Project import generated by Copybara.
GitOrigin-RevId: ebbadafddc65fbd6103f959818f274fdd7273f4e
diff --git a/include/linux/security.h b/include/linux/security.h
index 273877c..3632428 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -6,7 +6,6 @@
* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
* Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
* Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
- * Copyright (C) 2016 Mellanox Techonologies
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -36,6 +35,7 @@ struct linux_binprm;
struct cred;
struct rlimit;
struct siginfo;
+struct sem_array;
struct sembuf;
struct kern_ipc_perm;
struct audit_context;
@@ -49,17 +49,16 @@ struct qstr;
struct iattr;
struct fown_struct;
struct file_operations;
+struct shmid_kernel;
struct msg_msg;
+struct msg_queue;
struct xattr;
struct xfrm_sec_ctx;
struct mm_struct;
-/* Default (no) options for the capable function */
-#define CAP_OPT_NONE 0x0
/* If capable should audit the security request */
-#define CAP_OPT_NOAUDIT BIT(1)
-/* If capable is being called by a setid function */
-#define CAP_OPT_INSETID BIT(2)
+#define SECURITY_CAP_NOAUDIT 0
+#define SECURITY_CAP_AUDIT 1
/* LSM Agnostic defines for sb_set_mnt_opts */
#define SECURITY_LSM_NATIVE_LABELS 1
@@ -69,13 +68,9 @@ struct audit_krule;
struct user_namespace;
struct timezone;
-enum lsm_event {
- LSM_POLICY_CHANGE,
-};
-
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
- int cap, unsigned int opts);
+ int cap, int audit);
extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent);
@@ -85,13 +80,12 @@ extern int cap_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
extern int cap_bprm_set_creds(struct linux_binprm *bprm);
+extern int cap_bprm_secureexec(struct linux_binprm *bprm);
extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size, int flags);
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
-extern int cap_inode_getsecurity(struct inode *inode, const char *name,
- void **buffer, bool alloc);
extern int cap_mmap_addr(unsigned long addr);
extern int cap_mmap_file(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags);
@@ -115,7 +109,6 @@ struct xfrm_policy;
struct xfrm_state;
struct xfrm_user_sec_ctx;
struct seq_file;
-struct sctp_endpoint;
#ifdef CONFIG_MMU
extern unsigned long mmap_min_addr;
@@ -140,10 +133,6 @@ extern unsigned long dac_mmap_min_addr;
/* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS 8
-/* Flags for security_task_prlimit(). */
-#define LSM_PRLIMIT_READ 1
-#define LSM_PRLIMIT_WRITE 2
-
/* forward declares to avoid warnings */
struct sched_param;
struct request_sock;
@@ -151,7 +140,8 @@ struct request_sock;
/* bprm->unsafe reasons */
#define LSM_UNSAFE_SHARE 1
#define LSM_UNSAFE_PTRACE 2
-#define LSM_UNSAFE_NO_NEW_PRIVS 4
+#define LSM_UNSAFE_PTRACE_CAP 4
+#define LSM_UNSAFE_NO_NEW_PRIVS 8
#ifdef CONFIG_MMU
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
@@ -162,27 +152,6 @@ extern int mmap_min_addr_handler(struct ctl_table *table, int write,
typedef int (*initxattrs) (struct inode *inode,
const struct xattr *xattr_array, void *fs_data);
-
-/* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */
-#define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM,
-#define __data_id_stringify(dummy, str) #str,
-
-enum kernel_load_data_id {
- __kernel_read_file_id(__data_id_enumify)
-};
-
-static const char * const kernel_load_data_str[] = {
- __kernel_read_file_id(__data_id_stringify)
-};
-
-static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
-{
- if ((unsigned)id >= LOADING_MAX_ID)
- return kernel_load_data_str[LOADING_UNKNOWN];
-
- return kernel_load_data_str[id];
-}
-
#ifdef CONFIG_SECURITY
struct security_mnt_opts {
@@ -191,10 +160,6 @@ struct security_mnt_opts {
int num_mnt_opts;
};
-int call_lsm_notifier(enum lsm_event event, void *data);
-int register_lsm_notifier(struct notifier_block *nb);
-int unregister_lsm_notifier(struct notifier_block *nb);
-
static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
{
opts->mnt_opts = NULL;
@@ -219,13 +184,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
extern int security_init(void);
/* Security operations */
-int security_binder_set_context_mgr(const struct cred *mgr);
-int security_binder_transaction(const struct cred *from,
- const struct cred *to);
-int security_binder_transfer_binder(const struct cred *from,
- const struct cred *to);
-int security_binder_transfer_file(const struct cred *from,
- const struct cred *to, struct file *file);
+int security_binder_set_context_mgr(struct task_struct *mgr);
+int security_binder_transaction(struct task_struct *from,
+ struct task_struct *to);
+int security_binder_transfer_binder(struct task_struct *from,
+ struct task_struct *to);
+int security_binder_transfer_file(struct task_struct *from,
+ struct task_struct *to, struct file *file);
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
int security_ptrace_traceme(struct task_struct *parent);
int security_capget(struct task_struct *target,
@@ -236,19 +201,26 @@ int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
-int security_capable(const struct cred *cred,
- struct user_namespace *ns,
- int cap,
- unsigned int opts);
+int security_capable(const struct cred *cred, struct user_namespace *ns,
+ int cap);
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+ int cap);
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
+static inline int security_settime(const struct timespec *ts, const struct timezone *tz)
+{
+ struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+ return security_settime64(&ts64, tz);
+}
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
int security_bprm_set_creds(struct linux_binprm *bprm);
int security_bprm_check(struct linux_binprm *bprm);
void security_bprm_committing_creds(struct linux_binprm *bprm);
void security_bprm_committed_creds(struct linux_binprm *bprm);
+int security_bprm_secureexec(struct linux_binprm *bprm);
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
int security_sb_copy_data(char *orig, char *copy);
@@ -265,9 +237,7 @@ int security_sb_set_mnt_opts(struct super_block *sb,
unsigned long kern_flags,
unsigned long *set_kern_flags);
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
- struct super_block *newsb,
- unsigned long kern_flags,
- unsigned long *set_kern_flags);
+ struct super_block *newsb);
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
int security_dentry_init_security(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
@@ -333,18 +303,16 @@ void security_file_set_fowner(struct file *file);
int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig);
int security_file_receive(struct file *file);
-int security_file_open(struct file *file);
-int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
+int security_file_open(struct file *file, const struct cred *cred);
+int security_task_create(unsigned long clone_flags);
void security_task_free(struct task_struct *task);
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_transfer_creds(struct cred *new, const struct cred *old);
-void security_cred_getsecid(const struct cred *c, u32 *secid);
int security_kernel_act_as(struct cred *new, u32 secid);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
int security_kernel_module_request(char *kmod_name);
-int security_kernel_load_data(enum kernel_load_data_id id);
int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
enum kernel_read_file_id id);
@@ -357,15 +325,14 @@ void security_task_getsecid(struct task_struct *p, u32 *secid);
int security_task_setnice(struct task_struct *p, int nice);
int security_task_setioprio(struct task_struct *p, int ioprio);
int security_task_getioprio(struct task_struct *p);
-int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
- unsigned int flags);
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
struct rlimit *new_rlim);
int security_task_setscheduler(struct task_struct *p);
int security_task_getscheduler(struct task_struct *p);
int security_task_movememory(struct task_struct *p);
int security_task_kill(struct task_struct *p, struct siginfo *info,
- int sig, const struct cred *cred);
+ int sig, u32 secid);
+int security_task_wait(struct task_struct *p);
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
void security_task_to_inode(struct task_struct *p, struct inode *inode);
@@ -373,28 +340,28 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
int security_msg_msg_alloc(struct msg_msg *msg);
void security_msg_msg_free(struct msg_msg *msg);
-int security_msg_queue_alloc(struct kern_ipc_perm *msq);
-void security_msg_queue_free(struct kern_ipc_perm *msq);
-int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg);
-int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd);
-int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
+int security_msg_queue_alloc(struct msg_queue *msq);
+void security_msg_queue_free(struct msg_queue *msq);
+int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
+int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
+int security_msg_queue_msgsnd(struct msg_queue *msq,
struct msg_msg *msg, int msqflg);
-int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
+int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
struct task_struct *target, long type, int mode);
-int security_shm_alloc(struct kern_ipc_perm *shp);
-void security_shm_free(struct kern_ipc_perm *shp);
-int security_shm_associate(struct kern_ipc_perm *shp, int shmflg);
-int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd);
-int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg);
-int security_sem_alloc(struct kern_ipc_perm *sma);
-void security_sem_free(struct kern_ipc_perm *sma);
-int security_sem_associate(struct kern_ipc_perm *sma, int semflg);
-int security_sem_semctl(struct kern_ipc_perm *sma, int cmd);
-int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
+int security_shm_alloc(struct shmid_kernel *shp);
+void security_shm_free(struct shmid_kernel *shp);
+int security_shm_associate(struct shmid_kernel *shp, int shmflg);
+int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
+int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
+int security_sem_alloc(struct sem_array *sma);
+void security_sem_free(struct sem_array *sma);
+int security_sem_associate(struct sem_array *sma, int semflg);
+int security_sem_semctl(struct sem_array *sma, int cmd);
+int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
unsigned nsops, int alter);
void security_d_instantiate(struct dentry *dentry, struct inode *inode);
int security_getprocattr(struct task_struct *p, char *name, char **value);
-int security_setprocattr(const char *name, void *value, size_t size);
+int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
@@ -409,21 +376,6 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
struct security_mnt_opts {
};
-static inline int call_lsm_notifier(enum lsm_event event, void *data)
-{
- return 0;
-}
-
-static inline int register_lsm_notifier(struct notifier_block *nb)
-{
- return 0;
-}
-
-static inline int unregister_lsm_notifier(struct notifier_block *nb)
-{
- return 0;
-}
-
static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
{
}
@@ -442,25 +394,25 @@ static inline int security_init(void)
return 0;
}
-static inline int security_binder_set_context_mgr(const struct cred *mgr)
+static inline int security_binder_set_context_mgr(struct task_struct *mgr)
{
return 0;
}
-static inline int security_binder_transaction(const struct cred *from,
- const struct cred *to)
+static inline int security_binder_transaction(struct task_struct *from,
+ struct task_struct *to)
{
return 0;
}
-static inline int security_binder_transfer_binder(const struct cred *from,
- const struct cred *to)
+static inline int security_binder_transfer_binder(struct task_struct *from,
+ struct task_struct *to)
{
return 0;
}
-static inline int security_binder_transfer_file(const struct cred *from,
- const struct cred *to,
+static inline int security_binder_transfer_file(struct task_struct *from,
+ struct task_struct *to,
struct file *file)
{
return 0;
@@ -495,11 +447,14 @@ static inline int security_capset(struct cred *new,
}
static inline int security_capable(const struct cred *cred,
- struct user_namespace *ns,
- int cap,
- unsigned int opts)
+ struct user_namespace *ns, int cap)
{
- return cap_capable(cred, ns, cap, opts);
+ return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
+}
+
+static inline int security_capable_noaudit(const struct cred *cred,
+ struct user_namespace *ns, int cap) {
+ return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
static inline int security_quotactl(int cmds, int type, int id,
@@ -524,6 +479,14 @@ static inline int security_settime64(const struct timespec64 *ts,
return cap_settime(ts, tz);
}
+static inline int security_settime(const struct timespec *ts,
+ const struct timezone *tz)
+{
+ struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+ return cap_settime(&ts64, tz);
+}
+
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
{
return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
@@ -547,6 +510,11 @@ static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
{
}
+static inline int security_bprm_secureexec(struct linux_binprm *bprm)
+{
+ return cap_bprm_secureexec(bprm);
+}
+
static inline int security_sb_alloc(struct super_block *sb)
{
return 0;
@@ -608,9 +576,7 @@ static inline int security_sb_set_mnt_opts(struct super_block *sb,
}
static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
- struct super_block *newsb,
- unsigned long kern_flags,
- unsigned long *set_kern_flags)
+ struct super_block *newsb)
{
return 0;
}
@@ -787,7 +753,7 @@ static inline int security_inode_killpriv(struct dentry *dentry)
static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
{
- return cap_inode_getsecurity(inode, name, buffer, alloc);
+ return -EOPNOTSUPP;
}
static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
@@ -880,13 +846,13 @@ static inline int security_file_receive(struct file *file)
return 0;
}
-static inline int security_file_open(struct file *file)
+static inline int security_file_open(struct file *file,
+ const struct cred *cred)
{
return 0;
}
-static inline int security_task_alloc(struct task_struct *task,
- unsigned long clone_flags)
+static inline int security_task_create(unsigned long clone_flags)
{
return 0;
}
@@ -930,11 +896,6 @@ static inline int security_kernel_module_request(char *kmod_name)
return 0;
}
-static inline int security_kernel_load_data(enum kernel_load_data_id id)
-{
- return 0;
-}
-
static inline int security_kernel_read_file(struct file *file,
enum kernel_read_file_id id)
{
@@ -990,13 +951,6 @@ static inline int security_task_getioprio(struct task_struct *p)
return 0;
}
-static inline int security_task_prlimit(const struct cred *cred,
- const struct cred *tcred,
- unsigned int flags)
-{
- return 0;
-}
-
static inline int security_task_setrlimit(struct task_struct *p,
unsigned int resource,
struct rlimit *new_rlim)
@@ -1021,7 +975,12 @@ static inline int security_task_movememory(struct task_struct *p)
static inline int security_task_kill(struct task_struct *p,
struct siginfo *info, int sig,
- const struct cred *cred)
+ u32 secid)
+{
+ return 0;
+}
+
+static inline int security_task_wait(struct task_struct *p)
{
return 0;
}
@@ -1056,32 +1015,32 @@ static inline int security_msg_msg_alloc(struct msg_msg *msg)
static inline void security_msg_msg_free(struct msg_msg *msg)
{ }
-static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq)
+static inline int security_msg_queue_alloc(struct msg_queue *msq)
{
return 0;
}
-static inline void security_msg_queue_free(struct kern_ipc_perm *msq)
+static inline void security_msg_queue_free(struct msg_queue *msq)
{ }
-static inline int security_msg_queue_associate(struct kern_ipc_perm *msq,
+static inline int security_msg_queue_associate(struct msg_queue *msq,
int msqflg)
{
return 0;
}
-static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
+static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
{
return 0;
}
-static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
+static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
struct msg_msg *msg, int msqflg)
{
return 0;
}
-static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
+static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
struct msg_msg *msg,
struct task_struct *target,
long type, int mode)
@@ -1089,50 +1048,50 @@ static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq,
return 0;
}
-static inline int security_shm_alloc(struct kern_ipc_perm *shp)
+static inline int security_shm_alloc(struct shmid_kernel *shp)
{
return 0;
}
-static inline void security_shm_free(struct kern_ipc_perm *shp)
+static inline void security_shm_free(struct shmid_kernel *shp)
{ }
-static inline int security_shm_associate(struct kern_ipc_perm *shp,
+static inline int security_shm_associate(struct shmid_kernel *shp,
int shmflg)
{
return 0;
}
-static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
+static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
{
return 0;
}
-static inline int security_shm_shmat(struct kern_ipc_perm *shp,
+static inline int security_shm_shmat(struct shmid_kernel *shp,
char __user *shmaddr, int shmflg)
{
return 0;
}
-static inline int security_sem_alloc(struct kern_ipc_perm *sma)
+static inline int security_sem_alloc(struct sem_array *sma)
{
return 0;
}
-static inline void security_sem_free(struct kern_ipc_perm *sma)
+static inline void security_sem_free(struct sem_array *sma)
{ }
-static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
+static inline int security_sem_associate(struct sem_array *sma, int semflg)
{
return 0;
}
-static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
+static inline int security_sem_semctl(struct sem_array *sma, int cmd)
{
return 0;
}
-static inline int security_sem_semop(struct kern_ipc_perm *sma,
+static inline int security_sem_semop(struct sem_array *sma,
struct sembuf *sops, unsigned nsops,
int alter)
{
@@ -1147,7 +1106,7 @@ static inline int security_getprocattr(struct task_struct *p, char *name, char *
return -EINVAL;
}
-static inline int security_setprocattr(char *name, void *value, size_t size)
+static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
return -EINVAL;
}
@@ -1203,7 +1162,6 @@ int security_unix_may_send(struct socket *sock, struct socket *other);
int security_socket_create(int family, int type, int protocol, int kern);
int security_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern);
-int security_socket_socketpair(struct socket *socka, struct socket *sockb);
int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
int security_socket_listen(struct socket *sock, int backlog);
@@ -1241,11 +1199,6 @@ int security_tun_dev_create(void);
int security_tun_dev_attach_queue(void *security);
int security_tun_dev_attach(struct sock *sk, void *security);
int security_tun_dev_open(void *security);
-int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb);
-int security_sctp_bind_connect(struct sock *sk, int optname,
- struct sockaddr *address, int addrlen);
-void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
- struct sock *newsk);
#else /* CONFIG_SECURITY_NETWORK */
static inline int security_unix_stream_connect(struct sock *sock,
@@ -1275,12 +1228,6 @@ static inline int security_socket_post_create(struct socket *sock,
return 0;
}
-static inline int security_socket_socketpair(struct socket *socka,
- struct socket *sockb)
-{
- return 0;
-}
-
static inline int security_socket_bind(struct socket *sock,
struct sockaddr *address,
int addrlen)
@@ -1444,53 +1391,8 @@ static inline int security_tun_dev_open(void *security)
{
return 0;
}
-
-static inline int security_sctp_assoc_request(struct sctp_endpoint *ep,
- struct sk_buff *skb)
-{
- return 0;
-}
-
-static inline int security_sctp_bind_connect(struct sock *sk, int optname,
- struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
- struct sock *sk,
- struct sock *newsk)
-{
-}
#endif /* CONFIG_SECURITY_NETWORK */
-#ifdef CONFIG_SECURITY_INFINIBAND
-int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
-int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
-int security_ib_alloc_security(void **sec);
-void security_ib_free_security(void *sec);
-#else /* CONFIG_SECURITY_INFINIBAND */
-static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
-{
- return 0;
-}
-
-static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
-{
- return 0;
-}
-
-static inline int security_ib_alloc_security(void **sec)
-{
- return 0;
-}
-
-static inline void security_ib_free_security(void *sec)
-{
-}
-#endif /* CONFIG_SECURITY_INFINIBAND */
-
#ifdef CONFIG_SECURITY_NETWORK_XFRM
int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
@@ -1736,10 +1638,6 @@ extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
struct dentry *parent, void *data,
const struct file_operations *fops);
extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
-struct dentry *securityfs_create_symlink(const char *name,
- struct dentry *parent,
- const char *target,
- const struct inode_operations *iops);
extern void securityfs_remove(struct dentry *dentry);
#else /* CONFIG_SECURITYFS */
@@ -1759,14 +1657,6 @@ static inline struct dentry *securityfs_create_file(const char *name,
return ERR_PTR(-ENODEV);
}
-static inline struct dentry *securityfs_create_symlink(const char *name,
- struct dentry *parent,
- const char *target,
- const struct inode_operations *iops)
-{
- return ERR_PTR(-ENODEV);
-}
-
static inline void securityfs_remove(struct dentry *dentry)
{}
