Home
last modified time | relevance | path

Searched refs:cred (Results 1 – 25 of 35) sorted by relevance

12

/security/keys/
Dprocess_keys.c77 const struct cred *cred = current_cred(); in look_up_user_keyrings() local
82 uid_t uid = from_kuid(user_ns, cred->user->uid); in look_up_user_keyrings()
106 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
107 cred, user_keyring_perm, in look_up_user_keyrings()
128 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
129 cred, user_keyring_perm, in look_up_user_keyrings()
185 struct key *get_user_session_keyring_rcu(const struct cred *cred) in get_user_session_keyring_rcu() argument
187 struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); in get_user_session_keyring_rcu()
194 .cred = cred, in get_user_session_keyring_rcu()
205 from_kuid(cred->user_ns, in get_user_session_keyring_rcu()
[all …]
Drequest_key_auth.c112 if (rka->cred) in free_request_key_auth()
113 put_cred(rka->cred); in free_request_key_auth()
166 const struct cred *cred = current_cred(); in request_key_auth_new() local
185 if (cred->request_key_auth) { in request_key_auth_new()
187 down_read(&cred->request_key_auth->sem); in request_key_auth_new()
192 &cred->request_key_auth->flags)) { in request_key_auth_new()
193 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
198 irka = cred->request_key_auth->payload.data[0]; in request_key_auth_new()
199 rka->cred = get_cred(irka->cred); in request_key_auth_new()
202 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
[all …]
Drequest_key.c80 static int umh_keys_init(struct subprocess_info *info, struct cred *cred) in umh_keys_init() argument
84 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
122 const struct cred *cred = current_cred(); in call_sbin_request_key() local
139 cred = get_current_cred(); in call_sbin_request_key()
140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
143 put_cred(cred); in call_sbin_request_key()
155 sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid)); in call_sbin_request_key()
156 sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid)); in call_sbin_request_key()
163 cred->thread_keyring ? cred->thread_keyring->serial : 0); in call_sbin_request_key()
166 if (cred->process_keyring) in call_sbin_request_key()
[all …]
Dpermission.c26 int key_task_permission(const key_ref_t key_ref, const struct cred *cred, in key_task_permission() argument
54 if (uid_eq(key->uid, cred->fsuid)) { in key_task_permission()
62 if (gid_eq(key->gid, cred->fsgid)) { in key_task_permission()
67 ret = groups_search(cred->group_info, key->gid); in key_task_permission()
90 return security_key_permission(key_ref, cred, need_perm); in key_task_permission()
Dinternal.h121 const struct cred *cred; member
152 extern struct key *get_user_session_keyring_rcu(const struct cred *);
153 extern int install_thread_keyring_to_cred(struct cred *);
154 extern int install_process_keyring_to_cred(struct cred *);
155 extern int install_session_keyring_to_cred(struct cred *, struct key *);
185 const struct cred *cred,
Dkeyctl.c1151 struct cred *new; in keyctl_change_reqkey_auth()
1176 const struct cred *cred = current_cred(); in keyctl_instantiate_key_common() local
1195 instkey = cred->request_key_auth; in keyctl_instantiate_key_common()
1338 const struct cred *cred = current_cred(); in keyctl_reject_key() local
1357 instkey = cred->request_key_auth; in keyctl_reject_key()
1395 struct cred *new; in keyctl_set_reqkey_keyring()
1629 const struct cred *mycred, *pcred; in keyctl_session_to_parent()
1632 struct cred *cred; in keyctl_session_to_parent() local
1644 cred = cred_alloc_blank(); in keyctl_session_to_parent()
1645 if (!cred) in keyctl_session_to_parent()
[all …]
Dkey.c226 kuid_t uid, kgid_t gid, const struct cred *cred, in key_alloc() argument
315 ret = security_key_alloc(key, cred, flags); in key_alloc()
824 const struct cred *cred = current_cred(); in key_create_or_update() local
929 cred->fsuid, cred->fsgid, cred, perm, flags, NULL); in key_create_or_update()
/security/apparmor/include/
Dcred.h22 static inline struct aa_label *cred_label(const struct cred *cred) in cred_label() argument
24 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in cred_label()
30 static inline void set_cred_label(const struct cred *cred, in set_cred_label() argument
33 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in set_cred_label()
47 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) in aa_cred_raw_label() argument
49 struct aa_label *label = cred_label(cred); in aa_cred_raw_label()
61 static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred) in aa_get_newest_cred_label() argument
63 return aa_get_newest_label(aa_cred_raw_label(cred)); in aa_get_newest_cred_label()
/security/
Dcommoncap.c66 int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, in cap_capable() argument
77 if (ns == cred->user_ns) in cap_capable()
78 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
84 if (ns->level <= cred->user_ns->level) in cap_capable()
91 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
137 const struct cred *cred, *child_cred; in cap_ptrace_access_check() local
141 cred = current_cred(); in cap_ptrace_access_check()
144 caller_caps = &cred->cap_effective; in cap_ptrace_access_check()
146 caller_caps = &cred->cap_permitted; in cap_ptrace_access_check()
147 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_access_check()
[all …]
Dsecurity.c316 static void __init lsm_early_cred(struct cred *cred);
360 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
532 static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) in lsm_cred_alloc() argument
535 cred->security = NULL; in lsm_cred_alloc()
539 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
540 if (cred->security == NULL) in lsm_cred_alloc()
551 static void __init lsm_early_cred(struct cred *cred) in lsm_early_cred() argument
553 int rc = lsm_cred_alloc(cred, GFP_KERNEL); in lsm_early_cred()
752 int security_binder_set_context_mgr(const struct cred *mgr) in security_binder_set_context_mgr()
757 int security_binder_transaction(const struct cred *from, in security_binder_transaction()
[all …]
/security/safesetid/
Dlsm.c90 static int safesetid_security_capable(const struct cred *cred, in safesetid_security_capable() argument
119 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_security_capable()
126 __kuid_val(cred->uid)); in safesetid_security_capable()
133 if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT) in safesetid_security_capable()
140 __kuid_val(cred->uid)); in safesetid_security_capable()
153 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type) in id_permitted_for_cred()
196 static int safesetid_task_fix_setuid(struct cred *new, in safesetid_task_fix_setuid()
197 const struct cred *old, in safesetid_task_fix_setuid()
220 static int safesetid_task_fix_setgid(struct cred *new, in safesetid_task_fix_setgid()
221 const struct cred *old, in safesetid_task_fix_setgid()
/security/landlock/
Dcred.c17 static int hook_cred_prepare(struct cred *const new, in hook_cred_prepare()
18 const struct cred *const old, const gfp_t gfp) in hook_cred_prepare()
29 static void hook_cred_free(struct cred *const cred) in hook_cred_free() argument
31 struct landlock_ruleset *const dom = landlock_cred(cred)->domain; in hook_cred_free()
Dcred.h24 landlock_cred(const struct cred *cred) in landlock_cred() argument
26 return cred->security + landlock_blob_sizes.lbs_cred; in landlock_cred()
DMakefile4 cred.o ptrace.o fs.o
/security/smack/
Dsmack.h299 bool smack_privileged_cred(int cap, const struct cred *cred);
335 static inline struct task_smack *smack_cred(const struct cred *cred) in smack_cred() argument
337 return cred->security + smack_blob_sizes.lbs_cred; in smack_cred()
397 const struct cred *cred; in smk_of_task_struct_subj() local
401 cred = rcu_dereference(t->cred); in smk_of_task_struct_subj()
402 skp = smk_of_task(smack_cred(cred)); in smk_of_task_struct_subj()
413 const struct cred *cred; in smk_of_task_struct_obj() local
417 cred = __task_cred(t); in smk_of_task_struct_obj()
418 skp = smk_of_task(smack_cred(cred)); in smk_of_task_struct_obj()
Dsmack_lsm.c240 static int smk_bu_credfile(const struct cred *cred, struct file *file, in smk_bu_credfile() argument
243 struct task_smack *tsp = smack_cred(cred); in smk_bu_credfile()
266 #define smk_bu_credfile(cred, file, mode, RC) (RC) argument
423 const struct cred *tracercred; in smk_ptrace_rule_check()
882 struct task_smack *bsp = smack_cred(bprm->cred); in smack_bprm_creds_for_exec()
1790 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); in smack_file_send_sigiotask()
1791 const struct cred *tcred; in smack_file_send_sigiotask()
1911 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) in smack_cred_alloc_blank() argument
1913 init_task_smack(smack_cred(cred), NULL, NULL); in smack_cred_alloc_blank()
1923 static void smack_cred_free(struct cred *cred) in smack_cred_free() argument
[all …]
Dsmack_access.c653 bool smack_privileged_cred(int cap, const struct cred *cred) in smack_privileged_cred() argument
655 struct task_smack *tsp = smack_cred(cred); in smack_privileged_cred()
660 rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE); in smack_privileged_cred()
/security/selinux/
Dhooks.c214 struct cred *cred = (struct cred *) current->real_cred; in cred_init_security() local
217 tsec = selinux_cred(cred); in cred_init_security()
224 static inline u32 cred_sid(const struct cred *cred) in cred_sid() argument
228 tsec = selinux_cred(cred); in cred_sid()
240 sid = cred_sid(rcu_dereference(task->cred)); in task_sid_subj()
421 const struct cred *cred) in may_context_mount_sb_relabel() argument
423 const struct task_security_struct *tsec = selinux_cred(cred); in may_context_mount_sb_relabel()
440 const struct cred *cred) in may_context_mount_inode_relabel() argument
442 const struct task_security_struct *tsec = selinux_cred(cred); in may_context_mount_inode_relabel()
638 const struct cred *cred = current_cred(); in selinux_set_mnt_opts() local
[all …]
/security/apparmor/
Dlsm.c66 static void apparmor_cred_free(struct cred *cred) in apparmor_cred_free() argument
68 aa_put_label(cred_label(cred)); in apparmor_cred_free()
69 set_cred_label(cred, NULL); in apparmor_cred_free()
75 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) in apparmor_cred_alloc_blank() argument
77 set_cred_label(cred, NULL); in apparmor_cred_alloc_blank()
84 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare()
94 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer()
151 const struct cred *cred; in apparmor_capget() local
154 cred = __task_cred(target); in apparmor_capget()
155 label = aa_get_newest_cred_label(cred); in apparmor_capget()
[all …]
Dtask.c45 struct cred *new; in aa_replace_current_label()
118 struct cred *new; in aa_set_current_hat()
158 struct cred *new; in aa_restore_previous_label()
Ddomain.c871 AA_BUG(!cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
874 label = aa_get_newest_label(cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
960 aa_put_label(cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
962 set_cred_label(bprm->cred, new); in apparmor_bprm_creds_for_exec()
1151 const struct cred *cred; in aa_change_hat() local
1160 cred = get_current_cred(); in aa_change_hat()
1161 label = aa_get_newest_cred_label(cred); in aa_change_hat()
1243 put_cred(cred); in aa_change_hat()
/security/selinux/include/
Dobjsec.h151 static inline struct task_security_struct *selinux_cred(const struct cred *cred) in selinux_cred() argument
153 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
/security/integrity/
Ddigsig.c100 const struct cred *cred = current_cred(); in __integrity_init_keyring() local
104 KGIDT_INIT(0), cred, perm, in __integrity_init_keyring()
/security/integrity/ima/
Dima.h258 const struct cred *cred, u32 secid, int mask,
289 const struct cred *cred, u32 secid, enum ima_hooks func,
Dima_policy.c482 const struct cred *cred) in ima_match_rule_data() argument
488 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rule_data()
536 struct inode *inode, const struct cred *cred, in ima_match_rules() argument
553 ima_match_rule_data(rule, func_data, cred)); in ima_match_rules()
573 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rules()
577 if (!rule->uid_op(cred->euid, rule->uid) in ima_match_rules()
578 && !rule->uid_op(cred->suid, rule->uid) in ima_match_rules()
579 && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rules()
581 } else if (!rule->uid_op(cred->euid, rule->uid)) in ima_match_rules()
691 const struct cred *cred, u32 secid, enum ima_hooks func, in ima_match_policy() argument
[all …]

12