diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 29 | ||||
-rw-r--r-- | include/linux/security.h | 114 | ||||
-rw-r--r-- | include/linux/selinux.h | 134 |
3 files changed, 142 insertions, 135 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 2af9ec025015..4ccb048cae1d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -353,6 +353,33 @@ struct netlink_skb_parms; | |||
353 | struct linux_binprm; | 353 | struct linux_binprm; |
354 | struct mq_attr; | 354 | struct mq_attr; |
355 | struct mqstat; | 355 | struct mqstat; |
356 | struct audit_watch; | ||
357 | struct audit_tree; | ||
358 | |||
359 | struct audit_krule { | ||
360 | int vers_ops; | ||
361 | u32 flags; | ||
362 | u32 listnr; | ||
363 | u32 action; | ||
364 | u32 mask[AUDIT_BITMASK_SIZE]; | ||
365 | u32 buflen; /* for data alloc on list rules */ | ||
366 | u32 field_count; | ||
367 | char *filterkey; /* ties events to rules */ | ||
368 | struct audit_field *fields; | ||
369 | struct audit_field *arch_f; /* quick access to arch field */ | ||
370 | struct audit_field *inode_f; /* quick access to an inode field */ | ||
371 | struct audit_watch *watch; /* associated watch */ | ||
372 | struct audit_tree *tree; /* associated watched tree */ | ||
373 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ | ||
374 | }; | ||
375 | |||
376 | struct audit_field { | ||
377 | u32 type; | ||
378 | u32 val; | ||
379 | u32 op; | ||
380 | char *lsm_str; | ||
381 | void *lsm_rule; | ||
382 | }; | ||
356 | 383 | ||
357 | #define AUDITSC_INVALID 0 | 384 | #define AUDITSC_INVALID 0 |
358 | #define AUDITSC_SUCCESS 1 | 385 | #define AUDITSC_SUCCESS 1 |
@@ -536,6 +563,8 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
536 | const char *prefix, | 563 | const char *prefix, |
537 | struct path *path); | 564 | struct path *path); |
538 | extern void audit_log_lost(const char *message); | 565 | extern void audit_log_lost(const char *message); |
566 | extern int audit_update_lsm_rules(void); | ||
567 | |||
539 | /* Private API (for audit.c only) */ | 568 | /* Private API (for audit.c only) */ |
540 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 569 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
541 | extern int audit_filter_type(int type); | 570 | extern int audit_filter_type(int type); |
diff --git a/include/linux/security.h b/include/linux/security.h index f5eb9ff47ac5..fea1f4aa4dd5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -36,7 +36,11 @@ | |||
36 | 36 | ||
37 | extern unsigned securebits; | 37 | extern unsigned securebits; |
38 | 38 | ||
39 | /* Maximum number of letters for an LSM name string */ | ||
40 | #define SECURITY_NAME_MAX 10 | ||
41 | |||
39 | struct ctl_table; | 42 | struct ctl_table; |
43 | struct audit_krule; | ||
40 | 44 | ||
41 | /* | 45 | /* |
42 | * These functions are in security/capability.c and are used | 46 | * These functions are in security/capability.c and are used |
@@ -136,6 +140,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
136 | /** | 140 | /** |
137 | * struct security_operations - main security structure | 141 | * struct security_operations - main security structure |
138 | * | 142 | * |
143 | * Security module identifier. | ||
144 | * | ||
145 | * @name: | ||
146 | * A string that acts as a unique identifeir for the LSM with max number | ||
147 | * of characters = SECURITY_NAME_MAX. | ||
148 | * | ||
139 | * Security hooks for program execution operations. | 149 | * Security hooks for program execution operations. |
140 | * | 150 | * |
141 | * @bprm_alloc_security: | 151 | * @bprm_alloc_security: |
@@ -468,6 +478,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
468 | * @dentry is the dentry being changed. | 478 | * @dentry is the dentry being changed. |
469 | * Return 0 on success. If error is returned, then the operation | 479 | * Return 0 on success. If error is returned, then the operation |
470 | * causing setuid bit removal is failed. | 480 | * causing setuid bit removal is failed. |
481 | * @inode_getsecid: | ||
482 | * Get the secid associated with the node. | ||
483 | * @inode contains a pointer to the inode. | ||
484 | * @secid contains a pointer to the location where result will be saved. | ||
485 | * In case of failure, @secid will be set to zero. | ||
471 | * | 486 | * |
472 | * Security hooks for file operations | 487 | * Security hooks for file operations |
473 | * | 488 | * |
@@ -636,6 +651,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
636 | * @task_getsecid: | 651 | * @task_getsecid: |
637 | * Retrieve the security identifier of the process @p. | 652 | * Retrieve the security identifier of the process @p. |
638 | * @p contains the task_struct for the process and place is into @secid. | 653 | * @p contains the task_struct for the process and place is into @secid. |
654 | * In case of failure, @secid will be set to zero. | ||
655 | * | ||
639 | * @task_setgroups: | 656 | * @task_setgroups: |
640 | * Check permission before setting the supplementary group set of the | 657 | * Check permission before setting the supplementary group set of the |
641 | * current process. | 658 | * current process. |
@@ -997,6 +1014,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
997 | * @ipcp contains the kernel IPC permission structure | 1014 | * @ipcp contains the kernel IPC permission structure |
998 | * @flag contains the desired (requested) permission set | 1015 | * @flag contains the desired (requested) permission set |
999 | * Return 0 if permission is granted. | 1016 | * Return 0 if permission is granted. |
1017 | * @ipc_getsecid: | ||
1018 | * Get the secid associated with the ipc object. | ||
1019 | * @ipcp contains the kernel IPC permission structure. | ||
1020 | * @secid contains a pointer to the location where result will be saved. | ||
1021 | * In case of failure, @secid will be set to zero. | ||
1000 | * | 1022 | * |
1001 | * Security hooks for individual messages held in System V IPC message queues | 1023 | * Security hooks for individual messages held in System V IPC message queues |
1002 | * @msg_msg_alloc_security: | 1024 | * @msg_msg_alloc_security: |
@@ -1223,9 +1245,42 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1223 | * @secdata contains the security context. | 1245 | * @secdata contains the security context. |
1224 | * @seclen contains the length of the security context. | 1246 | * @seclen contains the length of the security context. |
1225 | * | 1247 | * |
1248 | * Security hooks for Audit | ||
1249 | * | ||
1250 | * @audit_rule_init: | ||
1251 | * Allocate and initialize an LSM audit rule structure. | ||
1252 | * @field contains the required Audit action. Fields flags are defined in include/linux/audit.h | ||
1253 | * @op contains the operator the rule uses. | ||
1254 | * @rulestr contains the context where the rule will be applied to. | ||
1255 | * @lsmrule contains a pointer to receive the result. | ||
1256 | * Return 0 if @lsmrule has been successfully set, | ||
1257 | * -EINVAL in case of an invalid rule. | ||
1258 | * | ||
1259 | * @audit_rule_known: | ||
1260 | * Specifies whether given @rule contains any fields related to current LSM. | ||
1261 | * @rule contains the audit rule of interest. | ||
1262 | * Return 1 in case of relation found, 0 otherwise. | ||
1263 | * | ||
1264 | * @audit_rule_match: | ||
1265 | * Determine if given @secid matches a rule previously approved | ||
1266 | * by @audit_rule_known. | ||
1267 | * @secid contains the security id in question. | ||
1268 | * @field contains the field which relates to current LSM. | ||
1269 | * @op contains the operator that will be used for matching. | ||
1270 | * @rule points to the audit rule that will be checked against. | ||
1271 | * @actx points to the audit context associated with the check. | ||
1272 | * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure. | ||
1273 | * | ||
1274 | * @audit_rule_free: | ||
1275 | * Deallocate the LSM audit rule structure previously allocated by | ||
1276 | * audit_rule_init. | ||
1277 | * @rule contains the allocated rule | ||
1278 | * | ||
1226 | * This is the main security structure. | 1279 | * This is the main security structure. |
1227 | */ | 1280 | */ |
1228 | struct security_operations { | 1281 | struct security_operations { |
1282 | char name[SECURITY_NAME_MAX + 1]; | ||
1283 | |||
1229 | int (*ptrace) (struct task_struct * parent, struct task_struct * child); | 1284 | int (*ptrace) (struct task_struct * parent, struct task_struct * child); |
1230 | int (*capget) (struct task_struct * target, | 1285 | int (*capget) (struct task_struct * target, |
1231 | kernel_cap_t * effective, | 1286 | kernel_cap_t * effective, |
@@ -1317,6 +1372,7 @@ struct security_operations { | |||
1317 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc); | 1372 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc); |
1318 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1373 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
1319 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); | 1374 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); |
1375 | void (*inode_getsecid)(const struct inode *inode, u32 *secid); | ||
1320 | 1376 | ||
1321 | int (*file_permission) (struct file * file, int mask); | 1377 | int (*file_permission) (struct file * file, int mask); |
1322 | int (*file_alloc_security) (struct file * file); | 1378 | int (*file_alloc_security) (struct file * file); |
@@ -1369,6 +1425,7 @@ struct security_operations { | |||
1369 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); | 1425 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); |
1370 | 1426 | ||
1371 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); | 1427 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); |
1428 | void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid); | ||
1372 | 1429 | ||
1373 | int (*msg_msg_alloc_security) (struct msg_msg * msg); | 1430 | int (*msg_msg_alloc_security) (struct msg_msg * msg); |
1374 | void (*msg_msg_free_security) (struct msg_msg * msg); | 1431 | void (*msg_msg_free_security) (struct msg_msg * msg); |
@@ -1480,10 +1537,18 @@ struct security_operations { | |||
1480 | 1537 | ||
1481 | #endif /* CONFIG_KEYS */ | 1538 | #endif /* CONFIG_KEYS */ |
1482 | 1539 | ||
1540 | #ifdef CONFIG_AUDIT | ||
1541 | int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule); | ||
1542 | int (*audit_rule_known)(struct audit_krule *krule); | ||
1543 | int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule, | ||
1544 | struct audit_context *actx); | ||
1545 | void (*audit_rule_free)(void *lsmrule); | ||
1546 | #endif /* CONFIG_AUDIT */ | ||
1483 | }; | 1547 | }; |
1484 | 1548 | ||
1485 | /* prototypes */ | 1549 | /* prototypes */ |
1486 | extern int security_init (void); | 1550 | extern int security_init (void); |
1551 | extern int security_module_enable(struct security_operations *ops); | ||
1487 | extern int register_security (struct security_operations *ops); | 1552 | extern int register_security (struct security_operations *ops); |
1488 | extern int mod_reg_security (const char *name, struct security_operations *ops); | 1553 | extern int mod_reg_security (const char *name, struct security_operations *ops); |
1489 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, | 1554 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, |
@@ -1578,6 +1643,7 @@ int security_inode_killpriv(struct dentry *dentry); | |||
1578 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); | 1643 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); |
1579 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1644 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
1580 | int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); | 1645 | int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); |
1646 | void security_inode_getsecid(const struct inode *inode, u32 *secid); | ||
1581 | int security_file_permission(struct file *file, int mask); | 1647 | int security_file_permission(struct file *file, int mask); |
1582 | int security_file_alloc(struct file *file); | 1648 | int security_file_alloc(struct file *file); |
1583 | void security_file_free(struct file *file); | 1649 | void security_file_free(struct file *file); |
@@ -1622,6 +1688,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
1622 | void security_task_reparent_to_init(struct task_struct *p); | 1688 | void security_task_reparent_to_init(struct task_struct *p); |
1623 | void security_task_to_inode(struct task_struct *p, struct inode *inode); | 1689 | void security_task_to_inode(struct task_struct *p, struct inode *inode); |
1624 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); | 1690 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); |
1691 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); | ||
1625 | int security_msg_msg_alloc(struct msg_msg *msg); | 1692 | int security_msg_msg_alloc(struct msg_msg *msg); |
1626 | void security_msg_msg_free(struct msg_msg *msg); | 1693 | void security_msg_msg_free(struct msg_msg *msg); |
1627 | int security_msg_queue_alloc(struct msg_queue *msq); | 1694 | int security_msg_queue_alloc(struct msg_queue *msq); |
@@ -2022,6 +2089,11 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, | |||
2022 | return 0; | 2089 | return 0; |
2023 | } | 2090 | } |
2024 | 2091 | ||
2092 | static inline void security_inode_getsecid(const struct inode *inode, u32 *secid) | ||
2093 | { | ||
2094 | *secid = 0; | ||
2095 | } | ||
2096 | |||
2025 | static inline int security_file_permission (struct file *file, int mask) | 2097 | static inline int security_file_permission (struct file *file, int mask) |
2026 | { | 2098 | { |
2027 | return 0; | 2099 | return 0; |
@@ -2137,7 +2209,9 @@ static inline int security_task_getsid (struct task_struct *p) | |||
2137 | } | 2209 | } |
2138 | 2210 | ||
2139 | static inline void security_task_getsecid (struct task_struct *p, u32 *secid) | 2211 | static inline void security_task_getsecid (struct task_struct *p, u32 *secid) |
2140 | { } | 2212 | { |
2213 | *secid = 0; | ||
2214 | } | ||
2141 | 2215 | ||
2142 | static inline int security_task_setgroups (struct group_info *group_info) | 2216 | static inline int security_task_setgroups (struct group_info *group_info) |
2143 | { | 2217 | { |
@@ -2216,6 +2290,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
2216 | return 0; | 2290 | return 0; |
2217 | } | 2291 | } |
2218 | 2292 | ||
2293 | static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | ||
2294 | { | ||
2295 | *secid = 0; | ||
2296 | } | ||
2297 | |||
2219 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 2298 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
2220 | { | 2299 | { |
2221 | return 0; | 2300 | return 0; |
@@ -2672,5 +2751,38 @@ static inline int security_key_permission(key_ref_t key_ref, | |||
2672 | #endif | 2751 | #endif |
2673 | #endif /* CONFIG_KEYS */ | 2752 | #endif /* CONFIG_KEYS */ |
2674 | 2753 | ||
2754 | #ifdef CONFIG_AUDIT | ||
2755 | #ifdef CONFIG_SECURITY | ||
2756 | int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); | ||
2757 | int security_audit_rule_known(struct audit_krule *krule); | ||
2758 | int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, | ||
2759 | struct audit_context *actx); | ||
2760 | void security_audit_rule_free(void *lsmrule); | ||
2761 | |||
2762 | #else | ||
2763 | |||
2764 | static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
2765 | void **lsmrule) | ||
2766 | { | ||
2767 | return 0; | ||
2768 | } | ||
2769 | |||
2770 | static inline int security_audit_rule_known(struct audit_krule *krule) | ||
2771 | { | ||
2772 | return 0; | ||
2773 | } | ||
2774 | |||
2775 | static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, | ||
2776 | void *lsmrule, struct audit_context *actx) | ||
2777 | { | ||
2778 | return 0; | ||
2779 | } | ||
2780 | |||
2781 | static inline void security_audit_rule_free(void *lsmrule) | ||
2782 | { } | ||
2783 | |||
2784 | #endif /* CONFIG_SECURITY */ | ||
2785 | #endif /* CONFIG_AUDIT */ | ||
2786 | |||
2675 | #endif /* ! __LINUX_SECURITY_H */ | 2787 | #endif /* ! __LINUX_SECURITY_H */ |
2676 | 2788 | ||
diff --git a/include/linux/selinux.h b/include/linux/selinux.h index 8c2cc4c02526..20f965d4b041 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h | |||
@@ -16,99 +16,11 @@ | |||
16 | 16 | ||
17 | struct selinux_audit_rule; | 17 | struct selinux_audit_rule; |
18 | struct audit_context; | 18 | struct audit_context; |
19 | struct inode; | ||
20 | struct kern_ipc_perm; | 19 | struct kern_ipc_perm; |
21 | 20 | ||
22 | #ifdef CONFIG_SECURITY_SELINUX | 21 | #ifdef CONFIG_SECURITY_SELINUX |
23 | 22 | ||
24 | /** | 23 | /** |
25 | * selinux_audit_rule_init - alloc/init an selinux audit rule structure. | ||
26 | * @field: the field this rule refers to | ||
27 | * @op: the operater the rule uses | ||
28 | * @rulestr: the text "target" of the rule | ||
29 | * @rule: pointer to the new rule structure returned via this | ||
30 | * | ||
31 | * Returns 0 if successful, -errno if not. On success, the rule structure | ||
32 | * will be allocated internally. The caller must free this structure with | ||
33 | * selinux_audit_rule_free() after use. | ||
34 | */ | ||
35 | int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
36 | struct selinux_audit_rule **rule); | ||
37 | |||
38 | /** | ||
39 | * selinux_audit_rule_free - free an selinux audit rule structure. | ||
40 | * @rule: pointer to the audit rule to be freed | ||
41 | * | ||
42 | * This will free all memory associated with the given rule. | ||
43 | * If @rule is NULL, no operation is performed. | ||
44 | */ | ||
45 | void selinux_audit_rule_free(struct selinux_audit_rule *rule); | ||
46 | |||
47 | /** | ||
48 | * selinux_audit_rule_match - determine if a context ID matches a rule. | ||
49 | * @sid: the context ID to check | ||
50 | * @field: the field this rule refers to | ||
51 | * @op: the operater the rule uses | ||
52 | * @rule: pointer to the audit rule to check against | ||
53 | * @actx: the audit context (can be NULL) associated with the check | ||
54 | * | ||
55 | * Returns 1 if the context id matches the rule, 0 if it does not, and | ||
56 | * -errno on failure. | ||
57 | */ | ||
58 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, | ||
59 | struct selinux_audit_rule *rule, | ||
60 | struct audit_context *actx); | ||
61 | |||
62 | /** | ||
63 | * selinux_audit_set_callback - set the callback for policy reloads. | ||
64 | * @callback: the function to call when the policy is reloaded | ||
65 | * | ||
66 | * This sets the function callback function that will update the rules | ||
67 | * upon policy reloads. This callback should rebuild all existing rules | ||
68 | * using selinux_audit_rule_init(). | ||
69 | */ | ||
70 | void selinux_audit_set_callback(int (*callback)(void)); | ||
71 | |||
72 | /** | ||
73 | * selinux_sid_to_string - map a security context ID to a string | ||
74 | * @sid: security context ID to be converted. | ||
75 | * @ctx: address of context string to be returned | ||
76 | * @ctxlen: length of returned context string. | ||
77 | * | ||
78 | * Returns 0 if successful, -errno if not. On success, the context | ||
79 | * string will be allocated internally, and the caller must call | ||
80 | * kfree() on it after use. | ||
81 | */ | ||
82 | int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen); | ||
83 | |||
84 | /** | ||
85 | * selinux_get_inode_sid - get the inode's security context ID | ||
86 | * @inode: inode structure to get the sid from. | ||
87 | * @sid: pointer to security context ID to be filled in. | ||
88 | * | ||
89 | * Returns nothing | ||
90 | */ | ||
91 | void selinux_get_inode_sid(const struct inode *inode, u32 *sid); | ||
92 | |||
93 | /** | ||
94 | * selinux_get_ipc_sid - get the ipc security context ID | ||
95 | * @ipcp: ipc structure to get the sid from. | ||
96 | * @sid: pointer to security context ID to be filled in. | ||
97 | * | ||
98 | * Returns nothing | ||
99 | */ | ||
100 | void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid); | ||
101 | |||
102 | /** | ||
103 | * selinux_get_task_sid - return the SID of task | ||
104 | * @tsk: the task whose SID will be returned | ||
105 | * @sid: pointer to security context ID to be filled in. | ||
106 | * | ||
107 | * Returns nothing | ||
108 | */ | ||
109 | void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); | ||
110 | |||
111 | /** | ||
112 | * selinux_string_to_sid - map a security context string to a security ID | 24 | * selinux_string_to_sid - map a security context string to a security ID |
113 | * @str: the security context string to be mapped | 25 | * @str: the security context string to be mapped |
114 | * @sid: ID value returned via this. | 26 | * @sid: ID value returned via this. |
@@ -151,52 +63,6 @@ void selinux_secmark_refcount_inc(void); | |||
151 | void selinux_secmark_refcount_dec(void); | 63 | void selinux_secmark_refcount_dec(void); |
152 | #else | 64 | #else |
153 | 65 | ||
154 | static inline int selinux_audit_rule_init(u32 field, u32 op, | ||
155 | char *rulestr, | ||
156 | struct selinux_audit_rule **rule) | ||
157 | { | ||
158 | return -EOPNOTSUPP; | ||
159 | } | ||
160 | |||
161 | static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule) | ||
162 | { | ||
163 | return; | ||
164 | } | ||
165 | |||
166 | static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op, | ||
167 | struct selinux_audit_rule *rule, | ||
168 | struct audit_context *actx) | ||
169 | { | ||
170 | return 0; | ||
171 | } | ||
172 | |||
173 | static inline void selinux_audit_set_callback(int (*callback)(void)) | ||
174 | { | ||
175 | return; | ||
176 | } | ||
177 | |||
178 | static inline int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen) | ||
179 | { | ||
180 | *ctx = NULL; | ||
181 | *ctxlen = 0; | ||
182 | return 0; | ||
183 | } | ||
184 | |||
185 | static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid) | ||
186 | { | ||
187 | *sid = 0; | ||
188 | } | ||
189 | |||
190 | static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid) | ||
191 | { | ||
192 | *sid = 0; | ||
193 | } | ||
194 | |||
195 | static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid) | ||
196 | { | ||
197 | *sid = 0; | ||
198 | } | ||
199 | |||
200 | static inline int selinux_string_to_sid(const char *str, u32 *sid) | 66 | static inline int selinux_string_to_sid(const char *str, u32 *sid) |
201 | { | 67 | { |
202 | *sid = 0; | 68 | *sid = 0; |