| /security/apparmor/ |
| D | domain.c | 309 static int aa_xattrs_match(const struct linux_binprm *bprm, in aa_xattrs_match() argument
318 if (!bprm || !profile->xattr_count) in aa_xattrs_match()
325 d = bprm->file->f_path.dentry; in aa_xattrs_match()
381 static struct aa_label *find_attach(const struct linux_binprm *bprm, in find_attach() argument
424 if (bprm && profile->xattr_count) { in find_attach()
430 ret = aa_xattrs_match(bprm, profile, in find_attach()
551 const struct linux_binprm *bprm, in x_to_label() argument
579 new = find_attach(bprm, ns, &profile->base.profiles, in x_to_label()
583 new = find_attach(bprm, ns, &ns->base.profiles, in x_to_label()
618 const struct linux_binprm *bprm, in profile_transition() argument
[all …]
|
| D | lsm.c | 679 static void apparmor_bprm_committing_creds(struct linux_binprm *bprm) in apparmor_bprm_committing_creds() argument
682 struct aa_label *new_label = cred_label(bprm->cred); in apparmor_bprm_committing_creds()
689 aa_inherit_files(bprm->cred, current->files); in apparmor_bprm_committing_creds()
701 static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) in apparmor_bprm_committed_creds() argument
|
| /security/ |
| D | commoncap.c | 530 struct linux_binprm *bprm, in bprm_caps_from_vfs_caps() argument
534 struct cred *new = bprm->cred; in bprm_caps_from_vfs_caps()
652 static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_fcap) in get_file_caps() argument
657 cap_clear(bprm->cred->cap_permitted); in get_file_caps()
662 if (!mnt_may_suid(bprm->file->f_path.mnt)) in get_file_caps()
670 if (!current_in_userns(bprm->file->f_path.mnt->mnt_sb->s_user_ns)) in get_file_caps()
673 rc = get_vfs_caps_from_disk(bprm->file->f_path.dentry, &vcaps); in get_file_caps()
677 bprm->filename); in get_file_caps()
683 rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap); in get_file_caps()
687 cap_clear(bprm->cred->cap_permitted); in get_file_caps()
[all …]
|
| D | security.c | 775 int security_bprm_set_creds(struct linux_binprm *bprm) in security_bprm_set_creds() argument
777 return call_int_hook(bprm_set_creds, 0, bprm); in security_bprm_set_creds()
780 int security_bprm_check(struct linux_binprm *bprm) in security_bprm_check() argument
784 ret = call_int_hook(bprm_check_security, 0, bprm); in security_bprm_check()
787 return ima_bprm_check(bprm); in security_bprm_check()
790 void security_bprm_committing_creds(struct linux_binprm *bprm) in security_bprm_committing_creds() argument
792 call_void_hook(bprm_committing_creds, bprm); in security_bprm_committing_creds()
795 void security_bprm_committed_creds(struct linux_binprm *bprm) in security_bprm_committed_creds() argument
797 call_void_hook(bprm_committed_creds, bprm); in security_bprm_committed_creds()
|
| /security/tomoyo/ |
| D | audit.c | 22 static char *tomoyo_print_bprm(struct linux_binprm *bprm, in tomoyo_print_bprm() argument
30 unsigned long pos = bprm->p; in tomoyo_print_bprm()
32 int argv_count = bprm->argc; in tomoyo_print_bprm()
33 int envp_count = bprm->envc; in tomoyo_print_bprm()
46 if (!tomoyo_dump_page(bprm, pos, dump)) in tomoyo_print_bprm()
261 struct file *file = r->ee->bprm->file; in tomoyo_init_log()
264 bprm_info = tomoyo_print_bprm(r->ee->bprm, &r->ee->dump); in tomoyo_init_log()
281 struct linux_binprm *bprm = r->ee->bprm; in tomoyo_init_log() local
285 realpath, bprm->argc, bprm->envc, bprm_info); in tomoyo_init_log()
|
| D | domain.c | 618 struct linux_binprm *bprm = ee->bprm; in tomoyo_environ() local
623 unsigned long pos = bprm->p; in tomoyo_environ()
625 int argv_count = bprm->argc; in tomoyo_environ()
626 int envp_count = bprm->envc; in tomoyo_environ()
639 if (!tomoyo_dump_page(bprm, pos, &env_page)) in tomoyo_environ()
703 int tomoyo_find_next_domain(struct linux_binprm *bprm) in tomoyo_find_next_domain() argument
707 const char *original_name = bprm->filename; in tomoyo_find_next_domain()
724 ee->bprm = bprm; in tomoyo_find_next_domain()
726 ee->obj.path1 = bprm->file->f_path; in tomoyo_find_next_domain()
898 bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, in tomoyo_dump_page() argument
[all …]
|
| D | condition.c | 109 struct linux_binprm *bprm = ee->bprm; in tomoyo_scan_bprm() local
113 unsigned long pos = bprm->p; in tomoyo_scan_bprm()
115 int argv_count = bprm->argc; in tomoyo_scan_bprm()
116 int envp_count = bprm->envc; in tomoyo_scan_bprm()
130 if (!tomoyo_dump_page(bprm, pos, dump)) { in tomoyo_scan_bprm()
160 if (!tomoyo_argv(bprm->argc - argv_count, in tomoyo_scan_bprm()
780 struct linux_binprm *bprm = NULL; in tomoyo_condition() local
789 bprm = r->ee->bprm; in tomoyo_condition()
790 if (!bprm && (argc || envc)) in tomoyo_condition()
826 file = ee ? ee->bprm->file : NULL; in tomoyo_condition()
[all …]
|
| D | tomoyo.c | 55 static void tomoyo_bprm_committed_creds(struct linux_binprm *bprm) in tomoyo_bprm_committed_creds() argument
72 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) in tomoyo_bprm_set_creds() argument
78 if (bprm->called_set_creds) in tomoyo_bprm_set_creds()
85 tomoyo_load_policy(bprm->filename); in tomoyo_bprm_set_creds()
97 static int tomoyo_bprm_check_security(struct linux_binprm *bprm) in tomoyo_bprm_check_security() argument
107 const int err = tomoyo_find_next_domain(bprm); in tomoyo_bprm_check_security()
116 &bprm->file->f_path, O_RDONLY); in tomoyo_bprm_check_security()
|
| D | common.h | 624 struct linux_binprm *bprm; member
938 bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,
976 int tomoyo_find_next_domain(struct linux_binprm *bprm);
|
| /security/integrity/ima/ |
| D | ima_main.c | 407 int ima_bprm_check(struct linux_binprm *bprm) in ima_bprm_check() argument
413 ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, in ima_bprm_check()
418 security_cred_getsecid(bprm->cred, &secid); in ima_bprm_check()
419 return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, in ima_bprm_check()
|
| /security/apparmor/include/ |
| D | domain.h | 33 int apparmor_bprm_set_creds(struct linux_binprm *bprm);
|
| /security/selinux/ |
| D | hooks.c | 2279 static int check_nnp_nosuid(const struct linux_binprm *bprm, in check_nnp_nosuid() argument
2283 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS); in check_nnp_nosuid()
2284 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt); in check_nnp_nosuid()
2333 static int selinux_bprm_set_creds(struct linux_binprm *bprm) in selinux_bprm_set_creds() argument
2339 struct inode *inode = file_inode(bprm->file); in selinux_bprm_set_creds()
2344 if (bprm->called_set_creds) in selinux_bprm_set_creds()
2348 new_tsec = selinux_cred(bprm->cred); in selinux_bprm_set_creds()
2366 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); in selinux_bprm_set_creds()
2381 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); in selinux_bprm_set_creds()
2387 ad.u.file = bprm->file; in selinux_bprm_set_creds()
[all …]
|
| /security/smack/ |
| D | smack_lsm.c | 906 static int smack_bprm_set_creds(struct linux_binprm *bprm) in smack_bprm_set_creds() argument
908 struct inode *inode = file_inode(bprm->file); in smack_bprm_set_creds()
909 struct task_smack *bsp = smack_cred(bprm->cred); in smack_bprm_set_creds()
914 if (bprm->called_set_creds) in smack_bprm_set_creds()
926 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { in smack_bprm_set_creds()
942 if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) in smack_bprm_set_creds()
946 bprm->per_clear |= PER_CLEAR_ON_SETID; in smack_bprm_set_creds()
950 bprm->secureexec = 1; in smack_bprm_set_creds()
|