Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit d4a141c8e77043bd674dd6aa0b40bc3675cb7b1d

Authored by Jeff Layton
Committed by James Morris
1 parent 864f32a52b
Exists in master and in 13 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-linux-3.15.y, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04, ti-linux-3.15.y, ti-lsk-linux-4.1.y

security: have cap_dentry_init_security return error 

Currently, cap_dentry_init_security returns 0 without actually
initializing the security label. This confuses its only caller
(nfs4_label_init_security) which expects an error in that situation, and
causes it to end up sending out junk onto the wire instead of simply
suppressing the label in the attributes sent.

When CONFIG_SECURITY is disabled, security_dentry_init_security returns
-EOPNOTSUPP. Have cap_dentry_init_security do the same.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

security/capability.c
Diff comments   View file @ d4a141c
1 /* 1 /*
2 * Capabilities Linux Security Module 2 * Capabilities Linux Security Module
3 * 3 *
4 * This is the default security module in case no other module is loaded. 4 * This is the default security module in case no other module is loaded.
5 * 5 *
6 * This program is free software; you can redistribute it and/or modify 6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by 7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or 8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version. 9 * (at your option) any later version.
10 * 10 *
11 */ 11 */
12 12
13 #include <linux/security.h> 13 #include <linux/security.h>
14 14
15 static int cap_syslog(int type) 15 static int cap_syslog(int type)
16 { 16 {
17 return 0; 17 return 0;
18 } 18 }
19 19
20 static int cap_quotactl(int cmds, int type, int id, struct super_block *sb) 20 static int cap_quotactl(int cmds, int type, int id, struct super_block *sb)
21 { 21 {
22 return 0; 22 return 0;
23 } 23 }
24 24
25 static int cap_quota_on(struct dentry *dentry) 25 static int cap_quota_on(struct dentry *dentry)
26 { 26 {
27 return 0; 27 return 0;
28 } 28 }
29 29
30 static int cap_bprm_check_security(struct linux_binprm *bprm) 30 static int cap_bprm_check_security(struct linux_binprm *bprm)
31 { 31 {
32 return 0; 32 return 0;
33 } 33 }
34 34
35 static void cap_bprm_committing_creds(struct linux_binprm *bprm) 35 static void cap_bprm_committing_creds(struct linux_binprm *bprm)
36 { 36 {
37 } 37 }
38 38
39 static void cap_bprm_committed_creds(struct linux_binprm *bprm) 39 static void cap_bprm_committed_creds(struct linux_binprm *bprm)
40 { 40 {
41 } 41 }
42 42
43 static int cap_sb_alloc_security(struct super_block *sb) 43 static int cap_sb_alloc_security(struct super_block *sb)
44 { 44 {
45 return 0; 45 return 0;
46 } 46 }
47 47
48 static void cap_sb_free_security(struct super_block *sb) 48 static void cap_sb_free_security(struct super_block *sb)
49 { 49 {
50 } 50 }
51 51
52 static int cap_sb_copy_data(char *orig, char *copy) 52 static int cap_sb_copy_data(char *orig, char *copy)
53 { 53 {
54 return 0; 54 return 0;
55 } 55 }
56 56
57 static int cap_sb_remount(struct super_block *sb, void *data) 57 static int cap_sb_remount(struct super_block *sb, void *data)
58 { 58 {
59 return 0; 59 return 0;
60 } 60 }
61 61
62 static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) 62 static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
63 { 63 {
64 return 0; 64 return 0;
65 } 65 }
66 66
67 static int cap_sb_show_options(struct seq_file *m, struct super_block *sb) 67 static int cap_sb_show_options(struct seq_file *m, struct super_block *sb)
68 { 68 {
69 return 0; 69 return 0;
70 } 70 }
71 71
72 static int cap_sb_statfs(struct dentry *dentry) 72 static int cap_sb_statfs(struct dentry *dentry)
73 { 73 {
74 return 0; 74 return 0;
75 } 75 }
76 76
77 static int cap_sb_mount(const char *dev_name, struct path *path, 77 static int cap_sb_mount(const char *dev_name, struct path *path,
78 const char *type, unsigned long flags, void *data) 78 const char *type, unsigned long flags, void *data)
79 { 79 {
80 return 0; 80 return 0;
81 } 81 }
82 82
83 static int cap_sb_umount(struct vfsmount *mnt, int flags) 83 static int cap_sb_umount(struct vfsmount *mnt, int flags)
84 { 84 {
85 return 0; 85 return 0;
86 } 86 }
87 87
88 static int cap_sb_pivotroot(struct path *old_path, struct path *new_path) 88 static int cap_sb_pivotroot(struct path *old_path, struct path *new_path)
89 { 89 {
90 return 0; 90 return 0;
91 } 91 }
92 92
93 static int cap_sb_set_mnt_opts(struct super_block *sb, 93 static int cap_sb_set_mnt_opts(struct super_block *sb,
94 struct security_mnt_opts *opts, 94 struct security_mnt_opts *opts,
95 unsigned long kern_flags, 95 unsigned long kern_flags,
96 unsigned long *set_kern_flags) 96 unsigned long *set_kern_flags)
97 97
98 { 98 {
99 if (unlikely(opts->num_mnt_opts)) 99 if (unlikely(opts->num_mnt_opts))
100 return -EOPNOTSUPP; 100 return -EOPNOTSUPP;
101 return 0; 101 return 0;
102 } 102 }
103 103
104 static int cap_sb_clone_mnt_opts(const struct super_block *oldsb, 104 static int cap_sb_clone_mnt_opts(const struct super_block *oldsb,
105 struct super_block *newsb) 105 struct super_block *newsb)
106 { 106 {
107 return 0; 107 return 0;
108 } 108 }
109 109
110 static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 110 static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
111 { 111 {
112 return 0; 112 return 0;
113 } 113 }
114 114
115 static int cap_dentry_init_security(struct dentry *dentry, int mode, 115 static int cap_dentry_init_security(struct dentry *dentry, int mode,
116 struct qstr *name, void **ctx, 116 struct qstr *name, void **ctx,
117 u32 *ctxlen) 117 u32 *ctxlen)
118 { 118 {
119 return 0; 119 return -EOPNOTSUPP;
120 } 120 }
121 121
122 static int cap_inode_alloc_security(struct inode *inode) 122 static int cap_inode_alloc_security(struct inode *inode)
123 { 123 {
124 return 0; 124 return 0;
125 } 125 }
126 126
127 static void cap_inode_free_security(struct inode *inode) 127 static void cap_inode_free_security(struct inode *inode)
128 { 128 {
129 } 129 }
130 130
131 static int cap_inode_init_security(struct inode *inode, struct inode *dir, 131 static int cap_inode_init_security(struct inode *inode, struct inode *dir,
132 const struct qstr *qstr, const char **name, 132 const struct qstr *qstr, const char **name,
133 void **value, size_t *len) 133 void **value, size_t *len)
134 { 134 {
135 return -EOPNOTSUPP; 135 return -EOPNOTSUPP;
136 } 136 }
137 137
138 static int cap_inode_create(struct inode *inode, struct dentry *dentry, 138 static int cap_inode_create(struct inode *inode, struct dentry *dentry,
139 umode_t mask) 139 umode_t mask)
140 { 140 {
141 return 0; 141 return 0;
142 } 142 }
143 143
144 static int cap_inode_link(struct dentry *old_dentry, struct inode *inode, 144 static int cap_inode_link(struct dentry *old_dentry, struct inode *inode,
145 struct dentry *new_dentry) 145 struct dentry *new_dentry)
146 { 146 {
147 return 0; 147 return 0;
148 } 148 }
149 149
150 static int cap_inode_unlink(struct inode *inode, struct dentry *dentry) 150 static int cap_inode_unlink(struct inode *inode, struct dentry *dentry)
151 { 151 {
152 return 0; 152 return 0;
153 } 153 }
154 154
155 static int cap_inode_symlink(struct inode *inode, struct dentry *dentry, 155 static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
156 const char *name) 156 const char *name)
157 { 157 {
158 return 0; 158 return 0;
159 } 159 }
160 160
161 static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry, 161 static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
162 umode_t mask) 162 umode_t mask)
163 { 163 {
164 return 0; 164 return 0;
165 } 165 }
166 166
167 static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry) 167 static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
168 { 168 {
169 return 0; 169 return 0;
170 } 170 }
171 171
172 static int cap_inode_mknod(struct inode *inode, struct dentry *dentry, 172 static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
173 umode_t mode, dev_t dev) 173 umode_t mode, dev_t dev)
174 { 174 {
175 return 0; 175 return 0;
176 } 176 }
177 177
178 static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry, 178 static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
179 struct inode *new_inode, struct dentry *new_dentry) 179 struct inode *new_inode, struct dentry *new_dentry)
180 { 180 {
181 return 0; 181 return 0;
182 } 182 }
183 183
184 static int cap_inode_readlink(struct dentry *dentry) 184 static int cap_inode_readlink(struct dentry *dentry)
185 { 185 {
186 return 0; 186 return 0;
187 } 187 }
188 188
189 static int cap_inode_follow_link(struct dentry *dentry, 189 static int cap_inode_follow_link(struct dentry *dentry,
190 struct nameidata *nameidata) 190 struct nameidata *nameidata)
191 { 191 {
192 return 0; 192 return 0;
193 } 193 }
194 194
195 static int cap_inode_permission(struct inode *inode, int mask) 195 static int cap_inode_permission(struct inode *inode, int mask)
196 { 196 {
197 return 0; 197 return 0;
198 } 198 }
199 199
200 static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr) 200 static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr)
201 { 201 {
202 return 0; 202 return 0;
203 } 203 }
204 204
205 static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 205 static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
206 { 206 {
207 return 0; 207 return 0;
208 } 208 }
209 209
210 static void cap_inode_post_setxattr(struct dentry *dentry, const char *name, 210 static void cap_inode_post_setxattr(struct dentry *dentry, const char *name,
211 const void *value, size_t size, int flags) 211 const void *value, size_t size, int flags)
212 { 212 {
213 } 213 }
214 214
215 static int cap_inode_getxattr(struct dentry *dentry, const char *name) 215 static int cap_inode_getxattr(struct dentry *dentry, const char *name)
216 { 216 {
217 return 0; 217 return 0;
218 } 218 }
219 219
220 static int cap_inode_listxattr(struct dentry *dentry) 220 static int cap_inode_listxattr(struct dentry *dentry)
221 { 221 {
222 return 0; 222 return 0;
223 } 223 }
224 224
225 static int cap_inode_getsecurity(const struct inode *inode, const char *name, 225 static int cap_inode_getsecurity(const struct inode *inode, const char *name,
226 void **buffer, bool alloc) 226 void **buffer, bool alloc)
227 { 227 {
228 return -EOPNOTSUPP; 228 return -EOPNOTSUPP;
229 } 229 }
230 230
231 static int cap_inode_setsecurity(struct inode *inode, const char *name, 231 static int cap_inode_setsecurity(struct inode *inode, const char *name,
232 const void *value, size_t size, int flags) 232 const void *value, size_t size, int flags)
233 { 233 {
234 return -EOPNOTSUPP; 234 return -EOPNOTSUPP;
235 } 235 }
236 236
237 static int cap_inode_listsecurity(struct inode *inode, char *buffer, 237 static int cap_inode_listsecurity(struct inode *inode, char *buffer,
238 size_t buffer_size) 238 size_t buffer_size)
239 { 239 {
240 return 0; 240 return 0;
241 } 241 }
242 242
243 static void cap_inode_getsecid(const struct inode *inode, u32 *secid) 243 static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
244 { 244 {
245 *secid = 0; 245 *secid = 0;
246 } 246 }
247 247
248 #ifdef CONFIG_SECURITY_PATH 248 #ifdef CONFIG_SECURITY_PATH
249 static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, 249 static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
250 unsigned int dev) 250 unsigned int dev)
251 { 251 {
252 return 0; 252 return 0;
253 } 253 }
254 254
255 static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) 255 static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
256 { 256 {
257 return 0; 257 return 0;
258 } 258 }
259 259
260 static int cap_path_rmdir(struct path *dir, struct dentry *dentry) 260 static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
261 { 261 {
262 return 0; 262 return 0;
263 } 263 }
264 264
265 static int cap_path_unlink(struct path *dir, struct dentry *dentry) 265 static int cap_path_unlink(struct path *dir, struct dentry *dentry)
266 { 266 {
267 return 0; 267 return 0;
268 } 268 }
269 269
270 static int cap_path_symlink(struct path *dir, struct dentry *dentry, 270 static int cap_path_symlink(struct path *dir, struct dentry *dentry,
271 const char *old_name) 271 const char *old_name)
272 { 272 {
273 return 0; 273 return 0;
274 } 274 }
275 275
276 static int cap_path_link(struct dentry *old_dentry, struct path *new_dir, 276 static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
277 struct dentry *new_dentry) 277 struct dentry *new_dentry)
278 { 278 {
279 return 0; 279 return 0;
280 } 280 }
281 281
282 static int cap_path_rename(struct path *old_path, struct dentry *old_dentry, 282 static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
283 struct path *new_path, struct dentry *new_dentry) 283 struct path *new_path, struct dentry *new_dentry)
284 { 284 {
285 return 0; 285 return 0;
286 } 286 }
287 287
288 static int cap_path_truncate(struct path *path) 288 static int cap_path_truncate(struct path *path)
289 { 289 {
290 return 0; 290 return 0;
291 } 291 }
292 292
293 static int cap_path_chmod(struct path *path, umode_t mode) 293 static int cap_path_chmod(struct path *path, umode_t mode)
294 { 294 {
295 return 0; 295 return 0;
296 } 296 }
297 297
298 static int cap_path_chown(struct path *path, kuid_t uid, kgid_t gid) 298 static int cap_path_chown(struct path *path, kuid_t uid, kgid_t gid)
299 { 299 {
300 return 0; 300 return 0;
301 } 301 }
302 302
303 static int cap_path_chroot(struct path *root) 303 static int cap_path_chroot(struct path *root)
304 { 304 {
305 return 0; 305 return 0;
306 } 306 }
307 #endif 307 #endif
308 308
309 static int cap_file_permission(struct file *file, int mask) 309 static int cap_file_permission(struct file *file, int mask)
310 { 310 {
311 return 0; 311 return 0;
312 } 312 }
313 313
314 static int cap_file_alloc_security(struct file *file) 314 static int cap_file_alloc_security(struct file *file)
315 { 315 {
316 return 0; 316 return 0;
317 } 317 }
318 318
319 static void cap_file_free_security(struct file *file) 319 static void cap_file_free_security(struct file *file)
320 { 320 {
321 } 321 }
322 322
323 static int cap_file_ioctl(struct file *file, unsigned int command, 323 static int cap_file_ioctl(struct file *file, unsigned int command,
324 unsigned long arg) 324 unsigned long arg)
325 { 325 {
326 return 0; 326 return 0;
327 } 327 }
328 328
329 static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 329 static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
330 unsigned long prot) 330 unsigned long prot)
331 { 331 {
332 return 0; 332 return 0;
333 } 333 }
334 334
335 static int cap_file_lock(struct file *file, unsigned int cmd) 335 static int cap_file_lock(struct file *file, unsigned int cmd)
336 { 336 {
337 return 0; 337 return 0;
338 } 338 }
339 339
340 static int cap_file_fcntl(struct file *file, unsigned int cmd, 340 static int cap_file_fcntl(struct file *file, unsigned int cmd,
341 unsigned long arg) 341 unsigned long arg)
342 { 342 {
343 return 0; 343 return 0;
344 } 344 }
345 345
346 static int cap_file_set_fowner(struct file *file) 346 static int cap_file_set_fowner(struct file *file)
347 { 347 {
348 return 0; 348 return 0;
349 } 349 }
350 350
351 static int cap_file_send_sigiotask(struct task_struct *tsk, 351 static int cap_file_send_sigiotask(struct task_struct *tsk,
352 struct fown_struct *fown, int sig) 352 struct fown_struct *fown, int sig)
353 { 353 {
354 return 0; 354 return 0;
355 } 355 }
356 356
357 static int cap_file_receive(struct file *file) 357 static int cap_file_receive(struct file *file)
358 { 358 {
359 return 0; 359 return 0;
360 } 360 }
361 361
362 static int cap_file_open(struct file *file, const struct cred *cred) 362 static int cap_file_open(struct file *file, const struct cred *cred)
363 { 363 {
364 return 0; 364 return 0;
365 } 365 }
366 366
367 static int cap_task_create(unsigned long clone_flags) 367 static int cap_task_create(unsigned long clone_flags)
368 { 368 {
369 return 0; 369 return 0;
370 } 370 }
371 371
372 static void cap_task_free(struct task_struct *task) 372 static void cap_task_free(struct task_struct *task)
373 { 373 {
374 } 374 }
375 375
376 static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp) 376 static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
377 { 377 {
378 return 0; 378 return 0;
379 } 379 }
380 380
381 static void cap_cred_free(struct cred *cred) 381 static void cap_cred_free(struct cred *cred)
382 { 382 {
383 } 383 }
384 384
385 static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) 385 static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
386 { 386 {
387 return 0; 387 return 0;
388 } 388 }
389 389
390 static void cap_cred_transfer(struct cred *new, const struct cred *old) 390 static void cap_cred_transfer(struct cred *new, const struct cred *old)
391 { 391 {
392 } 392 }
393 393
394 static int cap_kernel_act_as(struct cred *new, u32 secid) 394 static int cap_kernel_act_as(struct cred *new, u32 secid)
395 { 395 {
396 return 0; 396 return 0;
397 } 397 }
398 398
399 static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) 399 static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
400 { 400 {
401 return 0; 401 return 0;
402 } 402 }
403 403
404 static int cap_kernel_module_request(char *kmod_name) 404 static int cap_kernel_module_request(char *kmod_name)
405 { 405 {
406 return 0; 406 return 0;
407 } 407 }
408 408
409 static int cap_kernel_module_from_file(struct file *file) 409 static int cap_kernel_module_from_file(struct file *file)
410 { 410 {
411 return 0; 411 return 0;
412 } 412 }
413 413
414 static int cap_task_setpgid(struct task_struct *p, pid_t pgid) 414 static int cap_task_setpgid(struct task_struct *p, pid_t pgid)
415 { 415 {
416 return 0; 416 return 0;
417 } 417 }
418 418
419 static int cap_task_getpgid(struct task_struct *p) 419 static int cap_task_getpgid(struct task_struct *p)
420 { 420 {
421 return 0; 421 return 0;
422 } 422 }
423 423
424 static int cap_task_getsid(struct task_struct *p) 424 static int cap_task_getsid(struct task_struct *p)
425 { 425 {
426 return 0; 426 return 0;
427 } 427 }
428 428
429 static void cap_task_getsecid(struct task_struct *p, u32 *secid) 429 static void cap_task_getsecid(struct task_struct *p, u32 *secid)
430 { 430 {
431 *secid = 0; 431 *secid = 0;
432 } 432 }
433 433
434 static int cap_task_getioprio(struct task_struct *p) 434 static int cap_task_getioprio(struct task_struct *p)
435 { 435 {
436 return 0; 436 return 0;
437 } 437 }
438 438
439 static int cap_task_setrlimit(struct task_struct *p, unsigned int resource, 439 static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
440 struct rlimit *new_rlim) 440 struct rlimit *new_rlim)
441 { 441 {
442 return 0; 442 return 0;
443 } 443 }
444 444
445 static int cap_task_getscheduler(struct task_struct *p) 445 static int cap_task_getscheduler(struct task_struct *p)
446 { 446 {
447 return 0; 447 return 0;
448 } 448 }
449 449
450 static int cap_task_movememory(struct task_struct *p) 450 static int cap_task_movememory(struct task_struct *p)
451 { 451 {
452 return 0; 452 return 0;
453 } 453 }
454 454
455 static int cap_task_wait(struct task_struct *p) 455 static int cap_task_wait(struct task_struct *p)
456 { 456 {
457 return 0; 457 return 0;
458 } 458 }
459 459
460 static int cap_task_kill(struct task_struct *p, struct siginfo *info, 460 static int cap_task_kill(struct task_struct *p, struct siginfo *info,
461 int sig, u32 secid) 461 int sig, u32 secid)
462 { 462 {
463 return 0; 463 return 0;
464 } 464 }
465 465
466 static void cap_task_to_inode(struct task_struct *p, struct inode *inode) 466 static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
467 { 467 {
468 } 468 }
469 469
470 static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 470 static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
471 { 471 {
472 return 0; 472 return 0;
473 } 473 }
474 474
475 static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 475 static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
476 { 476 {
477 *secid = 0; 477 *secid = 0;
478 } 478 }
479 479
480 static int cap_msg_msg_alloc_security(struct msg_msg *msg) 480 static int cap_msg_msg_alloc_security(struct msg_msg *msg)
481 { 481 {
482 return 0; 482 return 0;
483 } 483 }
484 484
485 static void cap_msg_msg_free_security(struct msg_msg *msg) 485 static void cap_msg_msg_free_security(struct msg_msg *msg)
486 { 486 {
487 } 487 }
488 488
489 static int cap_msg_queue_alloc_security(struct msg_queue *msq) 489 static int cap_msg_queue_alloc_security(struct msg_queue *msq)
490 { 490 {
491 return 0; 491 return 0;
492 } 492 }
493 493
494 static void cap_msg_queue_free_security(struct msg_queue *msq) 494 static void cap_msg_queue_free_security(struct msg_queue *msq)
495 { 495 {
496 } 496 }
497 497
498 static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg) 498 static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg)
499 { 499 {
500 return 0; 500 return 0;
501 } 501 }
502 502
503 static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd) 503 static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd)
504 { 504 {
505 return 0; 505 return 0;
506 } 506 }
507 507
508 static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 508 static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
509 int msgflg) 509 int msgflg)
510 { 510 {
511 return 0; 511 return 0;
512 } 512 }
513 513
514 static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 514 static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
515 struct task_struct *target, long type, int mode) 515 struct task_struct *target, long type, int mode)
516 { 516 {
517 return 0; 517 return 0;
518 } 518 }
519 519
520 static int cap_shm_alloc_security(struct shmid_kernel *shp) 520 static int cap_shm_alloc_security(struct shmid_kernel *shp)
521 { 521 {
522 return 0; 522 return 0;
523 } 523 }
524 524
525 static void cap_shm_free_security(struct shmid_kernel *shp) 525 static void cap_shm_free_security(struct shmid_kernel *shp)
526 { 526 {
527 } 527 }
528 528
529 static int cap_shm_associate(struct shmid_kernel *shp, int shmflg) 529 static int cap_shm_associate(struct shmid_kernel *shp, int shmflg)
530 { 530 {
531 return 0; 531 return 0;
532 } 532 }
533 533
534 static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd) 534 static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd)
535 { 535 {
536 return 0; 536 return 0;
537 } 537 }
538 538
539 static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 539 static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
540 int shmflg) 540 int shmflg)
541 { 541 {
542 return 0; 542 return 0;
543 } 543 }
544 544
545 static int cap_sem_alloc_security(struct sem_array *sma) 545 static int cap_sem_alloc_security(struct sem_array *sma)
546 { 546 {
547 return 0; 547 return 0;
548 } 548 }
549 549
550 static void cap_sem_free_security(struct sem_array *sma) 550 static void cap_sem_free_security(struct sem_array *sma)
551 { 551 {
552 } 552 }
553 553
554 static int cap_sem_associate(struct sem_array *sma, int semflg) 554 static int cap_sem_associate(struct sem_array *sma, int semflg)
555 { 555 {
556 return 0; 556 return 0;
557 } 557 }
558 558
559 static int cap_sem_semctl(struct sem_array *sma, int cmd) 559 static int cap_sem_semctl(struct sem_array *sma, int cmd)
560 { 560 {
561 return 0; 561 return 0;
562 } 562 }
563 563
564 static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops, 564 static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
565 unsigned nsops, int alter) 565 unsigned nsops, int alter)
566 { 566 {
567 return 0; 567 return 0;
568 } 568 }
569 569
570 #ifdef CONFIG_SECURITY_NETWORK 570 #ifdef CONFIG_SECURITY_NETWORK
571 static int cap_unix_stream_connect(struct sock *sock, struct sock *other, 571 static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
572 struct sock *newsk) 572 struct sock *newsk)
573 { 573 {
574 return 0; 574 return 0;
575 } 575 }
576 576
577 static int cap_unix_may_send(struct socket *sock, struct socket *other) 577 static int cap_unix_may_send(struct socket *sock, struct socket *other)
578 { 578 {
579 return 0; 579 return 0;
580 } 580 }
581 581
582 static int cap_socket_create(int family, int type, int protocol, int kern) 582 static int cap_socket_create(int family, int type, int protocol, int kern)
583 { 583 {
584 return 0; 584 return 0;
585 } 585 }
586 586
587 static int cap_socket_post_create(struct socket *sock, int family, int type, 587 static int cap_socket_post_create(struct socket *sock, int family, int type,
588 int protocol, int kern) 588 int protocol, int kern)
589 { 589 {
590 return 0; 590 return 0;
591 } 591 }
592 592
593 static int cap_socket_bind(struct socket *sock, struct sockaddr *address, 593 static int cap_socket_bind(struct socket *sock, struct sockaddr *address,
594 int addrlen) 594 int addrlen)
595 { 595 {
596 return 0; 596 return 0;
597 } 597 }
598 598
599 static int cap_socket_connect(struct socket *sock, struct sockaddr *address, 599 static int cap_socket_connect(struct socket *sock, struct sockaddr *address,
600 int addrlen) 600 int addrlen)
601 { 601 {
602 return 0; 602 return 0;
603 } 603 }
604 604
605 static int cap_socket_listen(struct socket *sock, int backlog) 605 static int cap_socket_listen(struct socket *sock, int backlog)
606 { 606 {
607 return 0; 607 return 0;
608 } 608 }
609 609
610 static int cap_socket_accept(struct socket *sock, struct socket *newsock) 610 static int cap_socket_accept(struct socket *sock, struct socket *newsock)
611 { 611 {
612 return 0; 612 return 0;
613 } 613 }
614 614
615 static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) 615 static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
616 { 616 {
617 return 0; 617 return 0;
618 } 618 }
619 619
620 static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg, 620 static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg,
621 int size, int flags) 621 int size, int flags)
622 { 622 {
623 return 0; 623 return 0;
624 } 624 }
625 625
626 static int cap_socket_getsockname(struct socket *sock) 626 static int cap_socket_getsockname(struct socket *sock)
627 { 627 {
628 return 0; 628 return 0;
629 } 629 }
630 630
631 static int cap_socket_getpeername(struct socket *sock) 631 static int cap_socket_getpeername(struct socket *sock)
632 { 632 {
633 return 0; 633 return 0;
634 } 634 }
635 635
636 static int cap_socket_setsockopt(struct socket *sock, int level, int optname) 636 static int cap_socket_setsockopt(struct socket *sock, int level, int optname)
637 { 637 {
638 return 0; 638 return 0;
639 } 639 }
640 640
641 static int cap_socket_getsockopt(struct socket *sock, int level, int optname) 641 static int cap_socket_getsockopt(struct socket *sock, int level, int optname)
642 { 642 {
643 return 0; 643 return 0;
644 } 644 }
645 645
646 static int cap_socket_shutdown(struct socket *sock, int how) 646 static int cap_socket_shutdown(struct socket *sock, int how)
647 { 647 {
648 return 0; 648 return 0;
649 } 649 }
650 650
651 static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 651 static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
652 { 652 {
653 return 0; 653 return 0;
654 } 654 }
655 655
656 static int cap_socket_getpeersec_stream(struct socket *sock, 656 static int cap_socket_getpeersec_stream(struct socket *sock,
657 char __user *optval, 657 char __user *optval,
658 int __user *optlen, unsigned len) 658 int __user *optlen, unsigned len)
659 { 659 {
660 return -ENOPROTOOPT; 660 return -ENOPROTOOPT;
661 } 661 }
662 662
663 static int cap_socket_getpeersec_dgram(struct socket *sock, 663 static int cap_socket_getpeersec_dgram(struct socket *sock,
664 struct sk_buff *skb, u32 *secid) 664 struct sk_buff *skb, u32 *secid)
665 { 665 {
666 return -ENOPROTOOPT; 666 return -ENOPROTOOPT;
667 } 667 }
668 668
669 static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority) 669 static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
670 { 670 {
671 return 0; 671 return 0;
672 } 672 }
673 673
674 static void cap_sk_free_security(struct sock *sk) 674 static void cap_sk_free_security(struct sock *sk)
675 { 675 {
676 } 676 }
677 677
678 static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk) 678 static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk)
679 { 679 {
680 } 680 }
681 681
682 static void cap_sk_getsecid(struct sock *sk, u32 *secid) 682 static void cap_sk_getsecid(struct sock *sk, u32 *secid)
683 { 683 {
684 } 684 }
685 685
686 static void cap_sock_graft(struct sock *sk, struct socket *parent) 686 static void cap_sock_graft(struct sock *sk, struct socket *parent)
687 { 687 {
688 } 688 }
689 689
690 static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb, 690 static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb,
691 struct request_sock *req) 691 struct request_sock *req)
692 { 692 {
693 return 0; 693 return 0;
694 } 694 }
695 695
696 static void cap_inet_csk_clone(struct sock *newsk, 696 static void cap_inet_csk_clone(struct sock *newsk,
697 const struct request_sock *req) 697 const struct request_sock *req)
698 { 698 {
699 } 699 }
700 700
701 static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb) 701 static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
702 { 702 {
703 } 703 }
704 704
705 static int cap_secmark_relabel_packet(u32 secid) 705 static int cap_secmark_relabel_packet(u32 secid)
706 { 706 {
707 return 0; 707 return 0;
708 } 708 }
709 709
710 static void cap_secmark_refcount_inc(void) 710 static void cap_secmark_refcount_inc(void)
711 { 711 {
712 } 712 }
713 713
714 static void cap_secmark_refcount_dec(void) 714 static void cap_secmark_refcount_dec(void)
715 { 715 {
716 } 716 }
717 717
718 static void cap_req_classify_flow(const struct request_sock *req, 718 static void cap_req_classify_flow(const struct request_sock *req,
719 struct flowi *fl) 719 struct flowi *fl)
720 { 720 {
721 } 721 }
722 722
723 static int cap_tun_dev_alloc_security(void **security) 723 static int cap_tun_dev_alloc_security(void **security)
724 { 724 {
725 return 0; 725 return 0;
726 } 726 }
727 727
728 static void cap_tun_dev_free_security(void *security) 728 static void cap_tun_dev_free_security(void *security)
729 { 729 {
730 } 730 }
731 731
732 static int cap_tun_dev_create(void) 732 static int cap_tun_dev_create(void)
733 { 733 {
734 return 0; 734 return 0;
735 } 735 }
736 736
737 static int cap_tun_dev_attach_queue(void *security) 737 static int cap_tun_dev_attach_queue(void *security)
738 { 738 {
739 return 0; 739 return 0;
740 } 740 }
741 741
742 static int cap_tun_dev_attach(struct sock *sk, void *security) 742 static int cap_tun_dev_attach(struct sock *sk, void *security)
743 { 743 {
744 return 0; 744 return 0;
745 } 745 }
746 746
747 static int cap_tun_dev_open(void *security) 747 static int cap_tun_dev_open(void *security)
748 { 748 {
749 return 0; 749 return 0;
750 } 750 }
751 751
752 static void cap_skb_owned_by(struct sk_buff *skb, struct sock *sk) 752 static void cap_skb_owned_by(struct sk_buff *skb, struct sock *sk)
753 { 753 {
754 } 754 }
755 755
756 #endif /* CONFIG_SECURITY_NETWORK */ 756 #endif /* CONFIG_SECURITY_NETWORK */
757 757
758 #ifdef CONFIG_SECURITY_NETWORK_XFRM 758 #ifdef CONFIG_SECURITY_NETWORK_XFRM
759 static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp, 759 static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
760 struct xfrm_user_sec_ctx *sec_ctx) 760 struct xfrm_user_sec_ctx *sec_ctx)
761 { 761 {
762 return 0; 762 return 0;
763 } 763 }
764 764
765 static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx, 765 static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
766 struct xfrm_sec_ctx **new_ctxp) 766 struct xfrm_sec_ctx **new_ctxp)
767 { 767 {
768 return 0; 768 return 0;
769 } 769 }
770 770
771 static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx) 771 static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
772 { 772 {
773 } 773 }
774 774
775 static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx) 775 static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
776 { 776 {
777 return 0; 777 return 0;
778 } 778 }
779 779
780 static int cap_xfrm_state_alloc(struct xfrm_state *x, 780 static int cap_xfrm_state_alloc(struct xfrm_state *x,
781 struct xfrm_user_sec_ctx *sec_ctx) 781 struct xfrm_user_sec_ctx *sec_ctx)
782 { 782 {
783 return 0; 783 return 0;
784 } 784 }
785 785
786 static int cap_xfrm_state_alloc_acquire(struct xfrm_state *x, 786 static int cap_xfrm_state_alloc_acquire(struct xfrm_state *x,
787 struct xfrm_sec_ctx *polsec, 787 struct xfrm_sec_ctx *polsec,
788 u32 secid) 788 u32 secid)
789 { 789 {
790 return 0; 790 return 0;
791 } 791 }
792 792
793 static void cap_xfrm_state_free_security(struct xfrm_state *x) 793 static void cap_xfrm_state_free_security(struct xfrm_state *x)
794 { 794 {
795 } 795 }
796 796
797 static int cap_xfrm_state_delete_security(struct xfrm_state *x) 797 static int cap_xfrm_state_delete_security(struct xfrm_state *x)
798 { 798 {
799 return 0; 799 return 0;
800 } 800 }
801 801
802 static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir) 802 static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
803 { 803 {
804 return 0; 804 return 0;
805 } 805 }
806 806
807 static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x, 807 static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
808 struct xfrm_policy *xp, 808 struct xfrm_policy *xp,
809 const struct flowi *fl) 809 const struct flowi *fl)
810 { 810 {
811 return 1; 811 return 1;
812 } 812 }
813 813
814 static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall) 814 static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
815 { 815 {
816 return 0; 816 return 0;
817 } 817 }
818 818
819 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 819 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
820 static void cap_d_instantiate(struct dentry *dentry, struct inode *inode) 820 static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
821 { 821 {
822 } 822 }
823 823
824 static int cap_getprocattr(struct task_struct *p, char *name, char **value) 824 static int cap_getprocattr(struct task_struct *p, char *name, char **value)
825 { 825 {
826 return -EINVAL; 826 return -EINVAL;
827 } 827 }
828 828
829 static int cap_setprocattr(struct task_struct *p, char *name, void *value, 829 static int cap_setprocattr(struct task_struct *p, char *name, void *value,
830 size_t size) 830 size_t size)
831 { 831 {
832 return -EINVAL; 832 return -EINVAL;
833 } 833 }
834 834
835 static int cap_ismaclabel(const char *name) 835 static int cap_ismaclabel(const char *name)
836 { 836 {
837 return 0; 837 return 0;
838 } 838 }
839 839
840 static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 840 static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
841 { 841 {
842 return -EOPNOTSUPP; 842 return -EOPNOTSUPP;
843 } 843 }
844 844
845 static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 845 static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
846 { 846 {
847 *secid = 0; 847 *secid = 0;
848 return 0; 848 return 0;
849 } 849 }
850 850
851 static void cap_release_secctx(char *secdata, u32 seclen) 851 static void cap_release_secctx(char *secdata, u32 seclen)
852 { 852 {
853 } 853 }
854 854
855 static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 855 static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
856 { 856 {
857 return 0; 857 return 0;
858 } 858 }
859 859
860 static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 860 static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
861 { 861 {
862 return 0; 862 return 0;
863 } 863 }
864 864
865 static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 865 static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
866 { 866 {
867 return -EOPNOTSUPP; 867 return -EOPNOTSUPP;
868 } 868 }
869 #ifdef CONFIG_KEYS 869 #ifdef CONFIG_KEYS
870 static int cap_key_alloc(struct key *key, const struct cred *cred, 870 static int cap_key_alloc(struct key *key, const struct cred *cred,
871 unsigned long flags) 871 unsigned long flags)
872 { 872 {
873 return 0; 873 return 0;
874 } 874 }
875 875
876 static void cap_key_free(struct key *key) 876 static void cap_key_free(struct key *key)
877 { 877 {
878 } 878 }
879 879
880 static int cap_key_permission(key_ref_t key_ref, const struct cred *cred, 880 static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
881 key_perm_t perm) 881 key_perm_t perm)
882 { 882 {
883 return 0; 883 return 0;
884 } 884 }
885 885
886 static int cap_key_getsecurity(struct key *key, char **_buffer) 886 static int cap_key_getsecurity(struct key *key, char **_buffer)
887 { 887 {
888 *_buffer = NULL; 888 *_buffer = NULL;
889 return 0; 889 return 0;
890 } 890 }
891 891
892 #endif /* CONFIG_KEYS */ 892 #endif /* CONFIG_KEYS */
893 893
894 #ifdef CONFIG_AUDIT 894 #ifdef CONFIG_AUDIT
895 static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) 895 static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
896 { 896 {
897 return 0; 897 return 0;
898 } 898 }
899 899
900 static int cap_audit_rule_known(struct audit_krule *krule) 900 static int cap_audit_rule_known(struct audit_krule *krule)
901 { 901 {
902 return 0; 902 return 0;
903 } 903 }
904 904
905 static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 905 static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
906 struct audit_context *actx) 906 struct audit_context *actx)
907 { 907 {
908 return 0; 908 return 0;
909 } 909 }
910 910
911 static void cap_audit_rule_free(void *lsmrule) 911 static void cap_audit_rule_free(void *lsmrule)
912 { 912 {
913 } 913 }
914 #endif /* CONFIG_AUDIT */ 914 #endif /* CONFIG_AUDIT */
915 915
916 #define set_to_cap_if_null(ops, function) \ 916 #define set_to_cap_if_null(ops, function) \
917 do { \ 917 do { \
918 if (!ops->function) { \ 918 if (!ops->function) { \
919 ops->function = cap_##function; \ 919 ops->function = cap_##function; \
920 pr_debug("Had to override the " #function \ 920 pr_debug("Had to override the " #function \
921 " security operation with the default.\n");\ 921 " security operation with the default.\n");\
922 } \ 922 } \
923 } while (0) 923 } while (0)
924 924
925 void __init security_fixup_ops(struct security_operations *ops) 925 void __init security_fixup_ops(struct security_operations *ops)
926 { 926 {
927 set_to_cap_if_null(ops, ptrace_access_check); 927 set_to_cap_if_null(ops, ptrace_access_check);
928 set_to_cap_if_null(ops, ptrace_traceme); 928 set_to_cap_if_null(ops, ptrace_traceme);
929 set_to_cap_if_null(ops, capget); 929 set_to_cap_if_null(ops, capget);
930 set_to_cap_if_null(ops, capset); 930 set_to_cap_if_null(ops, capset);
931 set_to_cap_if_null(ops, capable); 931 set_to_cap_if_null(ops, capable);
932 set_to_cap_if_null(ops, quotactl); 932 set_to_cap_if_null(ops, quotactl);
933 set_to_cap_if_null(ops, quota_on); 933 set_to_cap_if_null(ops, quota_on);
934 set_to_cap_if_null(ops, syslog); 934 set_to_cap_if_null(ops, syslog);
935 set_to_cap_if_null(ops, settime); 935 set_to_cap_if_null(ops, settime);
936 set_to_cap_if_null(ops, vm_enough_memory); 936 set_to_cap_if_null(ops, vm_enough_memory);
937 set_to_cap_if_null(ops, bprm_set_creds); 937 set_to_cap_if_null(ops, bprm_set_creds);
938 set_to_cap_if_null(ops, bprm_committing_creds); 938 set_to_cap_if_null(ops, bprm_committing_creds);
939 set_to_cap_if_null(ops, bprm_committed_creds); 939 set_to_cap_if_null(ops, bprm_committed_creds);
940 set_to_cap_if_null(ops, bprm_check_security); 940 set_to_cap_if_null(ops, bprm_check_security);
941 set_to_cap_if_null(ops, bprm_secureexec); 941 set_to_cap_if_null(ops, bprm_secureexec);
942 set_to_cap_if_null(ops, sb_alloc_security); 942 set_to_cap_if_null(ops, sb_alloc_security);
943 set_to_cap_if_null(ops, sb_free_security); 943 set_to_cap_if_null(ops, sb_free_security);
944 set_to_cap_if_null(ops, sb_copy_data); 944 set_to_cap_if_null(ops, sb_copy_data);
945 set_to_cap_if_null(ops, sb_remount); 945 set_to_cap_if_null(ops, sb_remount);
946 set_to_cap_if_null(ops, sb_kern_mount); 946 set_to_cap_if_null(ops, sb_kern_mount);
947 set_to_cap_if_null(ops, sb_show_options); 947 set_to_cap_if_null(ops, sb_show_options);
948 set_to_cap_if_null(ops, sb_statfs); 948 set_to_cap_if_null(ops, sb_statfs);
949 set_to_cap_if_null(ops, sb_mount); 949 set_to_cap_if_null(ops, sb_mount);
950 set_to_cap_if_null(ops, sb_umount); 950 set_to_cap_if_null(ops, sb_umount);
951 set_to_cap_if_null(ops, sb_pivotroot); 951 set_to_cap_if_null(ops, sb_pivotroot);
952 set_to_cap_if_null(ops, sb_set_mnt_opts); 952 set_to_cap_if_null(ops, sb_set_mnt_opts);
953 set_to_cap_if_null(ops, sb_clone_mnt_opts); 953 set_to_cap_if_null(ops, sb_clone_mnt_opts);
954 set_to_cap_if_null(ops, sb_parse_opts_str); 954 set_to_cap_if_null(ops, sb_parse_opts_str);
955 set_to_cap_if_null(ops, dentry_init_security); 955 set_to_cap_if_null(ops, dentry_init_security);
956 set_to_cap_if_null(ops, inode_alloc_security); 956 set_to_cap_if_null(ops, inode_alloc_security);
957 set_to_cap_if_null(ops, inode_free_security); 957 set_to_cap_if_null(ops, inode_free_security);
958 set_to_cap_if_null(ops, inode_init_security); 958 set_to_cap_if_null(ops, inode_init_security);
959 set_to_cap_if_null(ops, inode_create); 959 set_to_cap_if_null(ops, inode_create);
960 set_to_cap_if_null(ops, inode_link); 960 set_to_cap_if_null(ops, inode_link);
961 set_to_cap_if_null(ops, inode_unlink); 961 set_to_cap_if_null(ops, inode_unlink);
962 set_to_cap_if_null(ops, inode_symlink); 962 set_to_cap_if_null(ops, inode_symlink);
963 set_to_cap_if_null(ops, inode_mkdir); 963 set_to_cap_if_null(ops, inode_mkdir);
964 set_to_cap_if_null(ops, inode_rmdir); 964 set_to_cap_if_null(ops, inode_rmdir);
965 set_to_cap_if_null(ops, inode_mknod); 965 set_to_cap_if_null(ops, inode_mknod);
966 set_to_cap_if_null(ops, inode_rename); 966 set_to_cap_if_null(ops, inode_rename);
967 set_to_cap_if_null(ops, inode_readlink); 967 set_to_cap_if_null(ops, inode_readlink);
968 set_to_cap_if_null(ops, inode_follow_link); 968 set_to_cap_if_null(ops, inode_follow_link);
969 set_to_cap_if_null(ops, inode_permission); 969 set_to_cap_if_null(ops, inode_permission);
970 set_to_cap_if_null(ops, inode_setattr); 970 set_to_cap_if_null(ops, inode_setattr);
971 set_to_cap_if_null(ops, inode_getattr); 971 set_to_cap_if_null(ops, inode_getattr);
972 set_to_cap_if_null(ops, inode_setxattr); 972 set_to_cap_if_null(ops, inode_setxattr);
973 set_to_cap_if_null(ops, inode_post_setxattr); 973 set_to_cap_if_null(ops, inode_post_setxattr);
974 set_to_cap_if_null(ops, inode_getxattr); 974 set_to_cap_if_null(ops, inode_getxattr);
975 set_to_cap_if_null(ops, inode_listxattr); 975 set_to_cap_if_null(ops, inode_listxattr);
976 set_to_cap_if_null(ops, inode_removexattr); 976 set_to_cap_if_null(ops, inode_removexattr);
977 set_to_cap_if_null(ops, inode_need_killpriv); 977 set_to_cap_if_null(ops, inode_need_killpriv);
978 set_to_cap_if_null(ops, inode_killpriv); 978 set_to_cap_if_null(ops, inode_killpriv);
979 set_to_cap_if_null(ops, inode_getsecurity); 979 set_to_cap_if_null(ops, inode_getsecurity);
980 set_to_cap_if_null(ops, inode_setsecurity); 980 set_to_cap_if_null(ops, inode_setsecurity);
981 set_to_cap_if_null(ops, inode_listsecurity); 981 set_to_cap_if_null(ops, inode_listsecurity);
982 set_to_cap_if_null(ops, inode_getsecid); 982 set_to_cap_if_null(ops, inode_getsecid);
983 #ifdef CONFIG_SECURITY_PATH 983 #ifdef CONFIG_SECURITY_PATH
984 set_to_cap_if_null(ops, path_mknod); 984 set_to_cap_if_null(ops, path_mknod);
985 set_to_cap_if_null(ops, path_mkdir); 985 set_to_cap_if_null(ops, path_mkdir);
986 set_to_cap_if_null(ops, path_rmdir); 986 set_to_cap_if_null(ops, path_rmdir);
987 set_to_cap_if_null(ops, path_unlink); 987 set_to_cap_if_null(ops, path_unlink);
988 set_to_cap_if_null(ops, path_symlink); 988 set_to_cap_if_null(ops, path_symlink);
989 set_to_cap_if_null(ops, path_link); 989 set_to_cap_if_null(ops, path_link);
990 set_to_cap_if_null(ops, path_rename); 990 set_to_cap_if_null(ops, path_rename);
991 set_to_cap_if_null(ops, path_truncate); 991 set_to_cap_if_null(ops, path_truncate);
992 set_to_cap_if_null(ops, path_chmod); 992 set_to_cap_if_null(ops, path_chmod);
993 set_to_cap_if_null(ops, path_chown); 993 set_to_cap_if_null(ops, path_chown);
994 set_to_cap_if_null(ops, path_chroot); 994 set_to_cap_if_null(ops, path_chroot);
995 #endif 995 #endif
996 set_to_cap_if_null(ops, file_permission); 996 set_to_cap_if_null(ops, file_permission);
997 set_to_cap_if_null(ops, file_alloc_security); 997 set_to_cap_if_null(ops, file_alloc_security);
998 set_to_cap_if_null(ops, file_free_security); 998 set_to_cap_if_null(ops, file_free_security);
999 set_to_cap_if_null(ops, file_ioctl); 999 set_to_cap_if_null(ops, file_ioctl);
1000 set_to_cap_if_null(ops, mmap_addr); 1000 set_to_cap_if_null(ops, mmap_addr);
1001 set_to_cap_if_null(ops, mmap_file); 1001 set_to_cap_if_null(ops, mmap_file);
1002 set_to_cap_if_null(ops, file_mprotect); 1002 set_to_cap_if_null(ops, file_mprotect);
1003 set_to_cap_if_null(ops, file_lock); 1003 set_to_cap_if_null(ops, file_lock);
1004 set_to_cap_if_null(ops, file_fcntl); 1004 set_to_cap_if_null(ops, file_fcntl);
1005 set_to_cap_if_null(ops, file_set_fowner); 1005 set_to_cap_if_null(ops, file_set_fowner);
1006 set_to_cap_if_null(ops, file_send_sigiotask); 1006 set_to_cap_if_null(ops, file_send_sigiotask);
1007 set_to_cap_if_null(ops, file_receive); 1007 set_to_cap_if_null(ops, file_receive);
1008 set_to_cap_if_null(ops, file_open); 1008 set_to_cap_if_null(ops, file_open);
1009 set_to_cap_if_null(ops, task_create); 1009 set_to_cap_if_null(ops, task_create);
1010 set_to_cap_if_null(ops, task_free); 1010 set_to_cap_if_null(ops, task_free);
1011 set_to_cap_if_null(ops, cred_alloc_blank); 1011 set_to_cap_if_null(ops, cred_alloc_blank);
1012 set_to_cap_if_null(ops, cred_free); 1012 set_to_cap_if_null(ops, cred_free);
1013 set_to_cap_if_null(ops, cred_prepare); 1013 set_to_cap_if_null(ops, cred_prepare);
1014 set_to_cap_if_null(ops, cred_transfer); 1014 set_to_cap_if_null(ops, cred_transfer);
1015 set_to_cap_if_null(ops, kernel_act_as); 1015 set_to_cap_if_null(ops, kernel_act_as);
1016 set_to_cap_if_null(ops, kernel_create_files_as); 1016 set_to_cap_if_null(ops, kernel_create_files_as);
1017 set_to_cap_if_null(ops, kernel_module_request); 1017 set_to_cap_if_null(ops, kernel_module_request);
1018 set_to_cap_if_null(ops, kernel_module_from_file); 1018 set_to_cap_if_null(ops, kernel_module_from_file);
1019 set_to_cap_if_null(ops, task_fix_setuid); 1019 set_to_cap_if_null(ops, task_fix_setuid);
1020 set_to_cap_if_null(ops, task_setpgid); 1020 set_to_cap_if_null(ops, task_setpgid);
1021 set_to_cap_if_null(ops, task_getpgid); 1021 set_to_cap_if_null(ops, task_getpgid);
1022 set_to_cap_if_null(ops, task_getsid); 1022 set_to_cap_if_null(ops, task_getsid);
1023 set_to_cap_if_null(ops, task_getsecid); 1023 set_to_cap_if_null(ops, task_getsecid);
1024 set_to_cap_if_null(ops, task_setnice); 1024 set_to_cap_if_null(ops, task_setnice);
1025 set_to_cap_if_null(ops, task_setioprio); 1025 set_to_cap_if_null(ops, task_setioprio);
1026 set_to_cap_if_null(ops, task_getioprio); 1026 set_to_cap_if_null(ops, task_getioprio);
1027 set_to_cap_if_null(ops, task_setrlimit); 1027 set_to_cap_if_null(ops, task_setrlimit);
1028 set_to_cap_if_null(ops, task_setscheduler); 1028 set_to_cap_if_null(ops, task_setscheduler);
1029 set_to_cap_if_null(ops, task_getscheduler); 1029 set_to_cap_if_null(ops, task_getscheduler);
1030 set_to_cap_if_null(ops, task_movememory); 1030 set_to_cap_if_null(ops, task_movememory);
1031 set_to_cap_if_null(ops, task_wait); 1031 set_to_cap_if_null(ops, task_wait);
1032 set_to_cap_if_null(ops, task_kill); 1032 set_to_cap_if_null(ops, task_kill);
1033 set_to_cap_if_null(ops, task_prctl); 1033 set_to_cap_if_null(ops, task_prctl);
1034 set_to_cap_if_null(ops, task_to_inode); 1034 set_to_cap_if_null(ops, task_to_inode);
1035 set_to_cap_if_null(ops, ipc_permission); 1035 set_to_cap_if_null(ops, ipc_permission);
1036 set_to_cap_if_null(ops, ipc_getsecid); 1036 set_to_cap_if_null(ops, ipc_getsecid);
1037 set_to_cap_if_null(ops, msg_msg_alloc_security); 1037 set_to_cap_if_null(ops, msg_msg_alloc_security);
1038 set_to_cap_if_null(ops, msg_msg_free_security); 1038 set_to_cap_if_null(ops, msg_msg_free_security);
1039 set_to_cap_if_null(ops, msg_queue_alloc_security); 1039 set_to_cap_if_null(ops, msg_queue_alloc_security);
1040 set_to_cap_if_null(ops, msg_queue_free_security); 1040 set_to_cap_if_null(ops, msg_queue_free_security);
1041 set_to_cap_if_null(ops, msg_queue_associate); 1041 set_to_cap_if_null(ops, msg_queue_associate);
1042 set_to_cap_if_null(ops, msg_queue_msgctl); 1042 set_to_cap_if_null(ops, msg_queue_msgctl);
1043 set_to_cap_if_null(ops, msg_queue_msgsnd); 1043 set_to_cap_if_null(ops, msg_queue_msgsnd);
1044 set_to_cap_if_null(ops, msg_queue_msgrcv); 1044 set_to_cap_if_null(ops, msg_queue_msgrcv);
1045 set_to_cap_if_null(ops, shm_alloc_security); 1045 set_to_cap_if_null(ops, shm_alloc_security);
1046 set_to_cap_if_null(ops, shm_free_security); 1046 set_to_cap_if_null(ops, shm_free_security);
1047 set_to_cap_if_null(ops, shm_associate); 1047 set_to_cap_if_null(ops, shm_associate);
1048 set_to_cap_if_null(ops, shm_shmctl); 1048 set_to_cap_if_null(ops, shm_shmctl);
1049 set_to_cap_if_null(ops, shm_shmat); 1049 set_to_cap_if_null(ops, shm_shmat);
1050 set_to_cap_if_null(ops, sem_alloc_security); 1050 set_to_cap_if_null(ops, sem_alloc_security);
1051 set_to_cap_if_null(ops, sem_free_security); 1051 set_to_cap_if_null(ops, sem_free_security);
1052 set_to_cap_if_null(ops, sem_associate); 1052 set_to_cap_if_null(ops, sem_associate);
1053 set_to_cap_if_null(ops, sem_semctl); 1053 set_to_cap_if_null(ops, sem_semctl);
1054 set_to_cap_if_null(ops, sem_semop); 1054 set_to_cap_if_null(ops, sem_semop);
1055 set_to_cap_if_null(ops, netlink_send); 1055 set_to_cap_if_null(ops, netlink_send);
1056 set_to_cap_if_null(ops, d_instantiate); 1056 set_to_cap_if_null(ops, d_instantiate);
1057 set_to_cap_if_null(ops, getprocattr); 1057 set_to_cap_if_null(ops, getprocattr);
1058 set_to_cap_if_null(ops, setprocattr); 1058 set_to_cap_if_null(ops, setprocattr);
1059 set_to_cap_if_null(ops, ismaclabel); 1059 set_to_cap_if_null(ops, ismaclabel);
1060 set_to_cap_if_null(ops, secid_to_secctx); 1060 set_to_cap_if_null(ops, secid_to_secctx);
1061 set_to_cap_if_null(ops, secctx_to_secid); 1061 set_to_cap_if_null(ops, secctx_to_secid);
1062 set_to_cap_if_null(ops, release_secctx); 1062 set_to_cap_if_null(ops, release_secctx);
1063 set_to_cap_if_null(ops, inode_notifysecctx); 1063 set_to_cap_if_null(ops, inode_notifysecctx);
1064 set_to_cap_if_null(ops, inode_setsecctx); 1064 set_to_cap_if_null(ops, inode_setsecctx);
1065 set_to_cap_if_null(ops, inode_getsecctx); 1065 set_to_cap_if_null(ops, inode_getsecctx);
1066 #ifdef CONFIG_SECURITY_NETWORK 1066 #ifdef CONFIG_SECURITY_NETWORK
1067 set_to_cap_if_null(ops, unix_stream_connect); 1067 set_to_cap_if_null(ops, unix_stream_connect);
1068 set_to_cap_if_null(ops, unix_may_send); 1068 set_to_cap_if_null(ops, unix_may_send);
1069 set_to_cap_if_null(ops, socket_create); 1069 set_to_cap_if_null(ops, socket_create);
1070 set_to_cap_if_null(ops, socket_post_create); 1070 set_to_cap_if_null(ops, socket_post_create);
1071 set_to_cap_if_null(ops, socket_bind); 1071 set_to_cap_if_null(ops, socket_bind);
1072 set_to_cap_if_null(ops, socket_connect); 1072 set_to_cap_if_null(ops, socket_connect);
1073 set_to_cap_if_null(ops, socket_listen); 1073 set_to_cap_if_null(ops, socket_listen);
1074 set_to_cap_if_null(ops, socket_accept); 1074 set_to_cap_if_null(ops, socket_accept);
1075 set_to_cap_if_null(ops, socket_sendmsg); 1075 set_to_cap_if_null(ops, socket_sendmsg);
1076 set_to_cap_if_null(ops, socket_recvmsg); 1076 set_to_cap_if_null(ops, socket_recvmsg);
1077 set_to_cap_if_null(ops, socket_getsockname); 1077 set_to_cap_if_null(ops, socket_getsockname);
1078 set_to_cap_if_null(ops, socket_getpeername); 1078 set_to_cap_if_null(ops, socket_getpeername);
1079 set_to_cap_if_null(ops, socket_setsockopt); 1079 set_to_cap_if_null(ops, socket_setsockopt);
1080 set_to_cap_if_null(ops, socket_getsockopt); 1080 set_to_cap_if_null(ops, socket_getsockopt);
1081 set_to_cap_if_null(ops, socket_shutdown); 1081 set_to_cap_if_null(ops, socket_shutdown);
1082 set_to_cap_if_null(ops, socket_sock_rcv_skb); 1082 set_to_cap_if_null(ops, socket_sock_rcv_skb);
1083 set_to_cap_if_null(ops, socket_getpeersec_stream); 1083 set_to_cap_if_null(ops, socket_getpeersec_stream);
1084 set_to_cap_if_null(ops, socket_getpeersec_dgram); 1084 set_to_cap_if_null(ops, socket_getpeersec_dgram);
1085 set_to_cap_if_null(ops, sk_alloc_security); 1085 set_to_cap_if_null(ops, sk_alloc_security);
1086 set_to_cap_if_null(ops, sk_free_security); 1086 set_to_cap_if_null(ops, sk_free_security);
1087 set_to_cap_if_null(ops, sk_clone_security); 1087 set_to_cap_if_null(ops, sk_clone_security);
1088 set_to_cap_if_null(ops, sk_getsecid); 1088 set_to_cap_if_null(ops, sk_getsecid);
1089 set_to_cap_if_null(ops, sock_graft); 1089 set_to_cap_if_null(ops, sock_graft);
1090 set_to_cap_if_null(ops, inet_conn_request); 1090 set_to_cap_if_null(ops, inet_conn_request);
1091 set_to_cap_if_null(ops, inet_csk_clone); 1091 set_to_cap_if_null(ops, inet_csk_clone);
1092 set_to_cap_if_null(ops, inet_conn_established); 1092 set_to_cap_if_null(ops, inet_conn_established);
1093 set_to_cap_if_null(ops, secmark_relabel_packet); 1093 set_to_cap_if_null(ops, secmark_relabel_packet);
1094 set_to_cap_if_null(ops, secmark_refcount_inc); 1094 set_to_cap_if_null(ops, secmark_refcount_inc);
1095 set_to_cap_if_null(ops, secmark_refcount_dec); 1095 set_to_cap_if_null(ops, secmark_refcount_dec);
1096 set_to_cap_if_null(ops, req_classify_flow); 1096 set_to_cap_if_null(ops, req_classify_flow);
1097 set_to_cap_if_null(ops, tun_dev_alloc_security); 1097 set_to_cap_if_null(ops, tun_dev_alloc_security);
1098 set_to_cap_if_null(ops, tun_dev_free_security); 1098 set_to_cap_if_null(ops, tun_dev_free_security);
1099 set_to_cap_if_null(ops, tun_dev_create); 1099 set_to_cap_if_null(ops, tun_dev_create);
1100 set_to_cap_if_null(ops, tun_dev_open); 1100 set_to_cap_if_null(ops, tun_dev_open);
1101 set_to_cap_if_null(ops, tun_dev_attach_queue); 1101 set_to_cap_if_null(ops, tun_dev_attach_queue);
1102 set_to_cap_if_null(ops, tun_dev_attach); 1102 set_to_cap_if_null(ops, tun_dev_attach);
1103 set_to_cap_if_null(ops, skb_owned_by); 1103 set_to_cap_if_null(ops, skb_owned_by);
1104 #endif /* CONFIG_SECURITY_NETWORK */ 1104 #endif /* CONFIG_SECURITY_NETWORK */
1105 #ifdef CONFIG_SECURITY_NETWORK_XFRM 1105 #ifdef CONFIG_SECURITY_NETWORK_XFRM
1106 set_to_cap_if_null(ops, xfrm_policy_alloc_security); 1106 set_to_cap_if_null(ops, xfrm_policy_alloc_security);
1107 set_to_cap_if_null(ops, xfrm_policy_clone_security); 1107 set_to_cap_if_null(ops, xfrm_policy_clone_security);
1108 set_to_cap_if_null(ops, xfrm_policy_free_security); 1108 set_to_cap_if_null(ops, xfrm_policy_free_security);
1109 set_to_cap_if_null(ops, xfrm_policy_delete_security); 1109 set_to_cap_if_null(ops, xfrm_policy_delete_security);
1110 set_to_cap_if_null(ops, xfrm_state_alloc); 1110 set_to_cap_if_null(ops, xfrm_state_alloc);
1111 set_to_cap_if_null(ops, xfrm_state_alloc_acquire); 1111 set_to_cap_if_null(ops, xfrm_state_alloc_acquire);
1112 set_to_cap_if_null(ops, xfrm_state_free_security); 1112 set_to_cap_if_null(ops, xfrm_state_free_security);
1113 set_to_cap_if_null(ops, xfrm_state_delete_security); 1113 set_to_cap_if_null(ops, xfrm_state_delete_security);
1114 set_to_cap_if_null(ops, xfrm_policy_lookup); 1114 set_to_cap_if_null(ops, xfrm_policy_lookup);
1115 set_to_cap_if_null(ops, xfrm_state_pol_flow_match); 1115 set_to_cap_if_null(ops, xfrm_state_pol_flow_match);
1116 set_to_cap_if_null(ops, xfrm_decode_session); 1116 set_to_cap_if_null(ops, xfrm_decode_session);
1117 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1117 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1118 #ifdef CONFIG_KEYS 1118 #ifdef CONFIG_KEYS
1119 set_to_cap_if_null(ops, key_alloc); 1119 set_to_cap_if_null(ops, key_alloc);
1120 set_to_cap_if_null(ops, key_free); 1120 set_to_cap_if_null(ops, key_free);
1121 set_to_cap_if_null(ops, key_permission); 1121 set_to_cap_if_null(ops, key_permission);
1122 set_to_cap_if_null(ops, key_getsecurity); 1122 set_to_cap_if_null(ops, key_getsecurity);
1123 #endif /* CONFIG_KEYS */ 1123 #endif /* CONFIG_KEYS */
1124 #ifdef CONFIG_AUDIT 1124 #ifdef CONFIG_AUDIT
1125 set_to_cap_if_null(ops, audit_rule_init); 1125 set_to_cap_if_null(ops, audit_rule_init);
1126 set_to_cap_if_null(ops, audit_rule_known); 1126 set_to_cap_if_null(ops, audit_rule_known);
1127 set_to_cap_if_null(ops, audit_rule_match); 1127 set_to_cap_if_null(ops, audit_rule_match);
1128 set_to_cap_if_null(ops, audit_rule_free); 1128 set_to_cap_if_null(ops, audit_rule_free);
1129 #endif 1129 #endif
1130 } 1130 }
1131 1131