217 set_to_dummy_if_null(ops, sk_free_security); 1218 set_to_dummy_if_null(ops, sk_clone_security); 1219 set_to_dummy_if_null(ops, sk_getsecid); 1220 set_to_dummy_if_null(ops, sock_graft); 1221 set_to_dummy_if_null(ops, inet_conn_request); 1222 set_to_dummy_if_null(ops, inet_csk_clone); 1223 set_to_dummy_if_null(ops, inet_conn_established); 1224 set_to_dummy_if_null(ops, req_classify_flow); 1225 #endif /* CONFIG_SECURITY_NETWORK */ 1226 #ifdef CONFIG_SECURITY_NETWORK_XFRM 1227 set_to_dummy_if_null(ops, xfrm_policy_alloc_security); 1228 set_to_dummy_if_null(ops, xfrm_policy_clone_security); 1229 set_to_dummy_if_null(ops, xfrm_policy_free_security); 1230 set_to_dummy_if_null(ops, xfrm_policy_delete_security); 1231 set_to_dummy_if_null(ops, xfrm_state_alloc_security); 1232 set_to_dummy_if_null(ops, xfrm_state_free_security); 1233 set_to_dummy_if_null(ops, xfrm_state_delete_security); 1234 set_to_dummy_if_null(ops, xfrm_policy_lookup); 1235 set_to_dummy_if_null(ops, xfrm_state_pol_flow_match); 1236 set_to_dummy_if_null(ops, xfrm_decode_session); 1237 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1238 #ifdef CONFIG_KEYS 1239 set_to_dummy_if_null(ops, key_alloc); 1240 set_to_dummy_if_null(ops, key_free); 1241 set_to_dummy_if_null(ops, key_permission); 1242 set_to_dummy_if_null(ops, key_getsecurity); 1243 #endif /* CONFIG_KEYS */ 1244 #ifdef CONFIG_AUDIT 1245 set_to_dummy_if_null(ops, audit_rule_init); 1246 set_to_dummy_if_null(ops, audit_rule_known); 1247 set_to_dummy_if_null(ops, audit_rule_match); 1248 set_to_dummy_if_null(ops, audit_rule_free); 1249 #endif 1250 } 1251
Cache object: 78c5eeccb08d5d3109ea151dd03fd9f2
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]