| /security/safesetid/ |
| D | lsm.c | 153 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type) in id_permitted_for_cred() argument
159 if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) || in id_permitted_for_cred()
160 uid_eq(new_id.uid, old->suid)) in id_permitted_for_cred()
163 if (gid_eq(new_id.gid, old->gid) || gid_eq(new_id.gid, old->egid) || in id_permitted_for_cred()
164 gid_eq(new_id.gid, old->sgid)) in id_permitted_for_cred()
174 setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED; in id_permitted_for_cred()
179 __kuid_val(old->uid), __kuid_val(old->euid), in id_permitted_for_cred()
180 __kuid_val(old->suid), __kuid_val(new_id.uid)); in id_permitted_for_cred()
183 __kgid_val(old->gid), __kgid_val(old->egid), in id_permitted_for_cred()
184 __kgid_val(old->sgid), __kgid_val(new_id.gid)); in id_permitted_for_cred()
[all …]
|
| /security/ |
| D | commoncap.c | 243 const struct cred *old, in cap_capset() argument
250 cap_combine(old->cap_inheritable, in cap_capset()
251 old->cap_permitted))) in cap_capset()
256 cap_combine(old->cap_inheritable, in cap_capset()
257 old->cap_bset))) in cap_capset()
262 if (!cap_issubset(*permitted, old->cap_permitted)) in cap_capset()
799 const struct cred *old = current_cred(); in handle_privileged_root() local
820 new->cap_permitted = cap_combine(old->cap_bset, in handle_privileged_root()
821 old->cap_inheritable); in handle_privileged_root()
837 static inline bool __is_setuid(struct cred *new, const struct cred *old) in __is_setuid() argument
[all …]
|
| D | security.c | 794 int security_capset(struct cred *new, const struct cred *old, in security_capset() argument
799 return call_int_hook(capset, 0, new, old, in security_capset()
1081 const struct cred *old, struct cred *new) in security_dentry_create_files_as() argument
1084 name, old, new); in security_dentry_create_files_as()
1724 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) in security_prepare_creds() argument
1731 rc = call_int_hook(cred_prepare, 0, new, old, gfp); in security_prepare_creds()
1737 void security_transfer_creds(struct cred *new, const struct cred *old) in security_transfer_creds() argument
1739 call_void_hook(cred_transfer, new, old); in security_transfer_creds()
1818 int security_task_fix_setuid(struct cred *new, const struct cred *old, in security_task_fix_setuid() argument
1821 return call_int_hook(task_fix_setuid, 0, new, old, flags); in security_task_fix_setuid()
[all …]
|
| D | Kconfig | 247 in old kernel configs to CONFIG_LSM in new kernel configs. Don't
|
| /security/keys/ |
| D | process_keys.c | 320 struct key *old; in install_session_keyring_to_cred() local
340 old = cred->session_keyring; in install_session_keyring_to_cred()
343 if (old) in install_session_keyring_to_cred()
344 key_put(old); in install_session_keyring_to_cred()
839 const struct cred *old; in join_session_keyring() local
847 old = current_cred(); in join_session_keyring()
870 name, old->uid, old->gid, old, in join_session_keyring()
913 const struct cred *old = current_cred(); in key_change_session_keyring() local
922 if (unlikely(!get_ucounts(old->ucounts))) { in key_change_session_keyring()
928 new-> uid = old-> uid; in key_change_session_keyring()
[all …]
|
| /security/apparmor/ |
| D | policy.c | 741 static void __replace_profile(struct aa_profile *old, struct aa_profile *new) in __replace_profile() argument
745 if (!list_empty(&old->base.profiles)) { in __replace_profile()
747 list_splice_init_rcu(&old->base.profiles, &lh, synchronize_rcu); in __replace_profile()
771 struct aa_profile *parent = aa_deref_parent(old); in __replace_profile()
774 aa_label_replace(&old->label, &new->label); in __replace_profile()
776 __aafs_profile_migrate_dents(old, new); in __replace_profile()
780 list_replace_rcu(&old->base.list, &new->base.list); in __replace_profile()
782 aa_put_profile(old); in __replace_profile()
784 __list_remove_profile(old); in __replace_profile()
813 static void share_name(struct aa_profile *old, struct aa_profile *new) in share_name() argument
[all …]
|
| D | resource.c | 145 struct aa_profile *old, *new; in __aa_transition_rlimits() local
148 old = labels_profile(old_l); in __aa_transition_rlimits()
154 label_for_each_confined(i, old_l, old) { in __aa_transition_rlimits()
155 if (old->rlimits.mask) { in __aa_transition_rlimits()
160 if (old->rlimits.mask & mask) { in __aa_transition_rlimits()
|
| D | file.c | 183 static u32 map_old_perms(u32 old) in map_old_perms() argument
185 u32 new = old & 0xf; in map_old_perms()
186 if (old & MAY_READ) in map_old_perms()
188 if (old & MAY_WRITE) in map_old_perms()
191 if (old & 0x10) in map_old_perms()
196 if (old & 0x20) in map_old_perms()
198 if (old & 0x40) /* AA_EXEC_MMAP */ in map_old_perms()
489 struct aa_label *l, *old; in update_file_ctx() local
493 old = rcu_dereference_protected(fctx->label, in update_file_ctx()
495 l = aa_label_merge(old, label, GFP_ATOMIC); in update_file_ctx()
[all …]
|
| D | task.c | 43 struct aa_label *old = aa_current_raw_label(); in aa_replace_current_label() local
49 if (old == label) in aa_replace_current_label()
65 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
|
| D | label.c | 88 static void __proxy_share(struct aa_label *old, struct aa_label *new) in __proxy_share() argument
92 new->proxy = aa_get_proxy(old->proxy); in __proxy_share()
93 __aa_proxy_redirect(old, new); in __proxy_share()
627 static bool __label_replace(struct aa_label *old, struct aa_label *new) in __label_replace() argument
629 struct aa_labelset *ls = labels_set(old); in __label_replace()
632 AA_BUG(!old); in __label_replace()
637 if (!label_is_stale(old)) in __label_replace()
638 __label_make_stale(old); in __label_replace()
640 if (old->flags & FLAG_IN_TREE) { in __label_replace()
641 rb_replace_node(&old->node, &new->node, &ls->root); in __label_replace()
[all …]
|
| D | apparmorfs.c | 845 struct multi_transaction *old; in multi_transaction_set() local
851 old = (struct multi_transaction *) file->private_data; in multi_transaction_set()
854 put_multi_transaction(old); in multi_transaction_set()
1532 void __aafs_profile_migrate_dents(struct aa_profile *old, in __aafs_profile_migrate_dents() argument
1537 AA_BUG(!old); in __aafs_profile_migrate_dents()
1539 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); in __aafs_profile_migrate_dents()
1542 new->dents[i] = old->dents[i]; in __aafs_profile_migrate_dents()
1545 old->dents[i] = NULL; in __aafs_profile_migrate_dents()
|
| D | lsm.c | 84 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare() argument
87 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_prepare()
94 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer() argument
96 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_transfer()
|
| D | policy_unpack.c | 1048 aa_put_profile(ent->old); in aa_load_ent_free()
|
| /security/landlock/ |
| D | cred.c | 18 const struct cred *const old, const gfp_t gfp) in hook_cred_prepare() argument
20 struct landlock_ruleset *const old_dom = landlock_cred(old)->domain; in hook_cred_prepare()
|
| /security/apparmor/include/ |
| D | task.h | 57 const struct aa_task_ctx *old) in aa_dup_task_ctx() argument
59 *new = *old; in aa_dup_task_ctx()
|
| D | resource.h | 39 void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
|
| D | policy_unpack.h | 22 struct aa_profile *old; member
|
| D | apparmorfs.h | 109 void __aafs_profile_migrate_dents(struct aa_profile *old,
|
| D | label.h | 291 bool aa_label_replace(struct aa_label *old, struct aa_label *new);
292 bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old,
|
| /security/tomoyo/ |
| D | tomoyo.c | 36 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, in tomoyo_cred_prepare() argument
496 struct tomoyo_task *old = tomoyo_task(current); in tomoyo_task_alloc() local
499 new->domain_info = old->domain_info; in tomoyo_task_alloc()
|
| /security/selinux/ |
| D | avc.c | 462 struct avc_node *new, struct avc_node *old) in avc_node_replace() argument
464 trace_android_rvh_selinux_avc_node_replace(old, new); in avc_node_replace()
465 hlist_replace_rcu(&old->list, &new->list); in avc_node_replace()
466 call_rcu(&old->rhead, avc_node_free); in avc_node_replace()
|
| D | hooks.c | 877 struct superblock_security_struct *old = selinux_superblock(oldsb); in selinux_cmp_sb_context() local
879 char oldflags = old->flags & SE_MNTMASK; in selinux_cmp_sb_context()
884 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
886 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid) in selinux_cmp_sb_context()
888 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) in selinux_cmp_sb_context()
2170 static int selinux_capset(struct cred *new, const struct cred *old, in selinux_capset() argument
2176 cred_sid(old), cred_sid(new), SECCLASS_PROCESS, in selinux_capset()
2971 const struct cred *old, in selinux_dentry_create_files_as() argument
2978 rc = selinux_determine_inode_label(selinux_cred(old), in selinux_dentry_create_files_as()
4089 static int selinux_cred_prepare(struct cred *new, const struct cred *old, in selinux_cred_prepare() argument
[all …]
|
| /security/smack/ |
| D | smack_lsm.c | 1947 static int smack_cred_prepare(struct cred *new, const struct cred *old, in smack_cred_prepare() argument
1950 struct task_smack *old_tsp = smack_cred(old); in smack_cred_prepare()
1972 static void smack_cred_transfer(struct cred *new, const struct cred *old) in smack_cred_transfer() argument
1974 struct task_smack *old_tsp = smack_cred(old); in smack_cred_transfer()
4686 const struct cred *old, in smack_dentry_create_files_as() argument
4689 struct task_smack *otsp = smack_cred(old); in smack_dentry_create_files_as()
|