Lines Matching +full:additional +full:- +full:devs
1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
9 * Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
25 #include <linux/backing-dev.h>
157 * lsm_file_alloc - allocate a composite file blob
162 * Returns 0, or -ENOMEM if memory can't be allocated.
167 file->f_security = NULL; in lsm_file_alloc()
171 file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); in lsm_file_alloc()
172 if (file->f_security == NULL) in lsm_file_alloc()
173 return -ENOMEM; in lsm_file_alloc()
178 * lsm_backing_file_alloc - allocate a composite backing file blob
183 * Returns 0, or -ENOMEM if memory can't be allocated.
197 return -ENOMEM; in lsm_backing_file_alloc()
202 * lsm_blob_alloc - allocate a composite blob
209 * Returns 0, or -ENOMEM if memory can't be allocated.
220 return -ENOMEM; in lsm_blob_alloc()
225 * lsm_cred_alloc - allocate a composite cred blob
231 * Returns 0, or -ENOMEM if memory can't be allocated.
235 return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
239 * lsm_inode_alloc - allocate a composite inode blob
245 * Returns 0, or -ENOMEM if memory can't be allocated.
250 inode->i_security = NULL; in lsm_inode_alloc()
254 inode->i_security = kmem_cache_zalloc(lsm_inode_cache, gfp); in lsm_inode_alloc()
255 if (inode->i_security == NULL) in lsm_inode_alloc()
256 return -ENOMEM; in lsm_inode_alloc()
261 * lsm_task_alloc - allocate a composite task blob
266 * Returns 0, or -ENOMEM if memory can't be allocated.
270 return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
274 * lsm_ipc_alloc - allocate a composite ipc blob
279 * Returns 0, or -ENOMEM if memory can't be allocated.
283 return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
288 * lsm_key_alloc - allocate a composite key blob
293 * Returns 0, or -ENOMEM if memory can't be allocated.
297 return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL); in lsm_key_alloc()
302 * lsm_msg_msg_alloc - allocate a composite msg_msg blob
307 * Returns 0, or -ENOMEM if memory can't be allocated.
311 return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg, in lsm_msg_msg_alloc()
316 * lsm_bdev_alloc - allocate a composite block_device blob
321 * Returns 0, or -ENOMEM if memory can't be allocated.
325 return lsm_blob_alloc(&bdev->bd_security, blob_sizes.lbs_bdev, in lsm_bdev_alloc()
331 * lsm_bpf_map_alloc - allocate a composite bpf_map blob
336 * Returns 0, or -ENOMEM if memory can't be allocated.
340 return lsm_blob_alloc(&map->security, blob_sizes.lbs_bpf_map, GFP_KERNEL); in lsm_bpf_map_alloc()
344 * lsm_bpf_prog_alloc - allocate a composite bpf_prog blob
349 * Returns 0, or -ENOMEM if memory can't be allocated.
353 return lsm_blob_alloc(&prog->aux->security, blob_sizes.lbs_bpf_prog, GFP_KERNEL); in lsm_bpf_prog_alloc()
357 * lsm_bpf_token_alloc - allocate a composite bpf_token blob
362 * Returns 0, or -ENOMEM if memory can't be allocated.
366 return lsm_blob_alloc(&token->security, blob_sizes.lbs_bpf_token, GFP_KERNEL); in lsm_bpf_token_alloc()
371 * lsm_superblock_alloc - allocate a composite superblock blob
376 * Returns 0, or -ENOMEM if memory can't be allocated.
380 return lsm_blob_alloc(&sb->s_security, blob_sizes.lbs_superblock, in lsm_superblock_alloc()
385 * lsm_fill_user_ctx - Fill a user space lsm_ctx structure
397 * Returns 0 on success, -E2BIG if userspace buffer is not large enough,
398 * -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
410 rc = -E2BIG; in lsm_fill_user_ctx()
414 /* no buffer - return success/0 and set @uctx_len to the req size */ in lsm_fill_user_ctx()
420 rc = -ENOMEM; in lsm_fill_user_ctx()
423 nctx->id = id; in lsm_fill_user_ctx()
424 nctx->flags = flags; in lsm_fill_user_ctx()
425 nctx->len = nctx_len; in lsm_fill_user_ctx()
426 nctx->ctx_len = val_len; in lsm_fill_user_ctx()
427 memcpy(nctx->ctx, val, val_len); in lsm_fill_user_ctx()
430 rc = -EFAULT; in lsm_fill_user_ctx()
500 scall - static_calls_table.NAME < MAX_LSM_COUNT; scall++) \
501 if (static_key_enabled(&scall->active->key))
506 * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
519 * security_binder_transaction() - Check if a binder transaction is allowed
534 * security_binder_transfer_binder() - Check if a binder transfer is allowed
549 * security_binder_transfer_file() - Check if a binder file xfer is allowed
565 * security_ptrace_access_check() - Check if tracing is allowed
584 * security_ptrace_traceme() - Check if tracing is allowed
599 * security_capget() - Get the capability sets for a process
621 * security_capset() - Set the capability sets for a process
643 * security_capable() - Check if a process has the necessary capability
664 * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
680 * security_quota_on() - Check if QUOTAON is allowed for a dentry
693 * security_syslog() - Check if accessing the kernel message ring is allowed
708 * security_settime64() - Check if changing the system time is allowed
723 * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
748 rc = scall->hl->hook.vm_enough_memory(mm, pages); in security_vm_enough_memory_mm()
758 * security_bprm_creds_for_exec() - Prepare the credentials for exec()
761 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
762 * properly for executing @bprm->file, update the LSM's portion of
763 * @bprm->cred->security to be what commit_creds needs to install for the new
765 * transitions between security domains). The hook must set @bprm->secureexec
769 * If execveat(2) is called with the AT_EXECVE_CHECK flag, bprm->is_check is
773 * This hook must not change current->cred, only @bprm->cred.
783 * security_bprm_creds_from_file() - Update linux_binprm creds based on file
788 * exec, update @bprm->cred to reflect that change. This is called after
793 * transitions between security domains). The hook must set @bprm->secureexec
795 * hook must add to @bprm->per_clear any personality flags that should be
796 * cleared from current->personality. @bprm contains the linux_binprm
807 * security_bprm_check() - Mediate binary handler search
811 * It allows a check against the @bprm->cred->security value which was set in
824 * security_bprm_committing_creds() - Install creds for a process during exec()
829 * by @current->cred and the information set in @bprm->cred by the
841 * security_bprm_committed_creds() - Tidy up after cred install during exec()
846 * point, been set to @current->cred. @bprm points to the linux_binprm
848 * process such as clearing out non-inheritable signal state. This is called
857 * security_fs_context_submount() - Initialise fc->security
861 * Fill out the ->security field for a new fs_context.
871 * security_fs_context_dup() - Duplicate a fs_context LSM blob
875 * Allocate and attach a security structure to sc->security. This pointer is
887 * security_fs_context_parse_param() - Configure a filesystem context
895 * returned to the caller -ENOPARAM is returned, otherwise a negative
903 int rc = -ENOPARAM; in security_fs_context_parse_param()
906 trc = scall->hl->hook.fs_context_parse_param(fc, param); in security_fs_context_parse_param()
909 else if (trc != -ENOPARAM) in security_fs_context_parse_param()
916 * security_sb_alloc() - Allocate a super_block LSM blob
919 * Allocate and attach a security structure to the sb->s_security field. The
938 * security_sb_delete() - Release super_block LSM associated objects
950 * security_sb_free() - Free a super_block LSM blob
953 * Deallocate and clear the sb->s_security field. @sb contains the super_block
959 kfree(sb->s_security); in security_sb_free()
960 sb->s_security = NULL; in security_sb_free()
964 * security_free_mnt_opts() - Free memory associated with mount options
979 * security_sb_eat_lsm_opts() - Consume LSM mount options
994 * security_sb_mnt_opts_compat() - Check if new mount options are allowed
1011 * security_sb_remount() - Verify no incompatible mount changes during remount
1028 * security_sb_kern_mount() - Check if a kernel mount is allowed
1041 * security_sb_show_options() - Output the mount options for a superblock
1055 * security_sb_statfs() - Check if accessing fs stats is allowed
1069 * security_sb_mount() - Check permission for mounting a filesystem
1092 * security_sb_umount() - Check permission for unmounting a filesystem
1106 * security_sb_pivotroot() - Check permissions for pivoting the rootfs
1121 * security_sb_set_mnt_opts() - Set the mount options for a filesystem
1137 int rc = mnt_opts ? -EOPNOTSUPP : LSM_RET_DEFAULT(sb_set_mnt_opts); in security_sb_set_mnt_opts()
1140 rc = scall->hl->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags, in security_sb_set_mnt_opts()
1150 * security_sb_clone_mnt_opts() - Duplicate superblock mount options
1171 * security_move_mount() - Check permissions for moving a mount
1186 * security_path_notify() - Check if setting a watch is allowed
1203 * security_inode_alloc() - Allocate an inode LSM blob
1207 * Allocate and attach a security structure to @inode->i_security. The
1233 * security_inode_free() - Free an inode's LSM blob
1243 * a call to security_inode_free(). For this reason the inode->i_security
1251 if (!inode->i_security) in security_inode_free()
1253 call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); in security_inode_free()
1257 * security_dentry_init_security() - Perform dentry initialization
1281 * security_dentry_create_files_as() - Perform dentry initialization
1305 * security_inode_init_security() - Initialize an inode's LSM context
1321 * slot, the hook function should set ->name to the attribute name suffix
1322 * (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1323 * to the attribute value, to set ->value_len to the length of the value. If
1326 * -EOPNOTSUPP to skip this processing.
1337 int ret = -EOPNOTSUPP, xattr_count = 0; in security_inode_init_security()
1350 return -ENOMEM; in security_inode_init_security()
1354 ret = scall->hl->hook.inode_init_security(inode, dir, qstr, new_xattrs, in security_inode_init_security()
1356 if (ret && ret != -EOPNOTSUPP) in security_inode_init_security()
1359 * As documented in lsm_hooks.h, -EOPNOTSUPP in this context in security_inode_init_security()
1372 for (; xattr_count > 0; xattr_count--) in security_inode_init_security()
1373 kfree(new_xattrs[xattr_count - 1].value); in security_inode_init_security()
1375 return (ret == -EOPNOTSUPP) ? 0 : ret; in security_inode_init_security()
1380 * security_inode_init_security_anon() - Initialize an anonymous inode
1388 * Return: Returns 0 on success, -EACCES if the security module denies the
1389 * creation of this inode, or another -errno upon other errors.
1401 * security_path_mknod() - Check if creating a special file is allowed
1415 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mknod()
1422 * security_path_post_mknod() - Update inode security after reg file creation
1436 * security_path_mkdir() - Check if creating a new directory is allowed
1448 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mkdir()
1455 * security_path_rmdir() - Check if removing a directory is allowed
1465 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_rmdir()
1471 * security_path_unlink() - Check if removing a hard link is allowed
1481 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_unlink()
1488 * security_path_symlink() - Check if creating a symbolic link is allowed
1500 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_symlink()
1506 * security_path_link - Check if creating a hard link is allowed
1524 * security_path_rename() - Check if renaming a file is allowed
1550 * security_path_truncate() - Check if truncating a file is allowed
1561 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_truncate()
1567 * security_path_chmod() - Check if changing the file's mode is allowed
1579 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chmod()
1585 * security_path_chown() - Check if changing the file's owner/group is allowed
1596 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chown()
1602 * security_path_chroot() - Check if changing the root directory is allowed
1616 * security_inode_create() - Check if creating a file is allowed
1635 * security_inode_post_create_tmpfile() - Update inode security of new tmpfile
1650 * security_inode_link() - Check if creating a hard link is allowed
1668 * security_inode_unlink() - Check if removing a hard link is allowed
1684 * security_inode_symlink() - Check if creating a symbolic link is allowed
1702 * security_inode_mkdir() - Check if creating a new directory is allowed
1721 * security_inode_rmdir() - Check if removing a directory is allowed
1737 * security_inode_mknod() - Check if creating a special file is allowed
1759 * security_inode_rename() - Check if renaming a file is allowed
1791 * security_inode_readlink() - Check if reading a symbolic link is allowed
1806 * security_inode_follow_link() - Check if following a symbolic link is allowed
1809 * @rcu: true if in RCU-walk mode
1825 * security_inode_permission() - Check if accessing an inode is allowed
1831 * provide additional checking for existing Linux permission checks. Notice
1846 * security_inode_setattr() - Check if setting file attributes is allowed
1868 * security_inode_post_setattr() - Update the inode after a setattr operation
1884 * security_inode_getattr() - Check if getting file attributes is allowed
1893 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_inode_getattr()
1899 * security_inode_setxattr() - Check if setting file xattrs is allowed
1909 * additional logic before the main LSM implementation calls to detect if we
1910 * need to perform an additional capability check at the LSM layer.
1945 * security_inode_set_acl() - Check if setting posix acls is allowed
1966 * security_inode_post_set_acl() - Update inode security from posix acls set
1983 * security_inode_get_acl() - Check if reading posix acls is allowed
2002 * security_inode_remove_acl() - Check if removing a posix acl is allowed
2021 * security_inode_post_remove_acl() - Update inode security after rm posix acls
2038 * security_inode_post_setxattr() - Update the inode after a setxattr operation
2056 * security_inode_getxattr() - Check if xattr access is allowed
2073 * security_inode_listxattr() - Check if listing xattrs is allowed
2089 * security_inode_removexattr() - Check if removing an xattr is allowed
2096 * additional logic before the main LSM implementation calls to detect if we
2097 * need to perform an additional capability check at the LSM layer.
2130 * security_inode_post_removexattr() - Update the inode after a removexattr op
2144 * security_inode_file_setattr() - check if setting fsxattr is allowed
2159 * security_inode_file_getattr() - check if retrieving fsxattr is allowed
2174 * security_inode_need_killpriv() - Check if security_inode_killpriv() required
2190 * security_inode_killpriv() - The setuid bit is removed, update LSM state
2195 * Called with the dentry->d_inode->i_mutex held.
2207 * security_inode_getsecurity() - Get the xattr security label of an inode
2234 * security_inode_setsecurity() - Set the xattr security label of an inode
2259 * security_inode_listsecurity() - List the xattr security label names
2281 * security_inode_getlsmprop() - Get an inode's LSM data
2293 * security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2294 * @src: union dentry of copy-up file
2311 * security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2312 * @src: union dentry of copy-up file
2319 * Return: Returns 0 to accept the xattr, -ECANCELED to discard the xattr,
2320 * -EOPNOTSUPP if the security module does not know about attribute,
2336 * security_inode_setintegrity() - Set the inode's integrity data
2356 * security_kernfs_init_security() - Init LSM context for a kernfs node
2372 * security_file_permission() - Check file permissions
2378 * this hook to perform additional checking on these operations, e.g. to
2385 * memory-mapped files. Security modules must handle this separately if they
2396 * security_file_alloc() - Allocate and init a file's LSM blob
2399 * Allocate and attach a security structure to the file->f_security field. The
2417 * security_file_release() - Perform actions before releasing the file ref
2428 * security_file_free() - Free a file's LSM blob
2431 * Deallocate and free any security structures stored in file->f_security.
2439 blob = file->f_security; in security_file_free()
2441 file->f_security = NULL; in security_file_free()
2447 * security_backing_file_alloc() - Allocate and setup a backing file blob
2479 * security_backing_file_free() - Free a backing file blob
2498 * security_file_ioctl() - Check if an ioctl is allowed
2517 * security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2522 * Compat version of security_file_ioctl() that correctly handles 32-bit
2523 * processes running on 64-bit kernels.
2542 if (!(current->personality & READ_IMPLIES_EXEC)) in mmap_prot()
2553 if (!path_noexec(&file->f_path)) { in mmap_prot()
2555 if (file->f_op->mmap_capabilities) { in mmap_prot()
2556 unsigned caps = file->f_op->mmap_capabilities(file); in mmap_prot()
2568 * security_mmap_file() - Check if mmap'ing a file is allowed
2586 * security_mmap_backing_file - Check if mmap'ing a backing file is allowed
2594 * on @user_file has already been authorized and the @vma->vm_file has been
2603 /* recommended by the stackable filesystem devs */ in security_mmap_backing_file()
2604 if (WARN_ON_ONCE(!(backing_file->f_mode & FMODE_BACKING))) in security_mmap_backing_file()
2605 return -EIO; in security_mmap_backing_file()
2612 * security_mmap_addr() - Check if mmap'ing an address is allowed
2625 * security_file_mprotect() - Check if changing memory protections is allowed
2641 * security_file_lock() - Check if a file lock is allowed
2656 * security_file_fcntl() - Check if fcntl() op is allowed
2675 * security_file_set_fowner() - Set the file owner info in the LSM blob
2678 * Save owner security information (typically from current->security) in
2679 * file->f_security for later use by the send_sigiotask hook.
2681 * This hook is called with file->f_owner.lock held.
2691 * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2711 * security_file_receive() - Check if receiving a file via IPC is allowed
2725 * security_file_open() - Save open() time state for late use by the LSM
2728 * Save open-time permission checking state for later use upon file_permission,
2732 * directly or indirectly (e.g. ELF's ld.so) by checking file->f_flags &
2743 * security_file_post_open() - Evaluate a file after it has been opened
2760 * security_file_truncate() - Check if truncating a file is allowed
2775 * security_task_alloc() - Allocate a task's LSM blob
2779 * Handle allocation of task-related resources.
2796 * security_task_free() - Free a task's LSM blob and related resources
2799 * Handle release of task-related resources. Note that this can be called from
2806 kfree(task->security); in security_task_free()
2807 task->security = NULL; in security_task_free()
2811 * security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
2834 * security_cred_free() - Free the cred's LSM blob and associated resources
2837 * Deallocate and clear the cred->security field in a set of credentials.
2843 * may result in a call here with ->security being NULL. in security_cred_free()
2845 if (unlikely(cred->security == NULL)) in security_cred_free()
2850 kfree(cred->security); in security_cred_free()
2851 cred->security = NULL; in security_cred_free()
2855 * security_prepare_creds() - Prepare a new set of credentials
2878 * security_transfer_creds() - Transfer creds
2890 * security_cred_getsecid() - Get the secid from a set of credentials
2905 * security_cred_getlsmprop() - Get the LSM data from a set of credentials
2920 * security_kernel_act_as() - Set the kernel credentials to act as secid
2935 * security_kernel_create_files_as() - Set file creation context using an inode
2951 * security_kernel_module_request() - Check if loading a module is allowed
2965 * security_kernel_read_file() - Read a file specified by userspace
2982 * security_kernel_post_read_file() - Read a file specified by userspace
3002 * security_kernel_load_data() - Load data provided by userspace
3017 * security_kernel_post_load_data() - Load userspace data from a non-file source
3023 * Load data provided by a non-file source (usually userspace buffer). This
3039 * security_task_fix_setuid() - Update LSM with new user id attributes
3048 * rather than to @current->cred.
3059 * security_task_fix_setgid() - Update LSM with new group id attributes
3068 * @current->cred.
3079 * security_task_fix_setgroups() - Update LSM with new supplementary groups
3086 * @current->cred.
3096 * security_task_setpgid() - Check if setting the pgid is allowed
3111 * security_task_getpgid() - Check if getting the pgid is allowed
3125 * security_task_getsid() - Check if getting the session id is allowed
3138 * security_current_getlsmprop_subj() - Current task's subjective LSM data
3152 * security_task_getlsmprop_obj() - Get a task's objective LSM data
3167 * security_task_setnice() - Check if setting a task's nice value is allowed
3181 * security_task_setioprio() - Check if setting a task's ioprio is allowed
3195 * security_task_getioprio() - Check if getting a task's ioprio is allowed
3208 * security_task_prlimit() - Check if get/setting resources limits is allowed
3225 * security_task_setrlimit() - Check if setting a new rlimit value is allowed
3232 * dereferencing (p->signal->rlim + resource).
3243 * security_task_setscheduler() - Check if setting sched policy/param is allowed
3257 * security_task_getscheduler() - Check if getting scheduling info is allowed
3270 * security_task_movememory() - Check if moving memory is allowed
3283 * security_task_kill() - Check if sending a signal is allowed
3304 * security_task_prctl() - Check if a prctl op is allowed
3314 * Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3325 thisrc = scall->hl->hook.task_prctl(option, arg2, arg3, arg4, arg5); in security_task_prctl()
3336 * security_task_to_inode() - Set the security attributes of a task's inode
3349 * security_create_user_ns() - Check if creating a new userns is allowed
3362 * security_ipc_permission() - Check if sysv ipc access is allowed
3376 * security_ipc_getlsmprop() - Get the sysv ipc object LSM data
3390 * security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3393 * Allocate and attach a security structure to the msg->security field. The
3411 * security_msg_msg_free() - Free a sysv ipc message LSM blob
3419 kfree(msg->security); in security_msg_msg_free()
3420 msg->security = NULL; in security_msg_msg_free()
3424 * security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3445 * security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3448 * Deallocate security field @perm->security for the message queue.
3453 kfree(msq->security); in security_msg_queue_free()
3454 msq->security = NULL; in security_msg_queue_free()
3458 * security_msg_queue_associate() - Check if a msg queue operation is allowed
3474 * security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3489 * security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3506 * security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3527 * security_shm_alloc() - Allocate a sysv shm LSM blob
3548 * security_shm_free() - Free a sysv shm LSM blob
3551 * Deallocate the security structure @perm->security for the memory segment.
3556 kfree(shp->security); in security_shm_free()
3557 shp->security = NULL; in security_shm_free()
3561 * security_shm_associate() - Check if a sysv shm operation is allowed
3578 * security_shm_shmctl() - Check if a sysv shm operation is allowed
3593 * security_shm_shmat() - Check if a sysv shm attach operation is allowed
3611 * security_sem_alloc() - Allocate a sysv semaphore LSM blob
3632 * security_sem_free() - Free a sysv semaphore LSM blob
3635 * Deallocate security structure @sma->security for the semaphore.
3640 kfree(sma->security); in security_sem_free()
3641 sma->security = NULL; in security_sem_free()
3645 * security_sem_associate() - Check if a sysv semaphore operation is allowed
3661 * security_sem_semctl() - Check if a sysv semaphore operation is allowed
3676 * security_sem_semop() - Check if a sysv semaphore operation is allowed
3694 * security_d_instantiate() - Populate an inode's LSM state based on a dentry
3713 * security_getselfattr - Read an LSM attribute of the current process.
3715 * @uctx: the user-space destination for the information, or NULL
3726 * If @size is insufficient to contain the data -E2BIG is returned.
3743 return -EINVAL; in security_getselfattr()
3745 return -EINVAL; in security_getselfattr()
3747 return -EFAULT; in security_getselfattr()
3754 return -EINVAL; in security_getselfattr()
3756 return -EFAULT; in security_getselfattr()
3761 return -EINVAL; in security_getselfattr()
3770 if (single && lctx.id != scall->hl->lsmid->id) in security_getselfattr()
3775 rc = scall->hl->hook.getselfattr(attr, uctx, &entrysize, flags); in security_getselfattr()
3776 if (rc == -EOPNOTSUPP) in security_getselfattr()
3778 if (rc == -E2BIG) { in security_getselfattr()
3785 left -= entrysize; in security_getselfattr()
3793 return -EFAULT; in security_getselfattr()
3795 return -E2BIG; in security_getselfattr()
3806 * security_setselfattr - Set an LSM attribute on the current process.
3808 * @uctx: the user-space source for the information
3815 * Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT
3828 return -EINVAL; in security_setselfattr()
3830 return -EINVAL; in security_setselfattr()
3832 return -E2BIG; in security_setselfattr()
3838 if (size < lctx->len || in security_setselfattr()
3839 check_add_overflow(sizeof(*lctx), lctx->ctx_len, &required_len) || in security_setselfattr()
3840 lctx->len < required_len) { in security_setselfattr()
3841 rc = -EINVAL; in security_setselfattr()
3846 if ((scall->hl->lsmid->id) == lctx->id) { in security_setselfattr()
3847 rc = scall->hl->hook.setselfattr(attr, lctx, size, flags); in security_setselfattr()
3857 * security_getprocattr() - Read an attribute for a task
3873 if (lsmid != 0 && lsmid != scall->hl->lsmid->id) in security_getprocattr()
3875 return scall->hl->hook.getprocattr(p, name, value); in security_getprocattr()
3881 * security_setprocattr() - Set an attribute for a task
3897 if (lsmid != 0 && lsmid != scall->hl->lsmid->id) in security_setprocattr()
3899 return scall->hl->hook.setprocattr(name, value, size); in security_setprocattr()
3905 * security_ismaclabel() - Check if the named attribute is a MAC label
3919 * security_secid_to_secctx() - Convert a secid to a secctx
3937 * security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
3960 if (lsmid != LSM_ID_UNDEF && lsmid != scall->hl->lsmid->id) in security_lsmprop_to_secctx()
3962 return scall->hl->hook.lsmprop_to_secctx(prop, cp); in security_lsmprop_to_secctx()
3969 * security_secctx_to_secid() - Convert a secctx to a secid
3986 * security_release_secctx() - Free a secctx buffer
3999 * security_inode_invalidate_secctx() - Invalidate an inode's security label
4012 * security_inode_notifysecctx() - Notify the LSM of an inode's security label
4022 * Must be called with inode->i_mutex locked.
4033 * security_inode_setsecctx() - Change the security label of an inode
4044 * inode->i_mutex locked.
4055 * security_inode_getsecctx() - Get the security label of an inode
4073 * security_post_notification() - Check if a watch notification can be posted
4092 * security_watch_key() - Check if a task is allowed to watch for key events
4108 * security_netlink_send() - Save info and check if netlink sending is allowed
4126 * security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4154 * security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4180 * security_socket_create() - Check if creating a new socket is allowed
4196 * security_socket_post_create() - Initialize a newly created socket
4203 * This hook allows a module to update or allocate a per-socket security
4207 * and attach security information to SOCK_INODE(sock)->i_security. This hook
4208 * may be used to update the SOCK_INODE(sock)->i_security field with additional
4221 * security_socket_socketpair() - Check if creating a socketpair is allowed
4237 * security_socket_bind() - Check if a socket bind operation is allowed
4255 * security_socket_connect() - Check if a socket connect operation is allowed
4272 * security_socket_listen() - Check if a socket is allowed to listen
4286 * security_socket_accept() - Check if a socket is allowed to accept connections
4302 * security_socket_sendmsg() - Check if sending a message is allowed
4317 * security_socket_recvmsg() - Check if receiving a message is allowed
4334 * security_socket_getsockname() - Check if reading the socket addr is allowed
4348 * security_socket_getpeername() - Check if reading the peer's addr is allowed
4361 * security_socket_getsockopt() - Check if reading a socket option is allowed
4377 * security_socket_setsockopt() - Check if setting a socket option is allowed
4392 * security_socket_shutdown() - Checks if shutting down the socket is allowed
4407 * security_sock_rcv_skb() - Check if an incoming network packet is allowed
4425 * security_socket_getpeersec_stream() - Get the remote peer label
4447 * security_socket_getpeersec_dgram() - Get the remote peer label
4453 * for udp sockets on a per-packet basis to userspace via getsockopt
4468 * lsm_sock_alloc - allocate a composite sock blob
4474 * Returns 0, or -ENOMEM if memory can't be allocated.
4478 return lsm_blob_alloc(&sock->sk_security, blob_sizes.lbs_sock, gfp); in lsm_sock_alloc()
4482 * security_sk_alloc() - Allocate and initialize a sock's LSM blob
4487 * Allocate and attach a security structure to the sk->sk_security field, which
4505 * security_sk_free() - Free the sock's LSM blob
4513 kfree(sk->sk_security); in security_sk_free()
4514 sk->sk_security = NULL; in security_sk_free()
4518 * security_sk_clone() - Clone a sock's LSM state
4531 * security_sk_classify_flow() - Set a flow's secid based on socket
4539 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); in security_sk_classify_flow()
4544 * security_req_classify_flow() - Set a flow's secid based on request_sock
4558 * security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
4572 * security_inet_conn_request() - Set request_sock state using incoming connect
4589 * security_inet_csk_clone() - Set new sock LSM state based on request_sock
4602 * security_inet_conn_established() - Update sock's LSM state with connection
4616 * security_secmark_relabel_packet() - Check if setting a secmark is allowed
4630 * security_secmark_refcount_inc() - Increment the secmark labeling rule count
4641 * security_secmark_refcount_dec() - Decrement the secmark labeling rule count
4652 * security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
4678 * security_tun_dev_free_security() - Free a TUN device LSM blob
4690 * security_tun_dev_create() - Check if creating a TUN device is allowed
4703 * security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4717 * security_tun_dev_attach() - Update TUN device LSM state on attach
4733 * security_tun_dev_open() - Update TUN device LSM state on open
4748 * security_sctp_assoc_request() - Update the LSM on a SCTP association req
4752 * Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
4764 * security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
4785 * security_sctp_sk_clone() - Clone a SCTP sock's LSM state
4802 * security_sctp_assoc_established() - Update LSM state when assoc established
4806 * Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
4819 * security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
4839 * security_unix_find() - Check if a named AF_UNIX socket can connect
4859 * security_ib_pkey_access() - Check if access to an IB pkey is allowed
4875 * security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
4892 * security_ib_alloc_security() - Allocate an Infiniband LSM blob
4897 * Return: Returns 0 on success, non-zero on failure.
4917 * security_ib_free_security() - Free an Infiniband LSM blob
4931 * security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
4936 * Allocate a security structure to the xp->security field; the security field
4950 * security_xfrm_policy_clone() - Clone xfrm policy LSM state
4966 * security_xfrm_policy_free() - Free a xfrm security context
4978 * security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
4991 * security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
4995 * Allocate a security structure to the @x->security field; the security field
5009 * security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
5014 * Allocate a security structure to the x->security field; the security field
5027 * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
5030 * Authorize deletion of x->security.
5041 * security_xfrm_state_free() - Free a xfrm state
5044 * Deallocate x->security.
5052 * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
5057 * packet. The hook is called when selecting either a per-socket policy or a
5060 * Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
5069 * security_xfrm_state_pol_flow_match() - Check for a xfrm match
5095 rc = scall->hl->hook.xfrm_state_pol_flow_match(x, xp, flic); in security_xfrm_state_pol_flow_match()
5102 * security_xfrm_decode_session() - Determine the xfrm secid for a packet
5117 int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid, in security_skb_classify_flow()
5127 * security_key_alloc() - Allocate and initialize a kernel key LSM blob
5135 * Return: Return 0 if permission is granted, -ve error otherwise.
5151 * security_key_free() - Free a kernel key LSM blob
5158 kfree(key->security); in security_key_free()
5159 key->security = NULL; in security_key_free()
5163 * security_key_permission() - Check if a kernel key operation is allowed
5170 * Return: Return 0 if permission is granted, -ve error otherwise.
5179 * security_key_getsecurity() - Get the key's security label
5185 * storage for the NUL-terminated string and the caller should free it.
5187 * Return: Returns the length of @buffer (including terminating NUL) or -ve if
5198 * security_key_post_create_or_update() - Notification of key create or update
5219 * security_audit_rule_init() - Allocate and init an LSM audit rule struct
5228 * Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5238 * security_audit_rule_known() - Check if an audit rule contains LSM fields
5252 * security_audit_rule_free() - Free an LSM audit rule struct
5264 * security_audit_rule_match() - Check if a label matches an audit rule
5273 * Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5285 * security_bpf() - Check if the bpf syscall operation is allowed
5303 * security_bpf_map() - Check if access to a bpf map is allowed
5318 * security_bpf_prog() - Check if access to a bpf program is allowed
5332 * security_bpf_map_create() - Check if BPF map creation is allowed
5359 * security_bpf_prog_load() - Check if loading of BPF program is allowed
5387 * security_bpf_token_create() - Check if creating of BPF token is allowed
5413 * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5429 * security_bpf_token_capable() - Check if BPF token is allowed to delegate
5430 * requested BPF-related capability
5435 * delegation of requested BPF-related capabilities.
5445 * security_bpf_map_free() - Free a bpf map's LSM blob
5453 kfree(map->security); in security_bpf_map_free()
5454 map->security = NULL; in security_bpf_map_free()
5458 * security_bpf_prog_free() - Free a BPF program's LSM blob
5466 kfree(prog->aux->security); in security_bpf_prog_free()
5467 prog->aux->security = NULL; in security_bpf_prog_free()
5471 * security_bpf_token_free() - Free a BPF token's LSM blob
5479 kfree(token->security); in security_bpf_token_free()
5480 token->security = NULL; in security_bpf_token_free()
5485 * security_locked_down() - Check if a kernel feature is allowed
5500 * security_bdev_alloc() - Allocate a block device LSM blob
5503 * Allocate and attach a security structure to @bdev->bd_security. The
5526 * security_bdev_free() - Free a block device's LSM blob
5529 * Deallocate the bdev security structure and set @bdev->bd_security to NULL.
5533 if (!bdev->bd_security) in security_bdev_free()
5538 kfree(bdev->bd_security); in security_bdev_free()
5539 bdev->bd_security = NULL; in security_bdev_free()
5544 * security_bdev_setintegrity() - Set the device's integrity data
5553 * information is updated to keep these data current. For example, in dm-verity,
5554 * if the mapping table is reloaded and configured to use a different dm-verity
5556 * data in the LSM blob will become obsolete. It is crucial to re-invoke the
5558 * arises from the design of device-mapper, where a device-mapper device is
5580 * security_perf_event_open() - Check if a perf event open is allowed
5593 * security_perf_event_alloc() - Allocate a perf event LSM blob
5604 rc = lsm_blob_alloc(&event->security, blob_sizes.lbs_perf_event, in security_perf_event_alloc()
5611 kfree(event->security); in security_perf_event_alloc()
5612 event->security = NULL; in security_perf_event_alloc()
5618 * security_perf_event_free() - Free a perf event LSM blob
5625 kfree(event->security); in security_perf_event_free()
5626 event->security = NULL; in security_perf_event_free()
5630 * security_perf_event_read() - Check if reading a perf event label is allowed
5643 * security_perf_event_write() - Check if writing a perf event label is allowed
5658 * security_uring_override_creds() - Check if overriding creds is allowed
5672 * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5685 * security_uring_cmd() - Check if a io_uring passthrough command is allowed
5698 * security_uring_allowed() - Check if io_uring_setup() is allowed
5711 * security_initramfs_populated() - Notify LSMs that initramfs has been loaded