1
2
3
4
5
6
7
8
9
10
11
12
13
14
15#undef DEBUG
16
17#include <linux/capability.h>
18#include <linux/kernel.h>
19#include <linux/mman.h>
20#include <linux/pagemap.h>
21#include <linux/swap.h>
22#include <linux/security.h>
23#include <linux/skbuff.h>
24#include <linux/netlink.h>
25#include <net/sock.h>
26#include <linux/xattr.h>
27#include <linux/hugetlb.h>
28#include <linux/ptrace.h>
29#include <linux/file.h>
30#include <linux/prctl.h>
31#include <linux/securebits.h>
32
33static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
34{
35 return 0;
36}
37
38static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
39 kernel_cap_t * inheritable, kernel_cap_t * permitted)
40{
41 if (target->euid == 0) {
42 cap_set_full(*permitted);
43 cap_set_init_eff(*effective);
44 } else {
45 cap_clear(*permitted);
46 cap_clear(*effective);
47 }
48
49 cap_clear(*inheritable);
50
51 if (target->fsuid != 0) {
52 *permitted = cap_drop_fs_set(*permitted);
53 *effective = cap_drop_fs_set(*effective);
54 }
55 return 0;
56}
57
58static int dummy_capset_check (struct task_struct *target,
59 kernel_cap_t * effective,
60 kernel_cap_t * inheritable,
61 kernel_cap_t * permitted)
62{
63 return -EPERM;
64}
65
66static void dummy_capset_set (struct task_struct *target,
67 kernel_cap_t * effective,
68 kernel_cap_t * inheritable,
69 kernel_cap_t * permitted)
70{
71 return;
72}
73
74static int dummy_acct (struct file *file)
75{
76 return 0;
77}
78
79static int dummy_capable (struct task_struct *tsk, int cap)
80{
81 if (cap_raised (tsk->cap_effective, cap))
82 return 0;
83 return -EPERM;
84}
85
86static int dummy_sysctl (ctl_table * table, int op)
87{
88 return 0;
89}
90
91static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb)
92{
93 return 0;
94}
95
96static int dummy_quota_on (struct dentry *dentry)
97{
98 return 0;
99}
100
101static int dummy_syslog (int type)
102{
103 if ((type != 3 && type != 10) && current->euid)
104 return -EPERM;
105 return 0;
106}
107
108static int dummy_settime(struct timespec *ts, struct timezone *tz)
109{
110 if (!capable(CAP_SYS_TIME))
111 return -EPERM;
112 return 0;
113}
114
115static int dummy_vm_enough_memory(struct mm_struct *mm, long pages)
116{
117 int cap_sys_admin = 0;
118
119 if (dummy_capable(current, CAP_SYS_ADMIN) == 0)
120 cap_sys_admin = 1;
121 return __vm_enough_memory(mm, pages, cap_sys_admin);
122}
123
124static int dummy_bprm_alloc_security (struct linux_binprm *bprm)
125{
126 return 0;
127}
128
129static void dummy_bprm_free_security (struct linux_binprm *bprm)
130{
131 return;
132}
133
134static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
135{
136 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
137 set_dumpable(current->mm, suid_dumpable);
138
139 if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) {
140 bprm->e_uid = current->uid;
141 bprm->e_gid = current->gid;
142 }
143 }
144
145 current->suid = current->euid = current->fsuid = bprm->e_uid;
146 current->sgid = current->egid = current->fsgid = bprm->e_gid;
147
148 dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
149}
150
151static void dummy_bprm_post_apply_creds (struct linux_binprm *bprm)
152{
153 return;
154}
155
156static int dummy_bprm_set_security (struct linux_binprm *bprm)
157{
158 return 0;
159}
160
161static int dummy_bprm_check_security (struct linux_binprm *bprm)
162{
163 return 0;
164}
165
166static int dummy_bprm_secureexec (struct linux_binprm *bprm)
167{
168
169
170
171
172 return (current->euid != current->uid ||
173 current->egid != current->gid);
174}
175
176static int dummy_sb_alloc_security (struct super_block *sb)
177{
178 return 0;
179}
180
181static void dummy_sb_free_security (struct super_block *sb)
182{
183 return;
184}
185
186static int dummy_sb_copy_data (char *orig, char *copy)
187{
188 return 0;
189}
190
191static int dummy_sb_kern_mount (struct super_block *sb, void *data)
192{
193 return 0;
194}
195
196static int dummy_sb_statfs (struct dentry *dentry)
197{
198 return 0;
199}
200
201static int dummy_sb_mount (char *dev_name, struct path *path, char *type,
202 unsigned long flags, void *data)
203{
204 return 0;
205}
206
207static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path)
208{
209 return 0;
210}
211
212static int dummy_sb_umount (struct vfsmount *mnt, int flags)
213{
214 return 0;
215}
216
217static void dummy_sb_umount_close (struct vfsmount *mnt)
218{
219 return;
220}
221
222static void dummy_sb_umount_busy (struct vfsmount *mnt)
223{
224 return;
225}
226
227static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
228 void *data)
229{
230 return;
231}
232
233
234static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path)
235{
236 return;
237}
238
239static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path)
240{
241 return 0;
242}
243
244static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path)
245{
246 return;
247}
248
249static int dummy_sb_get_mnt_opts(const struct super_block *sb,
250 struct security_mnt_opts *opts)
251{
252 security_init_mnt_opts(opts);
253 return 0;
254}
255
256static int dummy_sb_set_mnt_opts(struct super_block *sb,
257 struct security_mnt_opts *opts)
258{
259 if (unlikely(opts->num_mnt_opts))
260 return -EOPNOTSUPP;
261 return 0;
262}
263
264static void dummy_sb_clone_mnt_opts(const struct super_block *oldsb,
265 struct super_block *newsb)
266{
267 return;
268}
269
270static int dummy_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
271{
272 return 0;
273}
274
275static int dummy_inode_alloc_security (struct inode *inode)
276{
277 return 0;
278}
279
280static void dummy_inode_free_security (struct inode *inode)
281{
282 return;
283}
284
285static int dummy_inode_init_security (struct inode *inode, struct inode *dir,
286 char **name, void **value, size_t *len)
287{
288 return -EOPNOTSUPP;
289}
290
291static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
292 int mask)
293{
294 return 0;
295}
296
297static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
298 struct dentry *new_dentry)
299{
300 return 0;
301}
302
303static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
304{
305 return 0;
306}
307
308static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
309 const char *name)
310{
311 return 0;
312}
313
314static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
315 int mask)
316{
317 return 0;
318}
319
320static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
321{
322 return 0;
323}
324
325static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
326 int mode, dev_t dev)
327{
328 return 0;
329}
330
331static int dummy_inode_rename (struct inode *old_inode,
332 struct dentry *old_dentry,
333 struct inode *new_inode,
334 struct dentry *new_dentry)
335{
336 return 0;
337}
338
339static int dummy_inode_readlink (struct dentry *dentry)
340{
341 return 0;
342}
343
344static int dummy_inode_follow_link (struct dentry *dentry,
345 struct nameidata *nameidata)
346{
347 return 0;
348}
349
350static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd)
351{
352 return 0;
353}
354
355static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr)
356{
357 return 0;
358}
359
360static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
361{
362 return 0;
363}
364
365static void dummy_inode_delete (struct inode *ino)
366{
367 return;
368}
369
370static int dummy_inode_setxattr (struct dentry *dentry, const char *name,
371 const void *value, size_t size, int flags)
372{
373 if (!strncmp(name, XATTR_SECURITY_PREFIX,
374 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
375 !capable(CAP_SYS_ADMIN))
376 return -EPERM;
377 return 0;
378}
379
380static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name,
381 const void *value, size_t size,
382 int flags)
383{
384}
385
386static int dummy_inode_getxattr (struct dentry *dentry, const char *name)
387{
388 return 0;
389}
390
391static int dummy_inode_listxattr (struct dentry *dentry)
392{
393 return 0;
394}
395
396static int dummy_inode_removexattr (struct dentry *dentry, const char *name)
397{
398 if (!strncmp(name, XATTR_SECURITY_PREFIX,
399 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
400 !capable(CAP_SYS_ADMIN))
401 return -EPERM;
402 return 0;
403}
404
405static int dummy_inode_need_killpriv(struct dentry *dentry)
406{
407 return 0;
408}
409
410static int dummy_inode_killpriv(struct dentry *dentry)
411{
412 return 0;
413}
414
415static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
416{
417 return -EOPNOTSUPP;
418}
419
420static int dummy_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
421{
422 return -EOPNOTSUPP;
423}
424
425static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
426{
427 return 0;
428}
429
430static void dummy_inode_getsecid(const struct inode *inode, u32 *secid)
431{
432 *secid = 0;
433}
434
435static int dummy_file_permission (struct file *file, int mask)
436{
437 return 0;
438}
439
440static int dummy_file_alloc_security (struct file *file)
441{
442 return 0;
443}
444
445static void dummy_file_free_security (struct file *file)
446{
447 return;
448}
449
450static int dummy_file_ioctl (struct file *file, unsigned int command,
451 unsigned long arg)
452{
453 return 0;
454}
455
456static int dummy_file_mmap (struct file *file, unsigned long reqprot,
457 unsigned long prot,
458 unsigned long flags,
459 unsigned long addr,
460 unsigned long addr_only)
461{
462 if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
463 return -EACCES;
464 return 0;
465}
466
467static int dummy_file_mprotect (struct vm_area_struct *vma,
468 unsigned long reqprot,
469 unsigned long prot)
470{
471 return 0;
472}
473
474static int dummy_file_lock (struct file *file, unsigned int cmd)
475{
476 return 0;
477}
478
479static int dummy_file_fcntl (struct file *file, unsigned int cmd,
480 unsigned long arg)
481{
482 return 0;
483}
484
485static int dummy_file_set_fowner (struct file *file)
486{
487 return 0;
488}
489
490static int dummy_file_send_sigiotask (struct task_struct *tsk,
491 struct fown_struct *fown, int sig)
492{
493 return 0;
494}
495
496static int dummy_file_receive (struct file *file)
497{
498 return 0;
499}
500
501static int dummy_dentry_open (struct file *file)
502{
503 return 0;
504}
505
506static int dummy_task_create (unsigned long clone_flags)
507{
508 return 0;
509}
510
511static int dummy_task_alloc_security (struct task_struct *p)
512{
513 return 0;
514}
515
516static void dummy_task_free_security (struct task_struct *p)
517{
518 return;
519}
520
521static int dummy_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
522{
523 return 0;
524}
525
526static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
527{
528 dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
529 return 0;
530}
531
532static int dummy_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
533{
534 return 0;
535}
536
537static int dummy_task_setpgid (struct task_struct *p, pid_t pgid)
538{
539 return 0;
540}
541
542static int dummy_task_getpgid (struct task_struct *p)
543{
544 return 0;
545}
546
547static int dummy_task_getsid (struct task_struct *p)
548{
549 return 0;
550}
551
552static void dummy_task_getsecid (struct task_struct *p, u32 *secid)
553{
554 *secid = 0;
555}
556
557static int dummy_task_setgroups (struct group_info *group_info)
558{
559 return 0;
560}
561
562static int dummy_task_setnice (struct task_struct *p, int nice)
563{
564 return 0;
565}
566
567static int dummy_task_setioprio (struct task_struct *p, int ioprio)
568{
569 return 0;
570}
571
572static int dummy_task_getioprio (struct task_struct *p)
573{
574 return 0;
575}
576
577static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
578{
579 return 0;
580}
581
582static int dummy_task_setscheduler (struct task_struct *p, int policy,
583 struct sched_param *lp)
584{
585 return 0;
586}
587
588static int dummy_task_getscheduler (struct task_struct *p)
589{
590 return 0;
591}
592
593static int dummy_task_movememory (struct task_struct *p)
594{
595 return 0;
596}
597
598static int dummy_task_wait (struct task_struct *p)
599{
600 return 0;
601}
602
603static int dummy_task_kill (struct task_struct *p, struct siginfo *info,
604 int sig, u32 secid)
605{
606 return 0;
607}
608
609static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3,
610 unsigned long arg4, unsigned long arg5, long *rc_p)
611{
612 switch (option) {
613 case PR_CAPBSET_READ:
614 *rc_p = (cap_valid(arg2) ? 1 : -EINVAL);
615 break;
616 case PR_GET_KEEPCAPS:
617 *rc_p = issecure(SECURE_KEEP_CAPS);
618 break;
619 case PR_SET_KEEPCAPS:
620 if (arg2 > 1)
621 *rc_p = -EINVAL;
622 else if (arg2)
623 current->securebits |= issecure_mask(SECURE_KEEP_CAPS);
624 else
625 current->securebits &=
626 ~issecure_mask(SECURE_KEEP_CAPS);
627 break;
628 default:
629 return 0;
630 }
631
632 return 1;
633}
634
635static void dummy_task_reparent_to_init (struct task_struct *p)
636{
637 p->euid = p->fsuid = 0;
638 return;
639}
640
641static void dummy_task_to_inode(struct task_struct *p, struct inode *inode)
642{ }
643
644static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
645{
646 return 0;
647}
648
649static void dummy_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
650{
651 *secid = 0;
652}
653
654static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
655{
656 return 0;
657}
658
659static void dummy_msg_msg_free_security (struct msg_msg *msg)
660{
661 return;
662}
663
664static int dummy_msg_queue_alloc_security (struct msg_queue *msq)
665{
666 return 0;
667}
668
669static void dummy_msg_queue_free_security (struct msg_queue *msq)
670{
671 return;
672}
673
674static int dummy_msg_queue_associate (struct msg_queue *msq,
675 int msqflg)
676{
677 return 0;
678}
679
680static int dummy_msg_queue_msgctl (struct msg_queue *msq, int cmd)
681{
682 return 0;
683}
684
685static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
686 int msgflg)
687{
688 return 0;
689}
690
691static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
692 struct task_struct *target, long type,
693 int mode)
694{
695 return 0;
696}
697
698static int dummy_shm_alloc_security (struct shmid_kernel *shp)
699{
700 return 0;
701}
702
703static void dummy_shm_free_security (struct shmid_kernel *shp)
704{
705 return;
706}
707
708static int dummy_shm_associate (struct shmid_kernel *shp, int shmflg)
709{
710 return 0;
711}
712
713static int dummy_shm_shmctl (struct shmid_kernel *shp, int cmd)
714{
715 return 0;
716}
717
718static int dummy_shm_shmat (struct shmid_kernel *shp, char __user *shmaddr,
719 int shmflg)
720{
721 return 0;
722}
723
724static int dummy_sem_alloc_security (struct sem_array *sma)
725{
726 return 0;
727}
728
729static void dummy_sem_free_security (struct sem_array *sma)
730{
731 return;
732}
733
734static int dummy_sem_associate (struct sem_array *sma, int semflg)
735{
736 return 0;
737}
738
739static int dummy_sem_semctl (struct sem_array *sma, int cmd)
740{
741 return 0;
742}
743
744static int dummy_sem_semop (struct sem_array *sma,
745 struct sembuf *sops, unsigned nsops, int alter)
746{
747 return 0;
748}
749
750static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb)
751{
752 NETLINK_CB(skb).eff_cap = current->cap_effective;
753 return 0;
754}
755
756static int dummy_netlink_recv (struct sk_buff *skb, int cap)
757{
758 if (!cap_raised (NETLINK_CB (skb).eff_cap, cap))
759 return -EPERM;
760 return 0;
761}
762
763#ifdef CONFIG_SECURITY_NETWORK
764static int dummy_unix_stream_connect (struct socket *sock,
765 struct socket *other,
766 struct sock *newsk)
767{
768 return 0;
769}
770
771static int dummy_unix_may_send (struct socket *sock,
772 struct socket *other)
773{
774 return 0;
775}
776
777static int dummy_socket_create (int family, int type,
778 int protocol, int kern)
779{
780 return 0;
781}
782
783static int dummy_socket_post_create (struct socket *sock, int family, int type,
784 int protocol, int kern)
785{
786 return 0;
787}
788
789static int dummy_socket_bind (struct socket *sock, struct sockaddr *address,
790 int addrlen)
791{
792 return 0;
793}
794
795static int dummy_socket_connect (struct socket *sock, struct sockaddr *address,
796 int addrlen)
797{
798 return 0;
799}
800
801static int dummy_socket_listen (struct socket *sock, int backlog)
802{
803 return 0;
804}
805
806static int dummy_socket_accept (struct socket *sock, struct socket *newsock)
807{
808 return 0;
809}
810
811static void dummy_socket_post_accept (struct socket *sock,
812 struct socket *newsock)
813{
814 return;
815}
816
817static int dummy_socket_sendmsg (struct socket *sock, struct msghdr *msg,
818 int size)
819{
820 return 0;
821}
822
823static int dummy_socket_recvmsg (struct socket *sock, struct msghdr *msg,
824 int size, int flags)
825{
826 return 0;
827}
828
829static int dummy_socket_getsockname (struct socket *sock)
830{
831 return 0;
832}
833
834static int dummy_socket_getpeername (struct socket *sock)
835{
836 return 0;
837}
838
839static int dummy_socket_setsockopt (struct socket *sock, int level, int optname)
840{
841 return 0;
842}
843
844static int dummy_socket_getsockopt (struct socket *sock, int level, int optname)
845{
846 return 0;
847}
848
849static int dummy_socket_shutdown (struct socket *sock, int how)
850{
851 return 0;
852}
853
854static int dummy_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
855{
856 return 0;
857}
858
859static int dummy_socket_getpeersec_stream(struct socket *sock, char __user *optval,
860 int __user *optlen, unsigned len)
861{
862 return -ENOPROTOOPT;
863}
864
865static int dummy_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
866{
867 return -ENOPROTOOPT;
868}
869
870static inline int dummy_sk_alloc_security (struct sock *sk, int family, gfp_t priority)
871{
872 return 0;
873}
874
875static inline void dummy_sk_free_security (struct sock *sk)
876{
877}
878
879static inline void dummy_sk_clone_security (const struct sock *sk, struct sock *newsk)
880{
881}
882
883static inline void dummy_sk_getsecid(struct sock *sk, u32 *secid)
884{
885}
886
887static inline void dummy_sock_graft(struct sock* sk, struct socket *parent)
888{
889}
890
891static inline int dummy_inet_conn_request(struct sock *sk,
892 struct sk_buff *skb, struct request_sock *req)
893{
894 return 0;
895}
896
897static inline void dummy_inet_csk_clone(struct sock *newsk,
898 const struct request_sock *req)
899{
900}
901
902static inline void dummy_inet_conn_established(struct sock *sk,
903 struct sk_buff *skb)
904{
905}
906
907static inline void dummy_req_classify_flow(const struct request_sock *req,
908 struct flowi *fl)
909{
910}
911#endif
912
913#ifdef CONFIG_SECURITY_NETWORK_XFRM
914static int dummy_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
915 struct xfrm_user_sec_ctx *sec_ctx)
916{
917 return 0;
918}
919
920static inline int dummy_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
921 struct xfrm_sec_ctx **new_ctxp)
922{
923 return 0;
924}
925
926static void dummy_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
927{
928}
929
930static int dummy_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
931{
932 return 0;
933}
934
935static int dummy_xfrm_state_alloc_security(struct xfrm_state *x,
936 struct xfrm_user_sec_ctx *sec_ctx, u32 secid)
937{
938 return 0;
939}
940
941static void dummy_xfrm_state_free_security(struct xfrm_state *x)
942{
943}
944
945static int dummy_xfrm_state_delete_security(struct xfrm_state *x)
946{
947 return 0;
948}
949
950static int dummy_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx,
951 u32 sk_sid, u8 dir)
952{
953 return 0;
954}
955
956static int dummy_xfrm_state_pol_flow_match(struct xfrm_state *x,
957 struct xfrm_policy *xp, struct flowi *fl)
958{
959 return 1;
960}
961
962static int dummy_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
963{
964 return 0;
965}
966
967#endif
968static int dummy_register_security (const char *name, struct security_operations *ops)
969{
970 return -EINVAL;
971}
972
973static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
974{
975 return;
976}
977
978static int dummy_getprocattr(struct task_struct *p, char *name, char **value)
979{
980 return -EINVAL;
981}
982
983static int dummy_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
984{
985 return -EINVAL;
986}
987
988static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
989{
990 return -EOPNOTSUPP;
991}
992
993static int dummy_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
994{
995 return -EOPNOTSUPP;
996}
997
998static void dummy_release_secctx(char *secdata, u32 seclen)
999{
1000}
1001
1002#ifdef CONFIG_KEYS
1003static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
1004 unsigned long flags)
1005{
1006 return 0;
1007}
1008
1009static inline void dummy_key_free(struct key *key)
1010{
1011}
1012
1013static inline int dummy_key_permission(key_ref_t key_ref,
1014 struct task_struct *context,
1015 key_perm_t perm)
1016{
1017 return 0;
1018}
1019
1020static int dummy_key_getsecurity(struct key *key, char **_buffer)
1021{
1022 *_buffer = NULL;
1023 return 0;
1024}
1025
1026#endif
1027
1028#ifdef CONFIG_AUDIT
1029static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
1030 void **lsmrule)
1031{
1032 return 0;
1033}
1034
1035static inline int dummy_audit_rule_known(struct audit_krule *krule)
1036{
1037 return 0;
1038}
1039
1040static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
1041 void *lsmrule,
1042 struct audit_context *actx)
1043{
1044 return 0;
1045}
1046
1047static inline void dummy_audit_rule_free(void *lsmrule)
1048{ }
1049
1050#endif
1051
1052struct security_operations dummy_security_ops = {
1053 .name = "dummy",
1054};
1055
1056#define set_to_dummy_if_null(ops, function) \
1057 do { \
1058 if (!ops->function) { \
1059 ops->function = dummy_##function; \
1060 pr_debug("Had to override the " #function \
1061 " security operation with the dummy one.\n");\
1062 } \
1063 } while (0)
1064
1065void security_fixup_ops (struct security_operations *ops)
1066{
1067 set_to_dummy_if_null(ops, ptrace);
1068 set_to_dummy_if_null(ops, capget);
1069 set_to_dummy_if_null(ops, capset_check);
1070 set_to_dummy_if_null(ops, capset_set);
1071 set_to_dummy_if_null(ops, acct);
1072 set_to_dummy_if_null(ops, capable);
1073 set_to_dummy_if_null(ops, quotactl);
1074 set_to_dummy_if_null(ops, quota_on);
1075 set_to_dummy_if_null(ops, sysctl);
1076 set_to_dummy_if_null(ops, syslog);
1077 set_to_dummy_if_null(ops, settime);
1078 set_to_dummy_if_null(ops, vm_enough_memory);
1079 set_to_dummy_if_null(ops, bprm_alloc_security);
1080 set_to_dummy_if_null(ops, bprm_free_security);
1081 set_to_dummy_if_null(ops, bprm_apply_creds);
1082 set_to_dummy_if_null(ops, bprm_post_apply_creds);
1083 set_to_dummy_if_null(ops, bprm_set_security);
1084 set_to_dummy_if_null(ops, bprm_check_security);
1085 set_to_dummy_if_null(ops, bprm_secureexec);
1086 set_to_dummy_if_null(ops, sb_alloc_security);
1087 set_to_dummy_if_null(ops, sb_free_security);
1088 set_to_dummy_if_null(ops, sb_copy_data);
1089 set_to_dummy_if_null(ops, sb_kern_mount);
1090 set_to_dummy_if_null(ops, sb_statfs);
1091 set_to_dummy_if_null(ops, sb_mount);
1092 set_to_dummy_if_null(ops, sb_check_sb);
1093 set_to_dummy_if_null(ops, sb_umount);
1094 set_to_dummy_if_null(ops, sb_umount_close);
1095 set_to_dummy_if_null(ops, sb_umount_busy);
1096 set_to_dummy_if_null(ops, sb_post_remount);
1097 set_to_dummy_if_null(ops, sb_post_addmount);
1098 set_to_dummy_if_null(ops, sb_pivotroot);
1099 set_to_dummy_if_null(ops, sb_post_pivotroot);
1100 set_to_dummy_if_null(ops, sb_get_mnt_opts);
1101 set_to_dummy_if_null(ops, sb_set_mnt_opts);
1102 set_to_dummy_if_null(ops, sb_clone_mnt_opts);
1103 set_to_dummy_if_null(ops, sb_parse_opts_str);
1104 set_to_dummy_if_null(ops, inode_alloc_security);
1105 set_to_dummy_if_null(ops, inode_free_security);
1106 set_to_dummy_if_null(ops, inode_init_security);
1107 set_to_dummy_if_null(ops, inode_create);
1108 set_to_dummy_if_null(ops, inode_link);
1109 set_to_dummy_if_null(ops, inode_unlink);
1110 set_to_dummy_if_null(ops, inode_symlink);
1111 set_to_dummy_if_null(ops, inode_mkdir);
1112 set_to_dummy_if_null(ops, inode_rmdir);
1113 set_to_dummy_if_null(ops, inode_mknod);
1114 set_to_dummy_if_null(ops, inode_rename);
1115 set_to_dummy_if_null(ops, inode_readlink);
1116 set_to_dummy_if_null(ops, inode_follow_link);
1117 set_to_dummy_if_null(ops, inode_permission);
1118 set_to_dummy_if_null(ops, inode_setattr);
1119 set_to_dummy_if_null(ops, inode_getattr);
1120 set_to_dummy_if_null(ops, inode_delete);
1121 set_to_dummy_if_null(ops, inode_setxattr);
1122 set_to_dummy_if_null(ops, inode_post_setxattr);
1123 set_to_dummy_if_null(ops, inode_getxattr);
1124 set_to_dummy_if_null(ops, inode_listxattr);
1125 set_to_dummy_if_null(ops, inode_removexattr);
1126 set_to_dummy_if_null(ops, inode_need_killpriv);
1127 set_to_dummy_if_null(ops, inode_killpriv);
1128 set_to_dummy_if_null(ops, inode_getsecurity);
1129 set_to_dummy_if_null(ops, inode_setsecurity);
1130 set_to_dummy_if_null(ops, inode_listsecurity);
1131 set_to_dummy_if_null(ops, inode_getsecid);
1132 set_to_dummy_if_null(ops, file_permission);
1133 set_to_dummy_if_null(ops, file_alloc_security);
1134 set_to_dummy_if_null(ops, file_free_security);
1135 set_to_dummy_if_null(ops, file_ioctl);
1136 set_to_dummy_if_null(ops, file_mmap);
1137 set_to_dummy_if_null(ops, file_mprotect);
1138 set_to_dummy_if_null(ops, file_lock);
1139 set_to_dummy_if_null(ops, file_fcntl);
1140 set_to_dummy_if_null(ops, file_set_fowner);
1141 set_to_dummy_if_null(ops, file_send_sigiotask);
1142 set_to_dummy_if_null(ops, file_receive);
1143 set_to_dummy_if_null(ops, dentry_open);
1144 set_to_dummy_if_null(ops, task_create);
1145 set_to_dummy_if_null(ops, task_alloc_security);
1146 set_to_dummy_if_null(ops, task_free_security);
1147 set_to_dummy_if_null(ops, task_setuid);
1148 set_to_dummy_if_null(ops, task_post_setuid);
1149 set_to_dummy_if_null(ops, task_setgid);
1150 set_to_dummy_if_null(ops, task_setpgid);
1151 set_to_dummy_if_null(ops, task_getpgid);
1152 set_to_dummy_if_null(ops, task_getsid);
1153 set_to_dummy_if_null(ops, task_getsecid);
1154 set_to_dummy_if_null(ops, task_setgroups);
1155 set_to_dummy_if_null(ops, task_setnice);
1156 set_to_dummy_if_null(ops, task_setioprio);
1157 set_to_dummy_if_null(ops, task_getioprio);
1158 set_to_dummy_if_null(ops, task_setrlimit);
1159 set_to_dummy_if_null(ops, task_setscheduler);
1160 set_to_dummy_if_null(ops, task_getscheduler);
1161 set_to_dummy_if_null(ops, task_movememory);
1162 set_to_dummy_if_null(ops, task_wait);
1163 set_to_dummy_if_null(ops, task_kill);
1164 set_to_dummy_if_null(ops, task_prctl);
1165 set_to_dummy_if_null(ops, task_reparent_to_init);
1166 set_to_dummy_if_null(ops, task_to_inode);
1167 set_to_dummy_if_null(ops, ipc_permission);
1168 set_to_dummy_if_null(ops, ipc_getsecid);
1169 set_to_dummy_if_null(ops, msg_msg_alloc_security);
1170 set_to_dummy_if_null(ops, msg_msg_free_security);
1171 set_to_dummy_if_null(ops, msg_queue_alloc_security);
1172 set_to_dummy_if_null(ops, msg_queue_free_security);
1173 set_to_dummy_if_null(ops, msg_queue_associate);
1174 set_to_dummy_if_null(ops, msg_queue_msgctl);
1175 set_to_dummy_if_null(ops, msg_queue_msgsnd);
1176 set_to_dummy_if_null(ops, msg_queue_msgrcv);
1177 set_to_dummy_if_null(ops, shm_alloc_security);
1178 set_to_dummy_if_null(ops, shm_free_security);
1179 set_to_dummy_if_null(ops, shm_associate);
1180 set_to_dummy_if_null(ops, shm_shmctl);
1181 set_to_dummy_if_null(ops, shm_shmat);
1182 set_to_dummy_if_null(ops, sem_alloc_security);
1183 set_to_dummy_if_null(ops, sem_free_security);
1184 set_to_dummy_if_null(ops, sem_associate);
1185 set_to_dummy_if_null(ops, sem_semctl);
1186 set_to_dummy_if_null(ops, sem_semop);
1187 set_to_dummy_if_null(ops, netlink_send);
1188 set_to_dummy_if_null(ops, netlink_recv);
1189 set_to_dummy_if_null(ops, register_security);
1190 set_to_dummy_if_null(ops, d_instantiate);
1191 set_to_dummy_if_null(ops, getprocattr);
1192 set_to_dummy_if_null(ops, setprocattr);
1193 set_to_dummy_if_null(ops, secid_to_secctx);
1194 set_to_dummy_if_null(ops, secctx_to_secid);
1195 set_to_dummy_if_null(ops, release_secctx);
1196#ifdef CONFIG_SECURITY_NETWORK
1197 set_to_dummy_if_null(ops, unix_stream_connect);
1198 set_to_dummy_if_null(ops, unix_may_send);
1199 set_to_dummy_if_null(ops, socket_create);
1200 set_to_dummy_if_null(ops, socket_post_create);
1201 set_to_dummy_if_null(ops, socket_bind);
1202 set_to_dummy_if_null(ops, socket_connect);
1203 set_to_dummy_if_null(ops, socket_listen);
1204 set_to_dummy_if_null(ops, socket_accept);
1205 set_to_dummy_if_null(ops, socket_post_accept);
1206 set_to_dummy_if_null(ops, socket_sendmsg);
1207 set_to_dummy_if_null(ops, socket_recvmsg);
1208 set_to_dummy_if_null(ops, socket_getsockname);
1209 set_to_dummy_if_null(ops, socket_getpeername);
1210 set_to_dummy_if_null(ops, socket_setsockopt);
1211 set_to_dummy_if_null(ops, socket_getsockopt);
1212 set_to_dummy_if_null(ops, socket_shutdown);
1213 set_to_dummy_if_null(ops, socket_sock_rcv_skb);
1214 set_to_dummy_if_null(ops, socket_getpeersec_stream);
1215 set_to_dummy_if_null(ops, socket_getpeersec_dgram);
1216 set_to_dummy_if_null(ops, sk_alloc_security);
1217 set_to_dummy_if_null(ops, sk_free_security);
1218 set_to_dummy_if_null(ops, sk_clone_security);
1219 set_to_dummy_if_null(ops, sk_getsecid);
1220 set_to_dummy_if_null(ops, sock_graft);
1221 set_to_dummy_if_null(ops, inet_conn_request);
1222 set_to_dummy_if_null(ops, inet_csk_clone);
1223 set_to_dummy_if_null(ops, inet_conn_established);
1224 set_to_dummy_if_null(ops, req_classify_flow);
1225 #endif
1226#ifdef CONFIG_SECURITY_NETWORK_XFRM
1227 set_to_dummy_if_null(ops, xfrm_policy_alloc_security);
1228 set_to_dummy_if_null(ops, xfrm_policy_clone_security);
1229 set_to_dummy_if_null(ops, xfrm_policy_free_security);
1230 set_to_dummy_if_null(ops, xfrm_policy_delete_security);
1231 set_to_dummy_if_null(ops, xfrm_state_alloc_security);
1232 set_to_dummy_if_null(ops, xfrm_state_free_security);
1233 set_to_dummy_if_null(ops, xfrm_state_delete_security);
1234 set_to_dummy_if_null(ops, xfrm_policy_lookup);
1235 set_to_dummy_if_null(ops, xfrm_state_pol_flow_match);
1236 set_to_dummy_if_null(ops, xfrm_decode_session);
1237#endif
1238#ifdef CONFIG_KEYS
1239 set_to_dummy_if_null(ops, key_alloc);
1240 set_to_dummy_if_null(ops, key_free);
1241 set_to_dummy_if_null(ops, key_permission);
1242 set_to_dummy_if_null(ops, key_getsecurity);
1243#endif
1244#ifdef CONFIG_AUDIT
1245 set_to_dummy_if_null(ops, audit_rule_init);
1246 set_to_dummy_if_null(ops, audit_rule_known);
1247 set_to_dummy_if_null(ops, audit_rule_match);
1248 set_to_dummy_if_null(ops, audit_rule_free);
1249#endif
1250}
1251
1252
