| /security/ |
| D | commoncap.c | 241 int cap_capset(struct cred *new, in cap_capset() argument
268 new->cap_effective = *effective; in cap_capset()
269 new->cap_inheritable = *inheritable; in cap_capset()
270 new->cap_permitted = *permitted; in cap_capset()
276 new->cap_ambient = cap_intersect(new->cap_ambient, in cap_capset()
279 if (WARN_ON(!cap_ambient_invariant_ok(new))) in cap_capset()
534 struct cred *new = bprm->cred; in bprm_caps_from_vfs_caps() local
552 new->cap_permitted.cap[i] = in bprm_caps_from_vfs_caps()
553 (new->cap_bset.cap[i] & permitted) | in bprm_caps_from_vfs_caps()
554 (new->cap_inheritable.cap[i] & inheritable); in bprm_caps_from_vfs_caps()
[all …]
|
| D | security.c | 281 static int lsm_append(const char *new, char **result);
414 static int lsm_append(const char *new, char **result) in lsm_append() argument
419 *result = kstrdup(new, GFP_KERNEL); in lsm_append()
424 if (match_last_lsm(*result, new)) in lsm_append()
426 cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); in lsm_append()
715 int security_capset(struct cred *new, const struct cred *old, in security_capset() argument
720 return call_int_hook(capset, 0, new, old, in security_capset()
962 const struct cred *old, struct cred *new) in security_dentry_create_files_as() argument
965 name, old, new); in security_dentry_create_files_as()
1354 int security_inode_copy_up(struct dentry *src, struct cred **new) in security_inode_copy_up() argument
[all …]
|
| D | device_cgroup.c | 61 struct dev_exception_item *ex, *tmp, *new; in dev_exceptions_copy() local
66 new = kmemdup(ex, sizeof(*ex), GFP_KERNEL); in dev_exceptions_copy()
67 if (!new) in dev_exceptions_copy()
69 list_add_tail(&new->list, dest); in dev_exceptions_copy()
|
| /security/apparmor/ |
| D | task.c | 45 struct cred *new; in aa_replace_current_label() local
55 new = prepare_creds(); in aa_replace_current_label()
56 if (!new) in aa_replace_current_label()
79 aa_put_label(cred_label(new)); in aa_replace_current_label()
80 set_cred_label(new, label); in aa_replace_current_label()
82 commit_creds(new); in aa_replace_current_label()
118 struct cred *new; in aa_set_current_hat() local
120 new = prepare_creds(); in aa_set_current_hat()
121 if (!new) in aa_set_current_hat()
127 ctx->previous = cred_label(new); in aa_set_current_hat()
[all …]
|
| D | domain.c | 556 struct aa_label *new = NULL; in x_to_label() local
571 new = x_table_lookup(profile, xindex, lookupname); in x_to_label()
579 new = find_attach(bprm, ns, &profile->base.profiles, in x_to_label()
583 new = find_attach(bprm, ns, &ns->base.profiles, in x_to_label()
589 if (!new) { in x_to_label()
596 new = aa_get_newest_label(&profile->label); in x_to_label()
598 new = aa_get_newest_label(ns_unconfined(profile->ns)); in x_to_label()
603 if (new && stack) { in x_to_label()
605 struct aa_label *base = new; in x_to_label()
607 new = aa_label_parse(base, stack, GFP_ATOMIC, true, false); in x_to_label()
[all …]
|
| D | label.c | 62 struct aa_proxy *new; in aa_alloc_proxy() local
64 new = kzalloc(sizeof(struct aa_proxy), gfp); in aa_alloc_proxy()
65 if (new) { in aa_alloc_proxy()
66 kref_init(&new->count); in aa_alloc_proxy()
67 rcu_assign_pointer(new->label, aa_get_label(label)); in aa_alloc_proxy()
69 return new; in aa_alloc_proxy()
73 void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new) in __aa_proxy_redirect() argument
78 AA_BUG(!new); in __aa_proxy_redirect()
83 rcu_assign_pointer(orig->proxy->label, aa_get_label(new)); in __aa_proxy_redirect()
88 static void __proxy_share(struct aa_label *old, struct aa_label *new) in __proxy_share() argument
[all …]
|
| D | policy.c | 717 if (ent->new == profile) in __list_lookup_parent()
719 if (strncmp(ent->new->base.hname, profile->base.hname, len) == in __list_lookup_parent()
720 0 && ent->new->base.hname[len] == 0) in __list_lookup_parent()
721 return ent->new; in __list_lookup_parent()
740 static void __replace_profile(struct aa_profile *old, struct aa_profile *new) in __replace_profile() argument
752 p = __find_child(&new->base.profiles, child->base.name); in __replace_profile()
763 rcu_assign_pointer(child->parent, aa_get_profile(new)); in __replace_profile()
764 list_add_rcu(&child->base.list, &new->base.profiles); in __replace_profile()
769 if (!rcu_access_pointer(new->parent)) { in __replace_profile()
771 rcu_assign_pointer(new->parent, aa_get_profile(parent)); in __replace_profile()
[all …]
|
| D | resource.c | 145 struct aa_profile *old, *new; in __aa_transition_rlimits() local
149 new = labels_profile(new_l); in __aa_transition_rlimits()
171 label_for_each_confined(i, new_l, new) { in __aa_transition_rlimits()
174 if (!new->rlimits.mask) in __aa_transition_rlimits()
177 if (!(new->rlimits.mask & mask)) in __aa_transition_rlimits()
182 new->rlimits.limits[j].rlim_max); in __aa_transition_rlimits()
|
| D | file.c | 194 u32 new = old & 0xf; in map_old_perms() local
196 new |= AA_MAY_GETATTR | AA_MAY_OPEN; in map_old_perms()
198 new |= AA_MAY_SETATTR | AA_MAY_CREATE | AA_MAY_DELETE | in map_old_perms()
201 new |= AA_MAY_LINK; in map_old_perms()
206 new |= AA_MAY_LOCK | AA_LINK_SUBSET; in map_old_perms()
208 new |= AA_EXEC_MMAP; in map_old_perms()
210 return new; in map_old_perms()
|
| D | lsm.c | 74 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare() argument
77 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_prepare()
84 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer() argument
86 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_transfer()
98 struct aa_task_ctx *new = task_ctx(task); in apparmor_task_alloc() local
100 aa_dup_task_ctx(new, task_ctx(current)); in apparmor_task_alloc()
792 struct aa_sk_ctx *new = SK_CTX(newsk); in apparmor_sk_clone_security() local
794 new->label = aa_get_label(ctx->label); in apparmor_sk_clone_security()
795 new->peer = aa_get_label(ctx->peer); in apparmor_sk_clone_security()
|
| /security/keys/ |
| D | process_keys.c | 221 int install_thread_keyring_to_cred(struct cred *new) in install_thread_keyring_to_cred() argument
225 if (new->thread_keyring) in install_thread_keyring_to_cred()
228 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
235 new->thread_keyring = keyring; in install_thread_keyring_to_cred()
246 struct cred *new; in install_thread_keyring() local
249 new = prepare_creds(); in install_thread_keyring()
250 if (!new) in install_thread_keyring()
253 ret = install_thread_keyring_to_cred(new); in install_thread_keyring()
255 abort_creds(new); in install_thread_keyring()
259 return commit_creds(new); in install_thread_keyring()
[all …]
|
| D | keyctl.c | 1075 struct cred *new; in keyctl_change_reqkey_auth() local
1077 new = prepare_creds(); in keyctl_change_reqkey_auth()
1078 if (!new) in keyctl_change_reqkey_auth()
1081 key_put(new->request_key_auth); in keyctl_change_reqkey_auth()
1082 new->request_key_auth = key_get(key); in keyctl_change_reqkey_auth()
1084 return commit_creds(new); in keyctl_change_reqkey_auth()
1322 struct cred *new; in keyctl_set_reqkey_keyring() local
1330 new = prepare_creds(); in keyctl_set_reqkey_keyring()
1331 if (!new) in keyctl_set_reqkey_keyring()
1336 ret = install_thread_keyring_to_cred(new); in keyctl_set_reqkey_keyring()
[all …]
|
| /security/selinux/ |
| D | netnode.c | 194 struct sel_netnode *new; in sel_netnode_sid_slow() local
204 new = kzalloc(sizeof(*new), GFP_ATOMIC); in sel_netnode_sid_slow()
209 if (new) in sel_netnode_sid_slow()
210 new->nsec.addr.ipv4 = *(__be32 *)addr; in sel_netnode_sid_slow()
215 if (new) in sel_netnode_sid_slow()
216 new->nsec.addr.ipv6 = *(struct in6_addr *)addr; in sel_netnode_sid_slow()
222 if (ret == 0 && new) { in sel_netnode_sid_slow()
223 new->nsec.family = family; in sel_netnode_sid_slow()
224 new->nsec.sid = *sid; in sel_netnode_sid_slow()
225 sel_netnode_insert(new); in sel_netnode_sid_slow()
[all …]
|
| D | netif.c | 137 struct sel_netif *new; in sel_netif_sid_slow() local
160 new = kzalloc(sizeof(*new), GFP_ATOMIC); in sel_netif_sid_slow()
161 if (new) { in sel_netif_sid_slow()
162 new->nsec.ns = ns; in sel_netif_sid_slow()
163 new->nsec.ifindex = ifindex; in sel_netif_sid_slow()
164 new->nsec.sid = *sid; in sel_netif_sid_slow()
165 if (sel_netif_insert(new)) in sel_netif_sid_slow()
166 kfree(new); in sel_netif_sid_slow()
|
| D | netport.c | 142 struct sel_netport *new; in sel_netport_sid_slow() local
155 new = kzalloc(sizeof(*new), GFP_ATOMIC); in sel_netport_sid_slow()
156 if (new) { in sel_netport_sid_slow()
157 new->psec.port = pnum; in sel_netport_sid_slow()
158 new->psec.protocol = protocol; in sel_netport_sid_slow()
159 new->psec.sid = *sid; in sel_netport_sid_slow()
160 sel_netport_insert(new); in sel_netport_sid_slow()
|
| D | ibpkey.c | 134 struct sel_ib_pkey *new = NULL; in sel_ib_pkey_sid_slow() local
153 new = kzalloc(sizeof(*new), GFP_ATOMIC); in sel_ib_pkey_sid_slow()
154 if (!new) in sel_ib_pkey_sid_slow()
157 new->psec.subnet_prefix = subnet_prefix; in sel_ib_pkey_sid_slow()
158 new->psec.pkey = pkey_num; in sel_ib_pkey_sid_slow()
159 new->psec.sid = *sid; in sel_ib_pkey_sid_slow()
160 sel_ib_pkey_insert(new); in sel_ib_pkey_sid_slow()
|
| /security/selinux/ss/ |
| D | ebitmap.c | 54 struct ebitmap_node *n, *new, *prev; in ebitmap_cpy() local
60 new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC); in ebitmap_cpy()
61 if (!new) { in ebitmap_cpy()
65 new->startbit = n->startbit; in ebitmap_cpy()
66 memcpy(new->maps, n->maps, EBITMAP_SIZE / 8); in ebitmap_cpy()
67 new->next = NULL; in ebitmap_cpy()
69 prev->next = new; in ebitmap_cpy()
71 dst->node = new; in ebitmap_cpy()
72 prev = new; in ebitmap_cpy()
261 struct ebitmap_node *n, *prev, *new; in ebitmap_set_bit() local
[all …]
|
| /security/apparmor/include/ |
| D | task.h | 56 static inline void aa_dup_task_ctx(struct aa_task_ctx *new, in aa_dup_task_ctx() argument
59 *new = *old; in aa_dup_task_ctx()
60 aa_get_label(new->nnp); in aa_dup_task_ctx()
61 aa_get_label(new->previous); in aa_dup_task_ctx()
62 aa_get_label(new->onexec); in aa_dup_task_ctx()
|
| D | resource.h | 39 void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
|
| D | policy_unpack.h | 21 struct aa_profile *new; member
|
| D | label.h | 289 bool aa_label_replace(struct aa_label *old, struct aa_label *new);
291 struct aa_label *new);
464 void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new);
|
| /security/safesetid/ |
| D | lsm.c | 128 static int safesetid_task_fix_setuid(struct cred *new, in safesetid_task_fix_setuid() argument
137 if (uid_permitted_for_cred(old, new->uid) && in safesetid_task_fix_setuid()
138 uid_permitted_for_cred(old, new->euid) && in safesetid_task_fix_setuid()
139 uid_permitted_for_cred(old, new->suid) && in safesetid_task_fix_setuid()
140 uid_permitted_for_cred(old, new->fsuid)) in safesetid_task_fix_setuid()
|
| /security/tomoyo/ |
| D | tomoyo.c | 36 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, in tomoyo_cred_prepare() argument
505 struct tomoyo_task *new = tomoyo_task(task); in tomoyo_task_alloc() local
507 new->domain_info = old->domain_info; in tomoyo_task_alloc()
508 atomic_inc(&new->domain_info->users); in tomoyo_task_alloc()
509 new->old_domain_info = NULL; in tomoyo_task_alloc()
|
| /security/smack/ |
| D | smackfs.c | 1078 static void smk_net4addr_insert(struct smk_net4addr *new) in smk_net4addr_insert() argument
1084 list_add_rcu(&new->list, &smk_net4addr_list); in smk_net4addr_insert()
1092 if (new->smk_masks > m->smk_masks) { in smk_net4addr_insert()
1093 list_add_rcu(&new->list, &smk_net4addr_list); in smk_net4addr_insert()
1099 list_add_rcu(&new->list, &m->list); in smk_net4addr_insert()
1104 if (new->smk_masks > m_next->smk_masks) { in smk_net4addr_insert()
1105 list_add_rcu(&new->list, &m->list); in smk_net4addr_insert()
1342 static void smk_net6addr_insert(struct smk_net6addr *new) in smk_net6addr_insert() argument
1348 list_add_rcu(&new->list, &smk_net6addr_list); in smk_net6addr_insert()
1355 if (new->smk_masks > m->smk_masks) { in smk_net6addr_insert()
[all …]
|
| D | smack_lsm.c | 1946 static int smack_cred_prepare(struct cred *new, const struct cred *old, in smack_cred_prepare() argument
1950 struct task_smack *new_tsp = smack_cred(new); in smack_cred_prepare()
1971 static void smack_cred_transfer(struct cred *new, const struct cred *old) in smack_cred_transfer() argument
1974 struct task_smack *new_tsp = smack_cred(new); in smack_cred_transfer()
2008 static int smack_kernel_act_as(struct cred *new, u32 secid) in smack_kernel_act_as() argument
2010 struct task_smack *new_tsp = smack_cred(new); in smack_kernel_act_as()
2024 static int smack_kernel_create_files_as(struct cred *new, in smack_kernel_create_files_as() argument
2028 struct task_smack *tsp = smack_cred(new); in smack_kernel_create_files_as()
3525 struct cred *new; in smack_setprocattr() local
3561 new = prepare_creds(); in smack_setprocattr()
[all …]
|