| /security/ipe/ |
| A D | eval.c | 60 ctx->ipe_inode = ipe_inode(ctx->ino); in build_ipe_inode_blob_ctx()
76 ctx->ino = ino; in build_ipe_inode_ctx()
99 ctx->file = file; in ipe_build_eval_ctx()
100 ctx->op = op; in ipe_build_eval_ctx()
101 ctx->hook = hook; in ipe_build_eval_ctx()
121 return ctx->initramfs; in evaluate_boot_verified()
137 return !!ctx->ipe_bdev && in evaluate_dmv_roothash()
161 return !ctx->ipe_bdev || (!ctx->ipe_bdev->dm_verity_signed); in evaluate_dmv_sig_false()
205 if (!ctx->ino) in evaluate_fsv_digest()
238 return !ctx->ino || in evaluate_fsv_sig_false()
[all …]
|
| A D | hooks.c | 32 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT; in ipe_bprm_check_security() local
35 return ipe_evaluate_event(&ctx); in ipe_bprm_check_security()
56 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT; in ipe_mmap_file() local
59 ipe_build_eval_ctx(&ctx, f, IPE_OP_EXEC, IPE_HOOK_MMAP); in ipe_mmap_file()
60 return ipe_evaluate_event(&ctx); in ipe_mmap_file()
84 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT; in ipe_file_mprotect() local
92 return ipe_evaluate_event(&ctx); in ipe_file_mprotect()
113 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT; in ipe_kernel_read_file() local
141 return ipe_evaluate_event(&ctx); in ipe_kernel_read_file()
158 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT; in ipe_kernel_load_data() local
[all …]
|
| A D | audit.c | 127 void ipe_audit_match(const struct ipe_eval_ctx *const ctx, in ipe_audit_match() argument
131 const char *op = audit_op_names[ctx->op]; in ipe_audit_match()
145 op, audit_hook_names[ctx->hook], READ_ONCE(enforce), in ipe_audit_match()
149 if (ctx->file) { in ipe_audit_match()
150 audit_log_d_path(ab, " path=", &ctx->file->f_path); in ipe_audit_match()
151 inode = file_inode(ctx->file); in ipe_audit_match()
|
| A D | eval.h | 64 void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
68 int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
|
| A D | audit.h | 11 void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
|
| A D | policy.c | 64 static int set_pkcs7_data(void *ctx, const void *data, size_t len, in set_pkcs7_data() argument
67 struct ipe_policy *p = ctx; in set_pkcs7_data()
|
| /security/selinux/ |
| A D | xfrm.c | 57 return (ctx && in selinux_authorizable_ctx()
91 ctx = kmalloc(struct_size(ctx, ctx_str, str_len + 1), gfp); in selinux_xfrm_alloc_user()
92 if (!ctx) in selinux_xfrm_alloc_user()
110 *ctxp = ctx; in selinux_xfrm_alloc_user()
115 kfree(ctx); in selinux_xfrm_alloc_user()
124 if (!ctx) in selinux_xfrm_free()
128 kfree(ctx); in selinux_xfrm_free()
136 if (!ctx) in selinux_xfrm_delete()
154 if (!ctx) in selinux_xfrm_policy_lookup()
357 ctx = kmalloc(struct_size(ctx, ctx_str, str_len), GFP_ATOMIC); in selinux_xfrm_state_alloc_acquire()
[all …]
|
| /security/keys/ |
| A D | keyring.c | 464 key->type->name, key->serial, ctx->count, ctx->buflen); in keyring_read_iterator()
466 if (ctx->count >= ctx->buflen) in keyring_read_iterator()
495 ctx.buflen = buflen; in keyring_read()
496 ctx.count = 0; in keyring_read()
609 if (!ctx->match_data.cmp(key, &ctx->match_data)) { in keyring_search_iterator()
633 ctx->result = make_key_ref(key, ctx->possessed); in keyring_search_iterator()
654 return object ? ctx->iterator(object, ctx) : 0; in search_keyring()
656 return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx); in search_keyring()
696 switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) { in search_nested_keyrings()
927 return ctx->result; in keyring_search_rcu()
[all …]
|
| A D | process_keys.c | 209 &ctx); in get_user_session_keyring_rcu()
502 ctx); in search_cred_keyrings_rcu()
563 ctx->cred = rka->cred; in search_process_keyrings_rcu()
565 ctx->cred = cred; in search_process_keyrings_rcu()
626 ctx.cred = get_current_cred(); in lookup_user_key()
631 if (!ctx.cred->thread_keyring) { in lookup_user_key()
643 key = ctx.cred->thread_keyring; in lookup_user_key()
661 key = ctx.cred->process_keyring; in lookup_user_key()
759 ctx.match_data.raw_data = key; in lookup_user_key()
810 put_cred(ctx.cred); in lookup_user_key()
[all …]
|
| A D | request_key.c | 28 ctx->match_data.cmp(key, &ctx->match_data) && in check_cached_key()
382 ctx->index_key.type->name, ctx->index_key.description); in construct_alloc_key()
389 if (ctx->index_key.type->read) in construct_alloc_key()
392 ctx->index_key.type->update) in construct_alloc_key()
395 key = key_alloc(ctx->index_key.type, ctx->index_key.description, in construct_alloc_key()
396 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred, in construct_alloc_key()
583 struct keyring_search_context ctx = { in request_key_and_link() local
601 ctx.index_key.type->name, ctx.index_key.description, in request_key_and_link()
612 key = check_cached_key(&ctx); in request_key_and_link()
659 type->match_free(&ctx.match_data); in request_key_and_link()
[all …]
|
| A D | request_key_auth.c | 249 struct keyring_search_context ctx = { in key_get_instantiation_authkey() local
262 ctx.index_key.desc_len = sprintf(description, "%x", target_id); in key_get_instantiation_authkey()
265 authkey_ref = search_process_keyrings_rcu(&ctx); in key_get_instantiation_authkey()
|
| A D | internal.h | 137 struct keyring_search_context *ctx);
139 extern key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx);
140 extern key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx);
|
| A D | proc.c | 165 struct keyring_search_context ctx = { in proc_keys_show() local
182 skey_ref = search_cred_keyrings_rcu(&ctx); in proc_keys_show()
191 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); in proc_keys_show()
|
| /security/apparmor/include/ |
| A D | task.h | 42 static inline void aa_free_task_ctx(struct aa_task_ctx *ctx) in aa_free_task_ctx() argument
44 if (ctx) { in aa_free_task_ctx()
45 aa_put_label(ctx->nnp); in aa_free_task_ctx()
46 aa_put_label(ctx->previous); in aa_free_task_ctx()
47 aa_put_label(ctx->onexec); in aa_free_task_ctx()
71 AA_BUG(!ctx); in aa_clear_task_ctx_trans()
73 aa_put_label(ctx->previous); in aa_clear_task_ctx_trans()
74 aa_put_label(ctx->onexec); in aa_clear_task_ctx_trans()
75 ctx->previous = NULL; in aa_clear_task_ctx_trans()
76 ctx->onexec = NULL; in aa_clear_task_ctx_trans()
[all …]
|
| /security/apparmor/ |
| A D | task.c | 64 if (ctx->nnp && label_is_stale(ctx->nnp)) { in aa_replace_current_label()
102 aa_put_label(ctx->onexec); in aa_set_current_onexec()
103 ctx->onexec = label; in aa_set_current_onexec()
104 ctx->token = stack; in aa_set_current_onexec()
127 if (!ctx->previous) { in aa_set_current_hat()
130 ctx->token = token; in aa_set_current_hat()
141 aa_put_label(ctx->onexec); in aa_set_current_hat()
142 ctx->onexec = NULL; in aa_set_current_hat()
162 if (ctx->token != token) in aa_restore_previous_label()
165 if (!ctx->previous) in aa_restore_previous_label()
[all …]
|
| A D | lsm.c | 508 spin_lock_init(&ctx->lock); in apparmor_file_alloc_security()
518 if (ctx) in apparmor_file_free_security()
801 if (ctx->previous) in apparmor_getselfattr()
805 if (ctx->onexec) in apparmor_getselfattr()
941 rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); in apparmor_setselfattr()
1078 struct aa_sk_ctx *ctx = aa_sock(sk); in apparmor_sk_alloc_security() local
1085 rcu_assign_pointer(ctx->peer, NULL); in apparmor_sk_alloc_security()
1093 struct aa_sk_ctx *ctx = aa_sock(sk); in apparmor_sk_free_security() local
1540 if (rcu_access_pointer(ctx->peer)) in sk_peer_get_label()
2359 struct aa_sk_ctx *ctx; in apparmor_ip_postroute() local
[all …]
|
| A D | af_unix.c | 650 struct aa_sk_ctx *ctx = aa_sock(sk); in update_sk_ctx() local
655 (plabel != rcu_access_pointer(ctx->peer_lastupdate) || in update_sk_ctx()
657 !__aa_subj_label_is_cached(label, rcu_dereference(ctx->label)); in update_sk_ctx()
663 old = rcu_dereference_protected(ctx->label, in update_sk_ctx()
668 rcu_assign_pointer(ctx->label, l); in update_sk_ctx()
677 rcu_assign_pointer(ctx->peer_lastupdate, plabel); in update_sk_ctx()
679 rcu_assign_pointer(ctx->peer_lastupdate, plabel); in update_sk_ctx()
680 rcu_assign_pointer(ctx->peer, aa_get_label(plabel)); in update_sk_ctx()
687 static void update_peer_ctx(struct sock *sk, struct aa_sk_ctx *ctx, in update_peer_ctx() argument
693 old = rcu_dereference_protected(ctx->peer, in update_peer_ctx()
[all …]
|
| A D | domain.c | 919 struct aa_task_ctx *ctx; in apparmor_bprm_creds_for_exec() local
935 ctx = task_ctx(current); in apparmor_bprm_creds_for_exec()
937 AA_BUG(!ctx); in apparmor_bprm_creds_for_exec()
949 !ctx->nnp) in apparmor_bprm_creds_for_exec()
950 ctx->nnp = aa_get_label(label); in apparmor_bprm_creds_for_exec()
960 if (ctx->onexec) in apparmor_bprm_creds_for_exec()
961 new = handle_onexec(subj_cred, label, ctx->onexec, ctx->token, in apparmor_bprm_creds_for_exec()
1224 struct aa_task_ctx *ctx = task_ctx(current); in aa_change_hat() local
1244 ctx->nnp = aa_get_label(label); in aa_change_hat()
1396 struct aa_task_ctx *ctx = task_ctx(current); in aa_change_profile() local
[all …]
|
| /security/keys/trusted-keys/ |
| A D | trusted_tpm2.c | 117 memset(&ctx, 0, sizeof(ctx)); in tpm2_key_decode()
124 if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE) in tpm2_key_decode()
127 blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL); in tpm2_key_decode()
134 memcpy(blob, ctx.priv, ctx.priv_len); in tpm2_key_decode()
135 blob += ctx.priv_len; in tpm2_key_decode()
137 memcpy(blob, ctx.pub, ctx.pub_len); in tpm2_key_decode()
150 ctx->parent = 0; in tpm2_key_parent()
152 ctx->parent <<= 8; in tpm2_key_parent()
183 ctx->pub = value; in tpm2_key_pub()
184 ctx->pub_len = vlen; in tpm2_key_pub()
[all …]
|
| A D | trusted_tee.c | 53 struct tee_context *ctx; member
73 reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key, in trusted_tee_seal()
93 ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); in trusted_tee_seal()
120 reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key, in trusted_tee_unseal()
140 ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); in trusted_tee_unseal()
182 ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); in trusted_tee_get_random()
215 if (IS_ERR(pvt_data.ctx)) in trusted_key_probe()
240 tee_client_close_session(pvt_data.ctx, pvt_data.session_id); in trusted_key_probe()
242 tee_client_close_context(pvt_data.ctx); in trusted_key_probe()
250 tee_client_close_session(pvt_data.ctx, pvt_data.session_id); in trusted_key_remove()
[all …]
|
| /security/ |
| A D | lsm_syscalls.c | 56 ctx, u32, size, u32, flags) in SYSCALL_DEFINE4()
58 return security_setselfattr(attr, ctx, size, flags); in SYSCALL_DEFINE4()
78 ctx, u32 __user *, size, u32, flags) in SYSCALL_DEFINE4()
80 return security_getselfattr(attr, ctx, size, flags); in SYSCALL_DEFINE4()
|
| /security/selinux/include/ |
| A D | xfrm.h | 20 void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
21 int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
28 int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid);
|
| /security/integrity/ |
| A D | integrity.h | 216 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
218 return audit_log_start(ctx, gfp_mask, type); in integrity_audit_log_start()
238 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
|
| /security/smack/ |
| A D | smack_lsm.c | 622 struct smack_mnt_opts *ctx; in smack_fs_context_submount() local
625 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); in smack_fs_context_submount()
626 if (!ctx) in smack_fs_context_submount()
628 fc->security = ctx; in smack_fs_context_submount()
635 if (!ctx->fsdefault) in smack_fs_context_submount()
641 if (!ctx->fsfloor) in smack_fs_context_submount()
647 if (!ctx->fshat) in smack_fs_context_submount()
654 if (!ctx->fstransmute) in smack_fs_context_submount()
3684 rc = lsm_fill_user_ctx(ctx, size, in smack_getselfattr()
3800 rc = do_setattr(attr, ctx->ctx, ctx->ctx_len); in smack_setselfattr()
[all …]
|
| /security/selinux/ss/ |
| A D | services.c | 1477 struct context *ctx, in string_to_context_struct() argument
1486 context_init(ctx); in string_to_context_struct()
1522 ctx->role = role->value; in string_to_context_struct()
1548 context_destroy(ctx); in string_to_context_struct()
3896 struct context *ctx; in security_netlbl_secattr_to_sid() local
3918 if (ctx == NULL) in security_netlbl_secattr_to_sid()
3922 ctx_new.user = ctx->user; in security_netlbl_secattr_to_sid()
3923 ctx_new.role = ctx->role; in security_netlbl_secattr_to_sid()
3924 ctx_new.type = ctx->type; in security_netlbl_secattr_to_sid()
3970 struct context *ctx; in security_netlbl_sid_to_secattr() local
[all …]
|