aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h201
1 files changed, 10 insertions, 191 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 3158dd982d27..a22219afff09 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -23,6 +23,7 @@
23#define __LINUX_SECURITY_H 23#define __LINUX_SECURITY_H
24 24
25#include <linux/fs.h> 25#include <linux/fs.h>
26#include <linux/fsnotify.h>
26#include <linux/binfmts.h> 27#include <linux/binfmts.h>
27#include <linux/signal.h> 28#include <linux/signal.h>
28#include <linux/resource.h> 29#include <linux/resource.h>
@@ -267,49 +268,16 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
267 * @orig the original mount data copied from userspace. 268 * @orig the original mount data copied from userspace.
268 * @copy copied data which will be passed to the security module. 269 * @copy copied data which will be passed to the security module.
269 * Returns 0 if the copy was successful. 270 * Returns 0 if the copy was successful.
270 * @sb_check_sb:
271 * Check permission before the device with superblock @mnt->sb is mounted
272 * on the mount point named by @nd.
273 * @mnt contains the vfsmount for device being mounted.
274 * @path contains the path for the mount point.
275 * Return 0 if permission is granted.
276 * @sb_umount: 271 * @sb_umount:
277 * Check permission before the @mnt file system is unmounted. 272 * Check permission before the @mnt file system is unmounted.
278 * @mnt contains the mounted file system. 273 * @mnt contains the mounted file system.
279 * @flags contains the unmount flags, e.g. MNT_FORCE. 274 * @flags contains the unmount flags, e.g. MNT_FORCE.
280 * Return 0 if permission is granted. 275 * Return 0 if permission is granted.
281 * @sb_umount_close:
282 * Close any files in the @mnt mounted filesystem that are held open by
283 * the security module. This hook is called during an umount operation
284 * prior to checking whether the filesystem is still busy.
285 * @mnt contains the mounted filesystem.
286 * @sb_umount_busy:
287 * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening
288 * any files that were closed by umount_close. This hook is called during
289 * an umount operation if the umount fails after a call to the
290 * umount_close hook.
291 * @mnt contains the mounted filesystem.
292 * @sb_post_remount:
293 * Update the security module's state when a filesystem is remounted.
294 * This hook is only called if the remount was successful.
295 * @mnt contains the mounted file system.
296 * @flags contains the new filesystem flags.
297 * @data contains the filesystem-specific data.
298 * @sb_post_addmount:
299 * Update the security module's state when a filesystem is mounted.
300 * This hook is called any time a mount is successfully grafetd to
301 * the tree.
302 * @mnt contains the mounted filesystem.
303 * @mountpoint contains the path for the mount point.
304 * @sb_pivotroot: 276 * @sb_pivotroot:
305 * Check permission before pivoting the root filesystem. 277 * Check permission before pivoting the root filesystem.
306 * @old_path contains the path for the new location of the current root (put_old). 278 * @old_path contains the path for the new location of the current root (put_old).
307 * @new_path contains the path for the new root (new_root). 279 * @new_path contains the path for the new root (new_root).
308 * Return 0 if permission is granted. 280 * Return 0 if permission is granted.
309 * @sb_post_pivotroot:
310 * Update module state after a successful pivot.
311 * @old_path contains the path for the old root.
312 * @new_path contains the path for the new root.
313 * @sb_set_mnt_opts: 281 * @sb_set_mnt_opts:
314 * Set the security relevant mount options used for a superblock 282 * Set the security relevant mount options used for a superblock
315 * @sb the superblock to set security mount options for 283 * @sb the superblock to set security mount options for
@@ -503,20 +471,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
503 * @path_truncate: 471 * @path_truncate:
504 * Check permission before truncating a file. 472 * Check permission before truncating a file.
505 * @path contains the path structure for the file. 473 * @path contains the path structure for the file.
506 * @length is the new length of the file.
507 * @time_attrs is the flags passed to do_truncate().
508 * Return 0 if permission is granted. 474 * Return 0 if permission is granted.
509 * @inode_getattr: 475 * @inode_getattr:
510 * Check permission before obtaining file attributes. 476 * Check permission before obtaining file attributes.
511 * @mnt is the vfsmount where the dentry was looked up 477 * @mnt is the vfsmount where the dentry was looked up
512 * @dentry contains the dentry structure for the file. 478 * @dentry contains the dentry structure for the file.
513 * Return 0 if permission is granted. 479 * Return 0 if permission is granted.
514 * @inode_delete:
515 * @inode contains the inode structure for deleted inode.
516 * This hook is called when a deleted inode is released (i.e. an inode
517 * with no hard links has its use count drop to zero). A security module
518 * can use this hook to release any persistent label associated with the
519 * inode.
520 * @inode_setxattr: 480 * @inode_setxattr:
521 * Check permission before setting the extended attributes 481 * Check permission before setting the extended attributes
522 * @value identified by @name for @dentry. 482 * @value identified by @name for @dentry.
@@ -691,10 +651,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
691 * @old points to the original credentials. 651 * @old points to the original credentials.
692 * @gfp indicates the atomicity of any memory allocations. 652 * @gfp indicates the atomicity of any memory allocations.
693 * Prepare a new set of credentials by copying the data from the old set. 653 * Prepare a new set of credentials by copying the data from the old set.
694 * @cred_commit:
695 * @new points to the new credentials.
696 * @old points to the original credentials.
697 * Install a new set of credentials.
698 * @cred_transfer: 654 * @cred_transfer:
699 * @new points to the new credentials. 655 * @new points to the new credentials.
700 * @old points to the original credentials. 656 * @old points to the original credentials.
@@ -717,18 +673,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
717 * userspace to load a kernel module with the given name. 673 * userspace to load a kernel module with the given name.
718 * @kmod_name name of the module requested by the kernel 674 * @kmod_name name of the module requested by the kernel
719 * Return 0 if successful. 675 * Return 0 if successful.
720 * @task_setuid:
721 * Check permission before setting one or more of the user identity
722 * attributes of the current process. The @flags parameter indicates
723 * which of the set*uid system calls invoked this hook and how to
724 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
725 * definitions at the beginning of this file for the @flags values and
726 * their meanings.
727 * @id0 contains a uid.
728 * @id1 contains a uid.
729 * @id2 contains a uid.
730 * @flags contains one of the LSM_SETID_* values.
731 * Return 0 if permission is granted.
732 * @task_fix_setuid: 676 * @task_fix_setuid:
733 * Update the module's state after setting one or more of the user 677 * Update the module's state after setting one or more of the user
734 * identity attributes of the current process. The @flags parameter 678 * identity attributes of the current process. The @flags parameter
@@ -738,18 +682,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
738 * @old is the set of credentials that are being replaces 682 * @old is the set of credentials that are being replaces
739 * @flags contains one of the LSM_SETID_* values. 683 * @flags contains one of the LSM_SETID_* values.
740 * Return 0 on success. 684 * Return 0 on success.
741 * @task_setgid:
742 * Check permission before setting one or more of the group identity
743 * attributes of the current process. The @flags parameter indicates
744 * which of the set*gid system calls invoked this hook and how to
745 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
746 * definitions at the beginning of this file for the @flags values and
747 * their meanings.
748 * @id0 contains a gid.
749 * @id1 contains a gid.
750 * @id2 contains a gid.
751 * @flags contains one of the LSM_SETID_* values.
752 * Return 0 if permission is granted.
753 * @task_setpgid: 685 * @task_setpgid:
754 * Check permission before setting the process group identifier of the 686 * Check permission before setting the process group identifier of the
755 * process @p to @pgid. 687 * process @p to @pgid.
@@ -771,11 +703,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
771 * @p contains the task_struct for the process and place is into @secid. 703 * @p contains the task_struct for the process and place is into @secid.
772 * In case of failure, @secid will be set to zero. 704 * In case of failure, @secid will be set to zero.
773 * 705 *
774 * @task_setgroups:
775 * Check permission before setting the supplementary group set of the
776 * current process.
777 * @group_info contains the new group information.
778 * Return 0 if permission is granted.
779 * @task_setnice: 706 * @task_setnice:
780 * Check permission before setting the nice value of @p to @nice. 707 * Check permission before setting the nice value of @p to @nice.
781 * @p contains the task_struct of process. 708 * @p contains the task_struct of process.
@@ -1139,13 +1066,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1139 * Return the length of the string (including terminating NUL) or -ve if 1066 * Return the length of the string (including terminating NUL) or -ve if
1140 * an error. 1067 * an error.
1141 * May also return 0 (and a NULL buffer pointer) if there is no label. 1068 * May also return 0 (and a NULL buffer pointer) if there is no label.
1142 * @key_session_to_parent:
1143 * Forcibly assign the session keyring from a process to its parent
1144 * process.
1145 * @cred: Pointer to process's credentials
1146 * @parent_cred: Pointer to parent process's credentials
1147 * @keyring: Proposed new session keyring
1148 * Return 0 if permission is granted, -ve error otherwise.
1149 * 1069 *
1150 * Security hooks affecting all System V IPC operations. 1070 * Security hooks affecting all System V IPC operations.
1151 * 1071 *
@@ -1333,13 +1253,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1333 * @cap contains the capability <include/linux/capability.h>. 1253 * @cap contains the capability <include/linux/capability.h>.
1334 * @audit: Whether to write an audit message or not 1254 * @audit: Whether to write an audit message or not
1335 * Return 0 if the capability is granted for @tsk. 1255 * Return 0 if the capability is granted for @tsk.
1336 * @acct:
1337 * Check permission before enabling or disabling process accounting. If
1338 * accounting is being enabled, then @file refers to the open file used to
1339 * store accounting records. If accounting is being disabled, then @file
1340 * is NULL.
1341 * @file contains the file structure for the accounting file (may be NULL).
1342 * Return 0 if permission is granted.
1343 * @sysctl: 1256 * @sysctl:
1344 * Check permission before accessing the @table sysctl variable in the 1257 * Check permission before accessing the @table sysctl variable in the
1345 * manner specified by @op. 1258 * manner specified by @op.
@@ -1462,7 +1375,6 @@ struct security_operations {
1462 const kernel_cap_t *permitted); 1375 const kernel_cap_t *permitted);
1463 int (*capable) (struct task_struct *tsk, const struct cred *cred, 1376 int (*capable) (struct task_struct *tsk, const struct cred *cred,
1464 int cap, int audit); 1377 int cap, int audit);
1465 int (*acct) (struct file *file);
1466 int (*sysctl) (struct ctl_table *table, int op); 1378 int (*sysctl) (struct ctl_table *table, int op);
1467 int (*quotactl) (int cmds, int type, int id, struct super_block *sb); 1379 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1468 int (*quota_on) (struct dentry *dentry); 1380 int (*quota_on) (struct dentry *dentry);
@@ -1484,18 +1396,9 @@ struct security_operations {
1484 int (*sb_statfs) (struct dentry *dentry); 1396 int (*sb_statfs) (struct dentry *dentry);
1485 int (*sb_mount) (char *dev_name, struct path *path, 1397 int (*sb_mount) (char *dev_name, struct path *path,
1486 char *type, unsigned long flags, void *data); 1398 char *type, unsigned long flags, void *data);
1487 int (*sb_check_sb) (struct vfsmount *mnt, struct path *path);
1488 int (*sb_umount) (struct vfsmount *mnt, int flags); 1399 int (*sb_umount) (struct vfsmount *mnt, int flags);
1489 void (*sb_umount_close) (struct vfsmount *mnt);
1490 void (*sb_umount_busy) (struct vfsmount *mnt);
1491 void (*sb_post_remount) (struct vfsmount *mnt,
1492 unsigned long flags, void *data);
1493 void (*sb_post_addmount) (struct vfsmount *mnt,
1494 struct path *mountpoint);
1495 int (*sb_pivotroot) (struct path *old_path, 1400 int (*sb_pivotroot) (struct path *old_path,
1496 struct path *new_path); 1401 struct path *new_path);
1497 void (*sb_post_pivotroot) (struct path *old_path,
1498 struct path *new_path);
1499 int (*sb_set_mnt_opts) (struct super_block *sb, 1402 int (*sb_set_mnt_opts) (struct super_block *sb,
1500 struct security_mnt_opts *opts); 1403 struct security_mnt_opts *opts);
1501 void (*sb_clone_mnt_opts) (const struct super_block *oldsb, 1404 void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
@@ -1508,8 +1411,7 @@ struct security_operations {
1508 int (*path_rmdir) (struct path *dir, struct dentry *dentry); 1411 int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1509 int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode, 1412 int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
1510 unsigned int dev); 1413 unsigned int dev);
1511 int (*path_truncate) (struct path *path, loff_t length, 1414 int (*path_truncate) (struct path *path);
1512 unsigned int time_attrs);
1513 int (*path_symlink) (struct path *dir, struct dentry *dentry, 1415 int (*path_symlink) (struct path *dir, struct dentry *dentry,
1514 const char *old_name); 1416 const char *old_name);
1515 int (*path_link) (struct dentry *old_dentry, struct path *new_dir, 1417 int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
@@ -1544,7 +1446,6 @@ struct security_operations {
1544 int (*inode_permission) (struct inode *inode, int mask); 1446 int (*inode_permission) (struct inode *inode, int mask);
1545 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); 1447 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1546 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); 1448 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1547 void (*inode_delete) (struct inode *inode);
1548 int (*inode_setxattr) (struct dentry *dentry, const char *name, 1449 int (*inode_setxattr) (struct dentry *dentry, const char *name,
1549 const void *value, size_t size, int flags); 1450 const void *value, size_t size, int flags);
1550 void (*inode_post_setxattr) (struct dentry *dentry, const char *name, 1451 void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
@@ -1585,24 +1486,21 @@ struct security_operations {
1585 void (*cred_free) (struct cred *cred); 1486 void (*cred_free) (struct cred *cred);
1586 int (*cred_prepare)(struct cred *new, const struct cred *old, 1487 int (*cred_prepare)(struct cred *new, const struct cred *old,
1587 gfp_t gfp); 1488 gfp_t gfp);
1588 void (*cred_commit)(struct cred *new, const struct cred *old);
1589 void (*cred_transfer)(struct cred *new, const struct cred *old); 1489 void (*cred_transfer)(struct cred *new, const struct cred *old);
1590 int (*kernel_act_as)(struct cred *new, u32 secid); 1490 int (*kernel_act_as)(struct cred *new, u32 secid);
1591 int (*kernel_create_files_as)(struct cred *new, struct inode *inode); 1491 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1592 int (*kernel_module_request)(char *kmod_name); 1492 int (*kernel_module_request)(char *kmod_name);
1593 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1594 int (*task_fix_setuid) (struct cred *new, const struct cred *old, 1493 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1595 int flags); 1494 int flags);
1596 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
1597 int (*task_setpgid) (struct task_struct *p, pid_t pgid); 1495 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1598 int (*task_getpgid) (struct task_struct *p); 1496 int (*task_getpgid) (struct task_struct *p);
1599 int (*task_getsid) (struct task_struct *p); 1497 int (*task_getsid) (struct task_struct *p);
1600 void (*task_getsecid) (struct task_struct *p, u32 *secid); 1498 void (*task_getsecid) (struct task_struct *p, u32 *secid);
1601 int (*task_setgroups) (struct group_info *group_info);
1602 int (*task_setnice) (struct task_struct *p, int nice); 1499 int (*task_setnice) (struct task_struct *p, int nice);
1603 int (*task_setioprio) (struct task_struct *p, int ioprio); 1500 int (*task_setioprio) (struct task_struct *p, int ioprio);
1604 int (*task_getioprio) (struct task_struct *p); 1501 int (*task_getioprio) (struct task_struct *p);
1605 int (*task_setrlimit) (unsigned int resource, struct rlimit *new_rlim); 1502 int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
1503 struct rlimit *new_rlim);
1606 int (*task_setscheduler) (struct task_struct *p, int policy, 1504 int (*task_setscheduler) (struct task_struct *p, int policy,
1607 struct sched_param *lp); 1505 struct sched_param *lp);
1608 int (*task_getscheduler) (struct task_struct *p); 1506 int (*task_getscheduler) (struct task_struct *p);
@@ -1728,9 +1626,6 @@ struct security_operations {
1728 const struct cred *cred, 1626 const struct cred *cred,
1729 key_perm_t perm); 1627 key_perm_t perm);
1730 int (*key_getsecurity)(struct key *key, char **_buffer); 1628 int (*key_getsecurity)(struct key *key, char **_buffer);
1731 int (*key_session_to_parent)(const struct cred *cred,
1732 const struct cred *parent_cred,
1733 struct key *key);
1734#endif /* CONFIG_KEYS */ 1629#endif /* CONFIG_KEYS */
1735 1630
1736#ifdef CONFIG_AUDIT 1631#ifdef CONFIG_AUDIT
@@ -1761,7 +1656,6 @@ int security_capset(struct cred *new, const struct cred *old,
1761int security_capable(int cap); 1656int security_capable(int cap);
1762int security_real_capable(struct task_struct *tsk, int cap); 1657int security_real_capable(struct task_struct *tsk, int cap);
1763int security_real_capable_noaudit(struct task_struct *tsk, int cap); 1658int security_real_capable_noaudit(struct task_struct *tsk, int cap);
1764int security_acct(struct file *file);
1765int security_sysctl(struct ctl_table *table, int op); 1659int security_sysctl(struct ctl_table *table, int op);
1766int security_quotactl(int cmds, int type, int id, struct super_block *sb); 1660int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1767int security_quota_on(struct dentry *dentry); 1661int security_quota_on(struct dentry *dentry);
@@ -1783,14 +1677,8 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1783int security_sb_statfs(struct dentry *dentry); 1677int security_sb_statfs(struct dentry *dentry);
1784int security_sb_mount(char *dev_name, struct path *path, 1678int security_sb_mount(char *dev_name, struct path *path,
1785 char *type, unsigned long flags, void *data); 1679 char *type, unsigned long flags, void *data);
1786int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
1787int security_sb_umount(struct vfsmount *mnt, int flags); 1680int security_sb_umount(struct vfsmount *mnt, int flags);
1788void security_sb_umount_close(struct vfsmount *mnt);
1789void security_sb_umount_busy(struct vfsmount *mnt);
1790void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
1791void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint);
1792int security_sb_pivotroot(struct path *old_path, struct path *new_path); 1681int security_sb_pivotroot(struct path *old_path, struct path *new_path);
1793void security_sb_post_pivotroot(struct path *old_path, struct path *new_path);
1794int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); 1682int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
1795void security_sb_clone_mnt_opts(const struct super_block *oldsb, 1683void security_sb_clone_mnt_opts(const struct super_block *oldsb,
1796 struct super_block *newsb); 1684 struct super_block *newsb);
@@ -1816,7 +1704,6 @@ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1816int security_inode_permission(struct inode *inode, int mask); 1704int security_inode_permission(struct inode *inode, int mask);
1817int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 1705int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1818int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); 1706int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1819void security_inode_delete(struct inode *inode);
1820int security_inode_setxattr(struct dentry *dentry, const char *name, 1707int security_inode_setxattr(struct dentry *dentry, const char *name,
1821 const void *value, size_t size, int flags); 1708 const void *value, size_t size, int flags);
1822void security_inode_post_setxattr(struct dentry *dentry, const char *name, 1709void security_inode_post_setxattr(struct dentry *dentry, const char *name,
@@ -1850,24 +1737,21 @@ int security_task_create(unsigned long clone_flags);
1850int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 1737int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1851void security_cred_free(struct cred *cred); 1738void security_cred_free(struct cred *cred);
1852int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 1739int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1853void security_commit_creds(struct cred *new, const struct cred *old);
1854void security_transfer_creds(struct cred *new, const struct cred *old); 1740void security_transfer_creds(struct cred *new, const struct cred *old);
1855int security_kernel_act_as(struct cred *new, u32 secid); 1741int security_kernel_act_as(struct cred *new, u32 secid);
1856int security_kernel_create_files_as(struct cred *new, struct inode *inode); 1742int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1857int security_kernel_module_request(char *kmod_name); 1743int security_kernel_module_request(char *kmod_name);
1858int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1859int security_task_fix_setuid(struct cred *new, const struct cred *old, 1744int security_task_fix_setuid(struct cred *new, const struct cred *old,
1860 int flags); 1745 int flags);
1861int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
1862int security_task_setpgid(struct task_struct *p, pid_t pgid); 1746int security_task_setpgid(struct task_struct *p, pid_t pgid);
1863int security_task_getpgid(struct task_struct *p); 1747int security_task_getpgid(struct task_struct *p);
1864int security_task_getsid(struct task_struct *p); 1748int security_task_getsid(struct task_struct *p);
1865void security_task_getsecid(struct task_struct *p, u32 *secid); 1749void security_task_getsecid(struct task_struct *p, u32 *secid);
1866int security_task_setgroups(struct group_info *group_info);
1867int security_task_setnice(struct task_struct *p, int nice); 1750int security_task_setnice(struct task_struct *p, int nice);
1868int security_task_setioprio(struct task_struct *p, int ioprio); 1751int security_task_setioprio(struct task_struct *p, int ioprio);
1869int security_task_getioprio(struct task_struct *p); 1752int security_task_getioprio(struct task_struct *p);
1870int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim); 1753int security_task_setrlimit(struct task_struct *p, unsigned int resource,
1754 struct rlimit *new_rlim);
1871int security_task_setscheduler(struct task_struct *p, 1755int security_task_setscheduler(struct task_struct *p,
1872 int policy, struct sched_param *lp); 1756 int policy, struct sched_param *lp);
1873int security_task_getscheduler(struct task_struct *p); 1757int security_task_getscheduler(struct task_struct *p);
@@ -1990,11 +1874,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap)
1990 return ret; 1874 return ret;
1991} 1875}
1992 1876
1993static inline int security_acct(struct file *file)
1994{
1995 return 0;
1996}
1997
1998static inline int security_sysctl(struct ctl_table *table, int op) 1877static inline int security_sysctl(struct ctl_table *table, int op)
1999{ 1878{
2000 return 0; 1879 return 0;
@@ -2099,41 +1978,17 @@ static inline int security_sb_mount(char *dev_name, struct path *path,
2099 return 0; 1978 return 0;
2100} 1979}
2101 1980
2102static inline int security_sb_check_sb(struct vfsmount *mnt,
2103 struct path *path)
2104{
2105 return 0;
2106}
2107
2108static inline int security_sb_umount(struct vfsmount *mnt, int flags) 1981static inline int security_sb_umount(struct vfsmount *mnt, int flags)
2109{ 1982{
2110 return 0; 1983 return 0;
2111} 1984}
2112 1985
2113static inline void security_sb_umount_close(struct vfsmount *mnt)
2114{ }
2115
2116static inline void security_sb_umount_busy(struct vfsmount *mnt)
2117{ }
2118
2119static inline void security_sb_post_remount(struct vfsmount *mnt,
2120 unsigned long flags, void *data)
2121{ }
2122
2123static inline void security_sb_post_addmount(struct vfsmount *mnt,
2124 struct path *mountpoint)
2125{ }
2126
2127static inline int security_sb_pivotroot(struct path *old_path, 1986static inline int security_sb_pivotroot(struct path *old_path,
2128 struct path *new_path) 1987 struct path *new_path)
2129{ 1988{
2130 return 0; 1989 return 0;
2131} 1990}
2132 1991
2133static inline void security_sb_post_pivotroot(struct path *old_path,
2134 struct path *new_path)
2135{ }
2136
2137static inline int security_sb_set_mnt_opts(struct super_block *sb, 1992static inline int security_sb_set_mnt_opts(struct super_block *sb,
2138 struct security_mnt_opts *opts) 1993 struct security_mnt_opts *opts)
2139{ 1994{
@@ -2249,9 +2104,6 @@ static inline int security_inode_getattr(struct vfsmount *mnt,
2249 return 0; 2104 return 0;
2250} 2105}
2251 2106
2252static inline void security_inode_delete(struct inode *inode)
2253{ }
2254
2255static inline int security_inode_setxattr(struct dentry *dentry, 2107static inline int security_inode_setxattr(struct dentry *dentry,
2256 const char *name, const void *value, size_t size, int flags) 2108 const char *name, const void *value, size_t size, int flags)
2257{ 2109{
@@ -2398,11 +2250,6 @@ static inline int security_prepare_creds(struct cred *new,
2398 return 0; 2250 return 0;
2399} 2251}
2400 2252
2401static inline void security_commit_creds(struct cred *new,
2402 const struct cred *old)
2403{
2404}
2405
2406static inline void security_transfer_creds(struct cred *new, 2253static inline void security_transfer_creds(struct cred *new,
2407 const struct cred *old) 2254 const struct cred *old)
2408{ 2255{
@@ -2424,12 +2271,6 @@ static inline int security_kernel_module_request(char *kmod_name)
2424 return 0; 2271 return 0;
2425} 2272}
2426 2273
2427static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2428 int flags)
2429{
2430 return 0;
2431}
2432
2433static inline int security_task_fix_setuid(struct cred *new, 2274static inline int security_task_fix_setuid(struct cred *new,
2434 const struct cred *old, 2275 const struct cred *old,
2435 int flags) 2276 int flags)
@@ -2437,12 +2278,6 @@ static inline int security_task_fix_setuid(struct cred *new,
2437 return cap_task_fix_setuid(new, old, flags); 2278 return cap_task_fix_setuid(new, old, flags);
2438} 2279}
2439 2280
2440static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2,
2441 int flags)
2442{
2443 return 0;
2444}
2445
2446static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 2281static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
2447{ 2282{
2448 return 0; 2283 return 0;
@@ -2463,11 +2298,6 @@ static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
2463 *secid = 0; 2298 *secid = 0;
2464} 2299}
2465 2300
2466static inline int security_task_setgroups(struct group_info *group_info)
2467{
2468 return 0;
2469}
2470
2471static inline int security_task_setnice(struct task_struct *p, int nice) 2301static inline int security_task_setnice(struct task_struct *p, int nice)
2472{ 2302{
2473 return cap_task_setnice(p, nice); 2303 return cap_task_setnice(p, nice);
@@ -2483,7 +2313,8 @@ static inline int security_task_getioprio(struct task_struct *p)
2483 return 0; 2313 return 0;
2484} 2314}
2485 2315
2486static inline int security_task_setrlimit(unsigned int resource, 2316static inline int security_task_setrlimit(struct task_struct *p,
2317 unsigned int resource,
2487 struct rlimit *new_rlim) 2318 struct rlimit *new_rlim)
2488{ 2319{
2489 return 0; 2320 return 0;
@@ -2976,8 +2807,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode);
2976int security_path_rmdir(struct path *dir, struct dentry *dentry); 2807int security_path_rmdir(struct path *dir, struct dentry *dentry);
2977int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, 2808int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
2978 unsigned int dev); 2809 unsigned int dev);
2979int security_path_truncate(struct path *path, loff_t length, 2810int security_path_truncate(struct path *path);
2980 unsigned int time_attrs);
2981int security_path_symlink(struct path *dir, struct dentry *dentry, 2811int security_path_symlink(struct path *dir, struct dentry *dentry,
2982 const char *old_name); 2812 const char *old_name);
2983int security_path_link(struct dentry *old_dentry, struct path *new_dir, 2813int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -3011,8 +2841,7 @@ static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
3011 return 0; 2841 return 0;
3012} 2842}
3013 2843
3014static inline int security_path_truncate(struct path *path, loff_t length, 2844static inline int security_path_truncate(struct path *path)
3015 unsigned int time_attrs)
3016{ 2845{
3017 return 0; 2846 return 0;
3018} 2847}
@@ -3064,9 +2893,6 @@ void security_key_free(struct key *key);
3064int security_key_permission(key_ref_t key_ref, 2893int security_key_permission(key_ref_t key_ref,
3065 const struct cred *cred, key_perm_t perm); 2894 const struct cred *cred, key_perm_t perm);
3066int security_key_getsecurity(struct key *key, char **_buffer); 2895int security_key_getsecurity(struct key *key, char **_buffer);
3067int security_key_session_to_parent(const struct cred *cred,
3068 const struct cred *parent_cred,
3069 struct key *key);
3070 2896
3071#else 2897#else
3072 2898
@@ -3094,13 +2920,6 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
3094 return 0; 2920 return 0;
3095} 2921}
3096 2922
3097static inline int security_key_session_to_parent(const struct cred *cred,
3098 const struct cred *parent_cred,
3099 struct key *key)
3100{
3101 return 0;
3102}
3103
3104#endif 2923#endif
3105#endif /* CONFIG_KEYS */ 2924#endif /* CONFIG_KEYS */
3106 2925