| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* | 
|  | 2 | *  Capabilities Linux Security Module | 
|  | 3 | * | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 4 | *  This is the default security module in case no other module is loaded. | 
|  | 5 | * | 
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 6 | *	This program is free software; you can redistribute it and/or modify | 
|  | 7 | *	it under the terms of the GNU General Public License as published by | 
|  | 8 | *	the Free Software Foundation; either version 2 of the License, or | 
|  | 9 | *	(at your option) any later version. | 
|  | 10 | * | 
|  | 11 | */ | 
|  | 12 |  | 
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 13 | #include <linux/security.h> | 
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 14 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 15 | static int cap_acct(struct file *file) | 
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 16 | { | 
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 17 | return 0; | 
|  | 18 | } | 
|  | 19 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 20 | static int cap_sysctl(ctl_table *table, int op) | 
|  | 21 | { | 
|  | 22 | return 0; | 
|  | 23 | } | 
|  | 24 |  | 
|  | 25 | static int cap_quotactl(int cmds, int type, int id, struct super_block *sb) | 
|  | 26 | { | 
|  | 27 | return 0; | 
|  | 28 | } | 
|  | 29 |  | 
|  | 30 | static int cap_quota_on(struct dentry *dentry) | 
|  | 31 | { | 
|  | 32 | return 0; | 
|  | 33 | } | 
|  | 34 |  | 
| David Howells | a6f76f2 | 2008-11-14 10:39:24 +1100 | [diff] [blame] | 35 | static int cap_bprm_check_security (struct linux_binprm *bprm) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 36 | { | 
|  | 37 | return 0; | 
|  | 38 | } | 
|  | 39 |  | 
| David Howells | a6f76f2 | 2008-11-14 10:39:24 +1100 | [diff] [blame] | 40 | static void cap_bprm_committing_creds(struct linux_binprm *bprm) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 41 | { | 
|  | 42 | } | 
|  | 43 |  | 
| David Howells | a6f76f2 | 2008-11-14 10:39:24 +1100 | [diff] [blame] | 44 | static void cap_bprm_committed_creds(struct linux_binprm *bprm) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 45 | { | 
|  | 46 | } | 
|  | 47 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 48 | static int cap_sb_alloc_security(struct super_block *sb) | 
|  | 49 | { | 
|  | 50 | return 0; | 
|  | 51 | } | 
|  | 52 |  | 
|  | 53 | static void cap_sb_free_security(struct super_block *sb) | 
|  | 54 | { | 
|  | 55 | } | 
|  | 56 |  | 
|  | 57 | static int cap_sb_copy_data(char *orig, char *copy) | 
|  | 58 | { | 
|  | 59 | return 0; | 
|  | 60 | } | 
|  | 61 |  | 
| James Morris | 12204e2 | 2008-12-19 10:44:42 +1100 | [diff] [blame] | 62 | static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 63 | { | 
|  | 64 | return 0; | 
|  | 65 | } | 
|  | 66 |  | 
|  | 67 | static int cap_sb_show_options(struct seq_file *m, struct super_block *sb) | 
|  | 68 | { | 
|  | 69 | return 0; | 
|  | 70 | } | 
|  | 71 |  | 
|  | 72 | static int cap_sb_statfs(struct dentry *dentry) | 
|  | 73 | { | 
|  | 74 | return 0; | 
|  | 75 | } | 
|  | 76 |  | 
|  | 77 | static int cap_sb_mount(char *dev_name, struct path *path, char *type, | 
|  | 78 | unsigned long flags, void *data) | 
|  | 79 | { | 
|  | 80 | return 0; | 
|  | 81 | } | 
|  | 82 |  | 
|  | 83 | static int cap_sb_check_sb(struct vfsmount *mnt, struct path *path) | 
|  | 84 | { | 
|  | 85 | return 0; | 
|  | 86 | } | 
|  | 87 |  | 
|  | 88 | static int cap_sb_umount(struct vfsmount *mnt, int flags) | 
|  | 89 | { | 
|  | 90 | return 0; | 
|  | 91 | } | 
|  | 92 |  | 
|  | 93 | static void cap_sb_umount_close(struct vfsmount *mnt) | 
|  | 94 | { | 
|  | 95 | } | 
|  | 96 |  | 
|  | 97 | static void cap_sb_umount_busy(struct vfsmount *mnt) | 
|  | 98 | { | 
|  | 99 | } | 
|  | 100 |  | 
|  | 101 | static void cap_sb_post_remount(struct vfsmount *mnt, unsigned long flags, | 
|  | 102 | void *data) | 
|  | 103 | { | 
|  | 104 | } | 
|  | 105 |  | 
|  | 106 | static void cap_sb_post_addmount(struct vfsmount *mnt, struct path *path) | 
|  | 107 | { | 
|  | 108 | } | 
|  | 109 |  | 
|  | 110 | static int cap_sb_pivotroot(struct path *old_path, struct path *new_path) | 
|  | 111 | { | 
|  | 112 | return 0; | 
|  | 113 | } | 
|  | 114 |  | 
|  | 115 | static void cap_sb_post_pivotroot(struct path *old_path, struct path *new_path) | 
|  | 116 | { | 
|  | 117 | } | 
|  | 118 |  | 
|  | 119 | static int cap_sb_set_mnt_opts(struct super_block *sb, | 
|  | 120 | struct security_mnt_opts *opts) | 
|  | 121 | { | 
|  | 122 | if (unlikely(opts->num_mnt_opts)) | 
|  | 123 | return -EOPNOTSUPP; | 
|  | 124 | return 0; | 
|  | 125 | } | 
|  | 126 |  | 
|  | 127 | static void cap_sb_clone_mnt_opts(const struct super_block *oldsb, | 
|  | 128 | struct super_block *newsb) | 
|  | 129 | { | 
|  | 130 | } | 
|  | 131 |  | 
|  | 132 | static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) | 
|  | 133 | { | 
|  | 134 | return 0; | 
|  | 135 | } | 
|  | 136 |  | 
|  | 137 | static int cap_inode_alloc_security(struct inode *inode) | 
|  | 138 | { | 
|  | 139 | return 0; | 
|  | 140 | } | 
|  | 141 |  | 
|  | 142 | static void cap_inode_free_security(struct inode *inode) | 
|  | 143 | { | 
|  | 144 | } | 
|  | 145 |  | 
|  | 146 | static int cap_inode_init_security(struct inode *inode, struct inode *dir, | 
|  | 147 | char **name, void **value, size_t *len) | 
|  | 148 | { | 
|  | 149 | return -EOPNOTSUPP; | 
|  | 150 | } | 
|  | 151 |  | 
|  | 152 | static int cap_inode_create(struct inode *inode, struct dentry *dentry, | 
|  | 153 | int mask) | 
|  | 154 | { | 
|  | 155 | return 0; | 
|  | 156 | } | 
|  | 157 |  | 
|  | 158 | static int cap_inode_link(struct dentry *old_dentry, struct inode *inode, | 
|  | 159 | struct dentry *new_dentry) | 
|  | 160 | { | 
|  | 161 | return 0; | 
|  | 162 | } | 
|  | 163 |  | 
|  | 164 | static int cap_inode_unlink(struct inode *inode, struct dentry *dentry) | 
|  | 165 | { | 
|  | 166 | return 0; | 
|  | 167 | } | 
|  | 168 |  | 
|  | 169 | static int cap_inode_symlink(struct inode *inode, struct dentry *dentry, | 
|  | 170 | const char *name) | 
|  | 171 | { | 
|  | 172 | return 0; | 
|  | 173 | } | 
|  | 174 |  | 
|  | 175 | static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry, | 
|  | 176 | int mask) | 
|  | 177 | { | 
|  | 178 | return 0; | 
|  | 179 | } | 
|  | 180 |  | 
|  | 181 | static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry) | 
|  | 182 | { | 
|  | 183 | return 0; | 
|  | 184 | } | 
|  | 185 |  | 
|  | 186 | static int cap_inode_mknod(struct inode *inode, struct dentry *dentry, | 
|  | 187 | int mode, dev_t dev) | 
|  | 188 | { | 
|  | 189 | return 0; | 
|  | 190 | } | 
|  | 191 |  | 
|  | 192 | static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry, | 
|  | 193 | struct inode *new_inode, struct dentry *new_dentry) | 
|  | 194 | { | 
|  | 195 | return 0; | 
|  | 196 | } | 
|  | 197 |  | 
|  | 198 | static int cap_inode_readlink(struct dentry *dentry) | 
|  | 199 | { | 
|  | 200 | return 0; | 
|  | 201 | } | 
|  | 202 |  | 
|  | 203 | static int cap_inode_follow_link(struct dentry *dentry, | 
|  | 204 | struct nameidata *nameidata) | 
|  | 205 | { | 
|  | 206 | return 0; | 
|  | 207 | } | 
|  | 208 |  | 
| Al Viro | b77b064 | 2008-07-17 09:37:02 -0400 | [diff] [blame] | 209 | static int cap_inode_permission(struct inode *inode, int mask) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 210 | { | 
|  | 211 | return 0; | 
|  | 212 | } | 
|  | 213 |  | 
|  | 214 | static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr) | 
|  | 215 | { | 
|  | 216 | return 0; | 
|  | 217 | } | 
|  | 218 |  | 
|  | 219 | static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 
|  | 220 | { | 
|  | 221 | return 0; | 
|  | 222 | } | 
|  | 223 |  | 
|  | 224 | static void cap_inode_delete(struct inode *ino) | 
|  | 225 | { | 
|  | 226 | } | 
|  | 227 |  | 
|  | 228 | static void cap_inode_post_setxattr(struct dentry *dentry, const char *name, | 
|  | 229 | const void *value, size_t size, int flags) | 
|  | 230 | { | 
|  | 231 | } | 
|  | 232 |  | 
|  | 233 | static int cap_inode_getxattr(struct dentry *dentry, const char *name) | 
|  | 234 | { | 
|  | 235 | return 0; | 
|  | 236 | } | 
|  | 237 |  | 
|  | 238 | static int cap_inode_listxattr(struct dentry *dentry) | 
|  | 239 | { | 
|  | 240 | return 0; | 
|  | 241 | } | 
|  | 242 |  | 
|  | 243 | static int cap_inode_getsecurity(const struct inode *inode, const char *name, | 
|  | 244 | void **buffer, bool alloc) | 
|  | 245 | { | 
|  | 246 | return -EOPNOTSUPP; | 
|  | 247 | } | 
|  | 248 |  | 
|  | 249 | static int cap_inode_setsecurity(struct inode *inode, const char *name, | 
|  | 250 | const void *value, size_t size, int flags) | 
|  | 251 | { | 
|  | 252 | return -EOPNOTSUPP; | 
|  | 253 | } | 
|  | 254 |  | 
|  | 255 | static int cap_inode_listsecurity(struct inode *inode, char *buffer, | 
|  | 256 | size_t buffer_size) | 
|  | 257 | { | 
|  | 258 | return 0; | 
|  | 259 | } | 
|  | 260 |  | 
|  | 261 | static void cap_inode_getsecid(const struct inode *inode, u32 *secid) | 
|  | 262 | { | 
|  | 263 | *secid = 0; | 
|  | 264 | } | 
|  | 265 |  | 
| Kentaro Takeda | be6d3e5 | 2008-12-17 13:24:15 +0900 | [diff] [blame] | 266 | #ifdef CONFIG_SECURITY_PATH | 
|  | 267 | static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, | 
|  | 268 | unsigned int dev) | 
|  | 269 | { | 
|  | 270 | return 0; | 
|  | 271 | } | 
|  | 272 |  | 
|  | 273 | static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode) | 
|  | 274 | { | 
|  | 275 | return 0; | 
|  | 276 | } | 
|  | 277 |  | 
|  | 278 | static int cap_path_rmdir(struct path *dir, struct dentry *dentry) | 
|  | 279 | { | 
|  | 280 | return 0; | 
|  | 281 | } | 
|  | 282 |  | 
|  | 283 | static int cap_path_unlink(struct path *dir, struct dentry *dentry) | 
|  | 284 | { | 
|  | 285 | return 0; | 
|  | 286 | } | 
|  | 287 |  | 
|  | 288 | static int cap_path_symlink(struct path *dir, struct dentry *dentry, | 
|  | 289 | const char *old_name) | 
|  | 290 | { | 
|  | 291 | return 0; | 
|  | 292 | } | 
|  | 293 |  | 
|  | 294 | static int cap_path_link(struct dentry *old_dentry, struct path *new_dir, | 
|  | 295 | struct dentry *new_dentry) | 
|  | 296 | { | 
|  | 297 | return 0; | 
|  | 298 | } | 
|  | 299 |  | 
|  | 300 | static int cap_path_rename(struct path *old_path, struct dentry *old_dentry, | 
|  | 301 | struct path *new_path, struct dentry *new_dentry) | 
|  | 302 | { | 
|  | 303 | return 0; | 
|  | 304 | } | 
|  | 305 |  | 
|  | 306 | static int cap_path_truncate(struct path *path, loff_t length, | 
|  | 307 | unsigned int time_attrs) | 
|  | 308 | { | 
|  | 309 | return 0; | 
|  | 310 | } | 
|  | 311 | #endif | 
|  | 312 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 313 | static int cap_file_permission(struct file *file, int mask) | 
|  | 314 | { | 
|  | 315 | return 0; | 
|  | 316 | } | 
|  | 317 |  | 
|  | 318 | static int cap_file_alloc_security(struct file *file) | 
|  | 319 | { | 
|  | 320 | return 0; | 
|  | 321 | } | 
|  | 322 |  | 
|  | 323 | static void cap_file_free_security(struct file *file) | 
|  | 324 | { | 
|  | 325 | } | 
|  | 326 |  | 
|  | 327 | static int cap_file_ioctl(struct file *file, unsigned int command, | 
|  | 328 | unsigned long arg) | 
|  | 329 | { | 
|  | 330 | return 0; | 
|  | 331 | } | 
|  | 332 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 333 | static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, | 
|  | 334 | unsigned long prot) | 
|  | 335 | { | 
|  | 336 | return 0; | 
|  | 337 | } | 
|  | 338 |  | 
|  | 339 | static int cap_file_lock(struct file *file, unsigned int cmd) | 
|  | 340 | { | 
|  | 341 | return 0; | 
|  | 342 | } | 
|  | 343 |  | 
|  | 344 | static int cap_file_fcntl(struct file *file, unsigned int cmd, | 
|  | 345 | unsigned long arg) | 
|  | 346 | { | 
|  | 347 | return 0; | 
|  | 348 | } | 
|  | 349 |  | 
|  | 350 | static int cap_file_set_fowner(struct file *file) | 
|  | 351 | { | 
|  | 352 | return 0; | 
|  | 353 | } | 
|  | 354 |  | 
|  | 355 | static int cap_file_send_sigiotask(struct task_struct *tsk, | 
|  | 356 | struct fown_struct *fown, int sig) | 
|  | 357 | { | 
|  | 358 | return 0; | 
|  | 359 | } | 
|  | 360 |  | 
|  | 361 | static int cap_file_receive(struct file *file) | 
|  | 362 | { | 
|  | 363 | return 0; | 
|  | 364 | } | 
|  | 365 |  | 
| David Howells | 745ca24 | 2008-11-14 10:39:22 +1100 | [diff] [blame] | 366 | static int cap_dentry_open(struct file *file, const struct cred *cred) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 367 | { | 
|  | 368 | return 0; | 
|  | 369 | } | 
|  | 370 |  | 
|  | 371 | static int cap_task_create(unsigned long clone_flags) | 
|  | 372 | { | 
|  | 373 | return 0; | 
|  | 374 | } | 
|  | 375 |  | 
| David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 376 | static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp) | 
|  | 377 | { | 
|  | 378 | return 0; | 
|  | 379 | } | 
|  | 380 |  | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 381 | static void cap_cred_free(struct cred *cred) | 
|  | 382 | { | 
|  | 383 | } | 
|  | 384 |  | 
|  | 385 | static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 386 | { | 
|  | 387 | return 0; | 
|  | 388 | } | 
|  | 389 |  | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 390 | static void cap_cred_commit(struct cred *new, const struct cred *old) | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 391 | { | 
|  | 392 | } | 
|  | 393 |  | 
| David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 394 | static void cap_cred_transfer(struct cred *new, const struct cred *old) | 
|  | 395 | { | 
|  | 396 | } | 
|  | 397 |  | 
| David Howells | 3a3b7ce | 2008-11-14 10:39:28 +1100 | [diff] [blame] | 398 | static int cap_kernel_act_as(struct cred *new, u32 secid) | 
|  | 399 | { | 
|  | 400 | return 0; | 
|  | 401 | } | 
|  | 402 |  | 
|  | 403 | static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) | 
|  | 404 | { | 
|  | 405 | return 0; | 
|  | 406 | } | 
|  | 407 |  | 
| Eric Paris | 9188499 | 2009-08-13 09:44:57 -0400 | [diff] [blame] | 408 | static int cap_kernel_module_request(void) | 
|  | 409 | { | 
|  | 410 | return 0; | 
|  | 411 | } | 
|  | 412 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 413 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 
|  | 414 | { | 
|  | 415 | return 0; | 
|  | 416 | } | 
|  | 417 |  | 
|  | 418 | static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | 
|  | 419 | { | 
|  | 420 | return 0; | 
|  | 421 | } | 
|  | 422 |  | 
|  | 423 | static int cap_task_setpgid(struct task_struct *p, pid_t pgid) | 
|  | 424 | { | 
|  | 425 | return 0; | 
|  | 426 | } | 
|  | 427 |  | 
|  | 428 | static int cap_task_getpgid(struct task_struct *p) | 
|  | 429 | { | 
|  | 430 | return 0; | 
|  | 431 | } | 
|  | 432 |  | 
|  | 433 | static int cap_task_getsid(struct task_struct *p) | 
|  | 434 | { | 
|  | 435 | return 0; | 
|  | 436 | } | 
|  | 437 |  | 
|  | 438 | static void cap_task_getsecid(struct task_struct *p, u32 *secid) | 
|  | 439 | { | 
|  | 440 | *secid = 0; | 
|  | 441 | } | 
|  | 442 |  | 
|  | 443 | static int cap_task_setgroups(struct group_info *group_info) | 
|  | 444 | { | 
|  | 445 | return 0; | 
|  | 446 | } | 
|  | 447 |  | 
|  | 448 | static int cap_task_getioprio(struct task_struct *p) | 
|  | 449 | { | 
|  | 450 | return 0; | 
|  | 451 | } | 
|  | 452 |  | 
|  | 453 | static int cap_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 
|  | 454 | { | 
|  | 455 | return 0; | 
|  | 456 | } | 
|  | 457 |  | 
|  | 458 | static int cap_task_getscheduler(struct task_struct *p) | 
|  | 459 | { | 
|  | 460 | return 0; | 
|  | 461 | } | 
|  | 462 |  | 
|  | 463 | static int cap_task_movememory(struct task_struct *p) | 
|  | 464 | { | 
|  | 465 | return 0; | 
|  | 466 | } | 
|  | 467 |  | 
|  | 468 | static int cap_task_wait(struct task_struct *p) | 
|  | 469 | { | 
|  | 470 | return 0; | 
|  | 471 | } | 
|  | 472 |  | 
|  | 473 | static int cap_task_kill(struct task_struct *p, struct siginfo *info, | 
|  | 474 | int sig, u32 secid) | 
|  | 475 | { | 
|  | 476 | return 0; | 
|  | 477 | } | 
|  | 478 |  | 
|  | 479 | static void cap_task_to_inode(struct task_struct *p, struct inode *inode) | 
|  | 480 | { | 
|  | 481 | } | 
|  | 482 |  | 
|  | 483 | static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | 
|  | 484 | { | 
|  | 485 | return 0; | 
|  | 486 | } | 
|  | 487 |  | 
|  | 488 | static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | 
|  | 489 | { | 
|  | 490 | *secid = 0; | 
|  | 491 | } | 
|  | 492 |  | 
|  | 493 | static int cap_msg_msg_alloc_security(struct msg_msg *msg) | 
|  | 494 | { | 
|  | 495 | return 0; | 
|  | 496 | } | 
|  | 497 |  | 
|  | 498 | static void cap_msg_msg_free_security(struct msg_msg *msg) | 
|  | 499 | { | 
|  | 500 | } | 
|  | 501 |  | 
|  | 502 | static int cap_msg_queue_alloc_security(struct msg_queue *msq) | 
|  | 503 | { | 
|  | 504 | return 0; | 
|  | 505 | } | 
|  | 506 |  | 
|  | 507 | static void cap_msg_queue_free_security(struct msg_queue *msq) | 
|  | 508 | { | 
|  | 509 | } | 
|  | 510 |  | 
|  | 511 | static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg) | 
|  | 512 | { | 
|  | 513 | return 0; | 
|  | 514 | } | 
|  | 515 |  | 
|  | 516 | static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 
|  | 517 | { | 
|  | 518 | return 0; | 
|  | 519 | } | 
|  | 520 |  | 
|  | 521 | static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | 
|  | 522 | int msgflg) | 
|  | 523 | { | 
|  | 524 | return 0; | 
|  | 525 | } | 
|  | 526 |  | 
|  | 527 | static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | 
|  | 528 | struct task_struct *target, long type, int mode) | 
|  | 529 | { | 
|  | 530 | return 0; | 
|  | 531 | } | 
|  | 532 |  | 
|  | 533 | static int cap_shm_alloc_security(struct shmid_kernel *shp) | 
|  | 534 | { | 
|  | 535 | return 0; | 
|  | 536 | } | 
|  | 537 |  | 
|  | 538 | static void cap_shm_free_security(struct shmid_kernel *shp) | 
|  | 539 | { | 
|  | 540 | } | 
|  | 541 |  | 
|  | 542 | static int cap_shm_associate(struct shmid_kernel *shp, int shmflg) | 
|  | 543 | { | 
|  | 544 | return 0; | 
|  | 545 | } | 
|  | 546 |  | 
|  | 547 | static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd) | 
|  | 548 | { | 
|  | 549 | return 0; | 
|  | 550 | } | 
|  | 551 |  | 
|  | 552 | static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, | 
|  | 553 | int shmflg) | 
|  | 554 | { | 
|  | 555 | return 0; | 
|  | 556 | } | 
|  | 557 |  | 
|  | 558 | static int cap_sem_alloc_security(struct sem_array *sma) | 
|  | 559 | { | 
|  | 560 | return 0; | 
|  | 561 | } | 
|  | 562 |  | 
|  | 563 | static void cap_sem_free_security(struct sem_array *sma) | 
|  | 564 | { | 
|  | 565 | } | 
|  | 566 |  | 
|  | 567 | static int cap_sem_associate(struct sem_array *sma, int semflg) | 
|  | 568 | { | 
|  | 569 | return 0; | 
|  | 570 | } | 
|  | 571 |  | 
|  | 572 | static int cap_sem_semctl(struct sem_array *sma, int cmd) | 
|  | 573 | { | 
|  | 574 | return 0; | 
|  | 575 | } | 
|  | 576 |  | 
|  | 577 | static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops, | 
|  | 578 | unsigned nsops, int alter) | 
|  | 579 | { | 
|  | 580 | return 0; | 
|  | 581 | } | 
|  | 582 |  | 
|  | 583 | #ifdef CONFIG_SECURITY_NETWORK | 
|  | 584 | static int cap_unix_stream_connect(struct socket *sock, struct socket *other, | 
|  | 585 | struct sock *newsk) | 
|  | 586 | { | 
|  | 587 | return 0; | 
|  | 588 | } | 
|  | 589 |  | 
|  | 590 | static int cap_unix_may_send(struct socket *sock, struct socket *other) | 
|  | 591 | { | 
|  | 592 | return 0; | 
|  | 593 | } | 
|  | 594 |  | 
|  | 595 | static int cap_socket_create(int family, int type, int protocol, int kern) | 
|  | 596 | { | 
|  | 597 | return 0; | 
|  | 598 | } | 
|  | 599 |  | 
|  | 600 | static int cap_socket_post_create(struct socket *sock, int family, int type, | 
|  | 601 | int protocol, int kern) | 
|  | 602 | { | 
|  | 603 | return 0; | 
|  | 604 | } | 
|  | 605 |  | 
|  | 606 | static int cap_socket_bind(struct socket *sock, struct sockaddr *address, | 
|  | 607 | int addrlen) | 
|  | 608 | { | 
|  | 609 | return 0; | 
|  | 610 | } | 
|  | 611 |  | 
|  | 612 | static int cap_socket_connect(struct socket *sock, struct sockaddr *address, | 
|  | 613 | int addrlen) | 
|  | 614 | { | 
|  | 615 | return 0; | 
|  | 616 | } | 
|  | 617 |  | 
|  | 618 | static int cap_socket_listen(struct socket *sock, int backlog) | 
|  | 619 | { | 
|  | 620 | return 0; | 
|  | 621 | } | 
|  | 622 |  | 
|  | 623 | static int cap_socket_accept(struct socket *sock, struct socket *newsock) | 
|  | 624 | { | 
|  | 625 | return 0; | 
|  | 626 | } | 
|  | 627 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 628 | static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) | 
|  | 629 | { | 
|  | 630 | return 0; | 
|  | 631 | } | 
|  | 632 |  | 
|  | 633 | static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg, | 
|  | 634 | int size, int flags) | 
|  | 635 | { | 
|  | 636 | return 0; | 
|  | 637 | } | 
|  | 638 |  | 
|  | 639 | static int cap_socket_getsockname(struct socket *sock) | 
|  | 640 | { | 
|  | 641 | return 0; | 
|  | 642 | } | 
|  | 643 |  | 
|  | 644 | static int cap_socket_getpeername(struct socket *sock) | 
|  | 645 | { | 
|  | 646 | return 0; | 
|  | 647 | } | 
|  | 648 |  | 
|  | 649 | static int cap_socket_setsockopt(struct socket *sock, int level, int optname) | 
|  | 650 | { | 
|  | 651 | return 0; | 
|  | 652 | } | 
|  | 653 |  | 
|  | 654 | static int cap_socket_getsockopt(struct socket *sock, int level, int optname) | 
|  | 655 | { | 
|  | 656 | return 0; | 
|  | 657 | } | 
|  | 658 |  | 
|  | 659 | static int cap_socket_shutdown(struct socket *sock, int how) | 
|  | 660 | { | 
|  | 661 | return 0; | 
|  | 662 | } | 
|  | 663 |  | 
|  | 664 | static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | 
|  | 665 | { | 
|  | 666 | return 0; | 
|  | 667 | } | 
|  | 668 |  | 
|  | 669 | static int cap_socket_getpeersec_stream(struct socket *sock, | 
|  | 670 | char __user *optval, | 
|  | 671 | int __user *optlen, unsigned len) | 
|  | 672 | { | 
|  | 673 | return -ENOPROTOOPT; | 
|  | 674 | } | 
|  | 675 |  | 
|  | 676 | static int cap_socket_getpeersec_dgram(struct socket *sock, | 
|  | 677 | struct sk_buff *skb, u32 *secid) | 
|  | 678 | { | 
|  | 679 | return -ENOPROTOOPT; | 
|  | 680 | } | 
|  | 681 |  | 
|  | 682 | static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority) | 
|  | 683 | { | 
|  | 684 | return 0; | 
|  | 685 | } | 
|  | 686 |  | 
|  | 687 | static void cap_sk_free_security(struct sock *sk) | 
|  | 688 | { | 
|  | 689 | } | 
|  | 690 |  | 
|  | 691 | static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk) | 
|  | 692 | { | 
|  | 693 | } | 
|  | 694 |  | 
|  | 695 | static void cap_sk_getsecid(struct sock *sk, u32 *secid) | 
|  | 696 | { | 
|  | 697 | } | 
|  | 698 |  | 
|  | 699 | static void cap_sock_graft(struct sock *sk, struct socket *parent) | 
|  | 700 | { | 
|  | 701 | } | 
|  | 702 |  | 
|  | 703 | static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb, | 
|  | 704 | struct request_sock *req) | 
|  | 705 | { | 
|  | 706 | return 0; | 
|  | 707 | } | 
|  | 708 |  | 
|  | 709 | static void cap_inet_csk_clone(struct sock *newsk, | 
|  | 710 | const struct request_sock *req) | 
|  | 711 | { | 
|  | 712 | } | 
|  | 713 |  | 
|  | 714 | static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb) | 
|  | 715 | { | 
|  | 716 | } | 
|  | 717 |  | 
| Paul Moore | 2b980db | 2009-08-28 18:12:43 -0400 | [diff] [blame] | 718 |  | 
|  | 719 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 720 | static void cap_req_classify_flow(const struct request_sock *req, | 
|  | 721 | struct flowi *fl) | 
|  | 722 | { | 
|  | 723 | } | 
| Paul Moore | 2b980db | 2009-08-28 18:12:43 -0400 | [diff] [blame] | 724 |  | 
|  | 725 | static int cap_tun_dev_create(void) | 
|  | 726 | { | 
|  | 727 | return 0; | 
|  | 728 | } | 
|  | 729 |  | 
|  | 730 | static void cap_tun_dev_post_create(struct sock *sk) | 
|  | 731 | { | 
|  | 732 | } | 
|  | 733 |  | 
|  | 734 | static int cap_tun_dev_attach(struct sock *sk) | 
|  | 735 | { | 
|  | 736 | return 0; | 
|  | 737 | } | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 738 | #endif	/* CONFIG_SECURITY_NETWORK */ | 
|  | 739 |  | 
|  | 740 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 
|  | 741 | static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp, | 
|  | 742 | struct xfrm_user_sec_ctx *sec_ctx) | 
|  | 743 | { | 
|  | 744 | return 0; | 
|  | 745 | } | 
|  | 746 |  | 
|  | 747 | static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx, | 
|  | 748 | struct xfrm_sec_ctx **new_ctxp) | 
|  | 749 | { | 
|  | 750 | return 0; | 
|  | 751 | } | 
|  | 752 |  | 
|  | 753 | static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx) | 
|  | 754 | { | 
|  | 755 | } | 
|  | 756 |  | 
|  | 757 | static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx) | 
|  | 758 | { | 
|  | 759 | return 0; | 
|  | 760 | } | 
|  | 761 |  | 
|  | 762 | static int cap_xfrm_state_alloc_security(struct xfrm_state *x, | 
|  | 763 | struct xfrm_user_sec_ctx *sec_ctx, | 
|  | 764 | u32 secid) | 
|  | 765 | { | 
|  | 766 | return 0; | 
|  | 767 | } | 
|  | 768 |  | 
|  | 769 | static void cap_xfrm_state_free_security(struct xfrm_state *x) | 
|  | 770 | { | 
|  | 771 | } | 
|  | 772 |  | 
|  | 773 | static int cap_xfrm_state_delete_security(struct xfrm_state *x) | 
|  | 774 | { | 
|  | 775 | return 0; | 
|  | 776 | } | 
|  | 777 |  | 
|  | 778 | static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir) | 
|  | 779 | { | 
|  | 780 | return 0; | 
|  | 781 | } | 
|  | 782 |  | 
|  | 783 | static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x, | 
|  | 784 | struct xfrm_policy *xp, | 
|  | 785 | struct flowi *fl) | 
|  | 786 | { | 
|  | 787 | return 1; | 
|  | 788 | } | 
|  | 789 |  | 
|  | 790 | static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall) | 
|  | 791 | { | 
|  | 792 | return 0; | 
|  | 793 | } | 
|  | 794 |  | 
|  | 795 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 796 | static void cap_d_instantiate(struct dentry *dentry, struct inode *inode) | 
|  | 797 | { | 
|  | 798 | } | 
|  | 799 |  | 
|  | 800 | static int cap_getprocattr(struct task_struct *p, char *name, char **value) | 
|  | 801 | { | 
|  | 802 | return -EINVAL; | 
|  | 803 | } | 
|  | 804 |  | 
|  | 805 | static int cap_setprocattr(struct task_struct *p, char *name, void *value, | 
|  | 806 | size_t size) | 
|  | 807 | { | 
|  | 808 | return -EINVAL; | 
|  | 809 | } | 
|  | 810 |  | 
|  | 811 | static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 
|  | 812 | { | 
|  | 813 | return -EOPNOTSUPP; | 
|  | 814 | } | 
|  | 815 |  | 
|  | 816 | static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | 
|  | 817 | { | 
|  | 818 | return -EOPNOTSUPP; | 
|  | 819 | } | 
|  | 820 |  | 
|  | 821 | static void cap_release_secctx(char *secdata, u32 seclen) | 
|  | 822 | { | 
|  | 823 | } | 
|  | 824 |  | 
| David P. Quigley | 1ee65e3 | 2009-09-03 14:25:57 -0400 | [diff] [blame] | 825 | static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) | 
|  | 826 | { | 
|  | 827 | return 0; | 
|  | 828 | } | 
|  | 829 |  | 
|  | 830 | static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) | 
|  | 831 | { | 
|  | 832 | return 0; | 
|  | 833 | } | 
|  | 834 |  | 
|  | 835 | static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) | 
|  | 836 | { | 
|  | 837 | return 0; | 
|  | 838 | } | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 839 | #ifdef CONFIG_KEYS | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 840 | static int cap_key_alloc(struct key *key, const struct cred *cred, | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 841 | unsigned long flags) | 
|  | 842 | { | 
|  | 843 | return 0; | 
|  | 844 | } | 
|  | 845 |  | 
|  | 846 | static void cap_key_free(struct key *key) | 
|  | 847 | { | 
|  | 848 | } | 
|  | 849 |  | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 850 | static int cap_key_permission(key_ref_t key_ref, const struct cred *cred, | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 851 | key_perm_t perm) | 
|  | 852 | { | 
|  | 853 | return 0; | 
|  | 854 | } | 
|  | 855 |  | 
|  | 856 | static int cap_key_getsecurity(struct key *key, char **_buffer) | 
|  | 857 | { | 
|  | 858 | *_buffer = NULL; | 
|  | 859 | return 0; | 
|  | 860 | } | 
|  | 861 |  | 
| David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 862 | static int cap_key_session_to_parent(const struct cred *cred, | 
|  | 863 | const struct cred *parent_cred, | 
|  | 864 | struct key *key) | 
|  | 865 | { | 
|  | 866 | return 0; | 
|  | 867 | } | 
|  | 868 |  | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 869 | #endif /* CONFIG_KEYS */ | 
|  | 870 |  | 
|  | 871 | #ifdef CONFIG_AUDIT | 
|  | 872 | static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) | 
|  | 873 | { | 
|  | 874 | return 0; | 
|  | 875 | } | 
|  | 876 |  | 
|  | 877 | static int cap_audit_rule_known(struct audit_krule *krule) | 
|  | 878 | { | 
|  | 879 | return 0; | 
|  | 880 | } | 
|  | 881 |  | 
|  | 882 | static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, | 
|  | 883 | struct audit_context *actx) | 
|  | 884 | { | 
|  | 885 | return 0; | 
|  | 886 | } | 
|  | 887 |  | 
|  | 888 | static void cap_audit_rule_free(void *lsmrule) | 
|  | 889 | { | 
|  | 890 | } | 
|  | 891 | #endif /* CONFIG_AUDIT */ | 
|  | 892 |  | 
|  | 893 | struct security_operations default_security_ops = { | 
|  | 894 | .name	= "default", | 
|  | 895 | }; | 
|  | 896 |  | 
|  | 897 | #define set_to_cap_if_null(ops, function)				\ | 
|  | 898 | do {								\ | 
|  | 899 | if (!ops->function) {					\ | 
|  | 900 | ops->function = cap_##function;			\ | 
|  | 901 | pr_debug("Had to override the " #function	\ | 
|  | 902 | " security operation with the default.\n");\ | 
|  | 903 | }						\ | 
|  | 904 | } while (0) | 
|  | 905 |  | 
|  | 906 | void security_fixup_ops(struct security_operations *ops) | 
|  | 907 | { | 
| Ingo Molnar | 9e48858 | 2009-05-07 19:26:19 +1000 | [diff] [blame] | 908 | set_to_cap_if_null(ops, ptrace_access_check); | 
| David Howells | 5cd9c58 | 2008-08-14 11:37:28 +0100 | [diff] [blame] | 909 | set_to_cap_if_null(ops, ptrace_traceme); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 910 | set_to_cap_if_null(ops, capget); | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 911 | set_to_cap_if_null(ops, capset); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 912 | set_to_cap_if_null(ops, acct); | 
|  | 913 | set_to_cap_if_null(ops, capable); | 
|  | 914 | set_to_cap_if_null(ops, quotactl); | 
|  | 915 | set_to_cap_if_null(ops, quota_on); | 
|  | 916 | set_to_cap_if_null(ops, sysctl); | 
|  | 917 | set_to_cap_if_null(ops, syslog); | 
|  | 918 | set_to_cap_if_null(ops, settime); | 
|  | 919 | set_to_cap_if_null(ops, vm_enough_memory); | 
| David Howells | a6f76f2 | 2008-11-14 10:39:24 +1100 | [diff] [blame] | 920 | set_to_cap_if_null(ops, bprm_set_creds); | 
|  | 921 | set_to_cap_if_null(ops, bprm_committing_creds); | 
|  | 922 | set_to_cap_if_null(ops, bprm_committed_creds); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 923 | set_to_cap_if_null(ops, bprm_check_security); | 
|  | 924 | set_to_cap_if_null(ops, bprm_secureexec); | 
|  | 925 | set_to_cap_if_null(ops, sb_alloc_security); | 
|  | 926 | set_to_cap_if_null(ops, sb_free_security); | 
|  | 927 | set_to_cap_if_null(ops, sb_copy_data); | 
|  | 928 | set_to_cap_if_null(ops, sb_kern_mount); | 
|  | 929 | set_to_cap_if_null(ops, sb_show_options); | 
|  | 930 | set_to_cap_if_null(ops, sb_statfs); | 
|  | 931 | set_to_cap_if_null(ops, sb_mount); | 
|  | 932 | set_to_cap_if_null(ops, sb_check_sb); | 
|  | 933 | set_to_cap_if_null(ops, sb_umount); | 
|  | 934 | set_to_cap_if_null(ops, sb_umount_close); | 
|  | 935 | set_to_cap_if_null(ops, sb_umount_busy); | 
|  | 936 | set_to_cap_if_null(ops, sb_post_remount); | 
|  | 937 | set_to_cap_if_null(ops, sb_post_addmount); | 
|  | 938 | set_to_cap_if_null(ops, sb_pivotroot); | 
|  | 939 | set_to_cap_if_null(ops, sb_post_pivotroot); | 
|  | 940 | set_to_cap_if_null(ops, sb_set_mnt_opts); | 
|  | 941 | set_to_cap_if_null(ops, sb_clone_mnt_opts); | 
|  | 942 | set_to_cap_if_null(ops, sb_parse_opts_str); | 
|  | 943 | set_to_cap_if_null(ops, inode_alloc_security); | 
|  | 944 | set_to_cap_if_null(ops, inode_free_security); | 
|  | 945 | set_to_cap_if_null(ops, inode_init_security); | 
|  | 946 | set_to_cap_if_null(ops, inode_create); | 
|  | 947 | set_to_cap_if_null(ops, inode_link); | 
|  | 948 | set_to_cap_if_null(ops, inode_unlink); | 
|  | 949 | set_to_cap_if_null(ops, inode_symlink); | 
|  | 950 | set_to_cap_if_null(ops, inode_mkdir); | 
|  | 951 | set_to_cap_if_null(ops, inode_rmdir); | 
|  | 952 | set_to_cap_if_null(ops, inode_mknod); | 
|  | 953 | set_to_cap_if_null(ops, inode_rename); | 
|  | 954 | set_to_cap_if_null(ops, inode_readlink); | 
|  | 955 | set_to_cap_if_null(ops, inode_follow_link); | 
|  | 956 | set_to_cap_if_null(ops, inode_permission); | 
|  | 957 | set_to_cap_if_null(ops, inode_setattr); | 
|  | 958 | set_to_cap_if_null(ops, inode_getattr); | 
|  | 959 | set_to_cap_if_null(ops, inode_delete); | 
|  | 960 | set_to_cap_if_null(ops, inode_setxattr); | 
|  | 961 | set_to_cap_if_null(ops, inode_post_setxattr); | 
|  | 962 | set_to_cap_if_null(ops, inode_getxattr); | 
|  | 963 | set_to_cap_if_null(ops, inode_listxattr); | 
|  | 964 | set_to_cap_if_null(ops, inode_removexattr); | 
|  | 965 | set_to_cap_if_null(ops, inode_need_killpriv); | 
|  | 966 | set_to_cap_if_null(ops, inode_killpriv); | 
|  | 967 | set_to_cap_if_null(ops, inode_getsecurity); | 
|  | 968 | set_to_cap_if_null(ops, inode_setsecurity); | 
|  | 969 | set_to_cap_if_null(ops, inode_listsecurity); | 
|  | 970 | set_to_cap_if_null(ops, inode_getsecid); | 
| Kentaro Takeda | be6d3e5 | 2008-12-17 13:24:15 +0900 | [diff] [blame] | 971 | #ifdef CONFIG_SECURITY_PATH | 
|  | 972 | set_to_cap_if_null(ops, path_mknod); | 
|  | 973 | set_to_cap_if_null(ops, path_mkdir); | 
|  | 974 | set_to_cap_if_null(ops, path_rmdir); | 
|  | 975 | set_to_cap_if_null(ops, path_unlink); | 
|  | 976 | set_to_cap_if_null(ops, path_symlink); | 
|  | 977 | set_to_cap_if_null(ops, path_link); | 
|  | 978 | set_to_cap_if_null(ops, path_rename); | 
|  | 979 | set_to_cap_if_null(ops, path_truncate); | 
|  | 980 | #endif | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 981 | set_to_cap_if_null(ops, file_permission); | 
|  | 982 | set_to_cap_if_null(ops, file_alloc_security); | 
|  | 983 | set_to_cap_if_null(ops, file_free_security); | 
|  | 984 | set_to_cap_if_null(ops, file_ioctl); | 
|  | 985 | set_to_cap_if_null(ops, file_mmap); | 
|  | 986 | set_to_cap_if_null(ops, file_mprotect); | 
|  | 987 | set_to_cap_if_null(ops, file_lock); | 
|  | 988 | set_to_cap_if_null(ops, file_fcntl); | 
|  | 989 | set_to_cap_if_null(ops, file_set_fowner); | 
|  | 990 | set_to_cap_if_null(ops, file_send_sigiotask); | 
|  | 991 | set_to_cap_if_null(ops, file_receive); | 
|  | 992 | set_to_cap_if_null(ops, dentry_open); | 
|  | 993 | set_to_cap_if_null(ops, task_create); | 
| David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 994 | set_to_cap_if_null(ops, cred_alloc_blank); | 
| David Howells | f1752ee | 2008-11-14 10:39:17 +1100 | [diff] [blame] | 995 | set_to_cap_if_null(ops, cred_free); | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 996 | set_to_cap_if_null(ops, cred_prepare); | 
|  | 997 | set_to_cap_if_null(ops, cred_commit); | 
| David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 998 | set_to_cap_if_null(ops, cred_transfer); | 
| David Howells | 3a3b7ce | 2008-11-14 10:39:28 +1100 | [diff] [blame] | 999 | set_to_cap_if_null(ops, kernel_act_as); | 
|  | 1000 | set_to_cap_if_null(ops, kernel_create_files_as); | 
| Eric Paris | 9188499 | 2009-08-13 09:44:57 -0400 | [diff] [blame] | 1001 | set_to_cap_if_null(ops, kernel_module_request); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1002 | set_to_cap_if_null(ops, task_setuid); | 
| David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 1003 | set_to_cap_if_null(ops, task_fix_setuid); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1004 | set_to_cap_if_null(ops, task_setgid); | 
|  | 1005 | set_to_cap_if_null(ops, task_setpgid); | 
|  | 1006 | set_to_cap_if_null(ops, task_getpgid); | 
|  | 1007 | set_to_cap_if_null(ops, task_getsid); | 
|  | 1008 | set_to_cap_if_null(ops, task_getsecid); | 
|  | 1009 | set_to_cap_if_null(ops, task_setgroups); | 
|  | 1010 | set_to_cap_if_null(ops, task_setnice); | 
|  | 1011 | set_to_cap_if_null(ops, task_setioprio); | 
|  | 1012 | set_to_cap_if_null(ops, task_getioprio); | 
|  | 1013 | set_to_cap_if_null(ops, task_setrlimit); | 
|  | 1014 | set_to_cap_if_null(ops, task_setscheduler); | 
|  | 1015 | set_to_cap_if_null(ops, task_getscheduler); | 
|  | 1016 | set_to_cap_if_null(ops, task_movememory); | 
|  | 1017 | set_to_cap_if_null(ops, task_wait); | 
|  | 1018 | set_to_cap_if_null(ops, task_kill); | 
|  | 1019 | set_to_cap_if_null(ops, task_prctl); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1020 | set_to_cap_if_null(ops, task_to_inode); | 
|  | 1021 | set_to_cap_if_null(ops, ipc_permission); | 
|  | 1022 | set_to_cap_if_null(ops, ipc_getsecid); | 
|  | 1023 | set_to_cap_if_null(ops, msg_msg_alloc_security); | 
|  | 1024 | set_to_cap_if_null(ops, msg_msg_free_security); | 
|  | 1025 | set_to_cap_if_null(ops, msg_queue_alloc_security); | 
|  | 1026 | set_to_cap_if_null(ops, msg_queue_free_security); | 
|  | 1027 | set_to_cap_if_null(ops, msg_queue_associate); | 
|  | 1028 | set_to_cap_if_null(ops, msg_queue_msgctl); | 
|  | 1029 | set_to_cap_if_null(ops, msg_queue_msgsnd); | 
|  | 1030 | set_to_cap_if_null(ops, msg_queue_msgrcv); | 
|  | 1031 | set_to_cap_if_null(ops, shm_alloc_security); | 
|  | 1032 | set_to_cap_if_null(ops, shm_free_security); | 
|  | 1033 | set_to_cap_if_null(ops, shm_associate); | 
|  | 1034 | set_to_cap_if_null(ops, shm_shmctl); | 
|  | 1035 | set_to_cap_if_null(ops, shm_shmat); | 
|  | 1036 | set_to_cap_if_null(ops, sem_alloc_security); | 
|  | 1037 | set_to_cap_if_null(ops, sem_free_security); | 
|  | 1038 | set_to_cap_if_null(ops, sem_associate); | 
|  | 1039 | set_to_cap_if_null(ops, sem_semctl); | 
|  | 1040 | set_to_cap_if_null(ops, sem_semop); | 
|  | 1041 | set_to_cap_if_null(ops, netlink_send); | 
|  | 1042 | set_to_cap_if_null(ops, netlink_recv); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1043 | set_to_cap_if_null(ops, d_instantiate); | 
|  | 1044 | set_to_cap_if_null(ops, getprocattr); | 
|  | 1045 | set_to_cap_if_null(ops, setprocattr); | 
|  | 1046 | set_to_cap_if_null(ops, secid_to_secctx); | 
|  | 1047 | set_to_cap_if_null(ops, secctx_to_secid); | 
|  | 1048 | set_to_cap_if_null(ops, release_secctx); | 
| David P. Quigley | 1ee65e3 | 2009-09-03 14:25:57 -0400 | [diff] [blame] | 1049 | set_to_cap_if_null(ops, inode_notifysecctx); | 
|  | 1050 | set_to_cap_if_null(ops, inode_setsecctx); | 
|  | 1051 | set_to_cap_if_null(ops, inode_getsecctx); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1052 | #ifdef CONFIG_SECURITY_NETWORK | 
|  | 1053 | set_to_cap_if_null(ops, unix_stream_connect); | 
|  | 1054 | set_to_cap_if_null(ops, unix_may_send); | 
|  | 1055 | set_to_cap_if_null(ops, socket_create); | 
|  | 1056 | set_to_cap_if_null(ops, socket_post_create); | 
|  | 1057 | set_to_cap_if_null(ops, socket_bind); | 
|  | 1058 | set_to_cap_if_null(ops, socket_connect); | 
|  | 1059 | set_to_cap_if_null(ops, socket_listen); | 
|  | 1060 | set_to_cap_if_null(ops, socket_accept); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1061 | set_to_cap_if_null(ops, socket_sendmsg); | 
|  | 1062 | set_to_cap_if_null(ops, socket_recvmsg); | 
|  | 1063 | set_to_cap_if_null(ops, socket_getsockname); | 
|  | 1064 | set_to_cap_if_null(ops, socket_getpeername); | 
|  | 1065 | set_to_cap_if_null(ops, socket_setsockopt); | 
|  | 1066 | set_to_cap_if_null(ops, socket_getsockopt); | 
|  | 1067 | set_to_cap_if_null(ops, socket_shutdown); | 
|  | 1068 | set_to_cap_if_null(ops, socket_sock_rcv_skb); | 
|  | 1069 | set_to_cap_if_null(ops, socket_getpeersec_stream); | 
|  | 1070 | set_to_cap_if_null(ops, socket_getpeersec_dgram); | 
|  | 1071 | set_to_cap_if_null(ops, sk_alloc_security); | 
|  | 1072 | set_to_cap_if_null(ops, sk_free_security); | 
|  | 1073 | set_to_cap_if_null(ops, sk_clone_security); | 
|  | 1074 | set_to_cap_if_null(ops, sk_getsecid); | 
|  | 1075 | set_to_cap_if_null(ops, sock_graft); | 
|  | 1076 | set_to_cap_if_null(ops, inet_conn_request); | 
|  | 1077 | set_to_cap_if_null(ops, inet_csk_clone); | 
|  | 1078 | set_to_cap_if_null(ops, inet_conn_established); | 
|  | 1079 | set_to_cap_if_null(ops, req_classify_flow); | 
| Paul Moore | 2b980db | 2009-08-28 18:12:43 -0400 | [diff] [blame] | 1080 | set_to_cap_if_null(ops, tun_dev_create); | 
|  | 1081 | set_to_cap_if_null(ops, tun_dev_post_create); | 
|  | 1082 | set_to_cap_if_null(ops, tun_dev_attach); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1083 | #endif	/* CONFIG_SECURITY_NETWORK */ | 
|  | 1084 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 
|  | 1085 | set_to_cap_if_null(ops, xfrm_policy_alloc_security); | 
|  | 1086 | set_to_cap_if_null(ops, xfrm_policy_clone_security); | 
|  | 1087 | set_to_cap_if_null(ops, xfrm_policy_free_security); | 
|  | 1088 | set_to_cap_if_null(ops, xfrm_policy_delete_security); | 
|  | 1089 | set_to_cap_if_null(ops, xfrm_state_alloc_security); | 
|  | 1090 | set_to_cap_if_null(ops, xfrm_state_free_security); | 
|  | 1091 | set_to_cap_if_null(ops, xfrm_state_delete_security); | 
|  | 1092 | set_to_cap_if_null(ops, xfrm_policy_lookup); | 
|  | 1093 | set_to_cap_if_null(ops, xfrm_state_pol_flow_match); | 
|  | 1094 | set_to_cap_if_null(ops, xfrm_decode_session); | 
|  | 1095 | #endif	/* CONFIG_SECURITY_NETWORK_XFRM */ | 
|  | 1096 | #ifdef CONFIG_KEYS | 
|  | 1097 | set_to_cap_if_null(ops, key_alloc); | 
|  | 1098 | set_to_cap_if_null(ops, key_free); | 
|  | 1099 | set_to_cap_if_null(ops, key_permission); | 
|  | 1100 | set_to_cap_if_null(ops, key_getsecurity); | 
| David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 1101 | set_to_cap_if_null(ops, key_session_to_parent); | 
| Miklos Szeredi | 5915eb5 | 2008-07-03 20:56:05 +0200 | [diff] [blame] | 1102 | #endif	/* CONFIG_KEYS */ | 
|  | 1103 | #ifdef CONFIG_AUDIT | 
|  | 1104 | set_to_cap_if_null(ops, audit_rule_init); | 
|  | 1105 | set_to_cap_if_null(ops, audit_rule_known); | 
|  | 1106 | set_to_cap_if_null(ops, audit_rule_match); | 
|  | 1107 | set_to_cap_if_null(ops, audit_rule_free); | 
|  | 1108 | #endif | 
|  | 1109 | } |