CoCalc -- capability.c

GitHub Repository: awilliam/linux-vfio
Path: blob/master/security/capability.c
¹⁰⁸¹¹ views
1
/*
2
 *  Capabilities Linux Security Module
3
 *
4
 *  This is the default security module in case no other module is loaded.
5
 *
6
 *	This program is free software; you can redistribute it and/or modify
7
 *	it under the terms of the GNU General Public License as published by
8
 *	the Free Software Foundation; either version 2 of the License, or
9
 *	(at your option) any later version.
10
 *
11
 */
12

13
#include <linux/security.h>
14

15
static int cap_syslog(int type)
16
{
17
	return 0;
18
}
19

20
static int cap_quotactl(int cmds, int type, int id, struct super_block *sb)
21
{
22
	return 0;
23
}
24

25
static int cap_quota_on(struct dentry *dentry)
26
{
27
	return 0;
28
}
29

30
static int cap_bprm_check_security(struct linux_binprm *bprm)
31
{
32
	return 0;
33
}
34

35
static void cap_bprm_committing_creds(struct linux_binprm *bprm)
36
{
37
}
38

39
static void cap_bprm_committed_creds(struct linux_binprm *bprm)
40
{
41
}
42

43
static int cap_sb_alloc_security(struct super_block *sb)
44
{
45
	return 0;
46
}
47

48
static void cap_sb_free_security(struct super_block *sb)
49
{
50
}
51

52
static int cap_sb_copy_data(char *orig, char *copy)
53
{
54
	return 0;
55
}
56

57
static int cap_sb_remount(struct super_block *sb, void *data)
58
{
59
	return 0;
60
}
61

62
static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
63
{
64
	return 0;
65
}
66

67
static int cap_sb_show_options(struct seq_file *m, struct super_block *sb)
68
{
69
	return 0;
70
}
71

72
static int cap_sb_statfs(struct dentry *dentry)
73
{
74
	return 0;
75
}
76

77
static int cap_sb_mount(char *dev_name, struct path *path, char *type,
78
			unsigned long flags, void *data)
79
{
80
	return 0;
81
}
82

83
static int cap_sb_umount(struct vfsmount *mnt, int flags)
84
{
85
	return 0;
86
}
87

88
static int cap_sb_pivotroot(struct path *old_path, struct path *new_path)
89
{
90
	return 0;
91
}
92

93
static int cap_sb_set_mnt_opts(struct super_block *sb,
94
			       struct security_mnt_opts *opts)
95
{
96
	if (unlikely(opts->num_mnt_opts))
97
		return -EOPNOTSUPP;
98
	return 0;
99
}
100

101
static void cap_sb_clone_mnt_opts(const struct super_block *oldsb,
102
				  struct super_block *newsb)
103
{
104
}
105

106
static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
107
{
108
	return 0;
109
}
110

111
static int cap_inode_alloc_security(struct inode *inode)
112
{
113
	return 0;
114
}
115

116
static void cap_inode_free_security(struct inode *inode)
117
{
118
}
119

120
static int cap_inode_init_security(struct inode *inode, struct inode *dir,
121
				   const struct qstr *qstr, char **name,
122
				   void **value, size_t *len)
123
{
124
	return -EOPNOTSUPP;
125
}
126

127
static int cap_inode_create(struct inode *inode, struct dentry *dentry,
128
			    int mask)
129
{
130
	return 0;
131
}
132

133
static int cap_inode_link(struct dentry *old_dentry, struct inode *inode,
134
			  struct dentry *new_dentry)
135
{
136
	return 0;
137
}
138

139
static int cap_inode_unlink(struct inode *inode, struct dentry *dentry)
140
{
141
	return 0;
142
}
143

144
static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
145
			     const char *name)
146
{
147
	return 0;
148
}
149

150
static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
151
			   int mask)
152
{
153
	return 0;
154
}
155

156
static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
157
{
158
	return 0;
159
}
160

161
static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
162
			   int mode, dev_t dev)
163
{
164
	return 0;
165
}
166

167
static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
168
			    struct inode *new_inode, struct dentry *new_dentry)
169
{
170
	return 0;
171
}
172

173
static int cap_inode_readlink(struct dentry *dentry)
174
{
175
	return 0;
176
}
177

178
static int cap_inode_follow_link(struct dentry *dentry,
179
				 struct nameidata *nameidata)
180
{
181
	return 0;
182
}
183

184
static int cap_inode_permission(struct inode *inode, int mask, unsigned flags)
185
{
186
	return 0;
187
}
188

189
static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr)
190
{
191
	return 0;
192
}
193

194
static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
195
{
196
	return 0;
197
}
198

199
static void cap_inode_post_setxattr(struct dentry *dentry, const char *name,
200
				    const void *value, size_t size, int flags)
201
{
202
}
203

204
static int cap_inode_getxattr(struct dentry *dentry, const char *name)
205
{
206
	return 0;
207
}
208

209
static int cap_inode_listxattr(struct dentry *dentry)
210
{
211
	return 0;
212
}
213

214
static int cap_inode_getsecurity(const struct inode *inode, const char *name,
215
				 void **buffer, bool alloc)
216
{
217
	return -EOPNOTSUPP;
218
}
219

220
static int cap_inode_setsecurity(struct inode *inode, const char *name,
221
				 const void *value, size_t size, int flags)
222
{
223
	return -EOPNOTSUPP;
224
}
225

226
static int cap_inode_listsecurity(struct inode *inode, char *buffer,
227
				  size_t buffer_size)
228
{
229
	return 0;
230
}
231

232
static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
233
{
234
	*secid = 0;
235
}
236

237
#ifdef CONFIG_SECURITY_PATH
238
static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode,
239
			  unsigned int dev)
240
{
241
	return 0;
242
}
243

244
static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
245
{
246
	return 0;
247
}
248

249
static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
250
{
251
	return 0;
252
}
253

254
static int cap_path_unlink(struct path *dir, struct dentry *dentry)
255
{
256
	return 0;
257
}
258

259
static int cap_path_symlink(struct path *dir, struct dentry *dentry,
260
			    const char *old_name)
261
{
262
	return 0;
263
}
264

265
static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
266
			 struct dentry *new_dentry)
267
{
268
	return 0;
269
}
270

271
static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
272
			   struct path *new_path, struct dentry *new_dentry)
273
{
274
	return 0;
275
}
276

277
static int cap_path_truncate(struct path *path)
278
{
279
	return 0;
280
}
281

282
static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
283
			  mode_t mode)
284
{
285
	return 0;
286
}
287

288
static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
289
{
290
	return 0;
291
}
292

293
static int cap_path_chroot(struct path *root)
294
{
295
	return 0;
296
}
297
#endif
298

299
static int cap_file_permission(struct file *file, int mask)
300
{
301
	return 0;
302
}
303

304
static int cap_file_alloc_security(struct file *file)
305
{
306
	return 0;
307
}
308

309
static void cap_file_free_security(struct file *file)
310
{
311
}
312

313
static int cap_file_ioctl(struct file *file, unsigned int command,
314
			  unsigned long arg)
315
{
316
	return 0;
317
}
318

319
static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
320
			     unsigned long prot)
321
{
322
	return 0;
323
}
324

325
static int cap_file_lock(struct file *file, unsigned int cmd)
326
{
327
	return 0;
328
}
329

330
static int cap_file_fcntl(struct file *file, unsigned int cmd,
331
			  unsigned long arg)
332
{
333
	return 0;
334
}
335

336
static int cap_file_set_fowner(struct file *file)
337
{
338
	return 0;
339
}
340

341
static int cap_file_send_sigiotask(struct task_struct *tsk,
342
				   struct fown_struct *fown, int sig)
343
{
344
	return 0;
345
}
346

347
static int cap_file_receive(struct file *file)
348
{
349
	return 0;
350
}
351

352
static int cap_dentry_open(struct file *file, const struct cred *cred)
353
{
354
	return 0;
355
}
356

357
static int cap_task_create(unsigned long clone_flags)
358
{
359
	return 0;
360
}
361

362
static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
363
{
364
	return 0;
365
}
366

367
static void cap_cred_free(struct cred *cred)
368
{
369
}
370

371
static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
372
{
373
	return 0;
374
}
375

376
static void cap_cred_transfer(struct cred *new, const struct cred *old)
377
{
378
}
379

380
static int cap_kernel_act_as(struct cred *new, u32 secid)
381
{
382
	return 0;
383
}
384

385
static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
386
{
387
	return 0;
388
}
389

390
static int cap_kernel_module_request(char *kmod_name)
391
{
392
	return 0;
393
}
394

395
static int cap_task_setpgid(struct task_struct *p, pid_t pgid)
396
{
397
	return 0;
398
}
399

400
static int cap_task_getpgid(struct task_struct *p)
401
{
402
	return 0;
403
}
404

405
static int cap_task_getsid(struct task_struct *p)
406
{
407
	return 0;
408
}
409

410
static void cap_task_getsecid(struct task_struct *p, u32 *secid)
411
{
412
	*secid = 0;
413
}
414

415
static int cap_task_getioprio(struct task_struct *p)
416
{
417
	return 0;
418
}
419

420
static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
421
		struct rlimit *new_rlim)
422
{
423
	return 0;
424
}
425

426
static int cap_task_getscheduler(struct task_struct *p)
427
{
428
	return 0;
429
}
430

431
static int cap_task_movememory(struct task_struct *p)
432
{
433
	return 0;
434
}
435

436
static int cap_task_wait(struct task_struct *p)
437
{
438
	return 0;
439
}
440

441
static int cap_task_kill(struct task_struct *p, struct siginfo *info,
442
			 int sig, u32 secid)
443
{
444
	return 0;
445
}
446

447
static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
448
{
449
}
450

451
static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
452
{
453
	return 0;
454
}
455

456
static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
457
{
458
	*secid = 0;
459
}
460

461
static int cap_msg_msg_alloc_security(struct msg_msg *msg)
462
{
463
	return 0;
464
}
465

466
static void cap_msg_msg_free_security(struct msg_msg *msg)
467
{
468
}
469

470
static int cap_msg_queue_alloc_security(struct msg_queue *msq)
471
{
472
	return 0;
473
}
474

475
static void cap_msg_queue_free_security(struct msg_queue *msq)
476
{
477
}
478

479
static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg)
480
{
481
	return 0;
482
}
483

484
static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd)
485
{
486
	return 0;
487
}
488

489
static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
490
				int msgflg)
491
{
492
	return 0;
493
}
494

495
static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
496
				struct task_struct *target, long type, int mode)
497
{
498
	return 0;
499
}
500

501
static int cap_shm_alloc_security(struct shmid_kernel *shp)
502
{
503
	return 0;
504
}
505

506
static void cap_shm_free_security(struct shmid_kernel *shp)
507
{
508
}
509

510
static int cap_shm_associate(struct shmid_kernel *shp, int shmflg)
511
{
512
	return 0;
513
}
514

515
static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd)
516
{
517
	return 0;
518
}
519

520
static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
521
			 int shmflg)
522
{
523
	return 0;
524
}
525

526
static int cap_sem_alloc_security(struct sem_array *sma)
527
{
528
	return 0;
529
}
530

531
static void cap_sem_free_security(struct sem_array *sma)
532
{
533
}
534

535
static int cap_sem_associate(struct sem_array *sma, int semflg)
536
{
537
	return 0;
538
}
539

540
static int cap_sem_semctl(struct sem_array *sma, int cmd)
541
{
542
	return 0;
543
}
544

545
static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
546
			 unsigned nsops, int alter)
547
{
548
	return 0;
549
}
550

551
#ifdef CONFIG_SECURITY_NETWORK
552
static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
553
				   struct sock *newsk)
554
{
555
	return 0;
556
}
557

558
static int cap_unix_may_send(struct socket *sock, struct socket *other)
559
{
560
	return 0;
561
}
562

563
static int cap_socket_create(int family, int type, int protocol, int kern)
564
{
565
	return 0;
566
}
567

568
static int cap_socket_post_create(struct socket *sock, int family, int type,
569
				  int protocol, int kern)
570
{
571
	return 0;
572
}
573

574
static int cap_socket_bind(struct socket *sock, struct sockaddr *address,
575
			   int addrlen)
576
{
577
	return 0;
578
}
579

580
static int cap_socket_connect(struct socket *sock, struct sockaddr *address,
581
			      int addrlen)
582
{
583
	return 0;
584
}
585

586
static int cap_socket_listen(struct socket *sock, int backlog)
587
{
588
	return 0;
589
}
590

591
static int cap_socket_accept(struct socket *sock, struct socket *newsock)
592
{
593
	return 0;
594
}
595

596
static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
597
{
598
	return 0;
599
}
600

601
static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg,
602
			      int size, int flags)
603
{
604
	return 0;
605
}
606

607
static int cap_socket_getsockname(struct socket *sock)
608
{
609
	return 0;
610
}
611

612
static int cap_socket_getpeername(struct socket *sock)
613
{
614
	return 0;
615
}
616

617
static int cap_socket_setsockopt(struct socket *sock, int level, int optname)
618
{
619
	return 0;
620
}
621

622
static int cap_socket_getsockopt(struct socket *sock, int level, int optname)
623
{
624
	return 0;
625
}
626

627
static int cap_socket_shutdown(struct socket *sock, int how)
628
{
629
	return 0;
630
}
631

632
static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
633
{
634
	return 0;
635
}
636

637
static int cap_socket_getpeersec_stream(struct socket *sock,
638
					char __user *optval,
639
					int __user *optlen, unsigned len)
640
{
641
	return -ENOPROTOOPT;
642
}
643

644
static int cap_socket_getpeersec_dgram(struct socket *sock,
645
				       struct sk_buff *skb, u32 *secid)
646
{
647
	return -ENOPROTOOPT;
648
}
649

650
static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
651
{
652
	return 0;
653
}
654

655
static void cap_sk_free_security(struct sock *sk)
656
{
657
}
658

659
static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk)
660
{
661
}
662

663
static void cap_sk_getsecid(struct sock *sk, u32 *secid)
664
{
665
}
666

667
static void cap_sock_graft(struct sock *sk, struct socket *parent)
668
{
669
}
670

671
static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb,
672
				 struct request_sock *req)
673
{
674
	return 0;
675
}
676

677
static void cap_inet_csk_clone(struct sock *newsk,
678
			       const struct request_sock *req)
679
{
680
}
681

682
static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
683
{
684
}
685

686
static int cap_secmark_relabel_packet(u32 secid)
687
{
688
	return 0;
689
}
690

691
static void cap_secmark_refcount_inc(void)
692
{
693
}
694

695
static void cap_secmark_refcount_dec(void)
696
{
697
}
698

699
static void cap_req_classify_flow(const struct request_sock *req,
700
				  struct flowi *fl)
701
{
702
}
703

704
static int cap_tun_dev_create(void)
705
{
706
	return 0;
707
}
708

709
static void cap_tun_dev_post_create(struct sock *sk)
710
{
711
}
712

713
static int cap_tun_dev_attach(struct sock *sk)
714
{
715
	return 0;
716
}
717
#endif	/* CONFIG_SECURITY_NETWORK */
718

719
#ifdef CONFIG_SECURITY_NETWORK_XFRM
720
static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
721
					  struct xfrm_user_sec_ctx *sec_ctx)
722
{
723
	return 0;
724
}
725

726
static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
727
					  struct xfrm_sec_ctx **new_ctxp)
728
{
729
	return 0;
730
}
731

732
static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
733
{
734
}
735

736
static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
737
{
738
	return 0;
739
}
740

741
static int cap_xfrm_state_alloc_security(struct xfrm_state *x,
742
					 struct xfrm_user_sec_ctx *sec_ctx,
743
					 u32 secid)
744
{
745
	return 0;
746
}
747

748
static void cap_xfrm_state_free_security(struct xfrm_state *x)
749
{
750
}
751

752
static int cap_xfrm_state_delete_security(struct xfrm_state *x)
753
{
754
	return 0;
755
}
756

757
static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
758
{
759
	return 0;
760
}
761

762
static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
763
					 struct xfrm_policy *xp,
764
					 const struct flowi *fl)
765
{
766
	return 1;
767
}
768

769
static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
770
{
771
	return 0;
772
}
773

774
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
775
static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
776
{
777
}
778

779
static int cap_getprocattr(struct task_struct *p, char *name, char **value)
780
{
781
	return -EINVAL;
782
}
783

784
static int cap_setprocattr(struct task_struct *p, char *name, void *value,
785
			   size_t size)
786
{
787
	return -EINVAL;
788
}
789

790
static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
791
{
792
	return -EOPNOTSUPP;
793
}
794

795
static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
796
{
797
	*secid = 0;
798
	return 0;
799
}
800

801
static void cap_release_secctx(char *secdata, u32 seclen)
802
{
803
}
804

805
static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
806
{
807
	return 0;
808
}
809

810
static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
811
{
812
	return 0;
813
}
814

815
static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
816
{
817
	return 0;
818
}
819
#ifdef CONFIG_KEYS
820
static int cap_key_alloc(struct key *key, const struct cred *cred,
821
			 unsigned long flags)
822
{
823
	return 0;
824
}
825

826
static void cap_key_free(struct key *key)
827
{
828
}
829

830
static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
831
			      key_perm_t perm)
832
{
833
	return 0;
834
}
835

836
static int cap_key_getsecurity(struct key *key, char **_buffer)
837
{
838
	*_buffer = NULL;
839
	return 0;
840
}
841

842
#endif /* CONFIG_KEYS */
843

844
#ifdef CONFIG_AUDIT
845
static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
846
{
847
	return 0;
848
}
849

850
static int cap_audit_rule_known(struct audit_krule *krule)
851
{
852
	return 0;
853
}
854

855
static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
856
				struct audit_context *actx)
857
{
858
	return 0;
859
}
860

861
static void cap_audit_rule_free(void *lsmrule)
862
{
863
}
864
#endif /* CONFIG_AUDIT */
865

866
#define set_to_cap_if_null(ops, function)				\
867
	do {								\
868
		if (!ops->function) {					\
869
			ops->function = cap_##function;			\
870
			pr_debug("Had to override the " #function	\
871
				 " security operation with the default.\n");\
872
			}						\
873
	} while (0)
874

875
void __init security_fixup_ops(struct security_operations *ops)
876
{
877
	set_to_cap_if_null(ops, ptrace_access_check);
878
	set_to_cap_if_null(ops, ptrace_traceme);
879
	set_to_cap_if_null(ops, capget);
880
	set_to_cap_if_null(ops, capset);
881
	set_to_cap_if_null(ops, capable);
882
	set_to_cap_if_null(ops, quotactl);
883
	set_to_cap_if_null(ops, quota_on);
884
	set_to_cap_if_null(ops, syslog);
885
	set_to_cap_if_null(ops, settime);
886
	set_to_cap_if_null(ops, vm_enough_memory);
887
	set_to_cap_if_null(ops, bprm_set_creds);
888
	set_to_cap_if_null(ops, bprm_committing_creds);
889
	set_to_cap_if_null(ops, bprm_committed_creds);
890
	set_to_cap_if_null(ops, bprm_check_security);
891
	set_to_cap_if_null(ops, bprm_secureexec);
892
	set_to_cap_if_null(ops, sb_alloc_security);
893
	set_to_cap_if_null(ops, sb_free_security);
894
	set_to_cap_if_null(ops, sb_copy_data);
895
	set_to_cap_if_null(ops, sb_remount);
896
	set_to_cap_if_null(ops, sb_kern_mount);
897
	set_to_cap_if_null(ops, sb_show_options);
898
	set_to_cap_if_null(ops, sb_statfs);
899
	set_to_cap_if_null(ops, sb_mount);
900
	set_to_cap_if_null(ops, sb_umount);
901
	set_to_cap_if_null(ops, sb_pivotroot);
902
	set_to_cap_if_null(ops, sb_set_mnt_opts);
903
	set_to_cap_if_null(ops, sb_clone_mnt_opts);
904
	set_to_cap_if_null(ops, sb_parse_opts_str);
905
	set_to_cap_if_null(ops, inode_alloc_security);
906
	set_to_cap_if_null(ops, inode_free_security);
907
	set_to_cap_if_null(ops, inode_init_security);
908
	set_to_cap_if_null(ops, inode_create);
909
	set_to_cap_if_null(ops, inode_link);
910
	set_to_cap_if_null(ops, inode_unlink);
911
	set_to_cap_if_null(ops, inode_symlink);
912
	set_to_cap_if_null(ops, inode_mkdir);
913
	set_to_cap_if_null(ops, inode_rmdir);
914
	set_to_cap_if_null(ops, inode_mknod);
915
	set_to_cap_if_null(ops, inode_rename);
916
	set_to_cap_if_null(ops, inode_readlink);
917
	set_to_cap_if_null(ops, inode_follow_link);
918
	set_to_cap_if_null(ops, inode_permission);
919
	set_to_cap_if_null(ops, inode_setattr);
920
	set_to_cap_if_null(ops, inode_getattr);
921
	set_to_cap_if_null(ops, inode_setxattr);
922
	set_to_cap_if_null(ops, inode_post_setxattr);
923
	set_to_cap_if_null(ops, inode_getxattr);
924
	set_to_cap_if_null(ops, inode_listxattr);
925
	set_to_cap_if_null(ops, inode_removexattr);
926
	set_to_cap_if_null(ops, inode_need_killpriv);
927
	set_to_cap_if_null(ops, inode_killpriv);
928
	set_to_cap_if_null(ops, inode_getsecurity);
929
	set_to_cap_if_null(ops, inode_setsecurity);
930
	set_to_cap_if_null(ops, inode_listsecurity);
931
	set_to_cap_if_null(ops, inode_getsecid);
932
#ifdef CONFIG_SECURITY_PATH
933
	set_to_cap_if_null(ops, path_mknod);
934
	set_to_cap_if_null(ops, path_mkdir);
935
	set_to_cap_if_null(ops, path_rmdir);
936
	set_to_cap_if_null(ops, path_unlink);
937
	set_to_cap_if_null(ops, path_symlink);
938
	set_to_cap_if_null(ops, path_link);
939
	set_to_cap_if_null(ops, path_rename);
940
	set_to_cap_if_null(ops, path_truncate);
941
	set_to_cap_if_null(ops, path_chmod);
942
	set_to_cap_if_null(ops, path_chown);
943
	set_to_cap_if_null(ops, path_chroot);
944
#endif
945
	set_to_cap_if_null(ops, file_permission);
946
	set_to_cap_if_null(ops, file_alloc_security);
947
	set_to_cap_if_null(ops, file_free_security);
948
	set_to_cap_if_null(ops, file_ioctl);
949
	set_to_cap_if_null(ops, file_mmap);
950
	set_to_cap_if_null(ops, file_mprotect);
951
	set_to_cap_if_null(ops, file_lock);
952
	set_to_cap_if_null(ops, file_fcntl);
953
	set_to_cap_if_null(ops, file_set_fowner);
954
	set_to_cap_if_null(ops, file_send_sigiotask);
955
	set_to_cap_if_null(ops, file_receive);
956
	set_to_cap_if_null(ops, dentry_open);
957
	set_to_cap_if_null(ops, task_create);
958
	set_to_cap_if_null(ops, cred_alloc_blank);
959
	set_to_cap_if_null(ops, cred_free);
960
	set_to_cap_if_null(ops, cred_prepare);
961
	set_to_cap_if_null(ops, cred_transfer);
962
	set_to_cap_if_null(ops, kernel_act_as);
963
	set_to_cap_if_null(ops, kernel_create_files_as);
964
	set_to_cap_if_null(ops, kernel_module_request);
965
	set_to_cap_if_null(ops, task_fix_setuid);
966
	set_to_cap_if_null(ops, task_setpgid);
967
	set_to_cap_if_null(ops, task_getpgid);
968
	set_to_cap_if_null(ops, task_getsid);
969
	set_to_cap_if_null(ops, task_getsecid);
970
	set_to_cap_if_null(ops, task_setnice);
971
	set_to_cap_if_null(ops, task_setioprio);
972
	set_to_cap_if_null(ops, task_getioprio);
973
	set_to_cap_if_null(ops, task_setrlimit);
974
	set_to_cap_if_null(ops, task_setscheduler);
975
	set_to_cap_if_null(ops, task_getscheduler);
976
	set_to_cap_if_null(ops, task_movememory);
977
	set_to_cap_if_null(ops, task_wait);
978
	set_to_cap_if_null(ops, task_kill);
979
	set_to_cap_if_null(ops, task_prctl);
980
	set_to_cap_if_null(ops, task_to_inode);
981
	set_to_cap_if_null(ops, ipc_permission);
982
	set_to_cap_if_null(ops, ipc_getsecid);
983
	set_to_cap_if_null(ops, msg_msg_alloc_security);
984
	set_to_cap_if_null(ops, msg_msg_free_security);
985
	set_to_cap_if_null(ops, msg_queue_alloc_security);
986
	set_to_cap_if_null(ops, msg_queue_free_security);
987
	set_to_cap_if_null(ops, msg_queue_associate);
988
	set_to_cap_if_null(ops, msg_queue_msgctl);
989
	set_to_cap_if_null(ops, msg_queue_msgsnd);
990
	set_to_cap_if_null(ops, msg_queue_msgrcv);
991
	set_to_cap_if_null(ops, shm_alloc_security);
992
	set_to_cap_if_null(ops, shm_free_security);
993
	set_to_cap_if_null(ops, shm_associate);
994
	set_to_cap_if_null(ops, shm_shmctl);
995
	set_to_cap_if_null(ops, shm_shmat);
996
	set_to_cap_if_null(ops, sem_alloc_security);
997
	set_to_cap_if_null(ops, sem_free_security);
998
	set_to_cap_if_null(ops, sem_associate);
999
	set_to_cap_if_null(ops, sem_semctl);
1000
	set_to_cap_if_null(ops, sem_semop);
1001
	set_to_cap_if_null(ops, netlink_send);
1002
	set_to_cap_if_null(ops, netlink_recv);
1003
	set_to_cap_if_null(ops, d_instantiate);
1004
	set_to_cap_if_null(ops, getprocattr);
1005
	set_to_cap_if_null(ops, setprocattr);
1006
	set_to_cap_if_null(ops, secid_to_secctx);
1007
	set_to_cap_if_null(ops, secctx_to_secid);
1008
	set_to_cap_if_null(ops, release_secctx);
1009
	set_to_cap_if_null(ops, inode_notifysecctx);
1010
	set_to_cap_if_null(ops, inode_setsecctx);
1011
	set_to_cap_if_null(ops, inode_getsecctx);
1012
#ifdef CONFIG_SECURITY_NETWORK
1013
	set_to_cap_if_null(ops, unix_stream_connect);
1014
	set_to_cap_if_null(ops, unix_may_send);
1015
	set_to_cap_if_null(ops, socket_create);
1016
	set_to_cap_if_null(ops, socket_post_create);
1017
	set_to_cap_if_null(ops, socket_bind);
1018
	set_to_cap_if_null(ops, socket_connect);
1019
	set_to_cap_if_null(ops, socket_listen);
1020
	set_to_cap_if_null(ops, socket_accept);
1021
	set_to_cap_if_null(ops, socket_sendmsg);
1022
	set_to_cap_if_null(ops, socket_recvmsg);
1023
	set_to_cap_if_null(ops, socket_getsockname);
1024
	set_to_cap_if_null(ops, socket_getpeername);
1025
	set_to_cap_if_null(ops, socket_setsockopt);
1026
	set_to_cap_if_null(ops, socket_getsockopt);
1027
	set_to_cap_if_null(ops, socket_shutdown);
1028
	set_to_cap_if_null(ops, socket_sock_rcv_skb);
1029
	set_to_cap_if_null(ops, socket_getpeersec_stream);
1030
	set_to_cap_if_null(ops, socket_getpeersec_dgram);
1031
	set_to_cap_if_null(ops, sk_alloc_security);
1032
	set_to_cap_if_null(ops, sk_free_security);
1033
	set_to_cap_if_null(ops, sk_clone_security);
1034
	set_to_cap_if_null(ops, sk_getsecid);
1035
	set_to_cap_if_null(ops, sock_graft);
1036
	set_to_cap_if_null(ops, inet_conn_request);
1037
	set_to_cap_if_null(ops, inet_csk_clone);
1038
	set_to_cap_if_null(ops, inet_conn_established);
1039
	set_to_cap_if_null(ops, secmark_relabel_packet);
1040
	set_to_cap_if_null(ops, secmark_refcount_inc);
1041
	set_to_cap_if_null(ops, secmark_refcount_dec);
1042
	set_to_cap_if_null(ops, req_classify_flow);
1043
	set_to_cap_if_null(ops, tun_dev_create);
1044
	set_to_cap_if_null(ops, tun_dev_post_create);
1045
	set_to_cap_if_null(ops, tun_dev_attach);
1046
#endif	/* CONFIG_SECURITY_NETWORK */
1047
#ifdef CONFIG_SECURITY_NETWORK_XFRM
1048
	set_to_cap_if_null(ops, xfrm_policy_alloc_security);
1049
	set_to_cap_if_null(ops, xfrm_policy_clone_security);
1050
	set_to_cap_if_null(ops, xfrm_policy_free_security);
1051
	set_to_cap_if_null(ops, xfrm_policy_delete_security);
1052
	set_to_cap_if_null(ops, xfrm_state_alloc_security);
1053
	set_to_cap_if_null(ops, xfrm_state_free_security);
1054
	set_to_cap_if_null(ops, xfrm_state_delete_security);
1055
	set_to_cap_if_null(ops, xfrm_policy_lookup);
1056
	set_to_cap_if_null(ops, xfrm_state_pol_flow_match);
1057
	set_to_cap_if_null(ops, xfrm_decode_session);
1058
#endif	/* CONFIG_SECURITY_NETWORK_XFRM */
1059
#ifdef CONFIG_KEYS
1060
	set_to_cap_if_null(ops, key_alloc);
1061
	set_to_cap_if_null(ops, key_free);
1062
	set_to_cap_if_null(ops, key_permission);
1063
	set_to_cap_if_null(ops, key_getsecurity);
1064
#endif	/* CONFIG_KEYS */
1065
#ifdef CONFIG_AUDIT
1066
	set_to_cap_if_null(ops, audit_rule_init);
1067
	set_to_cap_if_null(ops, audit_rule_known);
1068
	set_to_cap_if_null(ops, audit_rule_match);
1069
	set_to_cap_if_null(ops, audit_rule_free);
1070
#endif
1071
}
1072

1073
Product

Resources

Company
