Lines Matching +full:sig +full:- +full:dir +full:- +full:cmd
1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
9 * Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
29 #include <linux/backing-dev.h>
35 #define LSM_COUNT (__end_lsm_info - __start_lsm_info)
85 /* Boot-time LSM user choice */
104 if (!lsm->enabled) in is_enabled()
107 return *lsm->enabled; in is_enabled()
117 * a hard-coded location for storing the default enabled state. in set_enabled()
119 if (!lsm->enabled) { in set_enabled()
121 lsm->enabled = &lsm_enabled_true; in set_enabled()
123 lsm->enabled = &lsm_enabled_false; in set_enabled()
124 } else if (lsm->enabled == &lsm_enabled_true) { in set_enabled()
126 lsm->enabled = &lsm_enabled_false; in set_enabled()
127 } else if (lsm->enabled == &lsm_enabled_false) { in set_enabled()
129 lsm->enabled = &lsm_enabled_true; in set_enabled()
131 *lsm->enabled = enabled; in set_enabled()
159 if (!lsm->enabled) in append_ordered_lsm()
160 lsm->enabled = &lsm_enabled_true; in append_ordered_lsm()
163 init_debug("%s ordered: %s (%s)\n", from, lsm->name, in append_ordered_lsm()
175 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { in lsm_allowed()
176 init_debug("exclusive disabled: %s\n", lsm->name); in lsm_allowed()
200 lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); in lsm_set_blob_sizes()
201 lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); in lsm_set_blob_sizes()
206 if (needed->lbs_inode && blob_sizes.lbs_inode == 0) in lsm_set_blob_sizes()
208 lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); in lsm_set_blob_sizes()
209 lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); in lsm_set_blob_sizes()
210 lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); in lsm_set_blob_sizes()
211 lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); in lsm_set_blob_sizes()
212 lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); in lsm_set_blob_sizes()
213 lsm_set_blob_size(&needed->lbs_xattr_count, in lsm_set_blob_sizes()
225 /* If enabled, do pre-initialization work. */ in prepare_lsm()
227 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { in prepare_lsm()
229 init_debug("exclusive chosen: %s\n", lsm->name); in prepare_lsm()
232 lsm_set_blob_sizes(lsm->blobs); in prepare_lsm()
242 init_debug("initializing %s\n", lsm->name); in initialize_lsm()
243 ret = lsm->init(); in initialize_lsm()
244 WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); in initialize_lsm()
248 /* Populate ordered LSMs list from comma-separated LSM name list. */
256 if (lsm->order == LSM_ORDER_FIRST) in ordered_lsm_parse()
268 * all non-matching Legacy Major LSMs. in ordered_lsm_parse()
272 if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && in ordered_lsm_parse()
273 strcmp(major->name, chosen_major_lsm) != 0) { in ordered_lsm_parse()
276 chosen_major_lsm, major->name); in ordered_lsm_parse()
288 if (strcmp(lsm->name, name) == 0) { in ordered_lsm_parse()
289 if (lsm->order == LSM_ORDER_MUTABLE) in ordered_lsm_parse()
305 if (strcmp(lsm->name, chosen_major_lsm) == 0) in ordered_lsm_parse()
312 if (lsm->order == LSM_ORDER_LAST) in ordered_lsm_parse()
322 origin, lsm->name); in ordered_lsm_parse()
344 pr_cont("%s%s", first++ == 0 ? "" : ",", early->name); in report_lsm_order()
347 pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name); in report_lsm_order()
395 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
413 if (!lsm->enabled) in early_security_init()
414 lsm->enabled = &lsm_enabled_true; in early_security_init()
423 * security_init - initializes the security framework
440 init_debug(" early started: %s (%s)\n", lsm->name, in security_init()
442 if (lsm->enabled) in security_init()
443 lsm_append(lsm->name, &lsm_names); in security_init()
498 return -ENOMEM; in lsm_append()
505 return -ENOMEM; in lsm_append()
513 * security_add_hooks - Add a modules hooks to the hook lists.
536 panic("%s - Cannot get early memory.\n", __func__); in security_add_hooks()
562 * lsm_cred_alloc - allocate a composite cred blob
568 * Returns 0, or -ENOMEM if memory can't be allocated.
573 cred->security = NULL; in lsm_cred_alloc()
577 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
578 if (cred->security == NULL) in lsm_cred_alloc()
579 return -ENOMEM; in lsm_cred_alloc()
584 * lsm_early_cred - during initialization allocate a composite cred blob
598 * lsm_file_alloc - allocate a composite file blob
603 * Returns 0, or -ENOMEM if memory can't be allocated.
608 file->f_security = NULL; in lsm_file_alloc()
612 file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); in lsm_file_alloc()
613 if (file->f_security == NULL) in lsm_file_alloc()
614 return -ENOMEM; in lsm_file_alloc()
619 * lsm_inode_alloc - allocate a composite inode blob
624 * Returns 0, or -ENOMEM if memory can't be allocated.
629 inode->i_security = NULL; in lsm_inode_alloc()
633 inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_NOFS); in lsm_inode_alloc()
634 if (inode->i_security == NULL) in lsm_inode_alloc()
635 return -ENOMEM; in lsm_inode_alloc()
640 * lsm_task_alloc - allocate a composite task blob
645 * Returns 0, or -ENOMEM if memory can't be allocated.
650 task->security = NULL; in lsm_task_alloc()
654 task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
655 if (task->security == NULL) in lsm_task_alloc()
656 return -ENOMEM; in lsm_task_alloc()
661 * lsm_ipc_alloc - allocate a composite ipc blob
666 * Returns 0, or -ENOMEM if memory can't be allocated.
671 kip->security = NULL; in lsm_ipc_alloc()
675 kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
676 if (kip->security == NULL) in lsm_ipc_alloc()
677 return -ENOMEM; in lsm_ipc_alloc()
682 * lsm_msg_msg_alloc - allocate a composite msg_msg blob
687 * Returns 0, or -ENOMEM if memory can't be allocated.
692 mp->security = NULL; in lsm_msg_msg_alloc()
696 mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL); in lsm_msg_msg_alloc()
697 if (mp->security == NULL) in lsm_msg_msg_alloc()
698 return -ENOMEM; in lsm_msg_msg_alloc()
703 * lsm_early_task - during initialization allocate a composite task blob
717 * lsm_superblock_alloc - allocate a composite superblock blob
722 * Returns 0, or -ENOMEM if memory can't be allocated.
727 sb->s_security = NULL; in lsm_superblock_alloc()
731 sb->s_security = kzalloc(blob_sizes.lbs_superblock, GFP_KERNEL); in lsm_superblock_alloc()
732 if (sb->s_security == NULL) in lsm_superblock_alloc()
733 return -ENOMEM; in lsm_superblock_alloc()
771 P->hook.FUNC(__VA_ARGS__); \
780 RC = P->hook.FUNC(__VA_ARGS__); \
791 * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
804 * security_binder_transaction() - Check if a binder transaction is allowed
819 * security_binder_transfer_binder() - Check if a binder transfer is allowed
834 * security_binder_transfer_file() - Check if a binder file xfer is allowed
850 * security_ptrace_access_check() - Check if tracing is allowed
869 * security_ptrace_traceme() - Check if tracing is allowed
884 * security_capget() - Get the capability sets for a process
907 * security_capset() - Set the capability sets for a process
929 * security_capable() - Check if a process has the necessary capability
950 * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
966 * security_quota_on() - Check if QUOTAON is allowed for a dentry
979 * security_syslog() - Check if accessing the kernel message ring is allowed
994 * security_settime64() - Check if changing the system time is allowed
1009 * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
1035 rc = hp->hook.vm_enough_memory(mm, pages); in security_vm_enough_memory_mm()
1045 * security_bprm_creds_for_exec() - Prepare the credentials for exec()
1048 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
1049 * properly for executing @bprm->file, update the LSM's portion of
1050 * @bprm->cred->security to be what commit_creds needs to install for the new
1052 * transitions between security domains). The hook must set @bprm->secureexec
1064 * security_bprm_creds_from_file() - Update linux_binprm creds based on file
1069 * exec, update @bprm->cred to reflect that change. This is called after
1074 * transitions between security domains). The hook must set @bprm->secureexec
1076 * hook must add to @bprm->per_clear any personality flags that should be
1077 * cleared from current->personality. @bprm contains the linux_binprm
1088 * security_bprm_check() - Mediate binary handler search
1092 * It allows a check against the @bprm->cred->security value which was set in
1110 * security_bprm_committing_creds() - Install creds for a process during exec()
1115 * by @current->cred and the information set in @bprm->cred by the
1127 * security_bprm_committed_creds() - Tidy up after cred install during exec()
1132 * point, been set to @current->cred. @bprm points to the linux_binprm
1134 * process such as clearing out non-inheritable signal state. This is called
1143 * security_fs_context_submount() - Initialise fc->security
1147 * Fill out the ->security field for a new fs_context.
1157 * security_fs_context_dup() - Duplicate a fs_context LSM blob
1161 * Allocate and attach a security structure to sc->security. This pointer is
1173 * security_fs_context_parse_param() - Configure a filesystem context
1181 * returned to the caller -ENOPARAM is returned, otherwise a negative
1189 int rc = -ENOPARAM; in security_fs_context_parse_param()
1193 trc = hp->hook.fs_context_parse_param(fc, param); in security_fs_context_parse_param()
1196 else if (trc != -ENOPARAM) in security_fs_context_parse_param()
1203 * security_sb_alloc() - Allocate a super_block LSM blob
1206 * Allocate and attach a security structure to the sb->s_security field. The
1225 * security_sb_delete() - Release super_block LSM associated objects
1237 * security_sb_free() - Free a super_block LSM blob
1240 * Deallocate and clear the sb->s_security field. @sb contains the super_block
1246 kfree(sb->s_security); in security_sb_free()
1247 sb->s_security = NULL; in security_sb_free()
1251 * security_free_mnt_opts() - Free memory associated with mount options
1266 * security_sb_eat_lsm_opts() - Consume LSM mount options
1281 * security_sb_mnt_opts_compat() - Check if new mount options are allowed
1298 * security_sb_remount() - Verify no incompatible mount changes during remount
1315 * security_sb_kern_mount() - Check if a kernel mount is allowed
1328 * security_sb_show_options() - Output the mount options for a superblock
1342 * security_sb_statfs() - Check if accessing fs stats is allowed
1356 * security_sb_mount() - Check permission for mounting a filesystem
1379 * security_sb_umount() - Check permission for unmounting a filesystem
1393 * security_sb_pivotroot() - Check permissions for pivoting the rootfs
1408 * security_sb_set_mnt_opts() - Set the mount options for a filesystem
1424 mnt_opts ? -EOPNOTSUPP : 0, sb, in security_sb_set_mnt_opts()
1430 * security_sb_clone_mnt_opts() - Duplicate superblock mount options
1451 * security_move_mount() - Check permissions for moving a mount
1466 * security_path_notify() - Check if setting a watch is allowed
1483 * security_inode_alloc() - Allocate an inode LSM blob
1486 * Allocate and attach a security structure to @inode->i_security. The
1513 * security_inode_free() - Free an inode's LSM blob
1516 * Deallocate the inode security structure and set @inode->i_security to NULL.
1528 * leave the current inode->i_security pointer intact. in security_inode_free()
1531 if (inode->i_security) in security_inode_free()
1532 call_rcu((struct rcu_head *)inode->i_security, in security_inode_free()
1537 * security_dentry_init_security() - Perform dentry initialization
1564 rc = hp->hook.dentry_init_security(dentry, mode, name, in security_dentry_init_security()
1574 * security_dentry_create_files_as() - Perform dentry initialization
1598 * security_inode_init_security() - Initialize an inode's LSM context
1600 * @dir: parent directory
1614 * slot, the hook function should set ->name to the attribute name suffix
1615 * (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1616 * to the attribute value, to set ->value_len to the length of the value. If
1619 * -EOPNOTSUPP to skip this processing.
1624 int security_inode_init_security(struct inode *inode, struct inode *dir, in security_inode_init_security() argument
1630 int ret = -EOPNOTSUPP, xattr_count = 0; in security_inode_init_security()
1643 return -ENOMEM; in security_inode_init_security()
1648 ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs, in security_inode_init_security()
1650 if (ret && ret != -EOPNOTSUPP) in security_inode_init_security()
1653 * As documented in lsm_hooks.h, -EOPNOTSUPP in this context in security_inode_init_security()
1664 ret = evm_inode_init_security(inode, dir, qstr, new_xattrs, in security_inode_init_security()
1670 for (; xattr_count > 0; xattr_count--) in security_inode_init_security()
1671 kfree(new_xattrs[xattr_count - 1].value); in security_inode_init_security()
1673 return (ret == -EOPNOTSUPP) ? 0 : ret; in security_inode_init_security()
1678 * security_inode_init_security_anon() - Initialize an anonymous inode
1686 * Return: Returns 0 on success, -EACCES if the security module denies the
1687 * creation of this inode, or another -errno upon other errors.
1699 * security_path_mknod() - Check if creating a special file is allowed
1700 * @dir: parent directory
1710 int security_path_mknod(const struct path *dir, struct dentry *dentry, in security_path_mknod() argument
1713 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mknod()
1715 return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); in security_path_mknod()
1720 * security_path_mkdir() - Check if creating a new directory is allowed
1721 * @dir: parent directory
1729 int security_path_mkdir(const struct path *dir, struct dentry *dentry, in security_path_mkdir() argument
1732 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mkdir()
1734 return call_int_hook(path_mkdir, 0, dir, dentry, mode); in security_path_mkdir()
1739 * security_path_rmdir() - Check if removing a directory is allowed
1740 * @dir: parent directory
1747 int security_path_rmdir(const struct path *dir, struct dentry *dentry) in security_path_rmdir() argument
1749 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_rmdir()
1751 return call_int_hook(path_rmdir, 0, dir, dentry); in security_path_rmdir()
1755 * security_path_unlink() - Check if removing a hard link is allowed
1756 * @dir: parent directory
1763 int security_path_unlink(const struct path *dir, struct dentry *dentry) in security_path_unlink() argument
1765 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_unlink()
1767 return call_int_hook(path_unlink, 0, dir, dentry); in security_path_unlink()
1772 * security_path_symlink() - Check if creating a symbolic link is allowed
1773 * @dir: parent directory
1781 int security_path_symlink(const struct path *dir, struct dentry *dentry, in security_path_symlink() argument
1784 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_symlink()
1786 return call_int_hook(path_symlink, 0, dir, dentry, old_name); in security_path_symlink()
1790 * security_path_link - Check if creating a hard link is allowed
1808 * security_path_rename() - Check if renaming a file is allowed
1834 * security_path_truncate() - Check if truncating a file is allowed
1845 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_truncate()
1851 * security_path_chmod() - Check if changing the file's mode is allowed
1863 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chmod()
1869 * security_path_chown() - Check if changing the file's owner/group is allowed
1880 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chown()
1886 * security_path_chroot() - Check if changing the root directory is allowed
1900 * security_inode_create() - Check if creating a file is allowed
1901 * @dir: the parent directory
1909 int security_inode_create(struct inode *dir, struct dentry *dentry, in security_inode_create() argument
1912 if (unlikely(IS_PRIVATE(dir))) in security_inode_create()
1914 return call_int_hook(inode_create, 0, dir, dentry, mode); in security_inode_create()
1919 * security_inode_link() - Check if creating a hard link is allowed
1921 * @dir: new parent directory
1928 int security_inode_link(struct dentry *old_dentry, struct inode *dir, in security_inode_link() argument
1933 return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry); in security_inode_link()
1937 * security_inode_unlink() - Check if removing a hard link is allowed
1938 * @dir: parent directory
1945 int security_inode_unlink(struct inode *dir, struct dentry *dentry) in security_inode_unlink() argument
1949 return call_int_hook(inode_unlink, 0, dir, dentry); in security_inode_unlink()
1953 * security_inode_symlink() - Check if creating a symbolic link is allowed
1954 * @dir: parent directory
1962 int security_inode_symlink(struct inode *dir, struct dentry *dentry, in security_inode_symlink() argument
1965 if (unlikely(IS_PRIVATE(dir))) in security_inode_symlink()
1967 return call_int_hook(inode_symlink, 0, dir, dentry, old_name); in security_inode_symlink()
1971 * security_inode_mkdir() - Check if creation a new director is allowed
1972 * @dir: parent directory
1977 * associated with inode structure @dir.
1981 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) in security_inode_mkdir() argument
1983 if (unlikely(IS_PRIVATE(dir))) in security_inode_mkdir()
1985 return call_int_hook(inode_mkdir, 0, dir, dentry, mode); in security_inode_mkdir()
1990 * security_inode_rmdir() - Check if removing a directory is allowed
1991 * @dir: parent directory
1998 int security_inode_rmdir(struct inode *dir, struct dentry *dentry) in security_inode_rmdir() argument
2002 return call_int_hook(inode_rmdir, 0, dir, dentry); in security_inode_rmdir()
2006 * security_inode_mknod() - Check if creating a special file is allowed
2007 * @dir: parent directory
2019 int security_inode_mknod(struct inode *dir, struct dentry *dentry, in security_inode_mknod() argument
2022 if (unlikely(IS_PRIVATE(dir))) in security_inode_mknod()
2024 return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev); in security_inode_mknod()
2028 * security_inode_rename() - Check if renaming a file is allowed
2060 * security_inode_readlink() - Check if reading a symbolic link is allowed
2075 * security_inode_follow_link() - Check if following a symbolic link is allowed
2078 * @rcu: true if in RCU-walk mode
2094 * security_inode_permission() - Check if accessing an inode is allowed
2115 * security_inode_setattr() - Check if setting file attributes is allowed
2142 * security_inode_getattr() - Check if getting file attributes is allowed
2151 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_inode_getattr()
2157 * security_inode_setxattr() - Check if setting file xattrs is allowed
2195 * security_inode_set_acl() - Check if setting posix acls is allowed
2225 * security_inode_get_acl() - Check if reading posix acls is allowed
2244 * security_inode_remove_acl() - Check if removing a posix acl is allowed
2271 * security_inode_post_setxattr() - Update the inode after a setxattr operation
2290 * security_inode_getxattr() - Check if xattr access is allowed
2307 * security_inode_listxattr() - Check if listing xattrs is allowed
2323 * security_inode_removexattr() - Check if removing an xattr is allowed
2356 * security_inode_need_killpriv() - Check if security_inode_killpriv() required
2372 * security_inode_killpriv() - The setuid bit is removed, update LSM state
2377 * Called with the dentry->d_inode->i_mutex held.
2389 * security_inode_getsecurity() - Get the xattr security label of an inode
2417 rc = hp->hook.inode_getsecurity(idmap, inode, name, buffer, in security_inode_getsecurity()
2426 * security_inode_setsecurity() - Set the xattr security label of an inode
2452 rc = hp->hook.inode_setsecurity(inode, name, value, size, in security_inode_setsecurity()
2461 * security_inode_listsecurity() - List the xattr security label names
2483 * security_inode_getsecid() - Get an inode's secid
2496 * security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2497 * @src: union dentry of copy-up file
2514 * security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2521 * Return: Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP
2532 * xattr), -EOPNOTSUPP if it does not know anything about the xattr or in security_inode_copy_up_xattr()
2537 rc = hp->hook.inode_copy_up_xattr(name); in security_inode_copy_up_xattr()
2547 * security_kernfs_init_security() - Init LSM context for a kernfs node
2563 * security_file_permission() - Check file permissions
2576 * memory-mapped files. Security modules must handle this separately if they
2593 * security_file_alloc() - Allocate and init a file's LSM blob
2596 * Allocate and attach a security structure to the file->f_security field. The
2614 * security_file_free() - Free a file's LSM blob
2617 * Deallocate and free any security structures stored in file->f_security.
2625 blob = file->f_security; in security_file_free()
2627 file->f_security = NULL; in security_file_free()
2633 * security_file_ioctl() - Check if an ioctl is allowed
2635 * @cmd: ioctl cmd
2645 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) in security_file_ioctl() argument
2647 return call_int_hook(file_ioctl, 0, file, cmd, arg); in security_file_ioctl()
2652 * security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2654 * @cmd: ioctl cmd
2657 * Compat version of security_file_ioctl() that correctly handles 32-bit
2658 * processes running on 64-bit kernels.
2662 int security_file_ioctl_compat(struct file *file, unsigned int cmd, in security_file_ioctl_compat() argument
2665 return call_int_hook(file_ioctl_compat, 0, file, cmd, arg); in security_file_ioctl_compat()
2677 if (!(current->personality & READ_IMPLIES_EXEC)) in mmap_prot()
2688 if (!path_noexec(&file->f_path)) { in mmap_prot()
2690 if (file->f_op->mmap_capabilities) { in mmap_prot()
2691 unsigned caps = file->f_op->mmap_capabilities(file); in mmap_prot()
2703 * security_mmap_file() - Check if mmap'ing a file is allowed
2726 * security_mmap_addr() - Check if mmap'ing an address is allowed
2739 * security_file_mprotect() - Check if changing memory protections is allowed
2760 * security_file_lock() - Check if a file lock is allowed
2762 * @cmd: lock operation (e.g. F_RDLCK, F_WRLCK)
2769 int security_file_lock(struct file *file, unsigned int cmd) in security_file_lock() argument
2771 return call_int_hook(file_lock, 0, file, cmd); in security_file_lock()
2775 * security_file_fcntl() - Check if fcntl() op is allowed
2777 * @cmd: fcntl command
2780 * Check permission before allowing the file operation specified by @cmd from
2788 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) in security_file_fcntl() argument
2790 return call_int_hook(file_fcntl, 0, file, cmd, arg); in security_file_fcntl()
2794 * security_file_set_fowner() - Set the file owner info in the LSM blob
2797 * Save owner security information (typically from current->security) in
2798 * file->f_security for later use by the send_sigiotask hook.
2808 * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2811 * @sig: signal to be sent, SIGIO is sent if 0
2822 struct fown_struct *fown, int sig) in security_file_send_sigiotask() argument
2824 return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig); in security_file_send_sigiotask()
2828 * security_file_receive() - Check is receiving a file via IPC is allowed
2842 * security_file_open() - Save open() time state for late use by the LSM
2845 * Save open-time permission checking state for later use upon file_permission,
2862 * security_file_truncate() - Check if truncating a file is allowed
2877 * security_task_alloc() - Allocate a task's LSM blob
2881 * Handle allocation of task-related resources.
2898 * security_task_free() - Free a task's LSM blob and related resources
2901 * Handle release of task-related resources. Note that this can be called from
2908 kfree(task->security); in security_task_free()
2909 task->security = NULL; in security_task_free()
2913 * security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
2936 * security_cred_free() - Free the cred's LSM blob and associated resources
2939 * Deallocate and clear the cred->security field in a set of credentials.
2945 * may result in a call here with ->security being NULL. in security_cred_free()
2947 if (unlikely(cred->security == NULL)) in security_cred_free()
2952 kfree(cred->security); in security_cred_free()
2953 cred->security = NULL; in security_cred_free()
2957 * security_prepare_creds() - Prepare a new set of credentials
2980 * security_transfer_creds() - Transfer creds
2992 * security_cred_getsecid() - Get the secid from a set of credentials
3007 * security_kernel_act_as() - Set the kernel credentials to act as secid
3022 * security_kernel_create_files_as() - Set file creation context using an inode
3038 * security_kernel_module_request() - Check is loading a module is allowed
3057 * security_kernel_read_file() - Read a file specified by userspace
3079 * security_kernel_post_read_file() - Read a file specified by userspace
3104 * security_kernel_load_data() - Load data provided by userspace
3124 * security_kernel_post_load_data() - Load userspace data from a non-file source
3130 * Load data provided by a non-file source (usually userspace buffer). This
3152 * security_task_fix_setuid() - Update LSM with new user id attributes
3161 * rather than to @current->cred.
3172 * security_task_fix_setgid() - Update LSM with new group id attributes
3181 * @current->cred.
3192 * security_task_fix_setgroups() - Update LSM with new supplementary groups
3199 * @current->cred.
3209 * security_task_setpgid() - Check if setting the pgid is allowed
3224 * security_task_getpgid() - Check if getting the pgid is allowed
3238 * security_task_getsid() - Check if getting the session id is allowed
3251 * security_current_getsecid_subj() - Get the current task's subjective secid
3265 * security_task_getsecid_obj() - Get a task's objective secid
3280 * security_task_setnice() - Check if setting a task's nice value is allowed
3294 * security_task_setioprio() - Check if setting a task's ioprio is allowed
3308 * security_task_getioprio() - Check if getting a task's ioprio is allowed
3321 * security_task_prlimit() - Check if get/setting resources limits is allowed
3338 * security_task_setrlimit() - Check if setting a new rlimit value is allowed
3345 * dereferencing (p->signal->rlim + resource).
3356 * security_task_setscheduler() - Check if setting sched policy/param is allowed
3370 * security_task_getscheduler() - Check if getting scheduling info is allowed
3383 * security_task_movememory() - Check if moving memory is allowed
3396 * security_task_kill() - Check if sending a signal is allowed
3399 * @sig: signal value
3402 * Check permission before sending signal @sig to @p. @info can be NULL, the
3411 int sig, const struct cred *cred) in security_task_kill() argument
3413 return call_int_hook(task_kill, 0, p, info, sig, cred); in security_task_kill()
3417 * security_task_prctl() - Check if a prctl op is allowed
3427 * Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3438 thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); in security_task_prctl()
3449 * security_task_to_inode() - Set the security attributes of a task's inode
3462 * security_create_user_ns() - Check if creating a new userns is allowed
3475 * security_ipc_permission() - Check if sysv ipc access is allowed
3489 * security_ipc_getsecid() - Get the sysv ipc object's secid
3503 * security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3506 * Allocate and attach a security structure to the msg->security field. The
3524 * security_msg_msg_free() - Free a sysv ipc message LSM blob
3532 kfree(msg->security); in security_msg_msg_free()
3533 msg->security = NULL; in security_msg_msg_free()
3537 * security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3558 * security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3561 * Deallocate security field @perm->security for the message queue.
3566 kfree(msq->security); in security_msg_queue_free()
3567 msq->security = NULL; in security_msg_queue_free()
3571 * security_msg_queue_associate() - Check if a msg queue operation is allowed
3587 * security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3589 * @cmd: operation
3591 * Check permission when a message control operation specified by @cmd is to be
3596 int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) in security_msg_queue_msgctl() argument
3598 return call_int_hook(msg_queue_msgctl, 0, msq, cmd); in security_msg_queue_msgctl()
3602 * security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3619 * security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3640 * security_shm_alloc() - Allocate a sysv shm LSM blob
3661 * security_shm_free() - Free a sysv shm LSM blob
3664 * Deallocate the security structure @perm->security for the memory segment.
3669 kfree(shp->security); in security_shm_free()
3670 shp->security = NULL; in security_shm_free()
3674 * security_shm_associate() - Check if a sysv shm operation is allowed
3691 * security_shm_shmctl() - Check if a sysv shm operation is allowed
3693 * @cmd: operation
3695 * Check permission when a shared memory control operation specified by @cmd is
3700 int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) in security_shm_shmctl() argument
3702 return call_int_hook(shm_shmctl, 0, shp, cmd); in security_shm_shmctl()
3706 * security_shm_shmat() - Check if a sysv shm attach operation is allowed
3724 * security_sem_alloc() - Allocate a sysv semaphore LSM blob
3745 * security_sem_free() - Free a sysv semaphore LSM blob
3748 * Deallocate security structure @sma->security for the semaphore.
3753 kfree(sma->security); in security_sem_free()
3754 sma->security = NULL; in security_sem_free()
3758 * security_sem_associate() - Check if a sysv semaphore operation is allowed
3774 * security_sem_semctl() - Check if a sysv semaphore operation is allowed
3776 * @cmd: operation
3778 * Check permission when a semaphore operation specified by @cmd is to be
3783 int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) in security_sem_semctl() argument
3785 return call_int_hook(sem_semctl, 0, sma, cmd); in security_sem_semctl()
3789 * security_sem_semop() - Check if a sysv semaphore operation is allowed
3807 * security_d_instantiate() - Populate an inode's LSM state based on a dentry
3822 * security_getprocattr() - Read an attribute for a task
3838 if (lsm != NULL && strcmp(lsm, hp->lsm)) in security_getprocattr()
3840 return hp->hook.getprocattr(p, name, value); in security_getprocattr()
3846 * security_setprocattr() - Set an attribute for a task
3863 if (lsm != NULL && strcmp(lsm, hp->lsm)) in security_setprocattr()
3865 return hp->hook.setprocattr(name, value, size); in security_setprocattr()
3871 * security_netlink_send() - Save info and check if netlink sending is allowed
3889 * security_ismaclabel() - Check is the named attribute is a MAC label
3903 * security_secid_to_secctx() - Convert a secid to a secctx
3925 rc = hp->hook.secid_to_secctx(secid, secdata, seclen); in security_secid_to_secctx()
3935 * security_secctx_to_secid() - Convert a secctx to a secid
3952 * security_release_secctx() - Free a secctx buffer
3965 * security_inode_invalidate_secctx() - Invalidate an inode's security label
3978 * security_inode_notifysecctx() - Nofify the LSM of an inode's security label
3988 * Must be called with inode->i_mutex locked.
3999 * security_inode_setsecctx() - Change the security label of an inode
4010 * inode->i_mutex locked.
4021 * security_inode_getsecctx() - Get the security label of an inode
4040 rc = hp->hook.inode_getsecctx(inode, ctx, ctxlen); in security_inode_getsecctx()
4051 * security_post_notification() - Check if a watch notification can be posted
4070 * security_watch_key() - Check if a task is allowed to watch for key events
4086 * security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4114 * security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4140 * security_socket_create() - Check if creating a new socket is allowed
4156 * security_socket_post_create() - Initialize a newly created socket
4163 * This hook allows a module to update or allocate a per-socket security
4167 * and attach security information to SOCK_INODE(sock)->i_security. This hook
4168 * may be used to update the SOCK_INODE(sock)->i_security field with additional
4181 * security_socket_socketpair() - Check if creating a socketpair is allowed
4197 * security_socket_bind() - Check if a socket bind operation is allowed
4215 * security_socket_connect() - Check if a socket connect operation is allowed
4232 * security_socket_listen() - Check if a socket is allowed to listen
4246 * security_socket_accept() - Check if a socket is allowed to accept connections
4262 * security_socket_sendmsg() - Check is sending a message is allowed
4277 * security_socket_recvmsg() - Check if receiving a message is allowed
4294 * security_socket_getsockname() - Check if reading the socket addr is allowed
4308 * security_socket_getpeername() - Check if reading the peer's addr is allowed
4321 * security_socket_getsockopt() - Check if reading a socket option is allowed
4337 * security_socket_setsockopt() - Check if setting a socket option is allowed
4352 * security_socket_shutdown() - Checks if shutting down the socket is allowed
4367 * security_sock_rcv_skb() - Check if an incoming network packet is allowed
4385 * security_socket_getpeersec_stream() - Get the remote peer label
4410 rc = hp->hook.socket_getpeersec_stream(sock, optval, optlen, in security_socket_getpeersec_stream()
4419 * security_socket_getpeersec_dgram() - Get the remote peer label
4425 * for udp sockets on a per-packet basis to userspace via getsockopt
4443 rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); in security_socket_getpeersec_dgram()
4452 * security_sk_alloc() - Allocate and initialize a sock's LSM blob
4457 * Allocate and attach a security structure to the sk->sk_security field, which
4468 * security_sk_free() - Free the sock's LSM blob
4479 * security_sk_clone() - Clone a sock's LSM state
4492 * security_sk_classify_flow() - Set a flow's secid based on socket
4500 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); in security_sk_classify_flow()
4505 * security_req_classify_flow() - Set a flow's secid based on request_sock
4519 * security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
4533 * security_inet_conn_request() - Set request_sock state using incoming connect
4550 * security_inet_csk_clone() - Set new sock LSM state based on request_sock
4563 * security_inet_conn_established() - Update sock's LSM state with connection
4577 * security_secmark_relabel_packet() - Check if setting a secmark is allowed
4591 * security_secmark_refcount_inc() - Increment the secmark labeling rule count
4602 * security_secmark_refcount_dec() - Decrement the secmark labeling rule count
4613 * security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
4628 * security_tun_dev_free_security() - Free a TUN device LSM blob
4640 * security_tun_dev_create() - Check if creating a TUN device is allowed
4653 * security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4667 * security_tun_dev_attach() - Update TUN device LSM state on attach
4683 * security_tun_dev_open() - Update TUN device LSM state on open
4698 * security_sctp_assoc_request() - Update the LSM on a SCTP association req
4702 * Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
4714 * security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
4736 * security_sctp_sk_clone() - Clone a SCTP sock's LSM state
4753 * security_sctp_assoc_established() - Update LSM state when assoc established
4757 * Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
4770 * security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
4790 * security_ib_pkey_access() - Check if access to an IB pkey is allowed
4806 * security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
4824 * security_ib_alloc_security() - Allocate an Infiniband LSM blob
4829 * Return: Returns 0 on success, non-zero on failure.
4838 * security_ib_free_security() - Free an Infiniband LSM blob
4852 * security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
4857 * Allocate a security structure to the xp->security field; the security field
4871 * security_xfrm_policy_clone() - Clone xfrm policy LSM state
4887 * security_xfrm_policy_free() - Free a xfrm security context
4899 * security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
4912 * security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
4916 * Allocate a security structure to the @x->security field; the security field
4930 * security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
4935 * Allocate a security structure to the x->security field; the security field
4948 * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
4951 * Authorize deletion of x->security.
4962 * security_xfrm_state_free() - Free a xfrm state
4965 * Deallocate x->security.
4973 * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
4978 * packet. The hook is called when selecting either a per-socket policy or a
4981 * Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
4990 * security_xfrm_state_pol_flow_match() - Check for a xfrm match
5017 rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic); in security_xfrm_state_pol_flow_match()
5024 * security_xfrm_decode_session() - Determine the xfrm secid for a packet
5039 int rc = call_int_hook(xfrm_decode_session, 0, skb, &flic->flowic_secid, in security_skb_classify_flow()
5049 * security_key_alloc() - Allocate and initialize a kernel key LSM blob
5057 * Return: Return 0 if permission is granted, -ve error otherwise.
5066 * security_key_free() - Free a kernel key LSM blob
5077 * security_key_permission() - Check if a kernel key operation is allowed
5084 * Return: Return 0 if permission is granted, -ve error otherwise.
5093 * security_key_getsecurity() - Get the key's security label
5099 * storage for the NUL-terminated string and the caller should free it.
5101 * Return: Returns the length of @buffer (including terminating NUL) or -ve if
5114 * security_audit_rule_init() - Allocate and init an LSM audit rule struct
5123 * Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5133 * security_audit_rule_known() - Check if an audit rule contains LSM fields
5147 * security_audit_rule_free() - Free an LSM audit rule struct
5159 * security_audit_rule_match() - Check if a label matches an audit rule
5168 * Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5179 * security_bpf() - Check if the bpf syscall operation is allowed
5180 * @cmd: command
5186 * check the specific cmd they need.
5190 int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) in security_bpf() argument
5192 return call_int_hook(bpf, 0, cmd, attr, size); in security_bpf()
5196 * security_bpf_map() - Check if access to a bpf map is allowed
5211 * security_bpf_prog() - Check if access to a bpf program is allowed
5225 * security_bpf_map_alloc() - Allocate a bpf map LSM blob
5238 * security_bpf_prog_alloc() - Allocate a bpf program LSM blob
5251 * security_bpf_map_free() - Free a bpf map's LSM blob
5262 * security_bpf_prog_free() - Free a bpf program's LSM blob
5274 * security_locked_down() - Check if a kernel feature is allowed
5290 * security_perf_event_open() - Check if a perf event open is allowed
5304 * security_perf_event_alloc() - Allocate a perf event LSM blob
5317 * security_perf_event_free() - Free a perf event LSM blob
5328 * security_perf_event_read() - Check if reading a perf event label is allowed
5341 * security_perf_event_write() - Check if writing a perf event label is allowed
5356 * security_uring_override_creds() - Check if overriding creds is allowed
5370 * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5383 * security_uring_cmd() - Check if a io_uring passthrough command is allowed