| /security/landlock/ |
| D | ptrace.c | 33 const struct landlock_ruleset *const child) in domain_scope_le() argument
39 if (!child) in domain_scope_le()
41 for (walker = child->hierarchy; walker; walker = walker->parent) { in domain_scope_le()
51 const struct task_struct *const child) in task_is_scoped() argument
58 dom_child = landlock_get_task_domain(child); in task_is_scoped()
65 const struct task_struct *const child) in task_ptrace() argument
70 if (task_is_scoped(parent, child)) in task_ptrace()
88 static int hook_ptrace_access_check(struct task_struct *const child, in hook_ptrace_access_check() argument
91 return task_ptrace(current, child); in hook_ptrace_access_check()
|
| D | ruleset.c | 315 struct landlock_ruleset *const child) in inherit_ruleset() argument
325 mutex_lock(&child->lock); in inherit_ruleset()
331 err = insert_rule(child, walker_rule->object, in inherit_ruleset()
338 if (WARN_ON_ONCE(child->num_layers <= parent->num_layers)) { in inherit_ruleset()
343 memcpy(child->fs_access_masks, parent->fs_access_masks, in inherit_ruleset()
351 child->hierarchy->parent = parent->hierarchy; in inherit_ruleset()
355 mutex_unlock(&child->lock); in inherit_ruleset()
|
| /security/yama/ |
| D | yama_lsm.c | 273 struct task_struct *child) in task_is_descendant() argument
276 struct task_struct *walker = child; in task_is_descendant()
278 if (!parent || !child) in task_is_descendant()
354 static int yama_ptrace_access_check(struct task_struct *child, in yama_ptrace_access_check() argument
367 if (!pid_alive(child)) in yama_ptrace_access_check()
369 if (!rc && !task_is_descendant(current, child) && in yama_ptrace_access_check()
370 !ptracer_exception_found(current, child) && in yama_ptrace_access_check()
371 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
377 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
389 report_access("attach", child, current); in yama_ptrace_access_check()
|
| /security/apparmor/ |
| D | policy.c | 743 struct aa_profile *child, *tmp; in __replace_profile() local
749 list_for_each_entry_safe(child, tmp, &lh, base.list) { in __replace_profile()
752 list_del_init(&child->base.list); in __replace_profile()
753 p = __find_child(&new->base.profiles, child->base.name); in __replace_profile()
756 __replace_profile(child, p); in __replace_profile()
763 p = aa_deref_parent(child); in __replace_profile()
764 rcu_assign_pointer(child->parent, aa_get_profile(new)); in __replace_profile()
765 list_add_rcu(&child->base.list, &new->base.profiles); in __replace_profile()
|
| D | apparmorfs.c | 1507 struct aa_profile *child; in __aafs_profile_rmdir() local
1513 list_for_each_entry(child, &profile->base.profiles, base.list) in __aafs_profile_rmdir()
1514 __aafs_profile_rmdir(child); in __aafs_profile_rmdir()
1671 struct aa_profile *child; in __aafs_profile_mkdir() local
1761 list_for_each_entry(child, &profile->base.profiles, base.list) { in __aafs_profile_mkdir()
1762 error = __aafs_profile_mkdir(child, prof_child_dir(profile)); in __aafs_profile_mkdir()
1893 struct aa_profile *child; in __aafs_ns_rmdir() local
1900 list_for_each_entry(child, &ns->base.profiles, base.list) in __aafs_ns_rmdir()
1901 __aafs_profile_rmdir(child); in __aafs_ns_rmdir()
2002 struct aa_profile *child; in __aafs_ns_mkdir() local
[all …]
|
| D | label.c | 2150 struct aa_ns *child; in __aa_labelset_update_subtree() local
2157 list_for_each_entry(child, &ns->sub_ns, base.list) { in __aa_labelset_update_subtree()
2158 mutex_lock_nested(&child->lock, child->level); in __aa_labelset_update_subtree()
2159 __aa_labelset_update_subtree(child); in __aa_labelset_update_subtree()
2160 mutex_unlock(&child->lock); in __aa_labelset_update_subtree()
|
| D | lsm.c | 115 static int apparmor_ptrace_access_check(struct task_struct *child, in apparmor_ptrace_access_check() argument
122 tracee = aa_get_task_label(child); in apparmor_ptrace_access_check()
|
| /security/apparmor/include/ |
| D | policy_ns.h | 84 const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns);
|
| /security/ |
| D | commoncap.c | 134 int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) in cap_ptrace_access_check() argument
142 child_cred = __task_cred(child); in cap_ptrace_access_check()
|
| D | security.c | 775 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) in security_ptrace_access_check() argument
777 return call_int_hook(ptrace_access_check, 0, child, mode); in security_ptrace_access_check()
|
| /security/selinux/ |
| D | hooks.c | 2141 static int selinux_ptrace_access_check(struct task_struct *child, in selinux_ptrace_access_check() argument
2145 u32 csid = task_sid_obj(child); in selinux_ptrace_access_check()
|