Lines Matching full:check
480 * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
483 * Check whether @mgr is allowed to be the binder context manager.
493 * security_binder_transaction() - Check if a binder transaction is allowed
497 * Check whether @from is allowed to invoke a binder transaction call to @to.
508 * security_binder_transfer_binder() - Check if a binder transfer is allowed
512 * Check whether @from is allowed to transfer a binder reference to @to.
523 * security_binder_transfer_file() - Check if a binder file xfer is allowed
528 * Check whether @from is allowed to transfer @file to @to.
539 * security_ptrace_access_check() - Check if tracing is allowed
543 * Check permission before allowing the current process to trace the @child
544 * process. Security modules may also want to perform a process tracing check
545 * during an execve in the set_security or apply_creds hooks of tracing check
558 * security_ptrace_traceme() - Check if tracing is allowed
561 * Check that the @parent process has sufficient permission to trace the
617 * security_capable() - Check if a process has the necessary capability
621 * @opts: capability check options
623 * Check whether the @tsk process has the @cap capability in the indicated
625 * @opts contains options for the capable check <include/linux/security.h>.
638 * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
644 * Check whether the quotactl syscall is allowed for this @sb.
654 * security_quota_on() - Check if QUOTAON is allowed for a dentry
657 * Check whether QUOTAON is allowed for @dentry.
667 * security_syslog() - Check if accessing the kernel message ring is allowed
670 * Check permission before accessing the kernel message ring or changing
682 * security_settime64() - Check if changing the system time is allowed
686 * Check permission to change the system time, struct timespec64 is defined in
697 * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
701 * Check permissions for allocating a new virtual mapping. If all LSMs return
738 * program. This hook may also optionally check permissions (e.g. for
766 * different file. This hook may also optionally check permissions (e.g. for
785 * It allows a check against the @bprm->cred->security value which was set in
968 * security_sb_mnt_opts_compat() - Check if new mount options are allowed
1002 * security_sb_kern_mount() - Check if a kernel mount is allowed
1029 * security_sb_statfs() - Check if accessing fs stats is allowed
1032 * Check permission before obtaining filesystem statistics for the @mnt
1043 * security_sb_mount() - Check permission for mounting a filesystem
1050 * Check permission before an object specified by @dev_name is mounted on the
1066 * security_sb_umount() - Check permission for unmounting a filesystem
1070 * Check permission before the @mnt file system is unmounted.
1080 * security_sb_pivotroot() - Check permissions for pivoting the rootfs
1084 * Check permission before pivoting the root filesystem.
1145 * security_move_mount() - Check permissions for moving a mount
1149 * Check permission before a mount is moved.
1160 * security_path_notify() - Check if setting a watch is allowed
1165 * Check permissions before setting a watch on events as defined by @mask, on
1375 * security_path_mknod() - Check if creating a special file is allowed
1381 * Check permissions when creating a file. Note that this hook is called even
1410 * security_path_mkdir() - Check if creating a new directory is allowed
1415 * Check permissions to create a new directory in the existing directory.
1429 * security_path_rmdir() - Check if removing a directory is allowed
1433 * Check the permission to remove a directory.
1445 * security_path_unlink() - Check if removing a hard link is allowed
1449 * Check the permission to remove a hard link to a file.
1462 * security_path_symlink() - Check if creating a symbolic link is allowed
1467 * Check the permission to create a symbolic link to a file.
1480 * security_path_link - Check if creating a hard link is allowed
1485 * Check permission before creating a new hard link to a file.
1498 * security_path_rename() - Check if renaming a file is allowed
1505 * Check for permission to rename a file or directory.
1524 * security_path_truncate() - Check if truncating a file is allowed
1527 * Check permission before truncating the file indicated by path. Note that
1541 * security_path_chmod() - Check if changing the file's mode is allowed
1545 * Check for permission to change a mode of the file @path. The new mode is
1559 * security_path_chown() - Check if changing the file's owner/group is allowed
1564 * Check for permission to change owner/group of a file or directory.
1576 * security_path_chroot() - Check if changing the root directory is allowed
1579 * Check for permission to change root directory.
1590 * security_inode_create() - Check if creating a file is allowed
1595 * Check permission to create a regular file.
1624 * security_inode_link() - Check if creating a hard link is allowed
1629 * Check permission before creating a new hard link to a file.
1642 * security_inode_unlink() - Check if removing a hard link is allowed
1646 * Check the permission to remove a hard link to a file.
1658 * security_inode_symlink() - Check if creating a symbolic link is allowed
1663 * Check the permission to create a symbolic link to a file.
1676 * security_inode_mkdir() - Check if creating a new directory is allowed
1681 * Check permissions to create a new directory in the existing directory
1695 * security_inode_rmdir() - Check if removing a directory is allowed
1699 * Check the permission to remove a directory.
1711 * security_inode_mknod() - Check if creating a special file is allowed
1717 * Check permissions when creating a special file (or a socket or a fifo file
1733 * security_inode_rename() - Check if renaming a file is allowed
1740 * Check for permission to rename a file or directory.
1765 * security_inode_readlink() - Check if reading a symbolic link is allowed
1768 * Check the permission to read the symbolic link.
1780 * security_inode_follow_link() - Check if following a symbolic link is allowed
1785 * Check permission to follow a symbolic link when looking up a pathname. If
1799 * security_inode_permission() - Check if accessing an inode is allowed
1803 * Check permission before accessing an inode. This hook is called by the
1820 * security_inode_setattr() - Check if setting file attributes is allowed
1825 * Check permission before setting file attributes. Note that the kernel call
1858 * security_inode_getattr() - Check if getting file attributes is allowed
1861 * Check permission before obtaining file attributes.
1873 * security_inode_setxattr() - Check if setting file xattrs is allowed
1884 * need to perform an additional capability check at the LSM layer.
1886 * Normally we enforce a capability check prior to executing the various LSM
1887 * hook implementations, but if a LSM wants to avoid this capability check,
1889 * xattrs that it wants to avoid the capability check, leaving the LSM fully
1892 * or return a 0 (the default return value), the capability check is still
1894 * check is performed.
1919 * security_inode_set_acl() - Check if setting posix acls is allowed
1925 * Check permission before setting posix acls, the posix acls in @kacl are
1957 * security_inode_get_acl() - Check if reading posix acls is allowed
1962 * Check permission before getting osix acls, the posix acls are identified by
1976 * security_inode_remove_acl() - Check if removing a posix acl is allowed
1981 * Check permission before removing posix acls, the posix acls are identified
2030 * security_inode_getxattr() - Check if xattr access is allowed
2034 * Check permission before obtaining the extended attributes identified by
2047 * security_inode_listxattr() - Check if listing xattrs is allowed
2050 * Check permission before obtaining the list of extended attribute names for
2063 * security_inode_removexattr() - Check if removing an xattr is allowed
2071 * need to perform an additional capability check at the LSM layer.
2073 * Normally we enforce a capability check prior to executing the various LSM
2074 * hook implementations, but if a LSM wants to avoid this capability check,
2076 * xattrs that it wants to avoid the capability check, leaving the LSM fully
2079 * or return a 0 (the default return value), the capability check is still
2081 * check is performed.
2118 * security_inode_file_setattr() - check if setting fsxattr is allowed
2133 * security_inode_file_getattr() - check if retrieving fsxattr is allowed
2148 * security_inode_need_killpriv() - Check if security_inode_killpriv() required
2346 * security_file_permission() - Check file permissions
2350 * Check file permissions before accessing an open file. This hook is called
2421 * security_file_ioctl() - Check if an ioctl is allowed
2426 * Check permission for an ioctl operation on @file. Note that @arg sometimes
2440 * security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2491 * security_mmap_file() - Check if mmap'ing a file is allowed
2496 * Check permissions for a mmap operation. The @file may be NULL, e.g. if
2509 * security_mmap_addr() - Check if mmap'ing an address is allowed
2512 * Check permissions for a mmap operation at @addr.
2522 * security_file_mprotect() - Check if changing memory protections is allowed
2527 * Check permissions before changing memory access permissions.
2538 * security_file_lock() - Check if a file lock is allowed
2542 * Check permission before performing file locking operations. Note the hook
2553 * security_file_fcntl() - Check if fcntl() op is allowed
2558 * Check permission before allowing the file operation specified by @cmd from
2588 * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2593 * Check permission for the file owner @fown to send SIGIO or SIGURG to the
2608 * security_file_receive() - Check if receiving a file via IPC is allowed
2628 * We can check if a file is opened for execution (e.g. execve(2) call), either
2657 * security_file_truncate() - Check if truncating a file is allowed
2660 * Check permission before truncating a file, i.e. using ftruncate. Note that
2848 * security_kernel_module_request() - Check if loading a module is allowed
2993 * security_task_setpgid() - Check if setting the pgid is allowed
2997 * Check permission before setting the process group identifier of the process
3008 * security_task_getpgid() - Check if getting the pgid is allowed
3011 * Check permission before getting the process group identifier of the process
3022 * security_task_getsid() - Check if getting the session id is allowed
3025 * Check permission before getting the session identifier of the process @p.
3064 * security_task_setnice() - Check if setting a task's nice value is allowed
3068 * Check permission before setting the nice value of @p to @nice.
3078 * security_task_setioprio() - Check if setting a task's ioprio is allowed
3082 * Check permission before setting the ioprio value of @p to @ioprio.
3092 * security_task_getioprio() - Check if getting a task's ioprio is allowed
3095 * Check permission before getting the ioprio value of @p.
3105 * security_task_prlimit() - Check if get/setting resources limits is allowed
3110 * Check permission before getting and/or setting the resource limits of
3122 * security_task_setrlimit() - Check if setting a new rlimit value is allowed
3127 * Check permission before setting the resource limits of process @p for
3140 * security_task_setscheduler() - Check if setting sched policy/param is allowed
3143 * Check permission before setting scheduling policy and/or parameters of
3154 * security_task_getscheduler() - Check if getting scheduling info is allowed
3157 * Check permission before obtaining scheduling information for process @p.
3167 * security_task_movememory() - Check if moving memory is allowed
3170 * Check permission before moving memory owned by process @p.
3180 * security_task_kill() - Check if sending a signal is allowed
3186 * Check permission before sending signal @sig to @p. @info can be NULL, the
3201 * security_task_prctl() - Check if a prctl op is allowed
3208 * Check permission before performing a process control operation on the
3246 * security_create_user_ns() - Check if creating a new userns is allowed
3249 * Check permission prior to creating a new user namespace.
3259 * security_ipc_permission() - Check if sysv ipc access is allowed
3263 * Check permissions for access to IPC.
3355 * security_msg_queue_associate() - Check if a msg queue operation is allowed
3359 * Check permission when a message queue is requested through the msgget system
3371 * security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3375 * Check permission when a message control operation specified by @cmd is to be
3386 * security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3391 * Check permission before a message, @msg, is enqueued on the message queue
3403 * security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3410 * Check permission before a message, @msg, is removed from the message queue.
3458 * security_shm_associate() - Check if a sysv shm operation is allowed
3462 * Check permission when a shared memory region is requested through the shmget
3475 * security_shm_shmctl() - Check if a sysv shm operation is allowed
3479 * Check permission when a shared memory control operation specified by @cmd is
3490 * security_shm_shmat() - Check if a sysv shm attach operation is allowed
3495 * Check permissions prior to allowing the shmat system call to attach the
3542 * security_sem_associate() - Check if a sysv semaphore operation is allowed
3546 * Check permission when a semaphore is requested through the semget system
3558 * security_sem_semctl() - Check if a sysv semaphore operation is allowed
3562 * Check permission when a semaphore operation specified by @cmd is to be
3573 * security_sem_semop() - Check if a sysv semaphore operation is allowed
3579 * Check permissions before performing operations on members of the semaphore
3802 * security_ismaclabel() - Check if the named attribute is a MAC label
3805 * Check if the extended attribute specified by @name represents a MAC label.
3822 * does mean that the length could change between calls to check the length and
3841 * length could change between calls to check the length and the
3970 * security_post_notification() - Check if a watch notification can be posted
3975 * Check to see if a watch notification can be posted to a particular queue.
3989 * security_watch_key() - Check if a task is allowed to watch for key events
3992 * Check to see if a process is allowed to watch for event notifications from
4005 * security_netlink_send() - Save info and check if netlink sending is allowed
4023 * security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4028 * Check permissions before establishing a Unix domain stream connection
4051 * security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4055 * Check permissions before connecting or sending datagrams from @sock to
4077 * security_socket_create() - Check if creating a new socket is allowed
4083 * Check permissions prior to creating a new socket.
4118 * security_socket_socketpair() - Check if creating a socketpair is allowed
4122 * Check permissions before creating a fresh pair of sockets.
4134 * security_socket_bind() - Check if a socket bind operation is allowed
4139 * Check permission before socket protocol layer bind operation is performed
4152 * security_socket_connect() - Check if a socket connect operation is allowed
4157 * Check permission before socket protocol layer connect operation attempts to
4169 * security_socket_listen() - Check if a socket is allowed to listen
4173 * Check permission before socket protocol layer listen operation.
4183 * security_socket_accept() - Check if a socket is allowed to accept connections
4187 * Check permission before accepting a new connection. Note that the new
4199 * security_socket_sendmsg() - Check if sending a message is allowed
4204 * Check permission before transmitting a message to another socket.
4214 * security_socket_recvmsg() - Check if receiving a message is allowed
4220 * Check permission before receiving a message from a socket.
4231 * security_socket_getsockname() - Check if reading the socket addr is allowed
4234 * Check permission before reading the local address (name) of the socket
4245 * security_socket_getpeername() - Check if reading the peer's addr is allowed
4248 * Check permission before the remote address (name) of a socket object.
4258 * security_socket_getsockopt() - Check if reading a socket option is allowed
4263 * Check permissions before retrieving the options associated with socket
4274 * security_socket_setsockopt() - Check if setting a socket option is allowed
4279 * Check permissions before setting the options associated with socket @sock.
4304 * security_sock_rcv_skb() - Check if an incoming network packet is allowed
4308 * Check permissions on incoming network packets. This hook is distinct from
4513 * security_secmark_relabel_packet() - Check if setting a secmark is allowed
4516 * Check if the process should be allowed to relabel packets to @secid.
4587 * security_tun_dev_create() - Check if creating a TUN device is allowed
4589 * Check permissions prior to creating a new TUN device.
4600 * security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4603 * Check permissions prior to attaching to a TUN device queue.
4736 * security_ib_pkey_access() - Check if access to an IB pkey is allowed
4741 * Check permission to access a pkey when modifying a QP.
4752 * security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
4757 * Check permissions to send and receive SMPs on a end port.
4855 * security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
4904 * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
4929 * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
4933 * Check permission when a flow selects a xfrm_policy for processing XFRMs on a
4946 * security_xfrm_state_pol_flow_match() - Check for a xfrm match
4948 * @xp: xfrm policy to check for a match
4949 * @flic: flow to check for a match.
4951 * Check @xp and @flic for a match with @x.
5040 * security_key_permission() - Check if a kernel key operation is allowed
5115 * security_audit_rule_known() - Check if an audit rule contains LSM fields
5141 * security_audit_rule_match() - Check if a label matches an audit rule
5162 * security_bpf() - Check if the bpf syscall operation is allowed
5168 * Do a initial check for all bpf syscalls after the attribute is copied into
5170 * check the specific cmd they need.
5180 * security_bpf_map() - Check if access to a bpf map is allowed
5184 * Do a check when the kernel generates and returns a file descriptor for eBPF
5195 * security_bpf_prog() - Check if access to a bpf program is allowed
5198 * Do a check when the kernel generates and returns a file descriptor for eBPF
5209 * security_bpf_map_create() - Check if BPF map creation is allowed
5215 * Do a check when the kernel creates a new BPF map. This is also the
5236 * security_bpf_prog_load() - Check if loading of BPF program is allowed
5242 * Perform an access control check when the kernel loads a BPF program and
5264 * security_bpf_token_create() - Check if creating of BPF token is allowed
5269 * Do a check when the kernel instantiates a new BPF token object from BPF FS
5290 * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5295 * Do a check when the kernel decides whether provided BPF token should allow
5306 * security_bpf_token_capable() - Check if BPF token is allowed to delegate
5311 * Do a check when the kernel decides whether provided BPF token should allow
5362 * security_locked_down() - Check if a kernel feature is allowed
5457 * security_perf_event_open() - Check if a perf event open is allowed
5460 * Check whether the @type of perf_event_open syscall is allowed.
5507 * security_perf_event_read() - Check if reading a perf event label is allowed
5520 * security_perf_event_write() - Check if writing a perf event label is allowed
5535 * security_uring_override_creds() - Check if overriding creds is allowed
5538 * Check if the current task, executing an io_uring operation, is allowed to
5549 * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5551 * Check whether the current task is allowed to spawn a io_uring polling thread
5562 * security_uring_cmd() - Check if a io_uring passthrough command is allowed
5565 * Check whether the file_operations uring_cmd is allowed to run.
5575 * security_uring_allowed() - Check if io_uring_setup() is allowed
5577 * Check whether the current task is allowed to call io_uring_setup().