xref: /security/apparmor/af_unix.c

30 	return &u->sk;  in aa_unix_sk()
130 	return match_to_local(policy, state, request, u->sk.sk_type,  in match_to_sk()
131 			      u->sk.sk_protocol, addr, addrlen, p, info);  in match_to_sk()
227 			   u32 request, struct sock *sk, struct path *path)  in profile_sk_perm()  argument
234 	AA_BUG(!sk);  in profile_sk_perm()
239 		if (is_unix_fs(sk))  in profile_sk_perm()
242 					    &unix_sk(sk)->path);  in profile_sk_perm()
244 		state = match_to_sk(rules->policy, state, request, unix_sk(sk),  in profile_sk_perm()
251 	return aa_profile_af_sk_perm(profile, ad, request, sk);  in profile_sk_perm()
254 static int profile_bind_perm(struct aa_profile *profile, struct sock *sk,  in profile_bind_perm()  argument
262 	AA_BUG(!sk);  in profile_bind_perm()
273 				       sk->sk_type, sk->sk_protocol,  in profile_bind_perm()
282 	return aa_profile_af_sk_perm(profile, ad, AA_MAY_BIND, sk);  in profile_bind_perm()
285 static int profile_listen_perm(struct aa_profile *profile, struct sock *sk,  in profile_listen_perm()  argument
293 	AA_BUG(!sk);  in profile_listen_perm()
301 		if (is_unix_fs(sk))  in profile_listen_perm()
304 					    &unix_sk(sk)->path);  in profile_listen_perm()
307 				     unix_sk(sk), CMD_LISTEN, &p, &ad->info);  in profile_listen_perm()
318 	return aa_profile_af_sk_perm(profile, ad, AA_MAY_LISTEN, sk);  in profile_listen_perm()
322 			       struct sock *sk,  in profile_accept_perm()  argument
330 	AA_BUG(!sk);  in profile_accept_perm()
336 		if (is_unix_fs(sk))  in profile_accept_perm()
339 					    &unix_sk(sk)->path);  in profile_accept_perm()
342 				    unix_sk(sk), &p, &ad->info);  in profile_accept_perm()
348 	return aa_profile_af_sk_perm(profile, ad, AA_MAY_ACCEPT, sk);  in profile_accept_perm()
352 			    struct sock *sk, int optname,  in profile_opt_perm()  argument
360 	AA_BUG(!sk);  in profile_opt_perm()
367 		if (is_unix_fs(sk))  in profile_opt_perm()
370 					    &unix_sk(sk)->path);  in profile_opt_perm()
372 		state = match_to_cmd(rules->policy, state, request, unix_sk(sk),  in profile_opt_perm()
384 	return aa_profile_af_sk_perm(profile, ad, request, sk);  in profile_opt_perm()
389 			     struct sock *sk, struct path *path,  in profile_peer_perm()  argument
401 	AA_BUG(!sk);  in profile_peer_perm()
416 				      unix_sk(sk),  in profile_peer_perm()
424 	return aa_profile_af_sk_perm(profile, ad, request, sk);  in profile_peer_perm()
447 				 const char *op, u32 request, struct sock *sk,  in aa_unix_label_sk_perm()  argument
452 		DEFINE_AUDIT_SK(ad, op, subj_cred, sk);  in aa_unix_label_sk_perm()
455 				profile_sk_perm(profile, &ad, request, sk,  in aa_unix_label_sk_perm()
469 				      request, sock->sk,  in aa_unix_sock_perm()
470 				      is_unix_fs(sock->sk) ? &unix_sk(sock->sk)->path : NULL);  in aa_unix_sock_perm()
501 		DEFINE_AUDIT_SK(ad, OP_BIND, current_cred(), sock->sk);  in aa_unix_bind_perm()
507 				profile_bind_perm(profile, sock->sk, &ad));  in aa_unix_bind_perm()
535 		DEFINE_AUDIT_SK(ad, OP_LISTEN, current_cred(), sock->sk);  in aa_unix_listen_perm()
538 				profile_listen_perm(profile, sock->sk,  in aa_unix_listen_perm()
556 		DEFINE_AUDIT_SK(ad, OP_ACCEPT, current_cred(), sock->sk);  in aa_unix_accept_perm()
559 				profile_accept_perm(profile, sock->sk, &ad));  in aa_unix_accept_perm()
589 		DEFINE_AUDIT_SK(ad, op, current_cred(), sock->sk);  in aa_unix_opt_perm()
592 				profile_opt_perm(profile, request, sock->sk,  in aa_unix_opt_perm()
602 			  struct sock *sk, struct path *path,  in unix_peer_perm()  argument
607 	DEFINE_AUDIT_SK(ad, op, subj_cred, sk);  in unix_peer_perm()
613 			profile_peer_perm(profile, request, sk, path,  in unix_peer_perm()
625 		      struct sock *sk, struct sock *peer_sk,  in aa_unix_peer_perm()  argument
629 	struct unix_sock *u = unix_sk(sk);  in aa_unix_peer_perm()
634 	AA_BUG(!sk);  in aa_unix_peer_perm()
638 	return unix_peer_perm(subj_cred, label, op, request, sk,  in aa_unix_peer_perm()
639 			      is_unix_fs(sk) ? &u->path : NULL,  in aa_unix_peer_perm()
646 static void update_sk_ctx(struct sock *sk, struct aa_label *label,  in update_sk_ctx()  argument
650 	struct aa_sk_ctx *ctx = aa_sock(sk);  in update_sk_ctx()
662 	spin_lock(&unix_sk(sk)->lock);  in update_sk_ctx()
664 					lockdep_is_held(&unix_sk(sk)->lock));  in update_sk_ctx()
674 		old = rcu_dereference_protected(ctx->peer, lockdep_is_held(&unix_sk(sk)->lock));  in update_sk_ctx()
684 	spin_unlock(&unix_sk(sk)->lock);  in update_sk_ctx()
687 static void update_peer_ctx(struct sock *sk, struct aa_sk_ctx *ctx,  in update_peer_ctx()  argument
692 	spin_lock(&unix_sk(sk)->lock);  in update_peer_ctx()
694 					lockdep_is_held(&unix_sk(sk)->lock));  in update_peer_ctx()
703 	spin_unlock(&unix_sk(sk)->lock);  in update_peer_ctx()
724 	AA_BUG(!sock->sk);  in aa_unix_file_perm()
725 	AA_BUG(sock->sk->sk_family != PF_UNIX);  in aa_unix_file_perm()
731 	unix_state_lock(sock->sk);  in aa_unix_file_perm()
732 	peer_sk = unix_peer(sock->sk);  in aa_unix_file_perm()
736 	is_sk_fs = is_unix_fs(sock->sk);  in aa_unix_file_perm()
737 	addr = aa_sunaddr(unix_sk(sock->sk), &addrlen);  in aa_unix_file_perm()
738 	path = unix_sk(sock->sk)->path;  in aa_unix_file_perm()
739 	unix_state_unlock(sock->sk);  in aa_unix_file_perm()
745 						      sk_req, sock->sk,  in aa_unix_file_perm()
772 					      MAY_READ | MAY_WRITE, sock->sk,  in aa_unix_file_perm()
794 		update_sk_ctx(sock->sk, label, plabel);  in aa_unix_file_perm()

Last Index update Fri Aug 22 10:33:58 CST 2025