| /security/safesetid/ |
| D | lsm.c | 100 static bool uid_permitted_for_cred(const struct cred *old, kuid_t new_uid) in uid_permitted_for_cred() argument
105 if (uid_eq(new_uid, old->uid) || uid_eq(new_uid, old->euid) || in uid_permitted_for_cred()
106 uid_eq(new_uid, old->suid)) in uid_permitted_for_cred()
114 setuid_policy_lookup(old->uid, new_uid) != SIDPOL_CONSTRAINED; in uid_permitted_for_cred()
117 __kuid_val(old->uid), __kuid_val(old->euid), in uid_permitted_for_cred()
118 __kuid_val(old->suid), __kuid_val(new_uid)); in uid_permitted_for_cred()
129 const struct cred *old, in safesetid_task_fix_setuid() argument
134 if (setuid_policy_lookup(old->uid, INVALID_UID) == SIDPOL_DEFAULT) in safesetid_task_fix_setuid()
137 if (uid_permitted_for_cred(old, new->uid) && in safesetid_task_fix_setuid()
138 uid_permitted_for_cred(old, new->euid) && in safesetid_task_fix_setuid()
[all …]
|
| /security/ |
| D | commoncap.c | 242 const struct cred *old, in cap_capset() argument
249 cap_combine(old->cap_inheritable, in cap_capset()
250 old->cap_permitted))) in cap_capset()
255 cap_combine(old->cap_inheritable, in cap_capset()
256 old->cap_bset))) in cap_capset()
261 if (!cap_issubset(*permitted, old->cap_permitted)) in cap_capset()
718 const struct cred *old = current_cred(); in handle_privileged_root() local
739 new->cap_permitted = cap_combine(old->cap_bset, in handle_privileged_root()
740 old->cap_inheritable); in handle_privileged_root()
756 static inline bool __is_setuid(struct cred *new, const struct cred *old) in __is_setuid() argument
[all …]
|
| D | security.c | 715 int security_capset(struct cred *new, const struct cred *old, in security_capset() argument
720 return call_int_hook(capset, 0, new, old, in security_capset()
962 const struct cred *old, struct cred *new) in security_dentry_create_files_as() argument
965 name, old, new); in security_dentry_create_files_as()
1553 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) in security_prepare_creds() argument
1560 rc = call_int_hook(cred_prepare, 0, new, old, gfp); in security_prepare_creds()
1566 void security_transfer_creds(struct cred *new, const struct cred *old) in security_transfer_creds() argument
1568 call_void_hook(cred_transfer, new, old); in security_transfer_creds()
1632 int security_task_fix_setuid(struct cred *new, const struct cred *old, in security_task_fix_setuid() argument
1635 return call_int_hook(task_fix_setuid, 0, new, old, flags); in security_task_fix_setuid()
|
| D | Kconfig | 254 in old kernel configs to CONFIG_LSM in new kernel configs. Don't
|
| /security/keys/ |
| D | process_keys.c | 320 struct key *old; in install_session_keyring_to_cred() local
340 old = cred->session_keyring; in install_session_keyring_to_cred()
343 if (old) in install_session_keyring_to_cred()
344 key_put(old); in install_session_keyring_to_cred()
840 const struct cred *old; in join_session_keyring() local
848 old = current_cred(); in join_session_keyring()
871 name, old->uid, old->gid, old, in join_session_keyring()
914 const struct cred *old = current_cred(); in key_change_session_keyring() local
922 new-> uid = old-> uid; in key_change_session_keyring()
923 new-> euid = old-> euid; in key_change_session_keyring()
[all …]
|
| /security/apparmor/ |
| D | policy.c | 740 static void __replace_profile(struct aa_profile *old, struct aa_profile *new) in __replace_profile() argument
744 if (!list_empty(&old->base.profiles)) { in __replace_profile()
746 list_splice_init_rcu(&old->base.profiles, &lh, synchronize_rcu); in __replace_profile()
770 struct aa_profile *parent = aa_deref_parent(old); in __replace_profile()
773 aa_label_replace(&old->label, &new->label); in __replace_profile()
775 __aafs_profile_migrate_dents(old, new); in __replace_profile()
779 list_replace_rcu(&old->base.list, &new->base.list); in __replace_profile()
781 aa_put_profile(old); in __replace_profile()
783 __list_remove_profile(old); in __replace_profile()
812 static void share_name(struct aa_profile *old, struct aa_profile *new) in share_name() argument
[all …]
|
| D | resource.c | 145 struct aa_profile *old, *new; in __aa_transition_rlimits() local
148 old = labels_profile(old_l); in __aa_transition_rlimits()
154 label_for_each_confined(i, old_l, old) { in __aa_transition_rlimits()
155 if (old->rlimits.mask) { in __aa_transition_rlimits()
160 if (old->rlimits.mask & mask) { in __aa_transition_rlimits()
|
| D | file.c | 192 static u32 map_old_perms(u32 old) in map_old_perms() argument
194 u32 new = old & 0xf; in map_old_perms()
195 if (old & MAY_READ) in map_old_perms()
197 if (old & MAY_WRITE) in map_old_perms()
200 if (old & 0x10) in map_old_perms()
205 if (old & 0x20) in map_old_perms()
207 if (old & 0x40) /* AA_EXEC_MMAP */ in map_old_perms()
490 struct aa_label *l, *old; in update_file_ctx() local
494 old = rcu_dereference_protected(fctx->label, in update_file_ctx()
496 l = aa_label_merge(old, label, GFP_ATOMIC); in update_file_ctx()
[all …]
|
| D | task.c | 43 struct aa_label *old = aa_current_raw_label(); in aa_replace_current_label() local
49 if (old == label) in aa_replace_current_label()
65 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
|
| D | label.c | 88 static void __proxy_share(struct aa_label *old, struct aa_label *new) in __proxy_share() argument
92 new->proxy = aa_get_proxy(old->proxy); in __proxy_share()
93 __aa_proxy_redirect(old, new); in __proxy_share()
599 static bool __label_replace(struct aa_label *old, struct aa_label *new) in __label_replace() argument
601 struct aa_labelset *ls = labels_set(old); in __label_replace()
604 AA_BUG(!old); in __label_replace()
609 if (!label_is_stale(old)) in __label_replace()
610 __label_make_stale(old); in __label_replace()
612 if (old->flags & FLAG_IN_TREE) { in __label_replace()
613 rb_replace_node(&old->node, &new->node, &ls->root); in __label_replace()
[all …]
|
| D | apparmorfs.c | 846 struct multi_transaction *old; in multi_transaction_set() local
852 old = (struct multi_transaction *) file->private_data; in multi_transaction_set()
855 put_multi_transaction(old); in multi_transaction_set()
1443 void __aafs_profile_migrate_dents(struct aa_profile *old, in __aafs_profile_migrate_dents() argument
1448 AA_BUG(!old); in __aafs_profile_migrate_dents()
1450 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); in __aafs_profile_migrate_dents()
1453 new->dents[i] = old->dents[i]; in __aafs_profile_migrate_dents()
1456 old->dents[i] = NULL; in __aafs_profile_migrate_dents()
|
| D | lsm.c | 74 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare() argument
77 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_prepare()
84 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer() argument
86 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_transfer()
|
| D | policy_unpack.c | 1027 aa_put_profile(ent->old); in aa_load_ent_free()
|
| /security/apparmor/include/ |
| D | task.h | 57 const struct aa_task_ctx *old) in aa_dup_task_ctx() argument
59 *new = *old; in aa_dup_task_ctx()
|
| D | resource.h | 39 void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
|
| D | policy_unpack.h | 22 struct aa_profile *old; member
|
| D | apparmorfs.h | 109 void __aafs_profile_migrate_dents(struct aa_profile *old,
|
| D | label.h | 289 bool aa_label_replace(struct aa_label *old, struct aa_label *new);
290 bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old,
|
| /security/tomoyo/ |
| D | tomoyo.c | 36 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, in tomoyo_cred_prepare() argument
504 struct tomoyo_task *old = tomoyo_task(current); in tomoyo_task_alloc() local
507 new->domain_info = old->domain_info; in tomoyo_task_alloc()
|
| /security/selinux/ |
| D | avc.c | 454 struct avc_node *new, struct avc_node *old) in avc_node_replace() argument
456 hlist_replace_rcu(&old->list, &new->list); in avc_node_replace()
457 call_rcu(&old->rhead, avc_node_free); in avc_node_replace()
|
| D | hooks.c | 889 struct superblock_security_struct *old = oldsb->s_security; in selinux_cmp_sb_context() local
891 char oldflags = old->flags & SE_MNTMASK; in selinux_cmp_sb_context()
896 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
898 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid) in selinux_cmp_sb_context()
900 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) in selinux_cmp_sb_context()
2159 static int selinux_capset(struct cred *new, const struct cred *old, in selinux_capset() argument
2165 cred_sid(old), cred_sid(new), SECCLASS_PROCESS, in selinux_capset()
2883 const struct cred *old, in selinux_dentry_create_files_as() argument
2890 rc = selinux_determine_inode_label(selinux_cred(old), in selinux_dentry_create_files_as()
3887 static int selinux_cred_prepare(struct cred *new, const struct cred *old, in selinux_cred_prepare() argument
[all …]
|
| /security/smack/ |
| D | smack_lsm.c | 1946 static int smack_cred_prepare(struct cred *new, const struct cred *old, in smack_cred_prepare() argument
1949 struct task_smack *old_tsp = smack_cred(old); in smack_cred_prepare()
1971 static void smack_cred_transfer(struct cred *new, const struct cred *old) in smack_cred_transfer() argument
1973 struct task_smack *old_tsp = smack_cred(old); in smack_cred_transfer()
4551 const struct cred *old, in smack_dentry_create_files_as() argument
4554 struct task_smack *otsp = smack_cred(old); in smack_dentry_create_files_as()
|