Lines Matching refs:token
17 bool bpf_token_capable(const struct bpf_token *token, int cap) in bpf_token_capable() argument
22 userns = token ? token->userns : &init_user_ns; in bpf_token_capable()
25 if (token && security_bpf_token_capable(token, cap) < 0) in bpf_token_capable()
30 void bpf_token_inc(struct bpf_token *token) in bpf_token_inc() argument
32 atomic64_inc(&token->refcnt); in bpf_token_inc()
35 static void bpf_token_free(struct bpf_token *token) in bpf_token_free() argument
37 security_bpf_token_free(token); in bpf_token_free()
38 put_user_ns(token->userns); in bpf_token_free()
39 kfree(token); in bpf_token_free()
44 struct bpf_token *token = container_of(work, struct bpf_token, work); in bpf_token_put_deferred() local
46 bpf_token_free(token); in bpf_token_put_deferred()
49 void bpf_token_put(struct bpf_token *token) in bpf_token_put() argument
51 if (!token) in bpf_token_put()
54 if (!atomic64_dec_and_test(&token->refcnt)) in bpf_token_put()
57 INIT_WORK(&token->work, bpf_token_put_deferred); in bpf_token_put()
58 schedule_work(&token->work); in bpf_token_put()
63 struct bpf_token *token = filp->private_data; in bpf_token_release() local
65 bpf_token_put(token); in bpf_token_release()
71 struct bpf_token *token = filp->private_data; in bpf_token_show_fdinfo() local
76 if ((token->allowed_cmds & mask) == mask) in bpf_token_show_fdinfo()
79 seq_printf(m, "allowed_cmds:\t0x%llx\n", token->allowed_cmds); in bpf_token_show_fdinfo()
83 if ((token->allowed_maps & mask) == mask) in bpf_token_show_fdinfo()
86 seq_printf(m, "allowed_maps:\t0x%llx\n", token->allowed_maps); in bpf_token_show_fdinfo()
90 if ((token->allowed_progs & mask) == mask) in bpf_token_show_fdinfo()
93 seq_printf(m, "allowed_progs:\t0x%llx\n", token->allowed_progs); in bpf_token_show_fdinfo()
97 if ((token->allowed_attachs & mask) == mask) in bpf_token_show_fdinfo()
100 seq_printf(m, "allowed_attachs:\t0x%llx\n", token->allowed_attachs); in bpf_token_show_fdinfo()
115 struct bpf_token *token = NULL; in bpf_token_create() local
176 token = kzalloc(sizeof(*token), GFP_USER); in bpf_token_create()
177 if (!token) { in bpf_token_create()
182 atomic64_set(&token->refcnt, 1); in bpf_token_create()
185 token->userns = get_user_ns(userns); in bpf_token_create()
187 token->allowed_cmds = mnt_opts->delegate_cmds; in bpf_token_create()
188 token->allowed_maps = mnt_opts->delegate_maps; in bpf_token_create()
189 token->allowed_progs = mnt_opts->delegate_progs; in bpf_token_create()
190 token->allowed_attachs = mnt_opts->delegate_attachs; in bpf_token_create()
192 err = security_bpf_token_create(token, attr, &path); in bpf_token_create()
202 file->private_data = token; in bpf_token_create()
208 bpf_token_free(token); in bpf_token_create()
217 struct bpf_token *token; in bpf_token_get_from_fd() local
224 token = fd_file(f)->private_data; in bpf_token_get_from_fd()
225 bpf_token_inc(token); in bpf_token_get_from_fd()
227 return token; in bpf_token_get_from_fd()
230 bool bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd) in bpf_token_allow_cmd() argument
232 if (!token) in bpf_token_allow_cmd()
234 if (!(token->allowed_cmds & BIT_ULL(cmd))) in bpf_token_allow_cmd()
236 return security_bpf_token_cmd(token, cmd) == 0; in bpf_token_allow_cmd()
239 bool bpf_token_allow_map_type(const struct bpf_token *token, enum bpf_map_type type) in bpf_token_allow_map_type() argument
241 if (!token || type >= __MAX_BPF_MAP_TYPE) in bpf_token_allow_map_type()
244 return token->allowed_maps & BIT_ULL(type); in bpf_token_allow_map_type()
247 bool bpf_token_allow_prog_type(const struct bpf_token *token, in bpf_token_allow_prog_type() argument
251 if (!token || prog_type >= __MAX_BPF_PROG_TYPE || attach_type >= __MAX_BPF_ATTACH_TYPE) in bpf_token_allow_prog_type()
254 return (token->allowed_progs & BIT_ULL(prog_type)) && in bpf_token_allow_prog_type()
255 (token->allowed_attachs & BIT_ULL(attach_type)); in bpf_token_allow_prog_type()