| /security/ipe/ |
| A D | policy.c | 104 if (IS_ERR(new)) in ipe_update_policy()
105 return PTR_ERR(new); in ipe_update_policy()
117 root->i_private = new; in ipe_update_policy()
136 ipe_free_policy(new); in ipe_update_policy()
165 new = kzalloc(sizeof(*new), GFP_KERNEL); in ipe_new_policy()
166 if (!new) in ipe_new_policy()
172 if (!new->pkcs7) { in ipe_new_policy()
195 new->textlen = textlen; in ipe_new_policy()
197 if (!new->text) { in ipe_new_policy()
207 return new; in ipe_new_policy()
[all …]
|
| /security/ |
| A D | commoncap.c | 307 new->cap_ambient = cap_intersect(new->cap_ambient, in cap_capset()
946 new->euid = new->uid; in cap_bprm_creds_from_file()
947 new->egid = new->gid; in cap_bprm_creds_from_file()
953 new->suid = new->fsuid = new->euid; in cap_bprm_creds_from_file()
954 new->sgid = new->fsgid = new->egid; in cap_bprm_creds_from_file()
964 new->cap_permitted = cap_combine(new->cap_permitted, new->cap_ambient); in cap_bprm_creds_from_file()
971 new->cap_effective = new->cap_permitted; in cap_bprm_creds_from_file()
973 new->cap_effective = new->cap_ambient; in cap_bprm_creds_from_file()
1135 new->cap_effective = new->cap_permitted; in cap_emulate_setxuid()
1270 if (!new) in cap_prctl_drop()
[all …]
|
| A D | security.c | 590 *result = kstrdup(new, GFP_KERNEL); in lsm_append()
595 if (match_last_lsm(*result, new)) in lsm_append()
597 cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); in lsm_append()
1779 const struct cred *old, struct cred *new) in security_dentry_create_files_as() argument
1782 name, old, new); in security_dentry_create_files_as()
2788 return call_int_hook(inode_copy_up, src, new); in security_inode_copy_up()
3271 int rc = lsm_cred_alloc(new, gfp); in security_prepare_creds()
3276 rc = call_int_hook(cred_prepare, new, old, gfp); in security_prepare_creds()
3278 security_cred_free(new); in security_prepare_creds()
3291 call_void_hook(cred_transfer, new, old); in security_transfer_creds()
[all …]
|
| /security/keys/ |
| A D | process_keys.c | 228 keyring = keyring_alloc("_tid", new->uid, new->gid, new, in install_thread_keyring_to_cred()
246 struct cred *new; in install_thread_keyring() local
250 if (!new) in install_thread_keyring()
275 keyring = keyring_alloc("_pid", new->uid, new->gid, new, in install_process_keyring_to_cred()
293 struct cred *new; in install_process_keyring() local
297 if (!new) in install_process_keyring()
358 struct cred *new; in install_session_keyring() local
362 if (!new) in install_session_keyring()
845 if (!new) in join_session_keyring()
917 put_cred(new); in key_change_session_keyring()
[all …]
|
| A D | keyctl.c | 1152 struct cred *new; in keyctl_change_reqkey_auth() local
1154 new = prepare_creds(); in keyctl_change_reqkey_auth()
1155 if (!new) in keyctl_change_reqkey_auth()
1158 key_put(new->request_key_auth); in keyctl_change_reqkey_auth()
1161 return commit_creds(new); in keyctl_change_reqkey_auth()
1395 struct cred *new; in keyctl_set_reqkey_keyring() local
1403 new = prepare_creds(); in keyctl_set_reqkey_keyring()
1404 if (!new) in keyctl_set_reqkey_keyring()
1435 new->jit_keyring = reqkey_defl; in keyctl_set_reqkey_keyring()
1436 commit_creds(new); in keyctl_set_reqkey_keyring()
[all …]
|
| /security/apparmor/ |
| A D | label.c | 65 if (new) { in aa_alloc_proxy()
69 return new; in aa_alloc_proxy()
217 new->mediates |= new->vec[i]->label.mediates; in accum_label_info()
437 new = kzalloc(struct_size(new, vec, size + 1), gfp); in aa_label_alloc()
439 if (!new) in aa_label_alloc()
607 if (new) in __label_remove()
704 new = &((*new)->rb_left); in __label_insert()
706 new = &((*new)->rb_right); in __label_insert()
1077 new->size -= aa_vec_unique(&new->vec[0], new->size, in label_merge_insert()
2056 new->size -= aa_vec_unique(&new->vec[0], new->size, in __label_update()
[all …]
|
| A D | domain.c | 540 if (new) in x_table_lookup()
595 new = NULL; in x_to_label()
611 if (!new) { in x_to_label()
656 return new; in x_to_label()
710 if (new) { in profile_transition()
766 if (!new) in profile_transition()
789 return new; in profile_transition()
896 if (new) in handle_onexec()
1195 if (!new) { in change_hat()
1201 return new; in change_hat()
[all …]
|
| A D | task.c | 50 struct cred *new; in aa_replace_current_label() local
60 new = prepare_creds(); in aa_replace_current_label()
61 if (!new) in aa_replace_current_label()
87 commit_creds(new); in aa_replace_current_label()
120 struct cred *new; in aa_set_current_hat() local
123 if (!new) in aa_set_current_hat()
135 abort_creds(new); in aa_set_current_hat()
144 commit_creds(new); in aa_set_current_hat()
160 struct cred *new; in aa_restore_previous_label() local
169 if (!new) in aa_restore_previous_label()
[all …]
|
| A D | policy.c | 951 if (ent->new == profile) in __list_lookup_parent()
955 return ent->new; in __list_lookup_parent()
1013 aa_get_profile(new); in __replace_profile()
1047 aa_put_str(new->base.hname); in share_name()
1050 new->base.name = old->base.name; in share_name()
1175 if (ent->new->rename) { in aa_replace_profiles()
1184 ent->new->ns = aa_get_ns(ns); in aa_replace_profiles()
1209 ent->new->base.hname, in aa_replace_profiles()
1260 ent->new->rawdata) { in aa_replace_profiles()
1267 ent->new->label.proxy = NULL; in aa_replace_profiles()
[all …]
|
| A D | policy_compat.c | 80 u32 new = old & 0xf; in map_old_perms() local
83 new |= AA_MAY_GETATTR | AA_MAY_OPEN; in map_old_perms()
85 new |= AA_MAY_SETATTR | AA_MAY_CREATE | AA_MAY_DELETE | in map_old_perms()
88 new |= AA_MAY_LINK; in map_old_perms()
93 new |= AA_MAY_LOCK | AA_LINK_SUBSET; in map_old_perms()
95 new |= AA_EXEC_MMAP; in map_old_perms()
97 return new; in map_old_perms()
|
| A D | resource.c | 157 struct aa_profile *old, *new; in __aa_transition_rlimits() local
161 new = labels_profile(new_l); in __aa_transition_rlimits()
184 label_for_each_confined(i, new_l, new) { in __aa_transition_rlimits()
185 struct aa_ruleset *rules = new->label.rules[0]; in __aa_transition_rlimits()
|
| A D | match.c | 262 struct table_header *new; in remap_data16_to_data32() local
267 new = kvzalloc(tsize, GFP_KERNEL); in remap_data16_to_data32()
268 if (!new) { in remap_data16_to_data32()
272 new->td_id = old->td_id; in remap_data16_to_data32()
273 new->td_flags = YYTD_DATA32; in remap_data16_to_data32()
274 new->td_lolen = old->td_lolen; in remap_data16_to_data32()
277 TABLE_DATAU32(new)[i] = (u32) TABLE_DATAU16(old)[i]; in remap_data16_to_data32() local
280 if (is_vmalloc_addr(new)) in remap_data16_to_data32()
283 return new; in remap_data16_to_data32()
|
| A D | lsm.c | 96 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_prepare()
105 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_transfer()
117 struct aa_task_ctx *new = task_ctx(task); in apparmor_task_alloc() local
119 aa_dup_task_ctx(new, task_ctx(current)); in apparmor_task_alloc()
628 struct aa_label *new, int cap, in profile_uring() argument
642 if (new) { in profile_uring()
643 aa_label_match(profile, rules, new, state, in profile_uring()
672 ad.uring.target = cred_label(new); in apparmor_uring_override_creds()
676 cred_label(new), CAP_SYS_ADMIN, &ad)); in apparmor_uring_override_creds()
1110 struct aa_sk_ctx *new = aa_sock(newsk); in apparmor_sk_clone_security() local
[all …]
|
| /security/selinux/ss/ |
| A D | hashtab.c | 141 int (*copy)(struct hashtab_node *new, in hashtab_duplicate() argument
150 memset(new, 0, sizeof(*new)); in hashtab_duplicate()
152 new->htable = kcalloc(orig->size, sizeof(*new->htable), GFP_KERNEL); in hashtab_duplicate()
153 if (!new->htable) in hashtab_duplicate()
156 new->size = orig->size; in hashtab_duplicate()
173 new->htable[i] = tmp; in hashtab_duplicate()
177 new->nel++; in hashtab_duplicate()
184 for (i = 0; i < new->size; i++) { in hashtab_duplicate()
185 for (cur = new->htable[i]; cur; cur = tmp) { in hashtab_duplicate()
191 kfree(new->htable); in hashtab_duplicate()
[all …]
|
| A D | ebitmap.c | 59 if (!new) { in ebitmap_cpy()
63 new->startbit = n->startbit; in ebitmap_cpy()
65 new->next = NULL; in ebitmap_cpy()
67 prev->next = new; in ebitmap_cpy()
69 dst->node = new; in ebitmap_cpy()
70 prev = new; in ebitmap_cpy()
324 if (!new) in ebitmap_set_bit()
335 new->next = prev->next; in ebitmap_set_bit()
336 prev->next = new; in ebitmap_set_bit()
338 new->next = e->node; in ebitmap_set_bit()
[all …]
|
| A D | conditional.c | 606 memset(new, 0, sizeof(*new)); in cond_dup_av_list()
608 new->nodes = kcalloc(orig->len, sizeof(*new->nodes), GFP_KERNEL); in cond_dup_av_list()
609 if (!new->nodes) in cond_dup_av_list()
613 new->nodes[i] = avtab_insert_nonunique( in cond_dup_av_list()
615 if (!new->nodes[i]) in cond_dup_av_list()
617 new->len++; in cond_dup_av_list()
692 new->datum = datum; in cond_bools_copy()
743 cond_policydb_init(new); in cond_policydb_dup()
745 if (duplicate_policydb_bools(new, orig)) in cond_policydb_dup()
748 if (duplicate_policydb_cond_list(new, orig)) { in cond_policydb_dup()
[all …]
|
| A D | hashtab.h | 139 int hashtab_duplicate(struct hashtab *new, const struct hashtab *orig,
140 int (*copy)(struct hashtab_node *new,
|
| /security/safesetid/ |
| A D | lsm.c | 191 static int safesetid_task_fix_setuid(struct cred *new, in safesetid_task_fix_setuid() argument
200 if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) && in safesetid_task_fix_setuid()
201 id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) && in safesetid_task_fix_setuid()
203 id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID)) in safesetid_task_fix_setuid()
215 static int safesetid_task_fix_setgid(struct cred *new, in safesetid_task_fix_setgid() argument
224 if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) && in safesetid_task_fix_setgid()
227 id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID)) in safesetid_task_fix_setgid()
247 get_group_info(new->group_info); in safesetid_task_fix_setgroups()
248 for (i = 0; i < new->group_info->ngroups; i++) { in safesetid_task_fix_setgroups()
250 put_group_info(new->group_info); in safesetid_task_fix_setgroups()
[all …]
|
| /security/selinux/ |
| A D | netnode.c | 194 struct sel_netnode *new; in sel_netnode_sid_slow() local
207 new = kmalloc(sizeof(*new), GFP_ATOMIC); in sel_netnode_sid_slow()
212 if (new) in sel_netnode_sid_slow()
213 new->nsec.addr.ipv4 = *(const __be32 *)addr; in sel_netnode_sid_slow()
218 if (new) in sel_netnode_sid_slow()
219 new->nsec.addr.ipv6 = *(const struct in6_addr *)addr; in sel_netnode_sid_slow()
225 if (ret == 0 && new) { in sel_netnode_sid_slow()
226 new->nsec.family = family; in sel_netnode_sid_slow()
227 new->nsec.sid = *sid; in sel_netnode_sid_slow()
228 sel_netnode_insert(new); in sel_netnode_sid_slow()
[all …]
|
| A D | netif.c | 136 struct sel_netif *new; in sel_netif_sid_slow() local
163 new = kmalloc(sizeof(*new), GFP_ATOMIC); in sel_netif_sid_slow()
164 if (new) { in sel_netif_sid_slow()
165 new->nsec.ns = ns; in sel_netif_sid_slow()
166 new->nsec.ifindex = ifindex; in sel_netif_sid_slow()
167 new->nsec.sid = *sid; in sel_netif_sid_slow()
168 if (sel_netif_insert(new)) in sel_netif_sid_slow()
169 kfree(new); in sel_netif_sid_slow()
|
| A D | netport.c | 135 struct sel_netport *new; in sel_netport_sid_slow() local
152 new = kmalloc(sizeof(*new), GFP_ATOMIC); in sel_netport_sid_slow()
153 if (new) { in sel_netport_sid_slow()
154 new->psec.port = pnum; in sel_netport_sid_slow()
155 new->psec.protocol = protocol; in sel_netport_sid_slow()
156 new->psec.sid = *sid; in sel_netport_sid_slow()
157 sel_netport_insert(new); in sel_netport_sid_slow()
|
| A D | ibpkey.c | 133 struct sel_ib_pkey *new; in sel_ib_pkey_sid_slow() local
149 new = kmalloc(sizeof(*new), GFP_ATOMIC); in sel_ib_pkey_sid_slow()
150 if (!new) { in sel_ib_pkey_sid_slow()
157 new->psec.subnet_prefix = subnet_prefix; in sel_ib_pkey_sid_slow()
158 new->psec.pkey = pkey_num; in sel_ib_pkey_sid_slow()
159 new->psec.sid = *sid; in sel_ib_pkey_sid_slow()
160 sel_ib_pkey_insert(new); in sel_ib_pkey_sid_slow()
|
| /security/apparmor/include/ |
| A D | task.h | 56 static inline void aa_dup_task_ctx(struct aa_task_ctx *new, in aa_dup_task_ctx() argument
59 *new = *old; in aa_dup_task_ctx()
60 aa_get_label(new->nnp); in aa_dup_task_ctx()
61 aa_get_label(new->previous); in aa_dup_task_ctx()
62 aa_get_label(new->onexec); in aa_dup_task_ctx()
|
| /security/landlock/ |
| A D | cred.c | 19 static void hook_cred_transfer(struct cred *const new, in hook_cred_transfer() argument
27 *landlock_cred(new) = *old_llcred; in hook_cred_transfer()
31 static int hook_cred_prepare(struct cred *const new, in hook_cred_prepare() argument
34 hook_cred_transfer(new, old); in hook_cred_prepare()
|
| /security/tomoyo/ |
| A D | tomoyo.c | 37 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, in tomoyo_cred_prepare() argument
520 struct tomoyo_task *new = tomoyo_task(task); in tomoyo_task_alloc() local
522 new->domain_info = old->domain_info; in tomoyo_task_alloc()
523 atomic_inc(&new->domain_info->users); in tomoyo_task_alloc()
524 new->old_domain_info = NULL; in tomoyo_task_alloc()
|