| /security/keys/ |
| D | process_keys.c | 77 const struct cred *cred = current_cred(); in look_up_user_keyrings() local
82 uid_t uid = from_kuid(user_ns, cred->user->uid); in look_up_user_keyrings()
106 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
107 cred, user_keyring_perm, in look_up_user_keyrings()
128 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
129 cred, user_keyring_perm, in look_up_user_keyrings()
185 struct key *get_user_session_keyring_rcu(const struct cred *cred) in get_user_session_keyring_rcu() argument
187 struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); in get_user_session_keyring_rcu()
194 .cred = cred, in get_user_session_keyring_rcu()
205 from_kuid(cred->user_ns, in get_user_session_keyring_rcu()
[all …]
|
| D | request_key_auth.c | 113 if (rka->cred) in free_request_key_auth()
114 put_cred(rka->cred); in free_request_key_auth()
167 const struct cred *cred = current_cred(); in request_key_auth_new() local
186 if (cred->request_key_auth) { in request_key_auth_new()
188 down_read(&cred->request_key_auth->sem); in request_key_auth_new()
193 &cred->request_key_auth->flags)) { in request_key_auth_new()
194 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
199 irka = cred->request_key_auth->payload.data[0]; in request_key_auth_new()
200 rka->cred = get_cred(irka->cred); in request_key_auth_new()
203 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
[all …]
|
| D | request_key.c | 77 static int umh_keys_init(struct subprocess_info *info, struct cred *cred) in umh_keys_init() argument
81 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
119 const struct cred *cred = current_cred(); in call_sbin_request_key() local
136 cred = get_current_cred(); in call_sbin_request_key()
137 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
140 put_cred(cred); in call_sbin_request_key()
152 sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid)); in call_sbin_request_key()
153 sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid)); in call_sbin_request_key()
160 cred->thread_keyring ? cred->thread_keyring->serial : 0); in call_sbin_request_key()
163 if (cred->process_keyring) in call_sbin_request_key()
[all …]
|
| D | permission.c | 26 int key_task_permission(const key_ref_t key_ref, const struct cred *cred, in key_task_permission() argument
36 if (uid_eq(key->uid, cred->fsuid)) { in key_task_permission()
44 if (gid_eq(key->gid, cred->fsgid)) { in key_task_permission()
49 ret = groups_search(cred->group_info, key->gid); in key_task_permission()
73 return security_key_permission(key_ref, cred, perm); in key_task_permission()
|
| D | internal.h | 117 const struct cred *cred; member
148 extern struct key *get_user_session_keyring_rcu(const struct cred *);
149 extern int install_thread_keyring_to_cred(struct cred *);
150 extern int install_process_keyring_to_cred(struct cred *);
151 extern int install_session_keyring_to_cred(struct cred *, struct key *);
181 const struct cred *cred,
|
| D | keyctl.c | 1075 struct cred *new; in keyctl_change_reqkey_auth()
1100 const struct cred *cred = current_cred(); in keyctl_instantiate_key_common() local
1119 instkey = cred->request_key_auth; in keyctl_instantiate_key_common()
1265 const struct cred *cred = current_cred(); in keyctl_reject_key() local
1284 instkey = cred->request_key_auth; in keyctl_reject_key()
1322 struct cred *new; in keyctl_set_reqkey_keyring()
1553 const struct cred *mycred, *pcred; in keyctl_session_to_parent()
1556 struct cred *cred; in keyctl_session_to_parent() local
1568 cred = cred_alloc_blank(); in keyctl_session_to_parent()
1569 if (!cred) in keyctl_session_to_parent()
[all …]
|
| D | key.c | 225 kuid_t uid, kgid_t gid, const struct cred *cred, in key_alloc() argument
311 ret = security_key_alloc(key, cred, flags); in key_alloc()
821 const struct cred *cred = current_cred(); in key_create_or_update() local
925 cred->fsuid, cred->fsgid, cred, perm, flags, NULL); in key_create_or_update()
|
| /security/ |
| D | commoncap.c | 65 int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, in cap_capable() argument
76 if (ns == cred->user_ns) in cap_capable()
77 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
83 if (ns->level <= cred->user_ns->level) in cap_capable()
90 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
136 const struct cred *cred, *child_cred; in cap_ptrace_access_check() local
140 cred = current_cred(); in cap_ptrace_access_check()
143 caller_caps = &cred->cap_effective; in cap_ptrace_access_check()
145 caller_caps = &cred->cap_permitted; in cap_ptrace_access_check()
146 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_access_check()
[all …]
|
| D | security.c | 278 static void __init lsm_early_cred(struct cred *cred);
321 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
493 static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) in lsm_cred_alloc() argument
496 cred->security = NULL; in lsm_cred_alloc()
500 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
501 if (cred->security == NULL) in lsm_cred_alloc()
512 static void __init lsm_early_cred(struct cred *cred) in lsm_early_cred() argument
514 int rc = lsm_cred_alloc(cred, GFP_KERNEL); in lsm_early_cred()
715 int security_capset(struct cred *new, const struct cred *old, in security_capset()
724 int security_capable(const struct cred *cred, in security_capable() argument
[all …]
|
| /security/apparmor/include/ |
| D | cred.h | 22 static inline struct aa_label *cred_label(const struct cred *cred) in cred_label() argument
24 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in cred_label()
30 static inline void set_cred_label(const struct cred *cred, in set_cred_label() argument
33 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in set_cred_label()
47 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) in aa_cred_raw_label() argument
49 struct aa_label *label = cred_label(cred); in aa_cred_raw_label()
61 static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred) in aa_get_newest_cred_label() argument
63 return aa_get_newest_label(aa_cred_raw_label(cred)); in aa_get_newest_cred_label()
|
| D | file.h | 202 void aa_inherit_files(const struct cred *cred, struct files_struct *files);
|
| /security/safesetid/ |
| D | lsm.c | 63 static int safesetid_security_capable(const struct cred *cred, in safesetid_security_capable() argument
84 if (setuid_policy_lookup(cred->uid, INVALID_UID) == SIDPOL_DEFAULT) in safesetid_security_capable()
92 __kuid_val(cred->uid)); in safesetid_security_capable()
100 static bool uid_permitted_for_cred(const struct cred *old, kuid_t new_uid) in uid_permitted_for_cred()
128 static int safesetid_task_fix_setuid(struct cred *new, in safesetid_task_fix_setuid()
129 const struct cred *old, in safesetid_task_fix_setuid()
|
| /security/selinux/ |
| D | hooks.c | 210 struct cred *cred = (struct cred *) current->real_cred; in cred_init_security() local
213 tsec = selinux_cred(cred); in cred_init_security()
220 static inline u32 cred_sid(const struct cred *cred) in cred_sid() argument
224 tsec = selinux_cred(cred); in cred_sid()
461 const struct cred *cred) in may_context_mount_sb_relabel() argument
463 const struct task_security_struct *tsec = selinux_cred(cred); in may_context_mount_sb_relabel()
480 const struct cred *cred) in may_context_mount_inode_relabel() argument
482 const struct task_security_struct *tsec = selinux_cred(cred); in may_context_mount_inode_relabel()
652 const struct cred *cred = current_cred(); in selinux_set_mnt_opts() local
807 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); in selinux_set_mnt_opts()
[all …]
|
| /security/smack/ |
| D | smack.h | 312 bool smack_privileged_cred(int cap, const struct cred *cred);
349 static inline struct task_smack *smack_cred(const struct cred *cred) in smack_cred() argument
351 return cred->security + smack_blob_sizes.lbs_cred; in smack_cred()
405 const struct cred *cred; in smk_of_task_struct() local
409 cred = __task_cred(t); in smk_of_task_struct()
410 skp = smk_of_task(smack_cred(cred)); in smk_of_task_struct()
|
| D | smack_lsm.c | 243 static int smk_bu_credfile(const struct cred *cred, struct file *file, in smk_bu_credfile() argument
246 struct task_smack *tsp = smack_cred(cred); in smk_bu_credfile()
269 #define smk_bu_credfile(cred, file, mode, RC) (RC) argument
428 const struct cred *tracercred; in smk_ptrace_rule_check()
909 struct task_smack *bsp = smack_cred(bprm->cred); in smack_bprm_set_creds()
1789 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); in smack_file_send_sigiotask()
1790 const struct cred *tcred; in smack_file_send_sigiotask()
1910 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) in smack_cred_alloc_blank() argument
1912 init_task_smack(smack_cred(cred), NULL, NULL); in smack_cred_alloc_blank()
1922 static void smack_cred_free(struct cred *cred) in smack_cred_free() argument
[all …]
|
| D | smack_access.c | 632 bool smack_privileged_cred(int cap, const struct cred *cred) in smack_privileged_cred() argument
634 struct task_smack *tsp = smack_cred(cred); in smack_privileged_cred()
639 rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE); in smack_privileged_cred()
|
| /security/apparmor/ |
| D | lsm.c | 56 static void apparmor_cred_free(struct cred *cred) in apparmor_cred_free() argument
58 aa_put_label(cred_label(cred)); in apparmor_cred_free()
59 set_cred_label(cred, NULL); in apparmor_cred_free()
65 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) in apparmor_cred_alloc_blank() argument
67 set_cred_label(cred, NULL); in apparmor_cred_alloc_blank()
74 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare()
84 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer()
141 const struct cred *cred; in apparmor_capget() local
144 cred = __task_cred(target); in apparmor_capget()
145 label = aa_get_newest_cred_label(cred); in apparmor_capget()
[all …]
|
| D | task.c | 45 struct cred *new; in aa_replace_current_label()
118 struct cred *new; in aa_set_current_hat()
158 struct cred *new; in aa_restore_previous_label()
|
| D | domain.c | 893 AA_BUG(!cred_label(bprm->cred)); in apparmor_bprm_set_creds()
896 label = aa_get_newest_label(cred_label(bprm->cred)); in apparmor_bprm_set_creds()
976 aa_put_label(cred_label(bprm->cred)); in apparmor_bprm_set_creds()
978 set_cred_label(bprm->cred, new); in apparmor_bprm_set_creds()
1168 const struct cred *cred; in aa_change_hat() local
1177 cred = get_current_cred(); in aa_change_hat()
1178 label = aa_get_newest_cred_label(cred); in aa_change_hat()
1260 put_cred(cred); in aa_change_hat()
|
| /security/selinux/include/ |
| D | objsec.h | 152 static inline struct task_security_struct *selinux_cred(const struct cred *cred) in selinux_cred() argument
154 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
|
| /security/integrity/ima/ |
| D | ima_main.c | 192 static int process_measurement(struct file *file, const struct cred *cred, in process_measurement() argument
217 action = ima_get_action(inode, cred, secid, mask, func, &pcr, in process_measurement()
418 security_cred_getsecid(bprm->cred, &secid); in ima_bprm_check()
419 return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, in ima_bprm_check()
636 const struct cred *cred, u32 secid) in process_buffer_measurement() argument
654 action = ima_get_action(NULL, cred, secid, 0, KEXEC_CMDLINE, &pcr, in process_buffer_measurement()
|
| D | ima.h | 208 int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
232 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
|
| D | ima_api.c | 184 int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, in ima_get_action() argument
192 return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, in ima_get_action()
|
| D | ima_policy.c | 371 const struct cred *cred, u32 secid, in ima_match_rules() argument
399 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rules()
403 if (!rule->uid_op(cred->euid, rule->uid) in ima_match_rules()
404 && !rule->uid_op(cred->suid, rule->uid) in ima_match_rules()
405 && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rules()
407 } else if (!rule->uid_op(cred->euid, rule->uid)) in ima_match_rules()
490 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, in ima_match_policy() argument
506 if (!ima_match_rules(entry, inode, cred, secid, func, mask)) in ima_match_policy()
|
| /security/integrity/ |
| D | digsig.c | 101 const struct cred *cred = current_cred(); in __integrity_init_keyring() local
105 KGIDT_INIT(0), cred, perm, in __integrity_init_keyring()
|