This patch adds a new header file, lsm_null.h, which contains the "null" implementation for every LSM hook. The capability module is then migrated to use of lsm_null.h. This unclutters the module substantially, and should help make it easier to reason what a module does. patch is against current lsm-2.5. comments? cheers, -chris diff --minimal -Nru a/security/lsm_null.h b/security/lsm_null.h --- /dev/null Wed Dec 31 16:00:00 1969 +++ b/security/lsm_null.h Mon Dec 3 23:33:20 2001 @@ -0,0 +1,887 @@ +#ifndef _LSM_NULL_H +#define _LSM_NULL_H + +/* + * Simple null methods for security hooks. To be used by modules that + * don't want to implement any particular hook. These methods typically + * just return success. Exceptions: + * null_capable -EPERM + * null_sys_security -ENOSYS + * null_register -EINVAL + * null_unregister -EINVAL + * + * Copyright (C) 2001 Chris Wright <chrisat_private> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include <linux/config.h> +#include <linux/module.h> +#include <linux/kernel.h> +#include <linux/security.h> +#include <linux/netfilter.h> +#include <linux/netlink.h> + +static inline int null_sethostname (char *hostname) +{ + return 0; +} + +static inline int null_setdomainname (char *domainname) +{ + return 0; +} + +static inline int null_reboot (unsigned int cmd) +{ + return 0; +} + +static inline int null_ioperm (unsigned long from, unsigned long num, int turn_on) +{ + return 0; +} + +static inline int null_iopl (unsigned int old, unsigned int level) +{ + return 0; +} + +static inline int null_ptrace (struct task_struct *parent, struct task_struct *child) +{ + return 0; +} + +static inline int null_capget (struct task_struct *target, kernel_cap_t * effective, + kernel_cap_t * inheritable, kernel_cap_t * permitted) +{ + return 0; +} + +static inline int null_capset_check (struct task_struct *target, + kernel_cap_t * effective, + kernel_cap_t * inheritable, + kernel_cap_t * permitted) +{ + return 0; +} + +static inline void null_capset_set (struct task_struct *target, + kernel_cap_t * effective, + kernel_cap_t * inheritable, + kernel_cap_t * permitted) +{ + return; +} + +static inline int null_acct (struct file *file) +{ + return 0; +} + +static inline int null_capable (struct task_struct *tsk, int cap) +{ + return -EPERM; +} + +static inline int null_sysctl (ctl_table * table, int op) +{ + return 0; +} + +static inline int null_sys_security (unsigned int id, unsigned int call, + unsigned long *args) +{ + return -ENOSYS; +} + +static inline int null_swapon (struct swap_info_struct *swap) +{ + return 0; +} + +static inline int null_swapoff (struct swap_info_struct *swap) +{ + return 0; +} + +static inline int null_nfsservctl (int cmd, struct nfsctl_arg *arg) +{ + return 0; +} + +static inline int null_quotactl (int cmds, int type, int id, struct super_block *sb) +{ + return 0; +} + +static inline int null_quota_on (struct file *f) +{ + return 0; +} + +static inline int null_bdflush (int func, long data) +{ + return 0; +} + +static inline int null_syslog (int type) +{ + return 0; +} + +static inline int null_netlink_send (struct sk_buff *skb) +{ + return 0; +} + +static inline int null_netlink_recv (struct sk_buff *skb) +{ + return 0; +} + +static inline int null_binprm_alloc_security (struct linux_binprm *bprm) +{ + return 0; +} + +static inline void null_binprm_free_security (struct linux_binprm *bprm) +{ + return; +} + +static inline void null_binprm_compute_creds (struct linux_binprm *bprm) +{ + return; +} + +static inline int null_binprm_set_security (struct linux_binprm *bprm) +{ + return 0; +} + +static inline int null_sb_alloc_security (struct super_block *sb) +{ + return 0; +} + +static inline void null_sb_free_security (struct super_block *sb) +{ + return; +} + +static inline int null_sb_statfs (struct super_block *sb) +{ + return 0; +} + +static inline int null_mount (char *dev_name, struct nameidata *nd, char *type, + unsigned long flags, void *data) +{ + return 0; +} + +static inline int null_check_sb (struct vfsmount *mnt, struct nameidata *nd) +{ + return 0; +} + +static inline int null_umount (struct vfsmount *mnt, int flags) +{ + return 0; +} + +static inline void null_umount_close (struct vfsmount *mnt) +{ + return; +} + +static inline void null_umount_busy (struct vfsmount *mnt) +{ + return; +} + +static inline void null_post_remount (struct vfsmount *mnt, unsigned long flags, + void *data) +{ + return; +} + + +static inline void null_post_mountroot (struct super_block *sb) +{ + return; +} + +static inline void null_post_addmount (struct vfsmount *mnt, struct nameidata *nd) +{ + return; +} + +static inline int null_inode_alloc_security (struct inode *inode) +{ + return 0; +} + +static inline void null_inode_free_security (struct inode *inode) +{ + return; +} + +static inline int null_inode_create (struct inode *inode, struct dentry *dentry, + int mask) +{ + return 0; +} + +static inline void null_inode_post_create (struct inode *inode, struct dentry *dentry, + int mask) +{ + return; +} + +static inline int null_inode_link (struct dentry *old_dentry, struct inode *inode, + struct dentry *new_dentry) +{ + return 0; +} + +static inline void null_inode_post_link (struct dentry *old_dentry, + struct inode *inode, + struct dentry *new_dentry) +{ + return; +} + +static inline int null_inode_unlink (struct inode *inode, struct dentry *dentry) +{ + return 0; +} + +static inline int null_inode_symlink (struct inode *inode, struct dentry *dentry, + const char *name) +{ + return 0; +} + +static inline void null_inode_post_symlink (struct inode *inode, + struct dentry *dentry, const char *name) +{ + return; +} + +static inline int null_inode_mkdir (struct inode *inode, struct dentry *dentry, + int mask) +{ + return 0; +} + +static inline void null_inode_post_mkdir (struct inode *inode, struct dentry *dentry, + int mask) +{ + return; +} + +static inline int null_inode_rmdir (struct inode *inode, struct dentry *dentry) +{ + return 0; +} + +static inline int null_inode_mknod (struct inode *inode, struct dentry *dentry, + int major, dev_t minor) +{ + return 0; +} + +static inline void null_inode_post_mknod (struct inode *inode, struct dentry *dentry, + int major, dev_t minor) +{ + return; +} + +static inline int null_inode_rename (struct inode *old_inode, + struct dentry *old_dentry, + struct inode *new_inode, + struct dentry *new_dentry) +{ + return 0; +} + +static inline void null_inode_post_rename (struct inode *old_inode, + struct dentry *old_dentry, + struct inode *new_inode, + struct dentry *new_dentry) +{ + return; +} + +static inline int null_inode_readlink (struct dentry *dentry) +{ + return 0; +} + +static inline int null_inode_follow_link (struct dentry *dentry, + struct nameidata *nameidata) +{ + return 0; +} + +static inline int null_inode_permission (struct inode *inode, int mask) +{ + return 0; +} + +static inline int null_inode_revalidate (struct dentry *inode) +{ + return 0; +} + +static inline int null_inode_setattr (struct dentry *dentry, struct iattr *iattr) +{ + return 0; +} + +static inline int null_inode_stat (struct inode *inode) +{ + return 0; +} + +static inline void null_post_lookup (struct inode *ino, struct dentry *d) +{ + return; +} + +static inline void null_delete (struct inode *ino) +{ + return; +} + +static inline int null_file_permission (struct file *file, int mask) +{ + return 0; +} + +static inline int null_file_alloc_security (struct file *file) +{ + return 0; +} + +static inline void null_file_free_security (struct file *file) +{ + return; +} + +static inline int null_file_llseek (struct file *file) +{ + return 0; +} + +static inline int null_file_ioctl (struct file *file, unsigned int command, + unsigned long arg) +{ + return 0; +} + +static inline int null_file_mmap (struct file *file, unsigned long prot, + unsigned long flags) +{ + return 0; +} + +static inline int null_file_mprotect (struct vm_area_struct *vma, unsigned long prot) +{ + return 0; +} + +static inline int null_file_lock (struct file *file, unsigned int cmd) +{ + return 0; +} + +static inline int null_file_fcntl (struct file *file, unsigned int cmd, + unsigned long arg) +{ + return 0; +} + +static inline int null_file_set_fowner (struct file *file) +{ + return 0; +} + +static inline int null_file_send_sigiotask (struct task_struct *tsk, + struct fown_struct *fown, int fd, + int reason) +{ + return 0; +} + +static inline int null_file_receive (struct file *file) +{ + return 0; +} + +static inline int null_task_create (unsigned long clone_flags) +{ + return 0; +} + +static inline int null_task_alloc_security (struct task_struct *p) +{ + return 0; +} + +static inline void null_task_free_security (struct task_struct *p) +{ + return; +} + +static inline int null_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) +{ + return 0; +} + +static inline int null_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) +{ + return 0; +} + +static inline int null_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) +{ + return 0; +} + +static inline int null_task_setpgid (struct task_struct *p, pid_t pgid) +{ + return 0; +} + +static inline int null_task_getpgid (struct task_struct *p) +{ + return 0; +} + +static inline int null_task_getsid (struct task_struct *p) +{ + return 0; +} + +static inline int null_task_setgroups (int gidsetsize, gid_t * grouplist) +{ + return 0; +} + +static inline int null_task_setnice (struct task_struct *p, int nice) +{ + return 0; +} + +static inline int null_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) +{ + return 0; +} + +static inline int null_task_setscheduler (struct task_struct *p, int policy, + struct sched_param *lp) +{ + return 0; +} + +static inline int null_task_getscheduler (struct task_struct *p) +{ + return 0; +} + +static inline int null_task_wait (struct task_struct *p) +{ + return 0; +} + +static inline int null_task_kill (struct task_struct *p, struct siginfo *info, + int sig) +{ + return 0; +} + +static inline int null_task_prctl (int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5) +{ + return 0; +} + +static inline void null_task_kmod_set_label (void) +{ + return; +} + +static inline unsigned int null_ip_preroute_first (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_preroute_last (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_input_first (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_input_last (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_forward_first (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_forward_last (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_output_first (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_output_last (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_postroute_first (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline unsigned int null_ip_postroute_last (unsigned int hooknum, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn) (struct sk_buff *)) +{ + return NF_ACCEPT; +} + +static inline void null_ip_fragment (struct sk_buff *newskb, + const struct sk_buff *oldskb) +{ + return; +} + +static inline int null_ip_defragment (struct sk_buff *skb) +{ + return 0; +} + +static inline void null_ip_decapsulate (struct sk_buff *skb) +{ + return; +} + +static inline void null_ip_encapsulate (struct sk_buff *skb) +{ + return; +} + +static inline int null_ip_decode_options (struct sk_buff *skb, const char *optptr, + unsigned char **pp_ptr) +{ + return 0; +} + +static inline void null_netdev_unregister (struct net_device *dev) +{ + return; +} + +static inline int null_socket_create (int family, int type, int protocol) +{ + return 0; +} + +static inline void null_socket_post_create (struct socket *sock, int family, int type, + int protocol) +{ + return; +} + +static inline int null_socket_bind (struct socket *sock, struct sockaddr *address, + int addrlen) +{ + return 0; +} + +static inline int null_socket_connect (struct socket *sock, struct sockaddr *address, + int addrlen) +{ + return 0; +} + +static inline int null_socket_listen (struct socket *sock, int backlog) +{ + return 0; +} + +static inline int null_socket_accept (struct socket *sock, struct socket *newsock) +{ + return 0; +} + +static inline int null_socket_sendmsg (struct socket *sock, struct msghdr *msg, + int size) +{ + return 0; +} + +static inline int null_socket_recvmsg (struct socket *sock, struct msghdr *msg, + int size, int flags) +{ + return 0; +} + +static inline int null_socket_getsockname (struct socket *sock) +{ + return 0; +} + +static inline int null_socket_getpeername (struct socket *sock) +{ + return 0; +} + +static inline int null_socket_setsockopt (struct socket *sock, int level, int optname) +{ + return 0; +} + +static inline int null_socket_getsockopt (struct socket *sock, int level, int optname) +{ + return 0; +} + +static inline int null_socket_shutdown (struct socket *sock, int how) +{ + return 0; +} + +static inline int null_sock_rcv_skb (struct sock *sk, struct sk_buff *skb) +{ + return 0; +} + +static inline int null_socket_unix_stream_connect (struct socket *sock, + struct socket *other) +{ + return 0; +} + +static inline int null_socket_unix_may_send (struct socket *sock, + struct socket *other) +{ + return 0; +} + +static inline int null_module_create_module (const char *name_user, size_t size) +{ + return 0; +} + +static inline int null_module_init_module (struct module *mod_user) +{ + return 0; +} + +static inline int null_module_delete_module (const struct module *mod) +{ + return 0; +} + +static inline int null_ipc_permission (struct kern_ipc_perm *ipcp, short flag) +{ + return 0; +} + +static inline int null_ipc_getinfo (int id, int cmd) +{ + return 0; +} + +static inline int null_msg_msg_alloc_security (struct msg_msg *msg) +{ + return 0; +} + +static inline void null_msg_msg_free_security (struct msg_msg *msg) +{ + return; +} + +static inline int null_msg_queue_alloc_security (struct msg_queue *msq) +{ + return 0; +} + +static inline void null_msg_queue_free_security (struct msg_queue *msq) +{ + return; +} + +static inline int null_msg_queue_associate (struct msg_queue *msq, int msqid, + int msqflg) +{ + return 0; +} + +static inline int null_msg_queue_msgctl (struct msg_queue *msq, int msqid, int cmd) +{ + return 0; +} + +static inline int null_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg, + int msqid, int msgflg) +{ + return 0; +} + +static inline int null_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg, + struct task_struct *target, long type, + int mode) +{ + return 0; +} + +static inline int null_shm_alloc_security (struct shmid_kernel *shp) +{ + return 0; +} + +static inline void null_shm_free_security (struct shmid_kernel *shp) +{ + return; +} + +static inline int null_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg) +{ + return 0; +} + +static inline int null_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd) +{ + return 0; +} + +static inline int null_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr, + int shmflg) +{ + return 0; +} + +static inline int null_sem_alloc_security (struct sem_array *sma) +{ + return 0; +} + +static inline void null_sem_free_security (struct sem_array *sma) +{ + return; +} + +static inline int null_sem_associate (struct sem_array *sma, int semid, int semflg) +{ + return 0; +} + +static inline int null_sem_semctl (struct sem_array *sma, int semid, int cmd) +{ + return 0; +} + +static inline int null_sem_semop (struct sem_array *sma, int semid, + struct sembuf *sops, unsigned nsops, int alter) +{ + return 0; +} + +static inline int null_skb_alloc_security (struct sk_buff *skb) +{ + return 0; +} + +static inline int null_skb_clone (struct sk_buff *newskb, + const struct sk_buff *oldskb) +{ + return 0; +} + +static inline void null_skb_copy (struct sk_buff *newskb, + const struct sk_buff *oldskb) +{ + return; +} + +static inline void null_skb_set_owner_w (struct sk_buff *skb, struct sock *sk) +{ + return; +} + +static inline void null_skb_free_security (struct sk_buff *skb) +{ + return; +} + +static inline int null_register (const char *name, struct security_operations *ops) +{ + return -EINVAL; +} + +static inline int null_unregister (const char *name, struct security_operations *ops) +{ + return -EINVAL; +} + +#endif /* _LSM_NULL_H */ diff --minimal -Nru a/security/capability.c b/security/capability.c --- a/security/capability.c Mon Dec 3 23:33:20 2001 +++ b/security/capability.c Mon Dec 3 23:33:20 2001 @@ -18,34 +18,11 @@ #include <linux/netfilter.h> #include <linux/netlink.h> +#include "lsm_null.h" + /* flag to keep track of how we were registered */ static int secondary; -static int cap_sethostname (char *hostname) -{ - return 0; -} - -static int cap_setdomainname (char *domainname) -{ - return 0; -} - -static int cap_reboot (unsigned int cmd) -{ - return 0; -} - -static int cap_ioperm (unsigned long from, unsigned long num, int turn_on) -{ - return 0; -} - -static int cap_iopl (unsigned int old, unsigned int level) -{ - return 0; -} - static int cap_capable (struct task_struct *tsk, int cap) { /* Derived from include/linux/sched.h:capable. */ @@ -55,47 +32,6 @@ return -EPERM; } -static int cap_sys_security (unsigned int id, unsigned int call, - unsigned long *args) -{ - return -ENOSYS; -} - -static int cap_swapon (struct swap_info_struct *swap) -{ - return 0; -} - -static int cap_swapoff (struct swap_info_struct *swap) -{ - return 0; -} - -static int cap_nfsservctl (int cmd, struct nfsctl_arg *arg) -{ - return 0; -} - -static int cap_quotactl (int cmds, int type, int id, struct super_block *sb) -{ - return 0; -} - -static int cap_quota_on (struct file *f) -{ - return 0; -} - -static int cap_bdflush (int func, long data) -{ - return 0; -} - -static int cap_syslog (int type) -{ - return 0; -} - static int cap_netlink_send (struct sk_buff *skb) { NETLINK_CB (skb).eff_cap = current->cap_effective; @@ -167,21 +103,6 @@ target->cap_permitted = *permitted; } -static int cap_acct (struct file *file) -{ - return 0; -} - -static int cap_sysctl (ctl_table * table, int op) -{ - return 0; -} - -static int cap_binprm_alloc_security (struct linux_binprm *bprm) -{ - return 0; -} - static int cap_binprm_set_security (struct linux_binprm *bprm) { /* Copied from fs/exec.c:prepare_binprm. */ @@ -210,11 +131,6 @@ return 0; } -static void cap_binprm_free_security (struct linux_binprm *bprm) -{ - return; -} - /* Copied from fs/exec.c */ static inline int must_not_trace_exec (struct task_struct *p) { @@ -266,283 +182,6 @@ current->keep_capabilities = 0; } -static int cap_sb_alloc_security (struct super_block *sb) -{ - return 0; -} - -static void cap_sb_free_security (struct super_block *sb) -{ - return; -} - -static int cap_sb_statfs (struct super_block *sb) -{ - return 0; -} - -static int cap_mount (char *dev_name, struct nameidata *nd, char *type, - unsigned long flags, void *data) -{ - return 0; -} - -static int cap_check_sb (struct vfsmount *mnt, struct nameidata *nd) -{ - return 0; -} - -static int cap_umount (struct vfsmount *mnt, int flags) -{ - return 0; -} - -static void cap_umount_close (struct vfsmount *mnt) -{ - return; -} - -static void cap_umount_busy (struct vfsmount *mnt) -{ - return; -} - -static void cap_post_remount (struct vfsmount *mnt, unsigned long flags, - void *data) -{ - return; -} - -static void cap_post_mountroot (struct super_block *sb) -{ - return; -} - -static void cap_post_addmount (struct vfsmount *mnt, struct nameidata *nd) -{ - return; -} - -static int cap_inode_alloc_security (struct inode *inode) -{ - return 0; -} - -static void cap_inode_free_security (struct inode *inode) -{ - return; -} - -static int cap_inode_create (struct inode *inode, struct dentry *dentry, - int mask) -{ - return 0; -} - -static void cap_inode_post_create (struct inode *inode, struct dentry *dentry, - int mask) -{ - return; -} - -static int cap_inode_link (struct dentry *old_dentry, struct inode *inode, - struct dentry *new_dentry) -{ - return 0; -} - -static void cap_inode_post_link (struct dentry *old_dentry, struct inode *inode, - struct dentry *new_dentry) -{ - return; -} - -static int cap_inode_unlink (struct inode *inode, struct dentry *dentry) -{ - return 0; -} - -static int cap_inode_symlink (struct inode *inode, struct dentry *dentry, - const char *name) -{ - return 0; -} - -static void cap_inode_post_symlink (struct inode *inode, struct dentry *dentry, - const char *name) -{ - return; -} - -static int cap_inode_mkdir (struct inode *inode, struct dentry *dentry, - int mask) -{ - return 0; -} - -static void cap_inode_post_mkdir (struct inode *inode, struct dentry *dentry, - int mask) -{ - return; -} - -static int cap_inode_rmdir (struct inode *inode, struct dentry *dentry) -{ - return 0; -} - -static int cap_inode_mknod (struct inode *inode, struct dentry *dentry, - int major, dev_t minor) -{ - return 0; -} - -static void cap_inode_post_mknod (struct inode *inode, struct dentry *dentry, - int major, dev_t minor) -{ - return; -} - -static int cap_inode_rename (struct inode *old_inode, struct dentry *old_dentry, - struct inode *new_inode, struct dentry *new_dentry) -{ - return 0; -} - -static void cap_inode_post_rename (struct inode *old_inode, - struct dentry *old_dentry, - struct inode *new_inode, - struct dentry *new_dentry) -{ - return; -} - -static int cap_inode_readlink (struct dentry *dentry) -{ - return 0; -} - -static int cap_inode_follow_link (struct dentry *dentry, - struct nameidata *nameidata) -{ - return 0; -} - -static int cap_inode_permission (struct inode *inode, int mask) -{ - return 0; -} - -static int cap_inode_revalidate (struct dentry *inode) -{ - return 0; -} - -static int cap_inode_setattr (struct dentry *dentry, struct iattr *iattr) -{ - return 0; -} - -static int cap_inode_stat (struct inode *inode) -{ - return 0; -} - -static void cap_post_lookup (struct inode *ino, struct dentry *d) -{ - return; -} - -static void cap_delete (struct inode *ino) -{ - return; -} - -static int cap_file_permission (struct file *file, int mask) -{ - return 0; -} - -static int cap_file_alloc_security (struct file *file) -{ - return 0; -} - -static void cap_file_free_security (struct file *file) -{ - return; -} - -static int cap_file_llseek (struct file *file) -{ - return 0; -} - -static int cap_file_ioctl (struct file *file, unsigned int command, - unsigned long arg) -{ - return 0; -} - -static int cap_file_mmap (struct file *file, unsigned long prot, - unsigned long flags) -{ - return 0; -} - -static int cap_file_mprotect (struct vm_area_struct *vma, unsigned long prot) -{ - return 0; -} - -static int cap_file_lock (struct file *file, unsigned int cmd) -{ - return 0; -} - -static int cap_file_fcntl (struct file *file, unsigned int cmd, - unsigned long arg) -{ - return 0; -} - -static int cap_file_set_fowner (struct file *file) -{ - return 0; -} - -static int cap_file_send_sigiotask (struct task_struct *tsk, - struct fown_struct *fown, int fd, - int reason) -{ - return 0; -} - -static int cap_file_receive (struct file *file) -{ - return 0; -} - -static int cap_task_create (unsigned long clone_flags) -{ - return 0; -} - -static int cap_task_alloc_security (struct task_struct *p) -{ - return 0; -} - -static void cap_task_free_security (struct task_struct *p) -{ - return; -} - -static int cap_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) -{ - return 0; -} - /* moved from kernel/sys.c. */ /* * cap_emulate_setxuid() fixes the effective / permitted capabilities of @@ -633,185 +272,12 @@ return 0; } -static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) -{ - return 0; -} - -static int cap_task_setpgid (struct task_struct *p, pid_t pgid) -{ - return 0; -} - -static int cap_task_getpgid (struct task_struct *p) -{ - return 0; -} - -static int cap_task_getsid (struct task_struct *p) -{ - return 0; -} - -static int cap_task_setgroups (int gidsetsize, gid_t * grouplist) -{ - return 0; -} - -static int cap_task_setnice (struct task_struct *p, int nice) -{ - return 0; -} - -static int cap_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) -{ - return 0; -} - -static int cap_task_setscheduler (struct task_struct *p, int policy, - struct sched_param *lp) -{ - return 0; -} - -static int cap_task_getscheduler (struct task_struct *p) -{ - return 0; -} - -static int cap_task_wait (struct task_struct *p) -{ - return 0; -} - -static int cap_task_kill (struct task_struct *p, struct siginfo *info, int sig) -{ - return 0; -} - -static int cap_task_prctl (int option, unsigned long arg2, unsigned long arg3, - unsigned long arg4, unsigned long arg5) -{ - return 0; -} - static void cap_task_kmod_set_label (void) { cap_set_full (current->cap_effective); return; } -static unsigned int cap_ip_preroute_first (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_preroute_last (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_input_first (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_input_last (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_forward_first (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_forward_last (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_output_first (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_output_last (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_postroute_first (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static unsigned int cap_ip_postroute_last (unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn) (struct sk_buff *)) -{ - return NF_ACCEPT; -} - -static void cap_ip_fragment (struct sk_buff *newskb, - const struct sk_buff *oldskb) -{ - return; -} - -static int cap_ip_defragment (struct sk_buff *skb) -{ - return 0; -} - -static void cap_ip_encapsulate (struct sk_buff *skb) -{ - return; -} - -static void cap_ip_decapsulate (struct sk_buff *skb) -{ - return; -} - static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr) { @@ -822,449 +288,202 @@ return 0; } -static void cap_netdev_unregister (struct net_device *dev) -{ - return; -} - -static int cap_socket_create (int family, int type, int protocol) -{ - return 0; -} - -static void cap_socket_post_create (struct socket *sock, int family, int type, - int protocol) -{ - return; -} - -static int cap_socket_bind (struct socket *sock, struct sockaddr *address, - int addrlen) -{ - return 0; -} - -static int cap_socket_connect (struct socket *sock, struct sockaddr *address, - int addrlen) -{ - return 0; -} - -static int cap_socket_listen (struct socket *sock, int backlog) -{ - return 0; -} - -static int cap_socket_accept (struct socket *sock, struct socket *newsock) -{ - return 0; -} - -static int cap_socket_sendmsg (struct socket *sock, struct msghdr *msg, - int size) -{ - return 0; -} - -static int cap_socket_recvmsg (struct socket *sock, struct msghdr *msg, - int size, int flags) -{ - return 0; -} - -static int cap_socket_getsockname (struct socket *sock) -{ - return 0; -} - -static int cap_socket_getpeername (struct socket *sock) -{ - return 0; -} - -static int cap_socket_setsockopt (struct socket *sock, int level, int optname) -{ - return 0; -} - -static int cap_socket_getsockopt (struct socket *sock, int level, int optname) -{ - return 0; -} - -static int cap_socket_shutdown (struct socket *sock, int how) -{ - return 0; -} - -static int cap_sock_rcv_skb (struct sock *sk, struct sk_buff *skb) -{ - return 0; -} - -static int cap_socket_unix_stream_connect (struct socket *sock, - struct socket *other) -{ - return 0; -} - -static int cap_socket_unix_may_send (struct socket *sock, struct socket *other) -{ - return 0; -} - -static int cap_module_create_module (const char *name_user, size_t size) -{ - return 0; -} - -static int cap_module_init_module (struct module *mod_user) -{ - return 0; -} - -static int cap_module_delete_module (const struct module *mod) -{ - return 0; -} - -static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag) -{ - return 0; -} - -static int cap_ipc_getinfo (int id, int cmd) -{ - return 0; -} - -static int cap_msg_msg_alloc_security (struct msg_msg *msg) -{ - return 0; -} - -static void cap_msg_msg_free_security (struct msg_msg *msg) -{ - return; -} - -static int cap_msg_queue_alloc_security (struct msg_queue *msq) -{ - return 0; -} - -static void cap_msg_queue_free_security (struct msg_queue *msq) -{ - return; -} - -static int cap_msg_queue_associate (struct msg_queue *msq, int msgid, - int msgflg) -{ - return 0; -} - -static int cap_msg_queue_msgctl (struct msg_queue *msq, int msgid, int cmd) -{ - return 0; -} - -static int cap_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg, - int msgid, int msgflg) -{ - return 0; -} - -static int cap_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg, - struct task_struct *target, long type, - int mode) -{ - return 0; -} - -static int cap_shm_alloc_security (struct shmid_kernel *shp) -{ - return 0; -} - -static void cap_shm_free_security (struct shmid_kernel *shp) -{ - return; -} - -static int cap_shm_associate (struct shmid_kernel *shp, int shmid, int shmflg) -{ - return 0; -} - -static int cap_shm_shmctl (struct shmid_kernel *shp, int shmid, int cmd) -{ - return 0; -} - -static int cap_shm_shmat (struct shmid_kernel *shp, int shmid, char *shmaddr, - int shmflg) -{ - return 0; -} - -static int cap_sem_alloc_security (struct sem_array *sma) -{ - return 0; -} - -static void cap_sem_free_security (struct sem_array *sma) -{ - return; -} - -static int cap_sem_associate (struct sem_array *sma, int semid, int semflg) -{ - return 0; -} - -static int cap_sem_semctl (struct sem_array *sma, int semid, int cmd) -{ - return 0; -} - -static int cap_sem_semop (struct sem_array *sma, int semid, struct sembuf *sops, - unsigned nsops, int alter) -{ - return 0; -} - -static int cap_skb_alloc_security (struct sk_buff *skb) -{ - return 0; -} - -static int cap_skb_clone (struct sk_buff *newskb, const struct sk_buff *oldskb) -{ - return 0; -} - -static void cap_skb_copy (struct sk_buff *newskb, const struct sk_buff *oldskb) -{ - return; -} - -static void cap_skb_set_owner_w (struct sk_buff *skb, struct sock *sk) -{ - return; -} - -static void cap_skb_free_security (struct sk_buff *skb) -{ - return; -} - -static int cap_register (const char *name, struct security_operations *ops) -{ - return -EINVAL; -} - -static int cap_unregister (const char *name, struct security_operations *ops) -{ - return -EINVAL; -} - static struct binprm_security_ops cap_binprm_ops = { - alloc_security: cap_binprm_alloc_security, - free_security: cap_binprm_free_security, + alloc_security: null_binprm_alloc_security, + free_security: null_binprm_free_security, compute_creds: cap_binprm_compute_creds, set_security: cap_binprm_set_security, }; static struct super_block_security_ops cap_sb_ops = { - alloc_security: cap_sb_alloc_security, - free_security: cap_sb_free_security, - statfs: cap_sb_statfs, - mount: cap_mount, - check_sb: cap_check_sb, - umount: cap_umount, - umount_close: cap_umount_close, - umount_busy: cap_umount_busy, - post_remount: cap_post_remount, - post_mountroot: cap_post_mountroot, - post_addmount: cap_post_addmount, + alloc_security: null_sb_alloc_security, + free_security: null_sb_free_security, + statfs: null_sb_statfs, + mount: null_mount, + check_sb: null_check_sb, + umount: null_umount, + umount_close: null_umount_close, + umount_busy: null_umount_busy, + post_remount: null_post_remount, + post_mountroot: null_post_mountroot, + post_addmount: null_post_addmount, }; static struct inode_security_ops cap_inode_ops = { - alloc_security: cap_inode_alloc_security, - free_security: cap_inode_free_security, - create: cap_inode_create, - post_create: cap_inode_post_create, - link: cap_inode_link, - post_link: cap_inode_post_link, - unlink: cap_inode_unlink, - symlink: cap_inode_symlink, - post_symlink: cap_inode_post_symlink, - mkdir: cap_inode_mkdir, - post_mkdir: cap_inode_post_mkdir, - rmdir: cap_inode_rmdir, - mknod: cap_inode_mknod, - post_mknod: cap_inode_post_mknod, - rename: cap_inode_rename, - post_rename: cap_inode_post_rename, - readlink: cap_inode_readlink, - follow_link: cap_inode_follow_link, - permission: cap_inode_permission, - revalidate: cap_inode_revalidate, - setattr: cap_inode_setattr, - stat: cap_inode_stat, - post_lookup: cap_post_lookup, - delete: cap_delete, + alloc_security: null_inode_alloc_security, + free_security: null_inode_free_security, + create: null_inode_create, + post_create: null_inode_post_create, + link: null_inode_link, + post_link: null_inode_post_link, + unlink: null_inode_unlink, + symlink: null_inode_symlink, + post_symlink: null_inode_post_symlink, + mkdir: null_inode_mkdir, + post_mkdir: null_inode_post_mkdir, + rmdir: null_inode_rmdir, + mknod: null_inode_mknod, + post_mknod: null_inode_post_mknod, + rename: null_inode_rename, + post_rename: null_inode_post_rename, + readlink: null_inode_readlink, + follow_link: null_inode_follow_link, + permission: null_inode_permission, + revalidate: null_inode_revalidate, + setattr: null_inode_setattr, + stat: null_inode_stat, + post_lookup: null_post_lookup, + delete: null_delete, }; static struct file_security_ops cap_file_ops = { - permission: cap_file_permission, - alloc_security: cap_file_alloc_security, - free_security: cap_file_free_security, - llseek: cap_file_llseek, - ioctl: cap_file_ioctl, - mmap: cap_file_mmap, - mprotect: cap_file_mprotect, - lock: cap_file_lock, - fcntl: cap_file_fcntl, - set_fowner: cap_file_set_fowner, - send_sigiotask: cap_file_send_sigiotask, - receive: cap_file_receive, + permission: null_file_permission, + alloc_security: null_file_alloc_security, + free_security: null_file_free_security, + llseek: null_file_llseek, + ioctl: null_file_ioctl, + mmap: null_file_mmap, + mprotect: null_file_mprotect, + lock: null_file_lock, + fcntl: null_file_fcntl, + set_fowner: null_file_set_fowner, + send_sigiotask: null_file_send_sigiotask, + receive: null_file_receive, }; static struct task_security_ops cap_task_ops = { - create: cap_task_create, - alloc_security: cap_task_alloc_security, - free_security: cap_task_free_security, - setuid: cap_task_setuid, + create: null_task_create, + alloc_security: null_task_alloc_security, + free_security: null_task_free_security, + setuid: null_task_setuid, post_setuid: cap_task_post_setuid, - setgid: cap_task_setgid, - setpgid: cap_task_setpgid, - getpgid: cap_task_getpgid, - getsid: cap_task_getsid, - setgroups: cap_task_setgroups, - setnice: cap_task_setnice, - setrlimit: cap_task_setrlimit, - setscheduler: cap_task_setscheduler, - getscheduler: cap_task_getscheduler, - wait: cap_task_wait, - kill: cap_task_kill, - prctl: cap_task_prctl, + setgid: null_task_setgid, + setpgid: null_task_setpgid, + getpgid: null_task_getpgid, + getsid: null_task_getsid, + setgroups: null_task_setgroups, + setnice: null_task_setnice, + setrlimit: null_task_setrlimit, + setscheduler: null_task_setscheduler, + getscheduler: null_task_getscheduler, + wait: null_task_wait, + kill: null_task_kill, + prctl: null_task_prctl, kmod_set_label: cap_task_kmod_set_label, }; static struct socket_security_ops cap_socket_ops = { - create: cap_socket_create, - post_create: cap_socket_post_create, - bind: cap_socket_bind, - connect: cap_socket_connect, - listen: cap_socket_listen, - accept: cap_socket_accept, - sendmsg: cap_socket_sendmsg, - recvmsg: cap_socket_recvmsg, - getsockname: cap_socket_getsockname, - getpeername: cap_socket_getpeername, - getsockopt: cap_socket_getsockopt, - setsockopt: cap_socket_setsockopt, - shutdown: cap_socket_shutdown, - sock_rcv_skb: cap_sock_rcv_skb, - unix_stream_connect: cap_socket_unix_stream_connect, - unix_may_send: cap_socket_unix_may_send, + create: null_socket_create, + post_create: null_socket_post_create, + bind: null_socket_bind, + connect: null_socket_connect, + listen: null_socket_listen, + accept: null_socket_accept, + sendmsg: null_socket_sendmsg, + recvmsg: null_socket_recvmsg, + getsockname: null_socket_getsockname, + getpeername: null_socket_getpeername, + getsockopt: null_socket_getsockopt, + setsockopt: null_socket_setsockopt, + shutdown: null_socket_shutdown, + sock_rcv_skb: null_sock_rcv_skb, + unix_stream_connect: null_socket_unix_stream_connect, + unix_may_send: null_socket_unix_may_send, }; static struct skb_security_ops cap_skb_ops = { - alloc_security: cap_skb_alloc_security, - clone: cap_skb_clone, - copy: cap_skb_copy, - set_owner_w: cap_skb_set_owner_w, - free_security: cap_skb_free_security, + alloc_security: null_skb_alloc_security, + clone: null_skb_clone, + copy: null_skb_copy, + set_owner_w: null_skb_set_owner_w, + free_security: null_skb_free_security, }; static struct ip_security_ops cap_ip_ops = { - preroute_first: cap_ip_preroute_first, - preroute_last: cap_ip_preroute_last, - input_first: cap_ip_input_first, - input_last: cap_ip_input_last, - forward_first: cap_ip_forward_first, - forward_last: cap_ip_forward_last, - output_first: cap_ip_output_first, - output_last: cap_ip_output_last, - postroute_first: cap_ip_postroute_first, - postroute_last: cap_ip_postroute_last, - fragment: cap_ip_fragment, - defragment: cap_ip_defragment, - encapsulate: cap_ip_encapsulate, - decapsulate: cap_ip_decapsulate, + preroute_first: null_ip_preroute_first, + preroute_last: null_ip_preroute_last, + input_first: null_ip_input_first, + input_last: null_ip_input_last, + forward_first: null_ip_forward_first, + forward_last: null_ip_forward_last, + output_first: null_ip_output_first, + output_last: null_ip_output_last, + postroute_first: null_ip_postroute_first, + postroute_last: null_ip_postroute_last, + fragment: null_ip_fragment, + defragment: null_ip_defragment, + encapsulate: null_ip_encapsulate, + decapsulate: null_ip_decapsulate, decode_options: cap_ip_decode_options, }; static struct netdev_security_ops cap_netdev_ops = { - unregister: cap_netdev_unregister, + unregister: null_netdev_unregister, }; static struct module_security_ops cap_module_ops = { - create_module: cap_module_create_module, - init_module: cap_module_init_module, - delete_module: cap_module_delete_module, + create_module: null_module_create_module, + init_module: null_module_init_module, + delete_module: null_module_delete_module, }; static struct ipc_security_ops cap_ipc_ops = { - permission: cap_ipc_permission, - getinfo: cap_ipc_getinfo, + permission: null_ipc_permission, + getinfo: null_ipc_getinfo, }; static struct msg_msg_security_ops cap_msg_ops = { - alloc_security: cap_msg_msg_alloc_security, - free_security: cap_msg_msg_free_security, + alloc_security: null_msg_msg_alloc_security, + free_security: null_msg_msg_free_security, }; static struct msg_queue_security_ops cap_msg_queue_ops = { - alloc_security: cap_msg_queue_alloc_security, - free_security: cap_msg_queue_free_security, - associate: cap_msg_queue_associate, - msgctl: cap_msg_queue_msgctl, - msgsnd: cap_msg_queue_msgsnd, - msgrcv: cap_msg_queue_msgrcv, + alloc_security: null_msg_queue_alloc_security, + free_security: null_msg_queue_free_security, + associate: null_msg_queue_associate, + msgctl: null_msg_queue_msgctl, + msgsnd: null_msg_queue_msgsnd, + msgrcv: null_msg_queue_msgrcv, }; static struct shm_security_ops cap_shm_ops = { - alloc_security: cap_shm_alloc_security, - free_security: cap_shm_free_security, - associate: cap_shm_associate, - shmctl: cap_shm_shmctl, - shmat: cap_shm_shmat, + alloc_security: null_shm_alloc_security, + free_security: null_shm_free_security, + associate: null_shm_associate, + shmctl: null_shm_shmctl, + shmat: null_shm_shmat, }; static struct sem_security_ops cap_sem_ops = { - alloc_security: cap_sem_alloc_security, - free_security: cap_sem_free_security, - associate: cap_sem_associate, - semctl: cap_sem_semctl, - semop: cap_sem_semop, + alloc_security: null_sem_alloc_security, + free_security: null_sem_free_security, + associate: null_sem_associate, + semctl: null_sem_semctl, + semop: null_sem_semop, }; static struct security_operations capability_ops = { - sethostname: cap_sethostname, - setdomainname: cap_setdomainname, - reboot: cap_reboot, - ioperm: cap_ioperm, - iopl: cap_iopl, + sethostname: null_sethostname, + setdomainname: null_setdomainname, + reboot: null_reboot, + ioperm: null_ioperm, + iopl: null_iopl, ptrace: cap_ptrace, capget: cap_capget, capset_check: cap_capset_check, capset_set: cap_capset_set, - acct: cap_acct, - sysctl: cap_sysctl, + acct: null_acct, + sysctl: null_sysctl, capable: cap_capable, - sys_security: cap_sys_security, - swapon: cap_swapon, - swapoff: cap_swapoff, - nfsservctl: cap_nfsservctl, - quotactl: cap_quotactl, - quota_on: cap_quota_on, - bdflush: cap_bdflush, - syslog: cap_syslog, + sys_security: null_sys_security, + swapon: null_swapon, + swapoff: null_swapoff, + nfsservctl: null_nfsservctl, + quotactl: null_quotactl, + quota_on: null_quota_on, + bdflush: null_bdflush, + syslog: null_syslog, netlink_send: cap_netlink_send, netlink_recv: cap_netlink_recv, @@ -1284,8 +503,8 @@ shm_ops: &cap_shm_ops, sem_ops: &cap_sem_ops, - register_security: cap_register, - unregister_security: cap_unregister, + register_security: null_register, + unregister_security: null_unregister, }; #if defined(CONFIG_SECURITY_CAPABILITIES_MODULE) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 23:42:36 PST