| /security/selinux/include/ |
| A D | netlabel.h | 41 void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
42 void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
43 int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
47 int selinux_netlbl_socket_setsockopt(struct socket *sock, int level,
49 int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
50 int selinux_netlbl_socket_connect_locked(struct sock *sk,
105 static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk, in selinux_netlbl_sctp_sk_clone()
106 struct sock *newsk) in selinux_netlbl_sctp_sk_clone()
120 static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, in selinux_netlbl_socket_setsockopt() argument
125 static inline int selinux_netlbl_socket_connect(struct sock *sk, in selinux_netlbl_socket_connect()
[all …]
|
| A D | objsec.h | 227 static inline struct sk_security_struct *selinux_sock(const struct sock *sock) in selinux_sock() argument
229 return sock->sk_security + selinux_blob_sizes.lbs_sock; in selinux_sock()
|
| A D | avc.h | 31 struct sock;
|
| /security/apparmor/include/ |
| A D | af_unix.h | 37 struct sock *sk, struct sock *peer_sk,
39 int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock);
42 int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address,
44 int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address,
46 int aa_unix_listen_perm(struct socket *sock, int backlog);
47 int aa_unix_accept_perm(struct socket *sock, struct socket *newsock);
48 int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock,
50 int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level,
|
| A D | net.h | 55 static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) in aa_sock()
105 struct sock *sk) in aa_profile_af_sk_perm()
110 int aa_sk_perm(const char *op, u32 request, struct sock *sk);
117 u32 secid, const struct sock *sk);
|
| /security/apparmor/ |
| A D | af_unix.c | 322 struct sock *sk, in profile_accept_perm()
469 request, sock->sk, in aa_unix_sock_perm()
470 is_unix_fs(sock->sk) ? &unix_sk(sock->sk)->path : NULL); in aa_unix_sock_perm()
625 struct sock *sk, struct sock *peer_sk, in aa_unix_peer_perm()
716 struct sock *peer_sk = NULL; in aa_unix_file_perm()
723 AA_BUG(!sock); in aa_unix_file_perm()
724 AA_BUG(!sock->sk); in aa_unix_file_perm()
731 unix_state_lock(sock->sk); in aa_unix_file_perm()
732 peer_sk = unix_peer(sock->sk); in aa_unix_file_perm()
739 unix_state_unlock(sock->sk); in aa_unix_file_perm()
[all …]
|
| A D | lsm.c | 1131 struct sock *sk, struct sock *peer_sk) in unix_connect_perm()
1310 if (sock->sk) { in apparmor_socket_post_create()
1368 AA_BUG(!sock); in apparmor_socket_bind()
1369 AA_BUG(!sock->sk); in apparmor_socket_bind()
1381 AA_BUG(!sock); in apparmor_socket_connect()
1394 AA_BUG(!sock); in apparmor_socket_listen()
1409 AA_BUG(!sock); in apparmor_socket_accept()
1422 AA_BUG(!sock); in aa_sock_msg_perm()
1448 AA_BUG(!sock); in aa_sock_perm()
1471 AA_BUG(!sock); in aa_sock_opt_perm()
[all …]
|
| A D | net.c | 98 const struct sock *sk) in audit_unix_sk_addr()
286 struct sock *sk) in aa_label_sk_perm()
306 int aa_sk_perm(const char *op, u32 request, struct sock *sk) in aa_sk_perm()
326 struct socket *sock = (struct socket *) file->private_data; in aa_sock_file_perm() local
329 AA_BUG(!sock); in aa_sock_file_perm()
330 AA_BUG(!sock->sk); in aa_sock_file_perm()
332 if (sock->sk->sk_family == PF_UNIX) in aa_sock_file_perm()
334 return aa_label_sk_perm(subj_cred, label, op, request, sock->sk); in aa_sock_file_perm()
394 u32 secid, const struct sock *sk) in apparmor_secmark_check()
|
| A D | Makefile | 45 quiet_cmd_make-sock = GEN $@
46 cmd_make-sock = echo "static const char *const sock_type_names[] = {" >> $@ ;\
114 $(call cmd,make-sock)
|
| A D | file.c | 573 struct socket *sock = (struct socket *) file->private_data; in __unix_needs_revalidation() local
581 if (sock->sk->sk_family == PF_UNIX) { in __unix_needs_revalidation()
582 struct aa_sk_ctx *ctx = aa_sock(sock->sk); in __unix_needs_revalidation()
|
| /security/landlock/ |
| A D | net.c | 44 static int current_check_access_socket(struct socket *const sock, in current_check_access_socket() argument
65 if (!sk_is_tcp(sock->sk)) in current_check_access_socket()
154 if (sock->sk->__sk_common.skc_family != AF_INET) in current_check_access_socket()
170 if (address->sa_family != sock->sk->__sk_common.skc_family) in current_check_access_socket()
198 static int hook_socket_bind(struct socket *const sock, in hook_socket_bind() argument
201 return current_check_access_socket(sock, address, addrlen, in hook_socket_bind()
205 static int hook_socket_connect(struct socket *const sock, in hook_socket_connect() argument
209 return current_check_access_socket(sock, address, addrlen, in hook_socket_connect()
|
| A D | task.c | 235 static bool sock_is_scoped(struct sock *const other, in sock_is_scoped()
247 static bool is_abstract_socket(struct sock *const sock) in is_abstract_socket() argument
249 struct unix_address *addr = unix_sk(sock)->addr; in is_abstract_socket()
265 static int hook_unix_stream_connect(struct sock *const sock, in hook_unix_stream_connect() argument
266 struct sock *const other, in hook_unix_stream_connect()
267 struct sock *const newsk) in hook_unix_stream_connect()
297 static int hook_unix_may_send(struct socket *const sock, in hook_unix_may_send() argument
312 if (unix_peer(sock->sk) == other->sk) in hook_unix_may_send()
|
| /security/selinux/ |
| A D | netlabel.c | 69 static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) in selinux_netlbl_sock_genattr()
102 const struct sock *sk, in selinux_netlbl_sock_getattr()
239 struct sock *sk; in selinux_netlbl_skbuff_setsid()
359 void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) in selinux_netlbl_inet_csk_clone()
377 void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk) in selinux_netlbl_sctp_sk_clone()
395 int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) in selinux_netlbl_socket_post_create()
509 int selinux_netlbl_socket_setsockopt(struct socket *sock, in selinux_netlbl_socket_setsockopt() argument
514 struct sock *sk = sock->sk; in selinux_netlbl_socket_setsockopt()
549 static int selinux_netlbl_socket_connect_helper(struct sock *sk, in selinux_netlbl_socket_connect_helper()
588 int selinux_netlbl_socket_connect_locked(struct sock *sk, in selinux_netlbl_socket_connect_locked()
[all …]
|
| A D | hooks.c | 245 struct sock *sk) in ad_net_init_from_sk()
4832 if (sock->sk) { in selinux_socket_post_create()
4864 struct sock *sk = sock->sk; in selinux_socket_bind()
5000 struct sock *sk = sock->sk; in selinux_socket_connect_helper()
5087 struct sock *sk = sock->sk; in selinux_socket_connect()
5171 static int selinux_socket_unix_stream_connect(struct sock *sock, in selinux_socket_unix_stream_connect() argument
5379 else if (sock) in selinux_socket_getpeersec_dgram()
5664 static int selinux_mptcp_add_subflow(struct sock *sk, struct sock *ssk) in selinux_mptcp_add_subflow()
5879 struct sock *sk; in selinux_ip_output()
5922 struct sock *sk; in selinux_ip_postroute_compat()
[all …]
|
| A D | netlink.c | 22 static struct sock *selnl __ro_after_init;
|
| /security/tomoyo/ |
| A D | network.c | 626 static u8 tomoyo_sock_family(struct sock *sk) in tomoyo_sock_family()
653 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_listen_permission()
654 const unsigned int type = sock->type; in tomoyo_socket_listen_permission()
661 const int error = sock->ops->getname(sock, (struct sockaddr *) in tomoyo_socket_listen_permission()
690 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_connect_permission()
691 const unsigned int type = sock->type; in tomoyo_socket_connect_permission()
727 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_bind_permission()
728 const unsigned int type = sock->type; in tomoyo_socket_bind_permission()
762 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_sendmsg_permission()
763 const unsigned int type = sock->type; in tomoyo_socket_sendmsg_permission()
[all …]
|
| A D | tomoyo.c | 454 static int tomoyo_socket_listen(struct socket *sock, int backlog) in tomoyo_socket_listen() argument
456 return tomoyo_socket_listen_permission(sock); in tomoyo_socket_listen()
468 static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr, in tomoyo_socket_connect() argument
471 return tomoyo_socket_connect_permission(sock, addr, addr_len); in tomoyo_socket_connect()
483 static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr, in tomoyo_socket_bind() argument
486 return tomoyo_socket_bind_permission(sock, addr, addr_len); in tomoyo_socket_bind()
498 static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, in tomoyo_socket_sendmsg() argument
501 return tomoyo_socket_sendmsg_permission(sock, msg, size); in tomoyo_socket_sendmsg()
|
| A D | common.h | 995 int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr,
997 int tomoyo_socket_connect_permission(struct socket *sock,
999 int tomoyo_socket_listen_permission(struct socket *sock);
1000 int tomoyo_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg,
|
| /security/ |
| A D | security.c | 4537 int security_unix_stream_connect(struct sock *sock, struct sock *other, in security_unix_stream_connect() argument
4538 struct sock *newsk) in security_unix_stream_connect()
4639 int security_socket_bind(struct socket *sock, in security_socket_bind() argument
4656 int security_socket_connect(struct socket *sock, in security_socket_connect() argument
4735 return call_int_hook(socket_getsockname, sock); in security_socket_getsockname()
4748 return call_int_hook(socket_getpeername, sock); in security_socket_getpeername()
4867 static int lsm_sock_alloc(struct sock *sock, gfp_t gfp) in lsm_sock_alloc() argument
4901 void security_sk_free(struct sock *sk) in security_sk_free()
4915 void security_sk_clone(const struct sock *sk, struct sock *newsk) in security_sk_clone()
5186 struct sock *newsk) in security_sctp_sk_clone()
[all …]
|
| A D | lsm_audit.c | 287 const struct sock *sk = a->u.net->sk; in audit_log_lsm_data()
|
| /security/smack/ |
| A D | smack_lsm.c | 1564 struct socket *sock; in smack_inode_getsecurity() local
1589 if (sock == NULL || sock->sk == NULL) in smack_inode_getsecurity()
1966 struct socket *sock; in smack_file_receive() local
2712 struct sock *sk = sock->sk; in smk_ipv6_port_label()
2871 struct socket *sock; in smack_inode_setsecurity() local
2902 if (sock == NULL || sock->sk == NULL) in smack_inode_setsecurity()
3001 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { in smack_socket_bind()
3835 static int smack_unix_stream_connect(struct sock *sock, in smack_unix_stream_connect() argument
3836 struct sock *other, struct sock *newsk) in smack_unix_stream_connect()
4326 if (sock != NULL) in smack_socket_getpeersec_dgram()
[all …]
|
| A D | smack.h | 174 struct sock *smk_sock; /* socket initialized on */
365 static inline struct socket_smack *smack_sock(const struct sock *sock) in smack_sock() argument
367 return sock->sk_security + smack_blob_sizes.lbs_sock; in smack_sock()
491 struct sock *sk) in smk_ad_setfield_u_net_sk()
519 struct sock *sk) in smk_ad_setfield_u_net_sk()
|
| A D | smack_netfilter.c | 25 struct sock *sk = skb_to_full_sk(skb); in smack_ip_output()
|
| /security/selinux/ss/ |
| A D | mls.h | 47 struct context *newcontext, bool sock);
|
| A D | mls.c | 482 struct context *newcontext, bool sock) in mls_compute_sid() argument
528 if ((tclass == p->process_class) || sock) in mls_compute_sid()
|