| /security/selinux/ |
| D | xfrm.c | 55 static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx) in selinux_authorizable_ctx() argument
57 return (ctx && in selinux_authorizable_ctx()
58 (ctx->ctx_doi == XFRM_SC_DOI_LSM) && in selinux_authorizable_ctx()
59 (ctx->ctx_alg == XFRM_SC_ALG_SELINUX)); in selinux_authorizable_ctx()
80 struct xfrm_sec_ctx *ctx = NULL; in selinux_xfrm_alloc_user() local
92 ctx = kmalloc(sizeof(*ctx) + str_len + 1, gfp); in selinux_xfrm_alloc_user()
93 if (!ctx) in selinux_xfrm_alloc_user()
96 ctx->ctx_doi = XFRM_SC_DOI_LSM; in selinux_xfrm_alloc_user()
97 ctx->ctx_alg = XFRM_SC_ALG_SELINUX; in selinux_xfrm_alloc_user()
98 ctx->ctx_len = str_len; in selinux_xfrm_alloc_user()
[all …]
|
| D | hooks.c | 2864 const struct qstr *name, void **ctx, in selinux_dentry_init_security() argument
2877 return security_sid_to_context(&selinux_state, newsid, (char **)ctx, in selinux_dentry_init_security()
6493 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) in selinux_inode_notifysecctx() argument
6496 ctx, ctxlen, 0); in selinux_inode_notifysecctx()
6504 static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) in selinux_inode_setsecctx() argument
6506 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0); in selinux_inode_setsecctx()
6509 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) in selinux_inode_getsecctx() argument
6513 ctx, true); in selinux_inode_getsecctx()
|
| /security/apparmor/ |
| D | task.c | 44 struct aa_task_ctx *ctx = task_ctx(current); in aa_replace_current_label() local
59 if (ctx->nnp && label_is_stale(ctx->nnp)) { in aa_replace_current_label()
60 struct aa_label *tmp = ctx->nnp; in aa_replace_current_label()
62 ctx->nnp = aa_get_newest_label(tmp); in aa_replace_current_label()
95 struct aa_task_ctx *ctx = task_ctx(current); in aa_set_current_onexec() local
98 aa_put_label(ctx->onexec); in aa_set_current_onexec()
99 ctx->onexec = label; in aa_set_current_onexec()
100 ctx->token = stack; in aa_set_current_onexec()
117 struct aa_task_ctx *ctx = task_ctx(current); in aa_set_current_hat() local
125 if (!ctx->previous) { in aa_set_current_hat()
[all …]
|
| D | lsm.c | 428 struct aa_file_ctx *ctx = file_ctx(file); in apparmor_file_alloc_security() local
431 spin_lock_init(&ctx->lock); in apparmor_file_alloc_security()
432 rcu_assign_pointer(ctx->label, aa_get_label(label)); in apparmor_file_alloc_security()
439 struct aa_file_ctx *ctx = file_ctx(file); in apparmor_file_free_security() local
441 if (ctx) in apparmor_file_free_security()
442 aa_put_label(rcu_access_pointer(ctx->label)); in apparmor_file_free_security()
581 struct aa_task_ctx *ctx = task_ctx(current); in apparmor_getprocattr() local
586 else if (strcmp(name, "prev") == 0 && ctx->previous) in apparmor_getprocattr()
587 label = aa_get_newest_label(ctx->previous); in apparmor_getprocattr()
588 else if (strcmp(name, "exec") == 0 && ctx->onexec) in apparmor_getprocattr()
[all …]
|
| D | domain.c | 877 struct aa_task_ctx *ctx; in apparmor_bprm_set_creds() local
892 ctx = task_ctx(current); in apparmor_bprm_set_creds()
894 AA_BUG(!ctx); in apparmor_bprm_set_creds()
906 !ctx->nnp) in apparmor_bprm_set_creds()
907 ctx->nnp = aa_get_label(label); in apparmor_bprm_set_creds()
912 if (ctx->onexec) in apparmor_bprm_set_creds()
913 new = handle_onexec(label, ctx->onexec, ctx->token, in apparmor_bprm_set_creds()
938 !unconfined(label) && !aa_label_is_subset(new, ctx->nnp)) { in apparmor_bprm_set_creds()
1169 struct aa_task_ctx *ctx = task_ctx(current); in aa_change_hat() local
1179 previous = aa_get_newest_label(ctx->previous); in aa_change_hat()
[all …]
|
| /security/apparmor/include/ |
| D | task.h | 42 static inline void aa_free_task_ctx(struct aa_task_ctx *ctx) in aa_free_task_ctx() argument
44 if (ctx) { in aa_free_task_ctx()
45 aa_put_label(ctx->nnp); in aa_free_task_ctx()
46 aa_put_label(ctx->previous); in aa_free_task_ctx()
47 aa_put_label(ctx->onexec); in aa_free_task_ctx()
69 static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx) in aa_clear_task_ctx_trans() argument
71 AA_BUG(!ctx); in aa_clear_task_ctx_trans()
73 aa_put_label(ctx->previous); in aa_clear_task_ctx_trans()
74 aa_put_label(ctx->onexec); in aa_clear_task_ctx_trans()
75 ctx->previous = NULL; in aa_clear_task_ctx_trans()
[all …]
|
| D | file.h | 57 struct aa_file_ctx *ctx; in aa_alloc_file_ctx() local
59 ctx = kzalloc(sizeof(struct aa_file_ctx), gfp); in aa_alloc_file_ctx()
60 if (ctx) { in aa_alloc_file_ctx()
61 spin_lock_init(&ctx->lock); in aa_alloc_file_ctx()
62 rcu_assign_pointer(ctx->label, aa_get_label(label)); in aa_alloc_file_ctx()
64 return ctx; in aa_alloc_file_ctx()
71 static inline void aa_free_file_ctx(struct aa_file_ctx *ctx) in aa_free_file_ctx() argument
73 if (ctx) { in aa_free_file_ctx()
74 aa_put_label(rcu_access_pointer(ctx->label)); in aa_free_file_ctx()
75 kzfree(ctx); in aa_free_file_ctx()
[all …]
|
| /security/keys/ |
| D | keyring.c | 460 struct keyring_read_iterator_context *ctx = data; in keyring_read_iterator() local
465 key->type->name, key->serial, ctx->count, ctx->buflen); in keyring_read_iterator()
467 if (ctx->count >= ctx->buflen) in keyring_read_iterator()
470 ret = put_user(key->serial, ctx->buffer); in keyring_read_iterator()
473 ctx->buffer++; in keyring_read_iterator()
474 ctx->count += sizeof(key->serial); in keyring_read_iterator()
488 struct keyring_read_iterator_context ctx; in keyring_read() local
498 ctx.buffer = (key_serial_t __user *)buffer; in keyring_read()
499 ctx.buflen = buflen; in keyring_read()
500 ctx.count = 0; in keyring_read()
[all …]
|
| D | process_keys.c | 191 struct keyring_search_context ctx = { in get_user_session_keyring_rcu() local
204 ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u", in get_user_session_keyring_rcu()
209 &ctx); in get_user_session_keyring_rcu()
422 key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx) in search_cred_keyrings_rcu() argument
426 const struct cred *cred = ctx->cred; in search_cred_keyrings_rcu()
442 make_key_ref(cred->thread_keyring, 1), ctx); in search_cred_keyrings_rcu()
460 make_key_ref(cred->process_keyring, 1), ctx); in search_cred_keyrings_rcu()
481 make_key_ref(cred->session_keyring, 1), ctx); in search_cred_keyrings_rcu()
502 ctx); in search_cred_keyrings_rcu()
539 key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx) in search_process_keyrings_rcu() argument
[all …]
|
| D | request_key.c | 22 static struct key *check_cached_key(struct keyring_search_context *ctx) in check_cached_key() argument
28 ctx->match_data.cmp(key, &ctx->match_data) && in check_cached_key()
366 static int construct_alloc_key(struct keyring_search_context *ctx, in construct_alloc_key() argument
379 ctx->index_key.type->name, ctx->index_key.description); in construct_alloc_key()
386 if (ctx->index_key.type->read) in construct_alloc_key()
388 if (ctx->index_key.type == &key_type_keyring || in construct_alloc_key()
389 ctx->index_key.type->update) in construct_alloc_key()
392 key = key_alloc(ctx->index_key.type, ctx->index_key.description, in construct_alloc_key()
393 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred, in construct_alloc_key()
401 ret = __key_link_lock(dest_keyring, &ctx->index_key); in construct_alloc_key()
[all …]
|
| D | request_key_auth.c | 250 struct keyring_search_context ctx = { in key_get_instantiation_authkey() local
263 ctx.index_key.desc_len = sprintf(description, "%x", target_id); in key_get_instantiation_authkey()
266 authkey_ref = search_process_keyrings_rcu(&ctx); in key_get_instantiation_authkey()
|
| D | internal.h | 140 struct keyring_search_context *ctx);
142 extern key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx);
143 extern key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx);
|
| D | proc.c | 163 struct keyring_search_context ctx = { in proc_keys_show() local
180 skey_ref = search_cred_keyrings_rcu(&ctx); in proc_keys_show()
189 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); in proc_keys_show()
|
| D | dh.c | 84 char ctx[]; member
|
| D | trusted.c | 39 char ctx[]; member
|
| /security/selinux/include/ |
| D | xfrm.h | 18 void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
19 int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
26 int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
|
| /security/integrity/ |
| D | integrity.h | 236 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
238 return audit_log_start(ctx, gfp_mask, type); in integrity_audit_log_start()
250 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
|
| /security/ |
| D | security.c | 952 const struct qstr *name, void **ctx, in security_dentry_init_security() argument
956 name, ctx, ctxlen); in security_dentry_init_security()
1942 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) in security_inode_notifysecctx() argument
1944 return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen); in security_inode_notifysecctx()
1948 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) in security_inode_setsecctx() argument
1950 return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen); in security_inode_setsecctx()
1954 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) in security_inode_getsecctx() argument
1956 return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); in security_inode_getsecctx()
2242 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) in security_xfrm_policy_free() argument
2244 call_void_hook(xfrm_policy_free_security, ctx); in security_xfrm_policy_free()
[all …]
|
| /security/selinux/ss/ |
| D | services.c | 1388 struct context *ctx, in string_to_context_struct() argument
1397 context_init(ctx); in string_to_context_struct()
1418 ctx->user = usrdatum->value; in string_to_context_struct()
1433 ctx->role = role->value; in string_to_context_struct()
1446 ctx->type = typdatum->value; in string_to_context_struct()
1448 rc = mls_context_to_sid(pol, oldc, p, ctx, sidtabp, def_sid); in string_to_context_struct()
1454 if (!policydb_context_isvalid(pol, ctx)) in string_to_context_struct()
1459 context_destroy(ctx); in string_to_context_struct()
3640 struct context *ctx; in security_netlbl_secattr_to_sid() local
3656 ctx = sidtab_search(sidtab, SECINITSID_NETMSG); in security_netlbl_secattr_to_sid()
[all …]
|
| /security/smack/ |
| D | smack_lsm.c | 4493 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) in smack_inode_notifysecctx() argument
4495 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); in smack_inode_notifysecctx()
4498 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) in smack_inode_setsecctx() argument
4500 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); in smack_inode_setsecctx()
4503 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) in smack_inode_getsecctx() argument
4507 *ctx = skp->smk_known; in smack_inode_getsecctx()
|