Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / fc9ea5a1e53ee54f681e226d735008e2a6f8f470 / . / security / capability.c
blob: 8168e3ecd5bf9d43eb5b0c2b3e94636e992d7861 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 * Capabilities Linux Security Module
3 *
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]4 * This is the default security module in case no other module is loaded.
5 *
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 */
12
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]13#include <linux/security.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]14
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]15static int cap_sysctl(ctl_table *table, int op)
16{
17 return 0;
18}
19
20static int cap_quotactl(int cmds, int type, int id, struct super_block *sb)
21{
22 return 0;
23}
24
25static int cap_quota_on(struct dentry *dentry)
26{
27 return 0;
28}
29
David Howellsa6f76f22008-11-14 10:39:24 +1100[diff] [blame]30static int cap_bprm_check_security (struct linux_binprm *bprm)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]31{
32 return 0;
33}
34
David Howellsa6f76f22008-11-14 10:39:24 +1100[diff] [blame]35static void cap_bprm_committing_creds(struct linux_binprm *bprm)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]36{
37}
38
David Howellsa6f76f22008-11-14 10:39:24 +1100[diff] [blame]39static void cap_bprm_committed_creds(struct linux_binprm *bprm)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]40{
41}
42
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]43static int cap_sb_alloc_security(struct super_block *sb)
44{
45 return 0;
46}
47
48static void cap_sb_free_security(struct super_block *sb)
49{
50}
51
52static int cap_sb_copy_data(char *orig, char *copy)
53{
54 return 0;
55}
56
James Morris12204e22008-12-19 10:44:42 +1100[diff] [blame]57static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]58{
59 return 0;
60}
61
62static int cap_sb_show_options(struct seq_file *m, struct super_block *sb)
63{
64 return 0;
65}
66
67static int cap_sb_statfs(struct dentry *dentry)
68{
69 return 0;
70}
71
72static int cap_sb_mount(char *dev_name, struct path *path, char *type,
73 unsigned long flags, void *data)
74{
75 return 0;
76}
77
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]78static int cap_sb_umount(struct vfsmount *mnt, int flags)
79{
80 return 0;
81}
82
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]83static int cap_sb_pivotroot(struct path *old_path, struct path *new_path)
84{
85 return 0;
86}
87
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]88static int cap_sb_set_mnt_opts(struct super_block *sb,
89 struct security_mnt_opts *opts)
90{
91 if (unlikely(opts->num_mnt_opts))
92 return -EOPNOTSUPP;
93 return 0;
94}
95
96static void cap_sb_clone_mnt_opts(const struct super_block *oldsb,
97 struct super_block *newsb)
98{
99}
100
101static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
102{
103 return 0;
104}
105
106static int cap_inode_alloc_security(struct inode *inode)
107{
108 return 0;
109}
110
111static void cap_inode_free_security(struct inode *inode)
112{
113}
114
115static int cap_inode_init_security(struct inode *inode, struct inode *dir,
116 char **name, void **value, size_t *len)
117{
118 return -EOPNOTSUPP;
119}
120
121static int cap_inode_create(struct inode *inode, struct dentry *dentry,
122 int mask)
123{
124 return 0;
125}
126
127static int cap_inode_link(struct dentry *old_dentry, struct inode *inode,
128 struct dentry *new_dentry)
129{
130 return 0;
131}
132
133static int cap_inode_unlink(struct inode *inode, struct dentry *dentry)
134{
135 return 0;
136}
137
138static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
139 const char *name)
140{
141 return 0;
142}
143
144static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
145 int mask)
146{
147 return 0;
148}
149
150static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
151{
152 return 0;
153}
154
155static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
156 int mode, dev_t dev)
157{
158 return 0;
159}
160
161static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
162 struct inode *new_inode, struct dentry *new_dentry)
163{
164 return 0;
165}
166
167static int cap_inode_readlink(struct dentry *dentry)
168{
169 return 0;
170}
171
172static int cap_inode_follow_link(struct dentry *dentry,
173 struct nameidata *nameidata)
174{
175 return 0;
176}
177
Al Virob77b0642008-07-17 09:37:02 -0400[diff] [blame]178static int cap_inode_permission(struct inode *inode, int mask)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]179{
180 return 0;
181}
182
183static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr)
184{
185 return 0;
186}
187
188static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
189{
190 return 0;
191}
192
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]193static void cap_inode_post_setxattr(struct dentry *dentry, const char *name,
194 const void *value, size_t size, int flags)
195{
196}
197
198static int cap_inode_getxattr(struct dentry *dentry, const char *name)
199{
200 return 0;
201}
202
203static int cap_inode_listxattr(struct dentry *dentry)
204{
205 return 0;
206}
207
208static int cap_inode_getsecurity(const struct inode *inode, const char *name,
209 void **buffer, bool alloc)
210{
211 return -EOPNOTSUPP;
212}
213
214static int cap_inode_setsecurity(struct inode *inode, const char *name,
215 const void *value, size_t size, int flags)
216{
217 return -EOPNOTSUPP;
218}
219
220static int cap_inode_listsecurity(struct inode *inode, char *buffer,
221 size_t buffer_size)
222{
223 return 0;
224}
225
226static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
227{
228 *secid = 0;
229}
230
Kentaro Takedabe6d3e52008-12-17 13:24:15 +0900[diff] [blame]231#ifdef CONFIG_SECURITY_PATH
232static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode,
233 unsigned int dev)
234{
235 return 0;
236}
237
238static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
239{
240 return 0;
241}
242
243static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
244{
245 return 0;
246}
247
248static int cap_path_unlink(struct path *dir, struct dentry *dentry)
249{
250 return 0;
251}
252
253static int cap_path_symlink(struct path *dir, struct dentry *dentry,
254 const char *old_name)
255{
256 return 0;
257}
258
259static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
260 struct dentry *new_dentry)
261{
262 return 0;
263}
264
265static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
266 struct path *new_path, struct dentry *new_dentry)
267{
268 return 0;
269}
270
271static int cap_path_truncate(struct path *path, loff_t length,
272 unsigned int time_attrs)
273{
274 return 0;
275}
Tetsuo Handa89eda062009-10-04 21:49:47 +0900[diff] [blame]276
277static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
278 mode_t mode)
279{
280 return 0;
281}
282
283static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
284{
285 return 0;
286}
Tetsuo Handa8b8efb42009-10-04 21:49:48 +0900[diff] [blame]287
288static int cap_path_chroot(struct path *root)
289{
290 return 0;
291}
Kentaro Takedabe6d3e52008-12-17 13:24:15 +0900[diff] [blame]292#endif
293
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]294static int cap_file_permission(struct file *file, int mask)
295{
296 return 0;
297}
298
299static int cap_file_alloc_security(struct file *file)
300{
301 return 0;
302}
303
304static void cap_file_free_security(struct file *file)
305{
306}
307
308static int cap_file_ioctl(struct file *file, unsigned int command,
309 unsigned long arg)
310{
311 return 0;
312}
313
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]314static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
315 unsigned long prot)
316{
317 return 0;
318}
319
320static int cap_file_lock(struct file *file, unsigned int cmd)
321{
322 return 0;
323}
324
325static int cap_file_fcntl(struct file *file, unsigned int cmd,
326 unsigned long arg)
327{
328 return 0;
329}
330
331static int cap_file_set_fowner(struct file *file)
332{
333 return 0;
334}
335
336static int cap_file_send_sigiotask(struct task_struct *tsk,
337 struct fown_struct *fown, int sig)
338{
339 return 0;
340}
341
342static int cap_file_receive(struct file *file)
343{
344 return 0;
345}
346
David Howells745ca242008-11-14 10:39:22 +1100[diff] [blame]347static int cap_dentry_open(struct file *file, const struct cred *cred)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]348{
349 return 0;
350}
351
352static int cap_task_create(unsigned long clone_flags)
353{
354 return 0;
355}
356
David Howellsee18d642009-09-02 09:14:21 +0100[diff] [blame]357static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
358{
359 return 0;
360}
361
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]362static void cap_cred_free(struct cred *cred)
363{
364}
365
366static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]367{
368 return 0;
369}
370
David Howellsee18d642009-09-02 09:14:21 +0100[diff] [blame]371static void cap_cred_transfer(struct cred *new, const struct cred *old)
372{
373}
374
David Howells3a3b7ce2008-11-14 10:39:28 +1100[diff] [blame]375static int cap_kernel_act_as(struct cred *new, u32 secid)
376{
377 return 0;
378}
379
380static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
381{
382 return 0;
383}
384
Eric Parisdd8dbf22009-11-03 16:35:32 +1100[diff] [blame]385static int cap_kernel_module_request(char *kmod_name)
Eric Paris91884992009-08-13 09:44:57 -0400[diff] [blame]386{
387 return 0;
388}
389
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]390static int cap_task_setpgid(struct task_struct *p, pid_t pgid)
391{
392 return 0;
393}
394
395static int cap_task_getpgid(struct task_struct *p)
396{
397 return 0;
398}
399
400static int cap_task_getsid(struct task_struct *p)
401{
402 return 0;
403}
404
405static void cap_task_getsecid(struct task_struct *p, u32 *secid)
406{
407 *secid = 0;
408}
409
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]410static int cap_task_getioprio(struct task_struct *p)
411{
412 return 0;
413}
414
415static int cap_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
416{
417 return 0;
418}
419
420static int cap_task_getscheduler(struct task_struct *p)
421{
422 return 0;
423}
424
425static int cap_task_movememory(struct task_struct *p)
426{
427 return 0;
428}
429
430static int cap_task_wait(struct task_struct *p)
431{
432 return 0;
433}
434
435static int cap_task_kill(struct task_struct *p, struct siginfo *info,
436 int sig, u32 secid)
437{
438 return 0;
439}
440
441static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
442{
443}
444
445static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
446{
447 return 0;
448}
449
450static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
451{
452 *secid = 0;
453}
454
455static int cap_msg_msg_alloc_security(struct msg_msg *msg)
456{
457 return 0;
458}
459
460static void cap_msg_msg_free_security(struct msg_msg *msg)
461{
462}
463
464static int cap_msg_queue_alloc_security(struct msg_queue *msq)
465{
466 return 0;
467}
468
469static void cap_msg_queue_free_security(struct msg_queue *msq)
470{
471}
472
473static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg)
474{
475 return 0;
476}
477
478static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd)
479{
480 return 0;
481}
482
483static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
484 int msgflg)
485{
486 return 0;
487}
488
489static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
490 struct task_struct *target, long type, int mode)
491{
492 return 0;
493}
494
495static int cap_shm_alloc_security(struct shmid_kernel *shp)
496{
497 return 0;
498}
499
500static void cap_shm_free_security(struct shmid_kernel *shp)
501{
502}
503
504static int cap_shm_associate(struct shmid_kernel *shp, int shmflg)
505{
506 return 0;
507}
508
509static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd)
510{
511 return 0;
512}
513
514static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
515 int shmflg)
516{
517 return 0;
518}
519
520static int cap_sem_alloc_security(struct sem_array *sma)
521{
522 return 0;
523}
524
525static void cap_sem_free_security(struct sem_array *sma)
526{
527}
528
529static int cap_sem_associate(struct sem_array *sma, int semflg)
530{
531 return 0;
532}
533
534static int cap_sem_semctl(struct sem_array *sma, int cmd)
535{
536 return 0;
537}
538
539static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
540 unsigned nsops, int alter)
541{
542 return 0;
543}
544
545#ifdef CONFIG_SECURITY_NETWORK
546static int cap_unix_stream_connect(struct socket *sock, struct socket *other,
547 struct sock *newsk)
548{
549 return 0;
550}
551
552static int cap_unix_may_send(struct socket *sock, struct socket *other)
553{
554 return 0;
555}
556
557static int cap_socket_create(int family, int type, int protocol, int kern)
558{
559 return 0;
560}
561
562static int cap_socket_post_create(struct socket *sock, int family, int type,
563 int protocol, int kern)
564{
565 return 0;
566}
567
568static int cap_socket_bind(struct socket *sock, struct sockaddr *address,
569 int addrlen)
570{
571 return 0;
572}
573
574static int cap_socket_connect(struct socket *sock, struct sockaddr *address,
575 int addrlen)
576{
577 return 0;
578}
579
580static int cap_socket_listen(struct socket *sock, int backlog)
581{
582 return 0;
583}
584
585static int cap_socket_accept(struct socket *sock, struct socket *newsock)
586{
587 return 0;
588}
589
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]590static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
591{
592 return 0;
593}
594
595static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg,
596 int size, int flags)
597{
598 return 0;
599}
600
601static int cap_socket_getsockname(struct socket *sock)
602{
603 return 0;
604}
605
606static int cap_socket_getpeername(struct socket *sock)
607{
608 return 0;
609}
610
611static int cap_socket_setsockopt(struct socket *sock, int level, int optname)
612{
613 return 0;
614}
615
616static int cap_socket_getsockopt(struct socket *sock, int level, int optname)
617{
618 return 0;
619}
620
621static int cap_socket_shutdown(struct socket *sock, int how)
622{
623 return 0;
624}
625
626static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
627{
628 return 0;
629}
630
631static int cap_socket_getpeersec_stream(struct socket *sock,
632 char __user *optval,
633 int __user *optlen, unsigned len)
634{
635 return -ENOPROTOOPT;
636}
637
638static int cap_socket_getpeersec_dgram(struct socket *sock,
639 struct sk_buff *skb, u32 *secid)
640{
641 return -ENOPROTOOPT;
642}
643
644static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
645{
646 return 0;
647}
648
649static void cap_sk_free_security(struct sock *sk)
650{
651}
652
653static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk)
654{
655}
656
657static void cap_sk_getsecid(struct sock *sk, u32 *secid)
658{
659}
660
661static void cap_sock_graft(struct sock *sk, struct socket *parent)
662{
663}
664
665static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb,
666 struct request_sock *req)
667{
668 return 0;
669}
670
671static void cap_inet_csk_clone(struct sock *newsk,
672 const struct request_sock *req)
673{
674}
675
676static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
677{
678}
679
Paul Moore2b980db2009-08-28 18:12:43 -0400[diff] [blame]680
681
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]682static void cap_req_classify_flow(const struct request_sock *req,
683 struct flowi *fl)
684{
685}
Paul Moore2b980db2009-08-28 18:12:43 -0400[diff] [blame]686
687static int cap_tun_dev_create(void)
688{
689 return 0;
690}
691
692static void cap_tun_dev_post_create(struct sock *sk)
693{
694}
695
696static int cap_tun_dev_attach(struct sock *sk)
697{
698 return 0;
699}
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]700#endif /* CONFIG_SECURITY_NETWORK */
701
702#ifdef CONFIG_SECURITY_NETWORK_XFRM
703static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
704 struct xfrm_user_sec_ctx *sec_ctx)
705{
706 return 0;
707}
708
709static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
710 struct xfrm_sec_ctx **new_ctxp)
711{
712 return 0;
713}
714
715static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
716{
717}
718
719static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
720{
721 return 0;
722}
723
724static int cap_xfrm_state_alloc_security(struct xfrm_state *x,
725 struct xfrm_user_sec_ctx *sec_ctx,
726 u32 secid)
727{
728 return 0;
729}
730
731static void cap_xfrm_state_free_security(struct xfrm_state *x)
732{
733}
734
735static int cap_xfrm_state_delete_security(struct xfrm_state *x)
736{
737 return 0;
738}
739
740static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
741{
742 return 0;
743}
744
745static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
746 struct xfrm_policy *xp,
747 struct flowi *fl)
748{
749 return 1;
750}
751
752static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
753{
754 return 0;
755}
756
757#endif /* CONFIG_SECURITY_NETWORK_XFRM */
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]758static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
759{
760}
761
762static int cap_getprocattr(struct task_struct *p, char *name, char **value)
763{
764 return -EINVAL;
765}
766
767static int cap_setprocattr(struct task_struct *p, char *name, void *value,
768 size_t size)
769{
770 return -EINVAL;
771}
772
773static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
774{
775 return -EOPNOTSUPP;
776}
777
778static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
779{
780 return -EOPNOTSUPP;
781}
782
783static void cap_release_secctx(char *secdata, u32 seclen)
784{
785}
786
David P. Quigley1ee65e32009-09-03 14:25:57 -0400[diff] [blame]787static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
788{
789 return 0;
790}
791
792static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
793{
794 return 0;
795}
796
797static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
798{
799 return 0;
800}
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]801#ifdef CONFIG_KEYS
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]802static int cap_key_alloc(struct key *key, const struct cred *cred,
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]803 unsigned long flags)
804{
805 return 0;
806}
807
808static void cap_key_free(struct key *key)
809{
810}
811
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]812static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]813 key_perm_t perm)
814{
815 return 0;
816}
817
818static int cap_key_getsecurity(struct key *key, char **_buffer)
819{
820 *_buffer = NULL;
821 return 0;
822}
823
824#endif /* CONFIG_KEYS */
825
826#ifdef CONFIG_AUDIT
827static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
828{
829 return 0;
830}
831
832static int cap_audit_rule_known(struct audit_krule *krule)
833{
834 return 0;
835}
836
837static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
838 struct audit_context *actx)
839{
840 return 0;
841}
842
843static void cap_audit_rule_free(void *lsmrule)
844{
845}
846#endif /* CONFIG_AUDIT */
847
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]848#define set_to_cap_if_null(ops, function) \
849 do { \
850 if (!ops->function) { \
851 ops->function = cap_##function; \
852 pr_debug("Had to override the " #function \
853 " security operation with the default.\n");\
854 } \
855 } while (0)
856
Tetsuo Handac80901f2010-05-14 12:01:26 +0900[diff] [blame]857void __init security_fixup_ops(struct security_operations *ops)
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]858{
Ingo Molnar9e488582009-05-07 19:26:19 +1000[diff] [blame]859 set_to_cap_if_null(ops, ptrace_access_check);
David Howells5cd9c582008-08-14 11:37:28 +0100[diff] [blame]860 set_to_cap_if_null(ops, ptrace_traceme);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]861 set_to_cap_if_null(ops, capget);
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]862 set_to_cap_if_null(ops, capset);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]863 set_to_cap_if_null(ops, capable);
864 set_to_cap_if_null(ops, quotactl);
865 set_to_cap_if_null(ops, quota_on);
866 set_to_cap_if_null(ops, sysctl);
867 set_to_cap_if_null(ops, syslog);
868 set_to_cap_if_null(ops, settime);
869 set_to_cap_if_null(ops, vm_enough_memory);
David Howellsa6f76f22008-11-14 10:39:24 +1100[diff] [blame]870 set_to_cap_if_null(ops, bprm_set_creds);
871 set_to_cap_if_null(ops, bprm_committing_creds);
872 set_to_cap_if_null(ops, bprm_committed_creds);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]873 set_to_cap_if_null(ops, bprm_check_security);
874 set_to_cap_if_null(ops, bprm_secureexec);
875 set_to_cap_if_null(ops, sb_alloc_security);
876 set_to_cap_if_null(ops, sb_free_security);
877 set_to_cap_if_null(ops, sb_copy_data);
878 set_to_cap_if_null(ops, sb_kern_mount);
879 set_to_cap_if_null(ops, sb_show_options);
880 set_to_cap_if_null(ops, sb_statfs);
881 set_to_cap_if_null(ops, sb_mount);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]882 set_to_cap_if_null(ops, sb_umount);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]883 set_to_cap_if_null(ops, sb_pivotroot);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]884 set_to_cap_if_null(ops, sb_set_mnt_opts);
885 set_to_cap_if_null(ops, sb_clone_mnt_opts);
886 set_to_cap_if_null(ops, sb_parse_opts_str);
887 set_to_cap_if_null(ops, inode_alloc_security);
888 set_to_cap_if_null(ops, inode_free_security);
889 set_to_cap_if_null(ops, inode_init_security);
890 set_to_cap_if_null(ops, inode_create);
891 set_to_cap_if_null(ops, inode_link);
892 set_to_cap_if_null(ops, inode_unlink);
893 set_to_cap_if_null(ops, inode_symlink);
894 set_to_cap_if_null(ops, inode_mkdir);
895 set_to_cap_if_null(ops, inode_rmdir);
896 set_to_cap_if_null(ops, inode_mknod);
897 set_to_cap_if_null(ops, inode_rename);
898 set_to_cap_if_null(ops, inode_readlink);
899 set_to_cap_if_null(ops, inode_follow_link);
900 set_to_cap_if_null(ops, inode_permission);
901 set_to_cap_if_null(ops, inode_setattr);
902 set_to_cap_if_null(ops, inode_getattr);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]903 set_to_cap_if_null(ops, inode_setxattr);
904 set_to_cap_if_null(ops, inode_post_setxattr);
905 set_to_cap_if_null(ops, inode_getxattr);
906 set_to_cap_if_null(ops, inode_listxattr);
907 set_to_cap_if_null(ops, inode_removexattr);
908 set_to_cap_if_null(ops, inode_need_killpriv);
909 set_to_cap_if_null(ops, inode_killpriv);
910 set_to_cap_if_null(ops, inode_getsecurity);
911 set_to_cap_if_null(ops, inode_setsecurity);
912 set_to_cap_if_null(ops, inode_listsecurity);
913 set_to_cap_if_null(ops, inode_getsecid);
Kentaro Takedabe6d3e52008-12-17 13:24:15 +0900[diff] [blame]914#ifdef CONFIG_SECURITY_PATH
915 set_to_cap_if_null(ops, path_mknod);
916 set_to_cap_if_null(ops, path_mkdir);
917 set_to_cap_if_null(ops, path_rmdir);
918 set_to_cap_if_null(ops, path_unlink);
919 set_to_cap_if_null(ops, path_symlink);
920 set_to_cap_if_null(ops, path_link);
921 set_to_cap_if_null(ops, path_rename);
922 set_to_cap_if_null(ops, path_truncate);
Tetsuo Handa89eda062009-10-04 21:49:47 +0900[diff] [blame]923 set_to_cap_if_null(ops, path_chmod);
924 set_to_cap_if_null(ops, path_chown);
Tetsuo Handa8b8efb42009-10-04 21:49:48 +0900[diff] [blame]925 set_to_cap_if_null(ops, path_chroot);
Kentaro Takedabe6d3e52008-12-17 13:24:15 +0900[diff] [blame]926#endif
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]927 set_to_cap_if_null(ops, file_permission);
928 set_to_cap_if_null(ops, file_alloc_security);
929 set_to_cap_if_null(ops, file_free_security);
930 set_to_cap_if_null(ops, file_ioctl);
931 set_to_cap_if_null(ops, file_mmap);
932 set_to_cap_if_null(ops, file_mprotect);
933 set_to_cap_if_null(ops, file_lock);
934 set_to_cap_if_null(ops, file_fcntl);
935 set_to_cap_if_null(ops, file_set_fowner);
936 set_to_cap_if_null(ops, file_send_sigiotask);
937 set_to_cap_if_null(ops, file_receive);
938 set_to_cap_if_null(ops, dentry_open);
939 set_to_cap_if_null(ops, task_create);
David Howellsee18d642009-09-02 09:14:21 +0100[diff] [blame]940 set_to_cap_if_null(ops, cred_alloc_blank);
David Howellsf1752ee2008-11-14 10:39:17 +1100[diff] [blame]941 set_to_cap_if_null(ops, cred_free);
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]942 set_to_cap_if_null(ops, cred_prepare);
David Howellsee18d642009-09-02 09:14:21 +0100[diff] [blame]943 set_to_cap_if_null(ops, cred_transfer);
David Howells3a3b7ce2008-11-14 10:39:28 +1100[diff] [blame]944 set_to_cap_if_null(ops, kernel_act_as);
945 set_to_cap_if_null(ops, kernel_create_files_as);
Eric Paris91884992009-08-13 09:44:57 -0400[diff] [blame]946 set_to_cap_if_null(ops, kernel_module_request);
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]947 set_to_cap_if_null(ops, task_fix_setuid);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]948 set_to_cap_if_null(ops, task_setpgid);
949 set_to_cap_if_null(ops, task_getpgid);
950 set_to_cap_if_null(ops, task_getsid);
951 set_to_cap_if_null(ops, task_getsecid);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]952 set_to_cap_if_null(ops, task_setnice);
953 set_to_cap_if_null(ops, task_setioprio);
954 set_to_cap_if_null(ops, task_getioprio);
955 set_to_cap_if_null(ops, task_setrlimit);
956 set_to_cap_if_null(ops, task_setscheduler);
957 set_to_cap_if_null(ops, task_getscheduler);
958 set_to_cap_if_null(ops, task_movememory);
959 set_to_cap_if_null(ops, task_wait);
960 set_to_cap_if_null(ops, task_kill);
961 set_to_cap_if_null(ops, task_prctl);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]962 set_to_cap_if_null(ops, task_to_inode);
963 set_to_cap_if_null(ops, ipc_permission);
964 set_to_cap_if_null(ops, ipc_getsecid);
965 set_to_cap_if_null(ops, msg_msg_alloc_security);
966 set_to_cap_if_null(ops, msg_msg_free_security);
967 set_to_cap_if_null(ops, msg_queue_alloc_security);
968 set_to_cap_if_null(ops, msg_queue_free_security);
969 set_to_cap_if_null(ops, msg_queue_associate);
970 set_to_cap_if_null(ops, msg_queue_msgctl);
971 set_to_cap_if_null(ops, msg_queue_msgsnd);
972 set_to_cap_if_null(ops, msg_queue_msgrcv);
973 set_to_cap_if_null(ops, shm_alloc_security);
974 set_to_cap_if_null(ops, shm_free_security);
975 set_to_cap_if_null(ops, shm_associate);
976 set_to_cap_if_null(ops, shm_shmctl);
977 set_to_cap_if_null(ops, shm_shmat);
978 set_to_cap_if_null(ops, sem_alloc_security);
979 set_to_cap_if_null(ops, sem_free_security);
980 set_to_cap_if_null(ops, sem_associate);
981 set_to_cap_if_null(ops, sem_semctl);
982 set_to_cap_if_null(ops, sem_semop);
983 set_to_cap_if_null(ops, netlink_send);
984 set_to_cap_if_null(ops, netlink_recv);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]985 set_to_cap_if_null(ops, d_instantiate);
986 set_to_cap_if_null(ops, getprocattr);
987 set_to_cap_if_null(ops, setprocattr);
988 set_to_cap_if_null(ops, secid_to_secctx);
989 set_to_cap_if_null(ops, secctx_to_secid);
990 set_to_cap_if_null(ops, release_secctx);
David P. Quigley1ee65e32009-09-03 14:25:57 -0400[diff] [blame]991 set_to_cap_if_null(ops, inode_notifysecctx);
992 set_to_cap_if_null(ops, inode_setsecctx);
993 set_to_cap_if_null(ops, inode_getsecctx);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]994#ifdef CONFIG_SECURITY_NETWORK
995 set_to_cap_if_null(ops, unix_stream_connect);
996 set_to_cap_if_null(ops, unix_may_send);
997 set_to_cap_if_null(ops, socket_create);
998 set_to_cap_if_null(ops, socket_post_create);
999 set_to_cap_if_null(ops, socket_bind);
1000 set_to_cap_if_null(ops, socket_connect);
1001 set_to_cap_if_null(ops, socket_listen);
1002 set_to_cap_if_null(ops, socket_accept);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]1003 set_to_cap_if_null(ops, socket_sendmsg);
1004 set_to_cap_if_null(ops, socket_recvmsg);
1005 set_to_cap_if_null(ops, socket_getsockname);
1006 set_to_cap_if_null(ops, socket_getpeername);
1007 set_to_cap_if_null(ops, socket_setsockopt);
1008 set_to_cap_if_null(ops, socket_getsockopt);
1009 set_to_cap_if_null(ops, socket_shutdown);
1010 set_to_cap_if_null(ops, socket_sock_rcv_skb);
1011 set_to_cap_if_null(ops, socket_getpeersec_stream);
1012 set_to_cap_if_null(ops, socket_getpeersec_dgram);
1013 set_to_cap_if_null(ops, sk_alloc_security);
1014 set_to_cap_if_null(ops, sk_free_security);
1015 set_to_cap_if_null(ops, sk_clone_security);
1016 set_to_cap_if_null(ops, sk_getsecid);
1017 set_to_cap_if_null(ops, sock_graft);
1018 set_to_cap_if_null(ops, inet_conn_request);
1019 set_to_cap_if_null(ops, inet_csk_clone);
1020 set_to_cap_if_null(ops, inet_conn_established);
1021 set_to_cap_if_null(ops, req_classify_flow);
Paul Moore2b980db2009-08-28 18:12:43 -0400[diff] [blame]1022 set_to_cap_if_null(ops, tun_dev_create);
1023 set_to_cap_if_null(ops, tun_dev_post_create);
1024 set_to_cap_if_null(ops, tun_dev_attach);
Miklos Szeredi5915eb52008-07-03 20:56:05 +0200[diff] [blame]1025#endif /* CONFIG_SECURITY_NETWORK */
1026#ifdef CONFIG_SECURITY_NETWORK_XFRM
1027 set_to_cap_if_null(ops, xfrm_policy_alloc_security);
1028 set_to_cap_if_null(ops, xfrm_policy_clone_security);
1029 set_to_cap_if_null(ops, xfrm_policy_free_security);
1030 set_to_cap_if_null(ops, xfrm_policy_delete_security);
1031 set_to_cap_if_null(ops, xfrm_state_alloc_security);
1032 set_to_cap_if_null(ops, xfrm_state_free_security);
1033 set_to_cap_if_null(ops, xfrm_state_delete_security);
1034 set_to_cap_if_null(ops, xfrm_policy_lookup);
1035 set_to_cap_if_null(ops, xfrm_state_pol_flow_match);
1036 set_to_cap_if_null(ops, xfrm_decode_session);
1037#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1038#ifdef CONFIG_KEYS
1039 set_to_cap_if_null(ops, key_alloc);
1040 set_to_cap_if_null(ops, key_free);
1041 set_to_cap_if_null(ops, key_permission);
1042 set_to_cap_if_null(ops, key_getsecurity);
1043#endif /* CONFIG_KEYS */
1044#ifdef CONFIG_AUDIT
1045 set_to_cap_if_null(ops, audit_rule_init);
1046 set_to_cap_if_null(ops, audit_rule_known);
1047 set_to_cap_if_null(ops, audit_rule_match);
1048 set_to_cap_if_null(ops, audit_rule_free);
1049#endif
1050}