Lines Matching refs:hook
39 * HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
45 * Call the macro M for each LSM hook MAX_LSM_COUNT times.
56 * security_locked_down() LSM hook. Placing this array here allows
119 * Define static calls and static keys for each LSM hook.
133 * Initialise a table of static calls for each LSM hook.
414 hl->hook.lsm_func_addr);
607 * security_add_hooks - Add a modules hooks to the hook lists.
921 * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
927 * LSM hook.
943 * This is a hook that does not return a value.
946 * This is a hook that returns a value.
1054 * during an execve in the bprm_set_creds hook of binprm_security_ops if the
1088 * @target process. The hook may also perform permission checking to determine
1230 rc = scall->hl->hook.vm_enough_memory(mm, pages);
1246 * program. This hook may also optionally check permissions (e.g. for
1247 * transitions between security domains). The hook must set @bprm->secureexec
1255 * This hook must not change current->cred, only @bprm->cred.
1257 * Return: Returns 0 if the hook is successful and permission is granted.
1274 * different file. This hook may also optionally check permissions (e.g. for
1275 * transitions between security domains). The hook must set @bprm->secureexec
1277 * hook must add to @bprm->per_clear any personality flags that should be
1281 * Return: Returns 0 if the hook is successful and permission is granted.
1292 * This hook mediates the point when a search for a binary handler will begin.
1295 * available in @bprm. This hook may be called multiple times during a single
1298 * Return: Returns 0 if the hook is successful and permission is granted.
1312 * bprm_creds_for_exec hook. @bprm points to the linux_binprm structure. This
1313 * hook is a good place to perform state changes on the process such as closing
1329 * structure. This hook is a good place to perform state changes on the
1388 trc = scall->hl->hook.fs_context_parse_param(fc, param);
1622 rc = scall->hl->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags,
1728 * release that state in the inode_free_security_rcu() LSM hook callback.
1796 * hook is called by the fs code as part of the inode creation transaction and
1800 * The hook function is expected to populate the xattrs array, by calling
1803 * slot, the hook function should set ->name to the attribute name suffix
1836 ret = scall->hl->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1889 * Check permissions when creating a file. Note that this hook is called even
2037 * using the security_file_truncate() hook.
2227 * done for a regular file, then the create hook will be called and not this
2228 * hook.
2311 * Check permission before accessing an inode. This hook is called by the
2314 * that this hook is called when a file is opened (as well as many other
2315 * operations), whereas the file_security_ops permission hook is called when
2389 * This hook performs the desired permission checks before setting the extended
2395 * hook implementations, but if a LSM wants to avoid this capability check,
2396 * it can register a 'inode_xattr_skipcap' hook and return a value of 1 for
2399 * of the enabled LSMs refrain from registering a 'inode_xattr_skipcap' hook,
2576 * This hook performs the desired permission checks before setting the extended
2582 * hook implementations, but if a LSM wants to avoid this capability check,
2583 * it can register a 'inode_xattr_skipcap' hook and return a value of 1 for
2586 * of the enabled LSMs refrain from registering a 'inode_xattr_skipcap' hook,
2799 * reading and writing the xattrs, this hook is merely a filter.
2858 * Check file permissions before accessing an open file. This hook is called
2860 * this hook to perform additional checking on these operations, e.g. to
2862 * changes. Notice that this hook is used when the actual read/write
2863 * operations are performed, whereas the inode_security_ops hook is called when
2864 * a file is opened (as well as many other operations). Although this hook can
2884 * Return: Return 0 if the hook is successful and permission is granted.
3050 * Check permission before performing file locking operations. Note the hook
3084 * file->f_security for later use by the send_sigiotask hook.
3086 * This hook is called with file->f_owner.lock held.
3102 * process @tsk. Note that this hook is sometimes called from interrupt. Note
3119 * This hook allows security modules to control the ability of a process to
3152 * Evaluate an opened file and the access mask requested with open(). The hook
3170 * @path_truncate hook.
3394 * to security_kernel_read_file() call that indicated this hook would also be
3430 * this hook would also be called, see security_kernel_load_data() for more
3451 * the set*uid system calls invoked this hook. If @new is the set of
3471 * the set*gid system calls invoked this hook. @new is the set of credentials
3698 * separately by the send_sigiotask hook in file_security_ops.
3730 thisrc = scall->hl->hook.task_prctl(option, arg2, arg3, arg4, arg5);
3868 * call. This hook is only called when returning the message queue identifier
3971 * system call. This hook is only called when returning the shared memory
4055 * call. This hook is only called when returning the semaphore identifier for
4180 rc = scall->hl->hook.getselfattr(attr, uctx, &entrysize, flags);
4252 rc = scall->hl->hook.setselfattr(attr, lctx, size, flags);
4280 return scall->hl->hook.getprocattr(p, name, value);
4304 return scall->hl->hook.setprocattr(name, value, size);
4410 * for this inode. Example usage: NFS client invokes this hook to initialize
4432 * context. Example usage: NFS server invokes this hook to change the security
4594 * This hook allows a module to update or allocate a per-socket security
4597 * associated inode. Typically, the inode alloc_security hook will allocate
4598 * and attach security information to SOCK_INODE(sock)->i_security. This hook
4802 * Check permissions on incoming network packets. This hook is distinct from
4805 * sleep inside this hook because some callers hold spinlocks.
4822 * This hook allows the security module to provide peer socket security state
4843 * This hook allows the security module to provide peer socket security state
4847 * this hook for a packet via the SCM_SECURITY ancillary message type.
5046 * This hook allows a module to allocate a security structure for a TUN device,
5072 * This hook allows a module to free the security structure for a TUN device.
5112 * This hook can be used by the module to update any security state associated
5127 * This hook can be used by the module to update any security state associated
5215 * owning MPTCP socket. This hook has to be called after the socket creation and
5428 * packet. The hook is called when selecting either a per-socket policy or a
5466 rc = scall->hl->hook.xfrm_state_pol_flow_match(x, xp, flic);
5728 * allocates associated BPF program object. This hook is also responsible for
5890 * Please note that the new hook should be invoked every time the security
5895 * hook to refresh these data and ensure they are up to date. This necessity