Lines Matching defs:security
40 * all security modules to use the same descriptions for auditing
209 return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp);
244 return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL);
257 return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL);
271 return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL);
285 return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg,
314 return lsm_blob_alloc(&map->security, blob_sizes.lbs_bpf_map, GFP_KERNEL);
327 return lsm_blob_alloc(&prog->aux->security, blob_sizes.lbs_bpf_prog, GFP_KERNEL);
340 return lsm_blob_alloc(&token->security, blob_sizes.lbs_bpf_token, GFP_KERNEL);
547 * process is being traced and its security attributes would be changed by the
625 * @opts contains options for the capable check <include/linux/security.h>.
735 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
737 * @bprm->cred->security to be what commit_creds needs to install for the new
739 * transitions between security domains). The hook must set @bprm->secureexec
767 * transitions between security domains). The hook must set @bprm->secureexec
785 * It allows a check against the @bprm->cred->security value which was set in
801 * Prepare to install the new security attributes of a process being
818 * Tidy up after the installation of the new security attributes of a process
831 * security_fs_context_submount() - Initialise fc->security
835 * Fill out the ->security field for a new fs_context.
849 * Allocate and attach a security structure to sc->security. This pointer is
893 * Allocate and attach a security structure to the sb->s_security field. The
989 * Extracts security system specific mount options and verifies no changes are
1101 * Set the security relevant mount options used for a superblock.
1130 * Copy all security options from a given superblock to another.
1181 * Allocate and attach a security structure to @inode->i_security. The
1235 * @xattr_name: name of the security/LSM xattr
1286 * Obtain the security attribute name suffix and value to set on a newly
1287 * created inode and set up the incore security field for the new inode. This
1293 * lsm_get_xattr_slot() to retrieve the slots reserved by the security module
1298 * the security module does not use security attributes or does not wish to put
1299 * a security attribute on this particular inode, then it should return
1303 * security attributes that are required, negative values otherwise.
1359 * Set up the incore security field for the new anonymous inode and return
1360 * whether the inode creation is permitted by the security module or not.
1362 * Return: Returns 0 on success, -EACCES if the security module denies the
1396 * security_path_post_mknod() - Update inode security after reg file creation
1400 * Update inode security field after a regular file has been created.
1609 * security_inode_post_create_tmpfile() - Update inode security of new tmpfile
1613 * Update inode security data after a tmpfile has been created.
1804 * existing Linux permission function, so a security module can use it to
1847 * Update inode security field after successful setting file attributes.
1940 * security_inode_post_set_acl() - Update inode security from posix acls set
1945 * Update inode security data after successfully setting posix acls on @dentry.
1995 * security_inode_post_remove_acl() - Update inode security after rm posix acls
2000 * Update inode security data after successfully removing posix acls on
2019 * Update inode security field after successful setxattr operation.
2168 * The @dentry's setuid bit is being removed. Remove similar security labels.
2181 * security_inode_getsecurity() - Get the xattr security label of an inode
2185 * @buffer: security label buffer
2188 * Retrieve a copy of the extended attribute representation of the security
2190 * remainder of the attribute name after the security prefix has been removed.
2208 * security_inode_setsecurity() - Set the xattr security label of an inode
2211 * @value: security label
2212 * @size: length of security label
2215 * Set the security label associated with @name for @inode from the extended
2218 * remainder of the attribute name after the security. prefix has been removed.
2233 * security_inode_listsecurity() - List the xattr security label names
2238 * Copy the extended attribute names for the security labels associated with
2294 * -EOPNOTSUPP if the security module does not know about attribute,
2334 * Initialize the security context of a newly created kernfs node based on its
2351 * by various operations that read or write files. A security module can use
2373 * Allocate and attach a security structure to the file->f_security field. The
2374 * security field is initialized to NULL when the structure is first created.
2405 * Deallocate and free any security structures stored in file->f_security.
2429 * by the security module.
2562 * security module.
2575 * Save owner security information (typically from current->security) in
2596 * so the file structure (and associated security information) can always be
2611 * This hook allows security modules to control the ability of a process to
2703 kfree(task->security);
2704 task->security = NULL;
2734 * Deallocate and clear the cred->security field in a set of credentials.
2740 * may result in a call here with ->security being NULL.
2742 if (unlikely(cred->security == NULL))
2747 kfree(cred->security);
2748 cred->security = NULL;
2791 * Retrieve the security identifier of the cred structure @c. In case of
2806 * Retrieve the security data of the cred structure @c. In case of
3038 * Retrieve the subjective security identifier of the current task and return
3053 * Retrieve the objective security identifier of the task_struct in @p and
3233 * security_task_to_inode() - Set the security attributes of a task's inode
3237 * Set the security attributes for an inode based on an associated task's
3238 * security attributes, e.g. for /proc/pid inodes.
3290 * Allocate and attach a security structure to the msg->security field. The
3291 * security field is initialized to NULL when the structure is first created.
3311 * Deallocate the security structure for this message.
3316 kfree(msg->security);
3317 msg->security = NULL;
3324 * Allocate and attach a security structure to @msg. The security field is
3345 * Deallocate security field @perm->security for the message queue.
3350 kfree(msq->security);
3351 msq->security = NULL;
3427 * Allocate and attach a security structure to the @shp security field. The
3428 * security field is initialized to NULL when the structure is first created.
3448 * Deallocate the security structure @perm->security for the memory segment.
3453 kfree(shp->security);
3454 shp->security = NULL;
3511 * Allocate and attach a security structure to the @sma security field. The
3512 * security field is initialized to NULL when the structure is first created.
3532 * Deallocate security structure @sma->security for the semaphore.
3537 kfree(sma->security);
3538 sma->security = NULL;
3595 * Fill in @inode security information for a @dentry if allowed.
3606 * Please keep this in sync with it's counterpart in security/lsm_syscalls.c
3699 * Please keep this in sync with it's counterpart in security/lsm_syscalls.c
3820 * Convert secid to security context. If @cp is NULL the length of the
3837 * @lsmid: which security module to report
3839 * Convert a @prop entry to security context. If @cp is NULL the
3871 * Convert security context to secid.
3884 * @cp: the security context
3886 * Release the security context.
3896 * security_inode_invalidate_secctx() - Invalidate an inode's security label
3899 * Notify the security module that it must revalidate the security context of
3909 * security_inode_notifysecctx() - Notify the LSM of an inode's security label
3914 * Notify the security module of what the security context of an inode should
3915 * be. Initializes the incore security context managed by the security module
3917 * the security context in its incore inode to the value provided by the server
3930 * security_inode_setsecctx() - Change the security label of an inode
3935 * Change the security context of an inode. Updates the incore security
3936 * context managed by the security module and invokes the fs code as needed
3938 * context. Example usage: NFS server invokes this hook to change the security
3952 * security_inode_getsecctx() - Get the security label of an inode
3954 * @cp: security context
3956 * On success, returns 0 and fills out @cp with the security context
4009 * Save security information for a netlink message so that permission checking
4010 * can be performed when the message is processed. The security information
4100 * This hook allows a module to update or allocate a per-socket security
4101 * structure. Note that the security field was not added directly to the socket
4102 * structure, but rather, the socket security information is stored in the
4104 * and attach security information to SOCK_INODE(sock)->i_security. This hook
4328 * This hook allows the security module to provide peer socket security state
4349 * This hook allows the security module to provide peer socket security state
4352 * option via getsockopt. It can then retrieve the security state returned by
4384 * Allocate and attach a security structure to the sk->sk_security field, which
4385 * is used to copy security attributes between local stream sockets.
4405 * Deallocate security structure.
4419 * Clone/copy security structure.
4550 * @security: pointer to the LSM blob
4552 * This hook allows a module to allocate a security structure for a TUN device,
4553 * returning the pointer in @security.
4557 int security_tun_dev_alloc_security(void **security)
4561 rc = lsm_blob_alloc(security, blob_sizes.lbs_tun_dev, GFP_KERNEL);
4565 rc = call_int_hook(tun_dev_alloc_security, *security);
4567 kfree(*security);
4568 *security = NULL;
4576 * @security: LSM blob
4578 * This hook allows a module to free the security structure for a TUN device.
4580 void security_tun_dev_free_security(void *security)
4582 kfree(security);
4601 * @security: TUN device LSM blob
4607 int security_tun_dev_attach_queue(void *security)
4609 return call_int_hook(tun_dev_attach_queue, security);
4616 * @security: TUN device LSM blob
4618 * This hook can be used by the module to update any security state associated
4623 int security_tun_dev_attach(struct sock *sk, void *security)
4625 return call_int_hook(tun_dev_attach, sk, security);
4631 * @security: TUN device LSM blob
4633 * This hook can be used by the module to update any security state associated
4634 * with the TUN device's security structure.
4638 int security_tun_dev_open(void *security)
4640 return call_int_hook(tun_dev_open, security);
4704 * security module.
4772 * Allocate a security structure for Infiniband objects.
4797 * Deallocate an Infiniband security structure.
4809 * @ctxp: xfrm security context being added to the SPD
4810 * @sec_ctx: security label provided by userspace
4813 * Allocate a security structure to the xp->security field; the security field
4828 * @old_ctx: xfrm security context
4829 * @new_ctxp: target xfrm security context
4831 * Allocate a security structure in new_ctxp that contains the information from
4843 * security_xfrm_policy_free() - Free a xfrm security context
4844 * @ctx: xfrm security context
4856 * @ctx: xfrm security context
4870 * @sec_ctx: security label provided by userspace
4872 * Allocate a security structure to the @x->security field; the security field
4888 * @polsec: associated policy's security context
4891 * Allocate a security structure to the x->security field; the security field
4907 * Authorize deletion of x->security.
4921 * Deallocate x->security.
4930 * @ctx: target xfrm security context
4983 * Decode the packet in @skb and return the security label in @secid.
5009 * Permit allocation of a key and assign security data. Note that key does not
5031 * Notification of destruction; free security data.
5035 kfree(key->security);
5036 key->security = NULL;
5056 * security_key_getsecurity() - Get the key's security label
5058 * @buffer: security label buffer
5060 * Get a textual representation of the security context attached to a key for
5066 * there is no security label assigned to the key.
5142 * @prop: security label
5169 * the kernel. The actual security module can implement their own rules to
5325 * Clean up the security information stored inside bpf map.
5330 kfree(map->security);
5331 map->security = NULL;
5338 * Clean up the security information stored inside BPF program.
5343 kfree(prog->aux->security);
5344 prog->aux->security = NULL;
5351 * Clean up the security information stored inside BPF token.
5356 kfree(token->security);
5357 token->security = NULL;
5380 * Allocate and attach a security structure to @bdev->bd_security. The
5381 * security field is initialized to NULL when the bdev structure is
5406 * Deallocate the bdev security structure and set @bdev->bd_security to NULL.
5429 * Please note that the new hook should be invoked every time the security
5473 * Allocate and save perf_event security info.
5481 rc = lsm_blob_alloc(&event->security, blob_sizes.lbs_perf_event,
5488 kfree(event->security);
5489 event->security = NULL;
5498 * Release (free) perf_event security info.
5502 kfree(event->security);
5503 event->security = NULL;
5510 * Read perf_event security info if allowed.
5523 * Write perf_event security info if allowed.