| /security/selinux/ |
| A D | netlabel.c | 102 const struct sock *sk, in selinux_netlbl_sock_getattr() argument
239 struct sock *sk; in selinux_netlbl_skbuff_setsid() local
243 sk = skb_to_full_sk(skb); in selinux_netlbl_skbuff_setsid()
244 if (sk != NULL) { in selinux_netlbl_skbuff_setsid()
287 asoc->base.sk->sk_family != PF_INET6) in selinux_netlbl_sctp_assoc_request()
514 struct sock *sk = sock->sk; in selinux_netlbl_socket_setsockopt() local
522 lock_sock(sk); in selinux_netlbl_socket_setsockopt()
527 release_sock(sk); in selinux_netlbl_socket_setsockopt()
560 netlbl_sock_delattr(sk); in selinux_netlbl_socket_connect_helper()
614 lock_sock(sk); in selinux_netlbl_socket_connect()
[all …]
|
| A D | hooks.c | 239 net->sk = sk; in __ad_net_init()
4832 if (sock->sk) { in selinux_socket_post_create()
4864 struct sock *sk = sock->sk; in selinux_socket_bind() local
5000 struct sock *sk = sock->sk; in selinux_socket_connect_helper() local
5087 struct sock *sk = sock->sk; in selinux_socket_connect() local
5432 if (!sk) in selinux_sk_getsecid()
5447 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || in selinux_sock_graft()
5460 struct sock *sk = asoc->base.sk; in selinux_sctp_process_new_assoc() local
5888 sk = sk_to_full_sk(skb->sk); in selinux_ip_output()
5889 if (sk) { in selinux_ip_output()
[all …]
|
| /security/apparmor/ |
| A D | af_unix.c | 30 return &u->sk; in aa_unix_sk()
234 AA_BUG(!sk); in profile_sk_perm()
262 AA_BUG(!sk); in profile_bind_perm()
273 sk->sk_type, sk->sk_protocol, in profile_bind_perm()
293 AA_BUG(!sk); in profile_listen_perm()
330 AA_BUG(!sk); in profile_accept_perm()
360 AA_BUG(!sk); in profile_opt_perm()
401 AA_BUG(!sk); in profile_peer_perm()
470 is_unix_fs(sock->sk) ? &unix_sk(sock->sk)->path : NULL); in aa_unix_sock_perm()
634 AA_BUG(!sk); in aa_unix_peer_perm()
[all …]
|
| A D | net.c | 98 const struct sock *sk) in audit_unix_sk_addr() argument
100 const struct unix_sock *u = unix_sk(sk); in audit_unix_sk_addr()
286 struct sock *sk) in aa_label_sk_perm() argument
288 struct aa_sk_ctx *ctx = aa_sock(sk); in aa_label_sk_perm()
292 AA_BUG(!sk); in aa_label_sk_perm()
296 DEFINE_AUDIT_SK(ad, op, subj_cred, sk); in aa_label_sk_perm()
311 AA_BUG(!sk); in aa_sk_perm()
330 AA_BUG(!sock->sk); in aa_sock_file_perm()
332 if (sock->sk->sk_family == PF_UNIX) in aa_sock_file_perm()
394 u32 secid, const struct sock *sk) in apparmor_secmark_check() argument
[all …]
|
| A D | lsm.c | 1138 sk, peer_sk, in unix_connect_perm()
1248 sock->sk, peer->sk, in apparmor_unix_may_send()
1310 if (sock->sk) { in apparmor_socket_post_create()
1369 AA_BUG(!sock->sk); in apparmor_socket_bind()
1382 AA_BUG(!sock->sk); in apparmor_socket_connect()
1395 AA_BUG(!sock->sk); in apparmor_socket_listen()
1410 AA_BUG(!sock->sk); in apparmor_socket_accept()
1423 AA_BUG(!sock->sk); in aa_sock_msg_perm()
1449 AA_BUG(!sock->sk); in aa_sock_perm()
2360 struct sock *sk; in apparmor_ip_postroute() local
[all …]
|
| A D | file.c | 581 if (sock->sk->sk_family == PF_UNIX) { in __unix_needs_revalidation()
582 struct aa_sk_ctx *ctx = aa_sock(sock->sk); in __unix_needs_revalidation()
|
| /security/selinux/include/ |
| A D | netlabel.h | 41 void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
42 void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
43 int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
49 int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
50 int selinux_netlbl_socket_connect_locked(struct sock *sk,
101 static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) in selinux_netlbl_inet_csk_clone() argument
105 static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk, in selinux_netlbl_sctp_sk_clone() argument
110 static inline int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) in selinux_netlbl_socket_post_create() argument
125 static inline int selinux_netlbl_socket_connect(struct sock *sk, in selinux_netlbl_socket_connect() argument
130 static inline int selinux_netlbl_socket_connect_locked(struct sock *sk, in selinux_netlbl_socket_connect_locked() argument
|
| /security/apparmor/include/ |
| A D | net.h | 55 static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) in aa_sock() argument
57 return sk->sk_security + apparmor_blob_sizes.lbs_sock; in aa_sock()
61 struct lsm_network_audit NAME ## _net = { .sk = (SK), \
105 struct sock *sk) in aa_profile_af_sk_perm() argument
107 return aa_profile_af_perm(profile, ad, request, sk->sk_family, in aa_profile_af_sk_perm()
108 sk->sk_type, sk->sk_protocol); in aa_profile_af_sk_perm()
110 int aa_sk_perm(const char *op, u32 request, struct sock *sk);
117 u32 secid, const struct sock *sk);
|
| A D | af_unix.h | 22 #define unix_peer(sk) (unix_sk(sk)->peer) argument
37 struct sock *sk, struct sock *peer_sk,
|
| /security/smack/ |
| A D | smack_lsm.c | 2581 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel, in smack_netlbl_add()
2593 bh_unlock_sock(sk); in smack_netlbl_add()
2618 bh_unlock_sock(sk); in smack_netlbl_delete()
2712 struct sock *sk = sock->sk; in smk_ipv6_port_label() local
2762 spp->smk_sock = sk; in smk_ipv6_port_label()
2778 spp->smk_sock = sk; in smk_ipv6_port_label()
2946 if (sock->sk == NULL) in smack_socket_post_create()
3001 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { in smack_socket_bind()
3026 if (sock->sk == NULL) in smack_socket_connect()
4137 if (sk) in smack_from_netlbl()
[all …]
|
| A D | smack_netfilter.c | 25 struct sock *sk = skb_to_full_sk(skb); in smack_ip_output() local
29 if (sk) { in smack_ip_output()
30 ssp = smack_sock(sk); in smack_ip_output()
|
| A D | smack.h | 491 struct sock *sk) in smk_ad_setfield_u_net_sk() argument
493 a->a.u.net->sk = sk; in smk_ad_setfield_u_net_sk()
519 struct sock *sk) in smk_ad_setfield_u_net_sk() argument
|
| /security/landlock/ |
| A D | task.c | 289 .sk = other, in hook_unix_stream_connect()
312 if (unix_peer(sock->sk) == other->sk) in hook_unix_may_send()
315 if (!is_abstract_socket(other->sk)) in hook_unix_may_send()
318 if (!sock_is_scoped(other->sk, subject->domain)) in hook_unix_may_send()
326 .sk = other->sk, in hook_unix_may_send()
|
| A D | net.c | 65 if (!sk_is_tcp(sock->sk)) in current_check_access_socket()
154 if (sock->sk->__sk_common.skc_family != AF_INET) in current_check_access_socket()
170 if (address->sa_family != sock->sk->__sk_common.skc_family) in current_check_access_socket()
|
| /security/ |
| A D | lsm_audit.c | 286 if (a->u.net->sk) { in audit_log_lsm_data()
287 const struct sock *sk = a->u.net->sk; in audit_log_lsm_data() local
293 switch (sk->sk_family) { in audit_log_lsm_data()
295 const struct inet_sock *inet = inet_sk(sk); in audit_log_lsm_data()
307 const struct inet_sock *inet = inet_sk(sk); in audit_log_lsm_data()
309 print_ipv6_addr(ab, &sk->sk_v6_rcv_saddr, in audit_log_lsm_data()
312 print_ipv6_addr(ab, &sk->sk_v6_daddr, in audit_log_lsm_data()
319 u = unix_sk(sk); in audit_log_lsm_data()
|
| A D | security.c | 4513 return call_int_hook(netlink_send, sk, skb); in security_netlink_send()
4885 int rc = lsm_sock_alloc(sk, priority); in security_sk_alloc()
4891 security_sk_free(sk); in security_sk_alloc()
4901 void security_sk_free(struct sock *sk) in security_sk_free() argument
4903 call_void_hook(sk_free_security, sk); in security_sk_free()
4904 kfree(sk->sk_security); in security_sk_free()
4905 sk->sk_security = NULL; in security_sk_free()
4917 call_void_hook(sk_clone_security, sk, newsk); in security_sk_clone()
4958 call_void_hook(sock_graft, sk, parent); in security_sock_graft()
5002 call_void_hook(inet_conn_established, sk, skb); in security_inet_conn_established()
[all …]
|
| /security/tomoyo/ |
| A D | network.c | 626 static u8 tomoyo_sock_family(struct sock *sk) in tomoyo_sock_family() argument
632 family = sk->sk_family; in tomoyo_sock_family()
653 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_listen_permission()
690 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_connect_permission()
710 return tomoyo_check_inet_address(addr, addr_len, sock->sk->sk_protocol, in tomoyo_socket_connect_permission()
727 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_bind_permission()
745 return tomoyo_check_inet_address(addr, addr_len, sock->sk->sk_protocol, in tomoyo_socket_bind_permission()
762 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_sendmsg_permission()
776 sock->sk->sk_protocol, &address); in tomoyo_socket_sendmsg_permission()
|