Home
last modified time | relevance | path

Searched refs:cred (Results 1 – 25 of 35) sorted by relevance

12

/security/keys/
Dprocess_keys.c77 const struct cred *cred = current_cred(); in look_up_user_keyrings() local
82 uid_t uid = from_kuid(user_ns, cred->user->uid); in look_up_user_keyrings()
106 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
107 cred, user_keyring_perm, in look_up_user_keyrings()
128 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
129 cred, user_keyring_perm, in look_up_user_keyrings()
185 struct key *get_user_session_keyring_rcu(const struct cred *cred) in get_user_session_keyring_rcu() argument
187 struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); in get_user_session_keyring_rcu()
194 .cred = cred, in get_user_session_keyring_rcu()
205 from_kuid(cred->user_ns, in get_user_session_keyring_rcu()
[all …]
Drequest_key_auth.c112 if (rka->cred) in free_request_key_auth()
113 put_cred(rka->cred); in free_request_key_auth()
166 const struct cred *cred = current_cred(); in request_key_auth_new() local
185 if (cred->request_key_auth) { in request_key_auth_new()
187 down_read(&cred->request_key_auth->sem); in request_key_auth_new()
192 &cred->request_key_auth->flags)) { in request_key_auth_new()
193 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
198 irka = cred->request_key_auth->payload.data[0]; in request_key_auth_new()
199 rka->cred = get_cred(irka->cred); in request_key_auth_new()
202 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
[all …]
Drequest_key.c80 static int umh_keys_init(struct subprocess_info *info, struct cred *cred) in umh_keys_init() argument
84 return install_session_keyring_to_cred(cred, keyring); in umh_keys_init()
122 const struct cred *cred = current_cred(); in call_sbin_request_key() local
139 cred = get_current_cred(); in call_sbin_request_key()
140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
143 put_cred(cred); in call_sbin_request_key()
155 sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid)); in call_sbin_request_key()
156 sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid)); in call_sbin_request_key()
163 cred->thread_keyring ? cred->thread_keyring->serial : 0); in call_sbin_request_key()
166 if (cred->process_keyring) in call_sbin_request_key()
[all …]
Dpermission.c26 int key_task_permission(const key_ref_t key_ref, const struct cred *cred, in key_task_permission() argument
54 if (uid_eq(key->uid, cred->fsuid)) { in key_task_permission()
62 if (gid_eq(key->gid, cred->fsgid)) { in key_task_permission()
67 ret = groups_search(cred->group_info, key->gid); in key_task_permission()
90 return security_key_permission(key_ref, cred, need_perm); in key_task_permission()
Dinternal.h121 const struct cred *cred; member
152 extern struct key *get_user_session_keyring_rcu(const struct cred *);
153 extern int install_thread_keyring_to_cred(struct cred *);
154 extern int install_process_keyring_to_cred(struct cred *);
155 extern int install_session_keyring_to_cred(struct cred *, struct key *);
183 const struct cred *cred,
Dkeyctl.c1151 struct cred *new; in keyctl_change_reqkey_auth()
1176 const struct cred *cred = current_cred(); in keyctl_instantiate_key_common() local
1195 instkey = cred->request_key_auth; in keyctl_instantiate_key_common()
1338 const struct cred *cred = current_cred(); in keyctl_reject_key() local
1357 instkey = cred->request_key_auth; in keyctl_reject_key()
1395 struct cred *new; in keyctl_set_reqkey_keyring()
1629 const struct cred *mycred, *pcred; in keyctl_session_to_parent()
1632 struct cred *cred; in keyctl_session_to_parent() local
1644 cred = cred_alloc_blank(); in keyctl_session_to_parent()
1645 if (!cred) in keyctl_session_to_parent()
[all …]
Dkey.c226 kuid_t uid, kgid_t gid, const struct cred *cred, in key_alloc() argument
315 ret = security_key_alloc(key, cred, flags); in key_alloc()
824 const struct cred *cred = current_cred(); in key_create_or_update() local
929 cred->fsuid, cred->fsgid, cred, perm, flags, NULL); in key_create_or_update()
/security/apparmor/include/
Dcred.h22 static inline struct aa_label *cred_label(const struct cred *cred) in cred_label() argument
24 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in cred_label()
30 static inline void set_cred_label(const struct cred *cred, in set_cred_label() argument
33 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in set_cred_label()
47 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) in aa_cred_raw_label() argument
49 struct aa_label *label = cred_label(cred); in aa_cred_raw_label()
61 static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred) in aa_get_newest_cred_label() argument
63 return aa_get_newest_label(aa_cred_raw_label(cred)); in aa_get_newest_cred_label()
/security/
Dcommoncap.c66 int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, in cap_capable() argument
77 if (ns == cred->user_ns) in cap_capable()
78 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
84 if (ns->level <= cred->user_ns->level) in cap_capable()
91 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
137 const struct cred *cred, *child_cred; in cap_ptrace_access_check() local
141 cred = current_cred(); in cap_ptrace_access_check()
144 caller_caps = &cred->cap_effective; in cap_ptrace_access_check()
146 caller_caps = &cred->cap_permitted; in cap_ptrace_access_check()
147 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_access_check()
[all …]
Dsecurity.c318 static void __init lsm_early_cred(struct cred *cred);
362 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
533 static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) in lsm_cred_alloc() argument
536 cred->security = NULL; in lsm_cred_alloc()
540 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
541 if (cred->security == NULL) in lsm_cred_alloc()
552 static void __init lsm_early_cred(struct cred *cred) in lsm_early_cred() argument
554 int rc = lsm_cred_alloc(cred, GFP_KERNEL); in lsm_early_cred()
753 int security_binder_set_context_mgr(const struct cred *mgr) in security_binder_set_context_mgr()
758 int security_binder_transaction(const struct cred *from, in security_binder_transaction()
[all …]
/security/safesetid/
Dlsm.c90 static int safesetid_security_capable(const struct cred *cred, in safesetid_security_capable() argument
113 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_security_capable()
120 __kuid_val(cred->uid)); in safesetid_security_capable()
127 if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT) in safesetid_security_capable()
134 __kuid_val(cred->uid)); in safesetid_security_capable()
147 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type) in id_permitted_for_cred()
190 static int safesetid_task_fix_setuid(struct cred *new, in safesetid_task_fix_setuid()
191 const struct cred *old, in safesetid_task_fix_setuid()
214 static int safesetid_task_fix_setgid(struct cred *new, in safesetid_task_fix_setgid()
215 const struct cred *old, in safesetid_task_fix_setgid()
[all …]
/security/landlock/
Dcred.c17 static int hook_cred_prepare(struct cred *const new, in hook_cred_prepare()
18 const struct cred *const old, const gfp_t gfp) in hook_cred_prepare()
29 static void hook_cred_free(struct cred *const cred) in hook_cred_free() argument
31 struct landlock_ruleset *const dom = landlock_cred(cred)->domain; in hook_cred_free()
Dcred.h24 landlock_cred(const struct cred *cred) in landlock_cred() argument
26 return cred->security + landlock_blob_sizes.lbs_cred; in landlock_cred()
DMakefile4 cred.o ptrace.o fs.o
/security/selinux/
Dhooks.c223 static inline u32 cred_sid(const struct cred *cred) in cred_sid() argument
227 tsec = selinux_cred(cred); in cred_sid()
401 const struct cred *cred) in may_context_mount_sb_relabel() argument
403 const struct task_security_struct *tsec = selinux_cred(cred); in may_context_mount_sb_relabel()
420 const struct cred *cred) in may_context_mount_inode_relabel() argument
422 const struct task_security_struct *tsec = selinux_cred(cred); in may_context_mount_inode_relabel()
607 const struct cred *cred = current_cred(); in selinux_set_mnt_opts() local
757 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); in selinux_set_mnt_opts()
777 cred); in selinux_set_mnt_opts()
783 cred); in selinux_set_mnt_opts()
[all …]
/security/smack/
Dsmack.h290 bool smack_privileged_cred(int cap, const struct cred *cred);
326 static inline struct task_smack *smack_cred(const struct cred *cred) in smack_cred() argument
328 return cred->security + smack_blob_sizes.lbs_cred; in smack_cred()
388 const struct cred *cred; in smk_of_task_struct_obj() local
392 cred = __task_cred(t); in smk_of_task_struct_obj()
393 skp = smk_of_task(smack_cred(cred)); in smk_of_task_struct_obj()
Dsmack_lsm.c243 static int smk_bu_credfile(const struct cred *cred, struct file *file, in smk_bu_credfile() argument
246 struct task_smack *tsp = smack_cred(cred); in smk_bu_credfile()
269 #define smk_bu_credfile(cred, file, mode, RC) (RC) argument
426 const struct cred *tracercred; in smk_ptrace_rule_check()
926 struct task_smack *bsp = smack_cred(bprm->cred); in smack_bprm_creds_for_exec()
1838 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); in smack_file_send_sigiotask()
1839 const struct cred *tcred; in smack_file_send_sigiotask()
1959 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) in smack_cred_alloc_blank() argument
1961 init_task_smack(smack_cred(cred), NULL, NULL); in smack_cred_alloc_blank()
1971 static void smack_cred_free(struct cred *cred) in smack_cred_free() argument
[all …]
Dsmack_access.c650 bool smack_privileged_cred(int cap, const struct cred *cred) in smack_privileged_cred() argument
652 struct task_smack *tsp = smack_cred(cred); in smack_privileged_cred()
657 rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE); in smack_privileged_cred()
/security/apparmor/
Dlsm.c66 static void apparmor_cred_free(struct cred *cred) in apparmor_cred_free() argument
68 aa_put_label(cred_label(cred)); in apparmor_cred_free()
69 set_cred_label(cred, NULL); in apparmor_cred_free()
75 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) in apparmor_cred_alloc_blank() argument
77 set_cred_label(cred, NULL); in apparmor_cred_alloc_blank()
84 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare()
94 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer()
151 const struct cred *cred; in apparmor_capget() local
154 cred = __task_cred(target); in apparmor_capget()
155 label = aa_get_newest_cred_label(cred); in apparmor_capget()
[all …]
Dtask.c50 struct cred *new; in aa_replace_current_label()
123 struct cred *new; in aa_set_current_hat()
163 struct cred *new; in aa_restore_previous_label()
Ddomain.c870 AA_BUG(!cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
873 label = aa_get_newest_label(cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
959 aa_put_label(cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
961 set_cred_label(bprm->cred, new); in apparmor_bprm_creds_for_exec()
1150 const struct cred *cred; in aa_change_hat() local
1159 cred = get_current_cred(); in aa_change_hat()
1160 label = aa_get_newest_cred_label(cred); in aa_change_hat()
1242 put_cred(cred); in aa_change_hat()
/security/selinux/include/
Dobjsec.h151 static inline struct task_security_struct *selinux_cred(const struct cred *cred) in selinux_cred() argument
153 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
/security/integrity/
Ddigsig.c102 const struct cred *cred = current_cred(); in __integrity_init_keyring() local
106 KGIDT_INIT(0), cred, perm, in __integrity_init_keyring()
/security/integrity/ima/
Dima_policy.c489 const struct cred *cred) in ima_match_rule_data() argument
495 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rule_data()
543 struct inode *inode, const struct cred *cred, in ima_match_rules() argument
560 ima_match_rule_data(rule, func_data, cred)); in ima_match_rules()
580 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rules()
584 if (!rule->uid_op(cred->euid, rule->uid) in ima_match_rules()
585 && !rule->uid_op(cred->suid, rule->uid) in ima_match_rules()
586 && !rule->uid_op(cred->uid, rule->uid)) in ima_match_rules()
588 } else if (!rule->uid_op(cred->euid, rule->uid)) in ima_match_rules()
591 if ((rule->flags & IMA_GID) && !rule->gid_op(cred->gid, rule->gid)) in ima_match_rules()
[all …]
Dima.h258 const struct cred *cred, u32 secid, int mask,
289 const struct cred *cred, u32 secid, enum ima_hooks func,

12