| /security/safesetid/ |
| A D | lsm.c | 154 if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) || in id_permitted_for_cred()
155 uid_eq(new_id.uid, old->suid)) in id_permitted_for_cred()
158 if (gid_eq(new_id.gid, old->gid) || gid_eq(new_id.gid, old->egid) || in id_permitted_for_cred()
159 gid_eq(new_id.gid, old->sgid)) in id_permitted_for_cred()
174 __kuid_val(old->uid), __kuid_val(old->euid), in id_permitted_for_cred()
175 __kuid_val(old->suid), __kuid_val(new_id.uid)); in id_permitted_for_cred()
178 __kgid_val(old->gid), __kgid_val(old->egid), in id_permitted_for_cred()
179 __kgid_val(old->sgid), __kgid_val(new_id.gid)); in id_permitted_for_cred()
192 const struct cred *old, in safesetid_task_fix_setuid() argument
200 if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) && in safesetid_task_fix_setuid()
[all …]
|
| /security/keys/ |
| A D | process_keys.c | 320 struct key *old; in install_session_keyring_to_cred() local
343 if (old) in install_session_keyring_to_cred()
344 key_put(old); in install_session_keyring_to_cred()
839 const struct cred *old; in join_session_keyring() local
847 old = current_cred(); in join_session_keyring()
870 name, old->uid, old->gid, old, in join_session_keyring()
928 new-> uid = old-> uid; in key_change_session_keyring()
929 new-> euid = old-> euid; in key_change_session_keyring()
930 new-> suid = old-> suid; in key_change_session_keyring()
931 new->fsuid = old->fsuid; in key_change_session_keyring()
[all …]
|
| /security/ |
| A D | commoncap.c | 273 const struct cred *old, in cap_capset() argument
280 cap_combine(old->cap_inheritable, in cap_capset()
281 old->cap_permitted))) in cap_capset()
287 old->cap_bset))) in cap_capset()
843 old->cap_inheritable); in handle_privileged_root()
950 old->cap_permitted); in cap_bprm_creds_from_file()
991 !uid_eq(new->euid, old->uid) || in cap_bprm_creds_from_file()
992 !gid_eq(new->egid, old->gid) || in cap_bprm_creds_from_file()
1114 if ((uid_eq(old->uid, root_uid) || in cap_emulate_setxuid()
1158 cap_emulate_setxuid(new, old); in cap_task_fix_setuid()
[all …]
|
| A D | security.c | 1115 int security_capset(struct cred *new, const struct cred *old, in security_capset() argument
1120 return call_int_hook(capset, new, old, effective, inheritable, in security_capset()
1779 const struct cred *old, struct cred *new) in security_dentry_create_files_as() argument
1782 name, old, new); in security_dentry_create_files_as()
3276 rc = call_int_hook(cred_prepare, new, old, gfp); in security_prepare_creds()
3289 void security_transfer_creds(struct cred *new, const struct cred *old) in security_transfer_creds() argument
3291 call_void_hook(cred_transfer, new, old); in security_transfer_creds()
3457 int security_task_fix_setuid(struct cred *new, const struct cred *old, in security_task_fix_setuid() argument
3460 return call_int_hook(task_fix_setuid, new, old, flags); in security_task_fix_setuid()
3480 return call_int_hook(task_fix_setgid, new, old, flags); in security_task_fix_setgid()
[all …]
|
| /security/ipe/ |
| A D | policy.c | 96 struct ipe_policy *old, *ap, *new = NULL; in ipe_update_policy() local
99 old = (struct ipe_policy *)root->i_private; in ipe_update_policy()
100 if (!old) in ipe_update_policy()
107 if (strcmp(new->parsed->name, old->parsed->name)) { in ipe_update_policy()
112 if (ver_to_u64(old) >= ver_to_u64(new)) { in ipe_update_policy()
118 swap(new->policyfs, old->policyfs); in ipe_update_policy()
124 if (old == ap) { in ipe_update_policy()
127 ipe_audit_policy_activation(old, new); in ipe_update_policy()
132 ipe_free_policy(old); in ipe_update_policy()
|
| /security/landlock/ |
| A D | cred.c | 20 const struct cred *const old) in hook_cred_transfer() argument
23 landlock_cred(old); in hook_cred_transfer()
32 const struct cred *const old, const gfp_t gfp) in hook_cred_prepare() argument
34 hook_cred_transfer(new, old); in hook_cred_prepare()
|
| /security/apparmor/ |
| A D | policy.c | 1014 aa_put_profile(old); in __replace_profile()
1016 __list_remove_profile(old); in __replace_profile()
1048 aa_get_str(old->base.hname); in share_name()
1049 new->base.hname = old->base.hname; in share_name()
1050 new->base.name = old->base.name; in share_name()
1171 &ent->old, &info); in aa_replace_profiles()
1186 if (ent->old || ent->rename) in aa_replace_profiles()
1234 if (!ent->old) { in aa_replace_profiles()
1259 if (ent->old && ent->old->rawdata == ent->new->rawdata && in aa_replace_profiles()
1278 if (ent->old) { in aa_replace_profiles()
[all …]
|
| A D | policy_compat.c | 78 static u32 map_old_perms(u32 old) in map_old_perms() argument
80 u32 new = old & 0xf; in map_old_perms()
82 if (old & MAY_READ) in map_old_perms()
84 if (old & MAY_WRITE) in map_old_perms()
87 if (old & 0x10) in map_old_perms()
92 if (old & 0x20) in map_old_perms()
94 if (old & 0x40) /* AA_EXEC_MMAP */ in map_old_perms()
|
| A D | resource.c | 157 struct aa_profile *old, *new; in __aa_transition_rlimits() local
160 old = labels_profile(old_l); in __aa_transition_rlimits()
166 label_for_each_confined(i, old_l, old) { in __aa_transition_rlimits()
167 struct aa_ruleset *rules = old->label.rules[0]; in __aa_transition_rlimits()
|
| A D | af_unix.c | 649 struct aa_label *l, *old; in update_sk_ctx() local
663 old = rcu_dereference_protected(ctx->label, in update_sk_ctx()
665 l = aa_label_merge(old, label, GFP_ATOMIC); in update_sk_ctx()
667 if (l != old) { in update_sk_ctx()
669 aa_put_label(old); in update_sk_ctx()
676 if (old == plabel) { in update_sk_ctx()
681 aa_put_label(old); in update_sk_ctx()
690 struct aa_label *l, *old; in update_peer_ctx() local
693 old = rcu_dereference_protected(ctx->peer, in update_peer_ctx()
697 if (l != old) { in update_peer_ctx()
[all …]
|
| A D | label.c | 93 __aa_proxy_redirect(old, new); in __proxy_share()
640 AA_BUG(!old); in __label_replace()
645 if (!label_is_stale(old)) in __label_replace()
646 __label_make_stale(old); in __label_replace()
648 if (old->flags & FLAG_IN_TREE) { in __label_replace()
650 old->flags &= ~FLAG_IN_TREE; in __label_replace()
808 if (name_is_shared(old, new) && labels_ns(old) == labels_ns(new)) { in aa_label_replace()
810 if (old->proxy != new->proxy) in aa_label_replace()
811 __proxy_share(old, new); in aa_label_replace()
813 __aa_proxy_redirect(old, new); in aa_label_replace()
[all …]
|
| A D | match.c | 260 static struct table_header *remap_data16_to_data32(struct table_header *old) in remap_data16_to_data32() argument
266 tsize = table_size(old->td_lolen, YYTD_DATA32); in remap_data16_to_data32()
269 kvfree(old); in remap_data16_to_data32()
272 new->td_id = old->td_id; in remap_data16_to_data32()
274 new->td_lolen = old->td_lolen; in remap_data16_to_data32()
276 for (i = 0; i < old->td_lolen; i++) in remap_data16_to_data32()
277 TABLE_DATAU32(new)[i] = (u32) TABLE_DATAU16(old)[i]; in remap_data16_to_data32()
279 kvfree(old); in remap_data16_to_data32()
|
| A D | task.c | 48 struct aa_label *old = aa_current_raw_label(); in aa_replace_current_label() local
54 if (old == label) in aa_replace_current_label()
70 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
|
| A D | file.c | 460 struct aa_label *l, *old; in update_file_ctx() local
464 old = rcu_dereference_protected(fctx->label, in update_file_ctx()
466 l = aa_label_merge(old, label, GFP_ATOMIC); in update_file_ctx()
468 if (l != old) { in update_file_ctx()
470 aa_put_label(old); in update_file_ctx()
|
| A D | apparmorfs.c | 856 struct multi_transaction *old; in multi_transaction_set() local
862 old = (struct multi_transaction *) file->private_data; in multi_transaction_set()
865 put_multi_transaction(old); in multi_transaction_set()
1553 void __aafs_profile_migrate_dents(struct aa_profile *old, in __aafs_profile_migrate_dents() argument
1558 AA_BUG(!old); in __aafs_profile_migrate_dents()
1560 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); in __aafs_profile_migrate_dents()
1563 new->dents[i] = old->dents[i]; in __aafs_profile_migrate_dents()
1570 old->dents[i] = NULL; in __aafs_profile_migrate_dents()
|
| A D | lsm.c | 93 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, in apparmor_cred_prepare() argument
96 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_prepare()
103 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) in apparmor_cred_transfer() argument
105 set_cred_label(new, aa_get_newest_label(cred_label(old))); in apparmor_cred_transfer()
|
| /security/apparmor/include/ |
| A D | task.h | 57 const struct aa_task_ctx *old) in aa_dup_task_ctx() argument
59 *new = *old; in aa_dup_task_ctx()
|
| A D | resource.h | 40 void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
|
| A D | policy_unpack.h | 23 struct aa_profile *old; member
|
| A D | apparmorfs.h | 109 void __aafs_profile_migrate_dents(struct aa_profile *old,
|
| A D | label.h | 278 bool aa_label_replace(struct aa_label *old, struct aa_label *new);
279 bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old,
|
| /security/tomoyo/ |
| A D | tomoyo.c | 37 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, in tomoyo_cred_prepare() argument
519 struct tomoyo_task *old = tomoyo_task(current); in tomoyo_task_alloc() local
522 new->domain_info = old->domain_info; in tomoyo_task_alloc()
|
| /security/selinux/ |
| A D | avc.c | 452 static void avc_node_replace(struct avc_node *new, struct avc_node *old) in avc_node_replace() argument
454 hlist_replace_rcu(&old->list, &new->list); in avc_node_replace()
455 call_rcu(&old->rhead, avc_node_free); in avc_node_replace()
|
| A D | hooks.c | 886 struct superblock_security_struct *old = selinux_superblock(oldsb); in selinux_cmp_sb_context() local
888 char oldflags = old->flags & SE_MNTMASK; in selinux_cmp_sb_context()
893 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
895 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid) in selinux_cmp_sb_context()
897 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) in selinux_cmp_sb_context()
2133 static int selinux_capset(struct cred *new, const struct cred *old, in selinux_capset() argument
2138 return avc_has_perm(cred_sid(old), cred_sid(new), SECCLASS_PROCESS, in selinux_capset()
2905 const struct cred *old, in selinux_dentry_create_files_as() argument
2912 rc = selinux_determine_inode_label(selinux_cred(old), in selinux_dentry_create_files_as()
4160 const struct task_security_struct *old_tsec = selinux_cred(old); in selinux_cred_prepare()
[all …]
|
| /security/smack/ |
| A D | smack_lsm.c | 2082 static int smack_cred_prepare(struct cred *new, const struct cred *old, in smack_cred_prepare() argument
2085 struct task_smack *old_tsp = smack_cred(old); in smack_cred_prepare()
2107 static void smack_cred_transfer(struct cred *new, const struct cred *old) in smack_cred_transfer() argument
2109 struct task_smack *old_tsp = smack_cred(old); in smack_cred_transfer()
4912 const struct cred *old, in smack_dentry_create_files_as() argument
4915 struct task_smack *otsp = smack_cred(old); in smack_dentry_create_files_as()
|