| /security/yama/ |
| A D | yama_lsm.c | 268 struct task_struct *child) in task_is_descendant() argument
271 struct task_struct *walker = child; in task_is_descendant()
273 if (!parent || !child) in task_is_descendant()
349 static int yama_ptrace_access_check(struct task_struct *child, in yama_ptrace_access_check() argument
362 if (!pid_alive(child)) in yama_ptrace_access_check()
364 if (!rc && !task_is_descendant(current, child) && in yama_ptrace_access_check()
365 !ptracer_exception_found(current, child) && in yama_ptrace_access_check()
366 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
372 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
384 report_access("attach", child, current); in yama_ptrace_access_check()
|
| /security/landlock/ |
| A D | task.c | 42 const struct landlock_ruleset *const child) in domain_scope_le() argument
50 if (!child) in domain_scope_le()
53 for (walker = child->hierarchy; walker; walker = walker->parent) { in domain_scope_le()
64 const struct landlock_ruleset *const child) in domain_ptrace() argument
66 if (domain_scope_le(parent, child)) in domain_ptrace()
85 static int hook_ptrace_access_check(struct task_struct *const child, in hook_ptrace_access_check() argument
99 child_dom = landlock_get_task_domain(child); in hook_ptrace_access_check()
115 .u.tsk = child, in hook_ptrace_access_check()
|
| A D | ruleset.c | 398 struct landlock_ruleset *const child, in inherit_tree() argument
407 lockdep_assert_held(&child->lock); in inherit_tree()
421 err = insert_rule(child, id, &walker_rule->layers, in inherit_tree()
430 struct landlock_ruleset *const child) in inherit_ruleset() argument
439 mutex_lock(&child->lock); in inherit_ruleset()
443 err = inherit_tree(parent, child, LANDLOCK_KEY_INODE); in inherit_ruleset()
449 err = inherit_tree(parent, child, LANDLOCK_KEY_NET_PORT); in inherit_ruleset()
454 if (WARN_ON_ONCE(child->num_layers <= parent->num_layers)) { in inherit_ruleset()
459 memcpy(child->access_masks, parent->access_masks, in inherit_ruleset()
467 child->hierarchy->parent = parent->hierarchy; in inherit_ruleset()
[all …]
|
| /security/apparmor/ |
| A D | policy.c | 975 struct aa_profile *child, *tmp; in __replace_profile() local
981 list_for_each_entry_safe(child, tmp, &lh, base.list) { in __replace_profile()
984 list_del_init(&child->base.list); in __replace_profile()
985 p = __find_child(&new->base.profiles, child->base.name); in __replace_profile()
988 __replace_profile(child, p); in __replace_profile()
995 p = aa_deref_parent(child); in __replace_profile()
996 rcu_assign_pointer(child->parent, aa_get_profile(new)); in __replace_profile()
997 list_add_rcu(&child->base.list, &new->base.profiles); in __replace_profile()
|
| A D | apparmorfs.c | 1528 struct aa_profile *child; in __aafs_profile_rmdir() local
1534 list_for_each_entry(child, &profile->base.profiles, base.list) in __aafs_profile_rmdir()
1535 __aafs_profile_rmdir(child); in __aafs_profile_rmdir()
1692 struct aa_profile *child; in __aafs_profile_mkdir() local
1790 error = __aafs_profile_mkdir(child, prof_child_dir(profile)); in __aafs_profile_mkdir()
1923 struct aa_profile *child; in __aafs_ns_rmdir() local
1930 list_for_each_entry(child, &ns->base.profiles, base.list) in __aafs_ns_rmdir()
1931 __aafs_profile_rmdir(child); in __aafs_ns_rmdir()
2032 struct aa_profile *child; in __aafs_ns_mkdir() local
2056 list_for_each_entry(child, &ns->base.profiles, base.list) { in __aafs_ns_mkdir()
[all …]
|
| A D | label.c | 2124 struct aa_ns *child; in __aa_labelset_update_subtree() local
2131 list_for_each_entry(child, &ns->sub_ns, base.list) { in __aa_labelset_update_subtree()
2132 mutex_lock_nested(&child->lock, child->level); in __aa_labelset_update_subtree()
2133 __aa_labelset_update_subtree(child); in __aa_labelset_update_subtree()
2134 mutex_unlock(&child->lock); in __aa_labelset_update_subtree()
|
| A D | lsm.c | 124 static int apparmor_ptrace_access_check(struct task_struct *child, in apparmor_ptrace_access_check() argument
132 cred = get_task_cred(child); in apparmor_ptrace_access_check()
|
| /security/apparmor/include/ |
| A D | policy_ns.h | 85 const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns);
|
| /security/ |
| A D | commoncap.c | 164 int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) in cap_ptrace_access_check() argument
172 child_cred = __task_cred(child); in cap_ptrace_access_check()
|
| A D | security.c | 1060 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) in security_ptrace_access_check() argument
1062 return call_int_hook(ptrace_access_check, child, mode); in security_ptrace_access_check()
|
| /security/selinux/ |
| A D | hooks.c | 2106 static int selinux_ptrace_access_check(struct task_struct *child, in selinux_ptrace_access_check() argument
2110 u32 csid = task_sid_obj(child); in selinux_ptrace_access_check()
|