| /security/keys/ |
| A D | process_keys.c | 77 const struct cred *cred = current_cred(); in look_up_user_keyrings() local
185 struct key *get_user_session_keyring_rcu(const struct cred *cred) in get_user_session_keyring_rcu() argument
194 .cred = cred, in get_user_session_keyring_rcu()
246 struct cred *new; in install_thread_keyring()
293 struct cred *new; in install_process_keyring()
330 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, in install_session_keyring_to_cred()
426 const struct cred *cred = ctx->cred; in search_cred_keyrings_rcu() local
557 const struct cred *cred = ctx->cred; in search_process_keyrings_rcu() local
563 ctx->cred = rka->cred; in search_process_keyrings_rcu()
565 ctx->cred = cred; in search_process_keyrings_rcu()
[all …]
|
| A D | request_key_auth.c | 112 if (rka->cred) in free_request_key_auth()
113 put_cred(rka->cred); in free_request_key_auth()
166 const struct cred *cred = current_cred(); in request_key_auth_new() local
185 if (cred->request_key_auth) { in request_key_auth_new()
187 down_read(&cred->request_key_auth->sem); in request_key_auth_new()
193 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
199 rka->cred = get_cred(irka->cred); in request_key_auth_new()
202 up_read(&cred->request_key_auth->sem); in request_key_auth_new()
206 rka->cred = get_cred(cred); in request_key_auth_new()
217 cred->fsuid, cred->fsgid, cred, in request_key_auth_new()
[all …]
|
| A D | request_key.c | 80 static int umh_keys_init(struct subprocess_info *info, struct cred *cred) in umh_keys_init() argument
122 const struct cred *cred = current_cred(); in call_sbin_request_key() local
139 cred = get_current_cred(); in call_sbin_request_key()
140 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, in call_sbin_request_key()
143 put_cred(cred); in call_sbin_request_key()
163 cred->thread_keyring ? cred->thread_keyring->serial : 0); in call_sbin_request_key()
166 if (cred->process_keyring) in call_sbin_request_key()
268 const struct cred *cred = current_cred(); in construct_get_dest_keyring() local
396 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred, in construct_alloc_key()
588 .cred = current_cred(), in request_key_and_link()
[all …]
|
| A D | permission.c | 26 int key_task_permission(const key_ref_t key_ref, const struct cred *cred, in key_task_permission() argument
54 if (uid_eq(key->uid, cred->fsuid)) { in key_task_permission()
62 if (gid_eq(key->gid, cred->fsgid)) { in key_task_permission()
67 ret = groups_search(cred->group_info, key->gid); in key_task_permission()
90 return security_key_permission(key_ref, cred, need_perm); in key_task_permission()
|
| A D | internal.h | 114 const struct cred *cred; member
145 extern struct key *get_user_session_keyring_rcu(const struct cred *);
146 extern int install_thread_keyring_to_cred(struct cred *);
147 extern int install_process_keyring_to_cred(struct cred *);
148 extern int install_session_keyring_to_cred(struct cred *, struct key *);
176 const struct cred *cred,
|
| /security/apparmor/include/ |
| A D | cred.h | 22 static inline struct aa_label *cred_label(const struct cred *cred) in cred_label() argument
24 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in cred_label()
30 static inline void set_cred_label(const struct cred *cred, in set_cred_label() argument
33 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in set_cred_label()
47 static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) in aa_cred_raw_label() argument
49 struct aa_label *label = cred_label(cred); in aa_cred_raw_label()
61 static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred) in aa_get_newest_cred_label() argument
63 return aa_get_newest_label(aa_cred_raw_label(cred)); in aa_get_newest_cred_label()
66 static inline struct aa_label *aa_get_newest_cred_label_condref(const struct cred *cred, in aa_get_newest_cred_label_condref() argument
69 struct aa_label *l = aa_cred_raw_label(cred); in aa_get_newest_cred_label_condref()
|
| A D | mount.h | 28 int aa_remount(const struct cred *subj_cred,
32 int aa_bind_mount(const struct cred *subj_cred,
37 int aa_mount_change_type(const struct cred *subj_cred,
41 int aa_move_mount_old(const struct cred *subj_cred,
44 int aa_move_mount(const struct cred *subj_cred,
48 int aa_new_mount(const struct cred *subj_cred,
53 int aa_umount(const struct cred *subj_cred,
56 int aa_pivotroot(const struct cred *subj_cred,
|
| A D | file.h | 74 int aa_audit_file(const struct cred *cred,
87 int __aa_path_perm(const char *op, const struct cred *subj_cred,
91 int aa_path_perm(const char *op, const struct cred *subj_cred,
95 int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
99 int aa_file_perm(const char *op, const struct cred *subj_cred,
103 void aa_inherit_files(const struct cred *cred, struct files_struct *files);
|
| A D | ipc.h | 19 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
20 const struct cred *target_cred, struct aa_label *target,
|
| /security/ |
| A D | commoncap.c | 68 static inline int cap_capable_helper(const struct cred *cred, in cap_capable_helper() argument
167 const struct cred *cred, *child_cred; in cap_ptrace_access_check() local
204 const struct cred *cred, *child_cred; in cap_ptrace_traceme() local
233 const struct cred *cred; in cap_capget() local
621 struct cred *new = bprm->cred; in bprm_caps_from_vfs_caps()
797 static inline bool __is_real(kuid_t uid, struct cred *cred) in __is_real() argument
800 static inline bool __is_eff(kuid_t uid, struct cred *cred) in __is_eff() argument
804 { return !__is_real(uid, cred) && __is_eff(uid, cred); } in __is_suid()
822 struct cred *new = bprm->cred; in handle_privileged_root()
855 !cap_issubset(cred->cap_##target, cred->cap_##source)
[all …]
|
| A D | security.c | 424 static void __init lsm_early_cred(struct cred *cred);
496 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
699 static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) in lsm_cred_alloc() argument
710 static void __init lsm_early_cred(struct cred *cred) in lsm_early_cred() argument
1137 int security_capable(const struct cred *cred, in security_capable() argument
1779 const struct cred *old, struct cred *new) in security_dentry_create_files_as()
3244 void security_cred_free(struct cred *cred) in security_cred_free() argument
3623 int security_task_prlimit(const struct cred *cred, const struct cred *tcred, in security_task_prlimit() argument
3703 int sig, const struct cred *cred) in security_task_kill() argument
3761 int security_create_user_ns(const struct cred *cred) in security_create_user_ns() argument
[all …]
|
| /security/landlock/ |
| A D | cred.c | 19 static void hook_cred_transfer(struct cred *const new, in hook_cred_transfer()
20 const struct cred *const old) in hook_cred_transfer()
31 static int hook_cred_prepare(struct cred *const new, in hook_cred_prepare()
32 const struct cred *const old, const gfp_t gfp) in hook_cred_prepare()
38 static void hook_cred_free(struct cred *const cred) in hook_cred_free() argument
40 struct landlock_ruleset *const dom = landlock_cred(cred)->domain; in hook_cred_free()
51 landlock_cred(bprm->cred)->domain_exec = 0; in hook_bprm_creds_for_exec()
|
| A D | cred.h | 63 landlock_cred(const struct cred *cred) in landlock_cred() argument
65 return cred->security + landlock_blob_sizes.lbs_cred; in landlock_cred()
110 landlock_get_applicable_subject(const struct cred *const cred, in landlock_get_applicable_subject() argument
120 if (!cred) in landlock_get_applicable_subject()
123 domain = landlock_cred(cred)->domain; in landlock_get_applicable_subject()
137 return landlock_cred(cred); in landlock_get_applicable_subject()
|
| A D | task.c | 340 const struct cred *cred) in hook_task_kill() argument
346 if (!cred) { in hook_task_kill()
359 cred = current_cred(); in hook_task_kill()
362 subject = landlock_get_applicable_subject(cred, signal_scope, in hook_task_kill()
|
| /security/apparmor/ |
| A D | task.c | 50 struct cred *new; in aa_replace_current_label()
120 struct cred *new; in aa_set_current_hat()
160 struct cred *new; in aa_restore_previous_label()
226 static int profile_ptrace_perm(const struct cred *cred, in profile_ptrace_perm() argument
234 ad->subj_cred = cred; in profile_ptrace_perm()
242 static int profile_tracee_perm(const struct cred *cred, in profile_tracee_perm() argument
251 return profile_ptrace_perm(cred, tracee, tracer, request, ad); in profile_tracee_perm()
254 static int profile_tracer_perm(const struct cred *cred, in profile_tracer_perm() argument
263 return profile_ptrace_perm(cred, tracer, tracee, request, ad); in profile_tracer_perm()
272 ad->error = aa_capable(cred, &tracer->label, CAP_SYS_PTRACE, in profile_tracer_perm()
[all …]
|
| A D | file.c | 95 int aa_audit_file(const struct cred *subj_cred, in aa_audit_file()
275 int aa_path_perm(const char *op, const struct cred *subj_cred, in aa_path_perm()
319 static int profile_path_link(const struct cred *subj_cred, in profile_path_link()
425 int aa_path_link(const struct cred *subj_cred, in aa_path_link()
684 const struct cred *cred; member
692 if (aa_file_perm(OP_INHERIT, cl->cred, cl->label, file, in match_file()
700 void aa_inherit_files(const struct cred *cred, struct files_struct *files) in aa_inherit_files() argument
702 struct aa_label *label = aa_get_newest_cred_label(cred); in aa_inherit_files()
704 .cred = cred, in aa_inherit_files()
710 revalidate_tty(cred, label); in aa_inherit_files()
[all …]
|
| A D | lsm.c | 75 static void apparmor_cred_free(struct cred *cred) in apparmor_cred_free() argument
84 static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp) in apparmor_cred_alloc_blank() argument
128 const struct cred *cred; in apparmor_ptrace_access_check() local
139 put_cred(cred); in apparmor_ptrace_access_check()
147 const struct cred *cred; in apparmor_ptrace_traceme() local
156 put_cred(cred); in apparmor_ptrace_traceme()
167 const struct cred *cred; in apparmor_capget() local
833 const struct cred *cred = get_task_cred(task); in apparmor_getprocattr() local
1028 int sig, const struct cred *cred) in apparmor_task_kill() argument
1037 if (cred) { in apparmor_task_kill()
[all …]
|
| A D | ipc.c | 78 static int profile_signal_perm(const struct cred *cred, in profile_signal_perm() argument
90 ad->subj_cred = cred; in profile_signal_perm()
102 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender, in aa_may_signal()
103 const struct cred *target_cred, struct aa_label *target, in aa_may_signal()
|
| A D | mount.c | 134 static int audit_mount(const struct cred *subj_cred, in audit_mount()
305 static int match_mnt_path_str(const struct cred *subj_cred, in match_mnt_path_str()
366 static int match_mnt(const struct cred *subj_cred, in match_mnt()
394 int aa_remount(const struct cred *subj_cred, in aa_remount()
420 int aa_bind_mount(const struct cred *subj_cred, in aa_bind_mount()
458 int aa_mount_change_type(const struct cred *subj_cred, in aa_mount_change_type()
485 int aa_move_mount(const struct cred *subj_cred, in aa_move_mount()
535 int aa_new_mount(const struct cred *subj_cred, struct aa_label *label, in aa_new_mount()
601 static int profile_umount(const struct cred *subj_cred, in profile_umount()
635 int aa_umount(const struct cred *subj_cred, struct aa_label *label, in aa_umount()
[all …]
|
| A D | domain.c | 48 static int may_change_ptraced_domain(const struct cred *to_cred, in may_change_ptraced_domain()
54 const struct cred *tracer_cred = NULL; in may_change_ptraced_domain()
792 static int profile_onexec(const struct cred *subj_cred, in profile_onexec()
921 const struct cred *subj_cred; in apparmor_bprm_creds_for_exec()
936 AA_BUG(!cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
939 label = aa_get_newest_label(cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
1026 aa_put_label(cred_label(bprm->cred)); in apparmor_bprm_creds_for_exec()
1028 set_cred_label(bprm->cred, new); in apparmor_bprm_creds_for_exec()
1223 const struct cred *subj_cred; in aa_change_hat()
1351 const struct cred *subj_cred, in change_profile_perms_wrapper()
[all …]
|
| /security/safesetid/ |
| A D | lsm.c | 91 static int safesetid_security_capable(const struct cred *cred, in safesetid_security_capable() argument
114 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_security_capable()
121 __kuid_val(cred->uid)); in safesetid_security_capable()
128 if (setid_policy_lookup((kid_t){.gid = cred->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT) in safesetid_security_capable()
135 __kgid_val(cred->gid)); in safesetid_security_capable()
148 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type) in id_permitted_for_cred()
191 static int safesetid_task_fix_setuid(struct cred *new, in safesetid_task_fix_setuid()
192 const struct cred *old, in safesetid_task_fix_setuid()
215 static int safesetid_task_fix_setgid(struct cred *new, in safesetid_task_fix_setgid()
216 const struct cred *old, in safesetid_task_fix_setgid()
[all …]
|
| /security/selinux/ |
| A D | hooks.c | 438 const struct cred *cred) in may_context_mount_sb_relabel() argument
455 const struct cred *cred) in may_context_mount_inode_relabel() argument
640 const struct cred *cred = current_cred(); in selinux_set_mnt_opts() local
2160 const struct cred *cred = current_cred(); in selinux_quotactl() local
2195 const struct cred *cred = current_cred(); in selinux_quota_on() local
2748 const struct cred *cred = current_cred(); in selinux_sb_kern_mount() local
2758 const struct cred *cred = current_cred(); in selinux_sb_statfs() local
2772 const struct cred *cred = current_cred(); in selinux_mount() local
2784 const struct cred *cred = current_cred(); in selinux_move_mount() local
4440 int sig, const struct cred *cred) in selinux_task_kill() argument
[all …]
|
| /security/smack/ |
| A D | smack.h | 295 bool smack_privileged_cred(int cap, const struct cred *cred);
333 static inline struct task_smack *smack_cred(const struct cred *cred) in smack_cred() argument
335 return cred->security + smack_blob_sizes.lbs_cred; in smack_cred()
407 const struct cred *cred; in smk_of_task_struct_obj() local
411 cred = __task_cred(t); in smk_of_task_struct_obj()
412 skp = smk_of_task(smack_cred(cred)); in smk_of_task_struct_obj()
|
| A D | smack_lsm.c | 237 static int smk_bu_credfile(const struct cred *cred, struct file *file, in smk_bu_credfile() argument
2046 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) in smack_cred_alloc_blank() argument
2058 static void smack_cred_free(struct cred *cred) in smack_cred_free() argument
2122 static void smack_cred_getsecid(const struct cred *cred, u32 *secid) in smack_cred_getsecid() argument
2139 static void smack_cred_getlsmprop(const struct cred *cred, in smack_cred_getlsmprop() argument
2340 int sig, const struct cred *cred) in smack_task_kill() argument
3732 struct cred *new; in do_setattr()
4495 const struct cred *cred, in smack_key_permission() argument
4635 const struct cred *cred, in smack_post_notification() argument
4646 if (!cred) in smack_post_notification()
[all …]
|
| /security/selinux/include/ |
| A D | objsec.h | 174 static inline struct task_security_struct *selinux_cred(const struct cred *cred) in selinux_cred() argument
176 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
|