Home
last modified time | relevance | path

Searched refs:subj_cred (Results 1 – 20 of 20) sorted by relevance

/linux/security/apparmor/include/
H A Dmount.h28 int aa_remount(const struct cred *subj_cred,
32 int aa_bind_mount(const struct cred *subj_cred,
37 int aa_mount_change_type(const struct cred *subj_cred,
41 int aa_move_mount_old(const struct cred *subj_cred,
44 int aa_move_mount(const struct cred *subj_cred,
48 int aa_new_mount(const struct cred *subj_cred,
53 int aa_umount(const struct cred *subj_cred,
56 int aa_pivotroot(const struct cred *subj_cred,
H A Dfile.h87 int __aa_path_perm(const char *op, const struct cred *subj_cred,
91 int aa_path_perm(const char *op, const struct cred *subj_cred,
95 int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
99 int aa_file_perm(const char *op, const struct cred *subj_cred,
H A Dnet.h69 NAME.subj_cred = (CRED); \
99 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
112 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
H A Daf_unix.h35 int aa_unix_peer_perm(const struct cred *subj_cred,
52 int aa_unix_file_perm(const struct cred *subj_cred, struct aa_label *label,
H A Dpolicy.h440 bool aa_policy_view_capable(const struct cred *subj_cred,
442 bool aa_policy_admin_capable(const struct cred *subj_cred,
444 int aa_may_manage_policy(const struct cred *subj_cred,
H A Dipc.h19 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
H A Dresource.h36 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
H A Dcapability.h40 int aa_capable(const struct cred *subj_cred, struct aa_label *label,
H A Daudit.h116 const struct cred *subj_cred; member
/linux/security/apparmor/
H A Dfile.c49 kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid(); in file_audit_cb()
81 * @subj_cred: cred of the subject
95 int aa_audit_file(const struct cred *subj_cred, in aa_audit_file() argument
104 ad.subj_cred = subj_cred; in aa_audit_file()
149 static int path_name(const char *op, const struct cred *subj_cred, in path_name() argument
166 aa_audit_file(subj_cred, in path_name()
226 int __aa_path_perm(const char *op, const struct cred *subj_cred, in __aa_path_perm() argument
241 return aa_audit_file(subj_cred, in __aa_path_perm()
247 profile_path_perm(const char * op,const struct cred * subj_cred,struct aa_profile * profile,const struct path * path,char * buffer,u32 request,struct path_cond * cond,int flags,struct aa_perms * perms) profile_path_perm() argument
280 aa_path_perm(const char * op,const struct cred * subj_cred,struct aa_label * label,const struct path * path,int flags,u32 request,struct path_cond * cond) aa_path_perm() argument
324 profile_path_link(const struct cred * subj_cred,struct aa_profile * profile,const struct path * link,char * buffer,const struct path * target,char * buffer2,struct path_cond * cond) profile_path_link() argument
430 aa_path_link(const struct cred * subj_cred,struct aa_label * label,struct dentry * old_dentry,const struct path * new_dir,struct dentry * new_dentry) aa_path_link() argument
483 __file_path_perm(const char * op,const struct cred * subj_cred,struct aa_label * label,struct aa_label * flabel,struct file * file,u32 request,u32 denied,bool in_atomic) __file_path_perm() argument
544 __file_sock_perm(const char * op,const struct cred * subj_cred,struct aa_label * label,struct aa_label * flabel,struct file * file,u32 request,u32 denied) __file_sock_perm() argument
619 aa_file_perm(const char * op,const struct cred * subj_cred,struct aa_label * label,struct file * file,u32 request,bool in_atomic) aa_file_perm() argument
673 revalidate_tty(const struct cred * subj_cred,struct aa_label * label) revalidate_tty() argument
[all...]
H A Dmount.c118 * @subj_cred: cred of the subject
134 static int audit_mount(const struct cred *subj_cred, in audit_mount() argument
173 ad.subj_cred = subj_cred; in audit_mount()
292 * @subj_cred: cred of confined subject
305 static int match_mnt_path_str(const struct cred *subj_cred, in match_mnt_path_str() argument
346 return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname, in match_mnt_path_str()
353 * @subj_cred: cred of the subject
366 static int match_mnt(const struct cred *subj_cred, in match_mnt() argument
390 return match_mnt_path_str(subj_cred, profil in match_mnt()
394 aa_remount(const struct cred * subj_cred,struct aa_label * label,const struct path * path,unsigned long flags,void * data) aa_remount() argument
420 aa_bind_mount(const struct cred * subj_cred,struct aa_label * label,const struct path * path,const char * dev_name,unsigned long flags) aa_bind_mount() argument
458 aa_mount_change_type(const struct cred * subj_cred,struct aa_label * label,const struct path * path,unsigned long flags) aa_mount_change_type() argument
485 aa_move_mount(const struct cred * subj_cred,struct aa_label * label,const struct path * from_path,const struct path * to_path) aa_move_mount() argument
517 aa_move_mount_old(const struct cred * subj_cred,struct aa_label * label,const struct path * path,const char * orig_name) aa_move_mount_old() argument
535 aa_new_mount(const struct cred * subj_cred,struct aa_label * label,const char * dev_name,const struct path * path,const char * type,unsigned long flags,void * data) aa_new_mount() argument
601 profile_umount(const struct cred * subj_cred,struct aa_profile * profile,const struct path * path,char * buffer) profile_umount() argument
635 aa_umount(const struct cred * subj_cred,struct aa_label * label,struct vfsmount * mnt,int flags) aa_umount() argument
661 build_pivotroot(const struct cred * subj_cred,struct aa_profile * profile,const struct path * new_path,char * new_buffer,const struct path * old_path,char * old_buffer) build_pivotroot() argument
716 aa_pivotroot(const struct cred * subj_cred,struct aa_label * label,const struct path * old_path,const struct path * new_path) aa_pivotroot() argument
[all...]
H A Dresource.c56 static int audit_resource(const struct cred *subj_cred, in audit_resource() argument
64 ad.subj_cred = subj_cred; in audit_resource()
88 static int profile_setrlimit(const struct cred *subj_cred, in profile_setrlimit() argument
98 return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max, in profile_setrlimit()
114 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, in aa_task_setrlimit() argument
134 aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0) in aa_task_setrlimit()
136 audit_resource(subj_cred, profile, resource, in aa_task_setrlimit()
141 profile_setrlimit(subj_cred, profile, resource, in aa_task_setrlimit()
H A Ddomain.c660 static struct aa_label *profile_transition(const struct cred *subj_cred, in profile_transition()
707 (void) aa_audit_file(subj_cred, profile, &perms, in profile_transition()
782 aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, in profile_transition()
793 static int profile_onexec(const struct cred *subj_cred, in profile_onexec()
861 return aa_audit_file(subj_cred, profile, &perms, OP_EXEC, in profile_onexec()
877 static struct aa_label *handle_onexec(const struct cred *subj_cred, in handle_onexec()
897 profile_onexec(subj_cred, profile, onexec, stack, in handle_onexec()
906 profile_transition(subj_cred, profile, bprm, in handle_onexec()
914 aa_audit_file(subj_cred, profile, &nullperms,
935 const struct cred *subj_cred; in apparmor_bprm_creds_for_exec()
659 profile_transition(const struct cred * subj_cred,struct aa_profile * profile,const struct linux_binprm * bprm,char * buffer,struct path_cond * cond,bool * secure_exec) profile_transition() argument
792 profile_onexec(const struct cred * subj_cred,struct aa_profile * profile,struct aa_label * onexec,bool stack,const struct linux_binprm * bprm,char * buffer,struct path_cond * cond,bool * secure_exec) profile_onexec() argument
867 handle_onexec(const struct cred * subj_cred,struct aa_label * label,struct aa_label * onexec,bool stack,const struct linux_binprm * bprm,char * buffer,struct path_cond * cond,bool * unsafe) handle_onexec() argument
923 const struct cred *subj_cred; apparmor_bprm_creds_for_exec() local
1057 build_change_hat(const struct cred * subj_cred,struct aa_profile * profile,const char * name,bool sibling) build_change_hat() argument
1107 change_hat(const struct cred * subj_cred,struct aa_label * label,const char * hats[],int count,int flags) change_hat() argument
1225 const struct cred *subj_cred; aa_change_hat() local
1353 change_profile_perms_wrapper(const char * op,const char * name,const struct cred * subj_cred,struct aa_profile * profile,struct aa_label * target,bool stack,u32 request,struct aa_perms * perms) change_profile_perms_wrapper() argument
1399 const struct cred *subj_cred = get_current_cred(); aa_change_profile() local
[all...]
H A Daf_unix.c33 static int unix_fs_perm(const char *op, u32 mask, const struct cred *subj_cred, in unix_fs_perm() argument
55 return aa_path_perm(op, subj_cred, label, path, in unix_fs_perm()
240 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_sk_perm()
303 ad->subj_cred, &profile->label, in profile_listen_perm()
338 ad->subj_cred, &profile->label, in profile_accept_perm()
369 ad->subj_cred, &profile->label, in profile_opt_perm()
410 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_peer_perm()
413 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_peer_perm()
445 static int aa_unix_label_sk_perm(const struct cred *subj_cred, in aa_unix_label_sk_perm() argument
452 DEFINE_AUDIT_SK(ad, op, subj_cred, s in aa_unix_label_sk_perm()
600 unix_peer_perm(const struct cred * subj_cred,struct aa_label * label,const char * op,u32 request,struct sock * sk,const struct path * path,struct sockaddr_un * peer_addr,int peer_addrlen,const struct path * peer_path,struct aa_label * peer_label) unix_peer_perm() argument
623 aa_unix_peer_perm(const struct cred * subj_cred,struct aa_label * label,const char * op,u32 request,struct sock * sk,struct sock * peer_sk,struct aa_label * peer_label) aa_unix_peer_perm() argument
709 aa_unix_file_perm(const struct cred * subj_cred,struct aa_label * label,const char * op,u32 request,struct file * file) aa_unix_file_perm() argument
[all...]
H A Dnet.c274 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, in aa_af_perm()
278 DEFINE_AUDIT_NET(ad, op, subj_cred, NULL, family, type, protocol); in aa_af_perm()
285 static int aa_label_sk_perm(const struct cred *subj_cred, in aa_label_sk_perm()
298 DEFINE_AUDIT_SK(ad, op, subj_cred, sk); in aa_label_sk_perm()
300 ad.subj_cred = subj_cred; in aa_label_sk_perm()
325 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label, in aa_sock_file_perm()
337 return aa_unix_file_perm(subj_cred, label, op, request, file); in aa_sock_file_perm()
338 return aa_label_sk_perm(subj_cred, label, op, request, sock->sk);
272 aa_af_perm(const struct cred * subj_cred,struct aa_label * label,const char * op,u32 request,u16 family,int type,int protocol) aa_af_perm() argument
283 aa_label_sk_perm(const struct cred * subj_cred,struct aa_label * label,const char * op,u32 request,struct sock * sk) aa_label_sk_perm() argument
323 aa_sock_file_perm(const struct cred * subj_cred,struct aa_label * label,const char * op,u32 request,struct file * file) aa_sock_file_perm() argument
H A Dcapability.c97 if (ad->subj_cred == ent->ad_subj_cred && ktime_get_ns() <= ent->ktime_ns_expiration[cap]) { in audit_caps()
104 ent->ad_subj_cred = get_cred(ad->subj_cred); in audit_caps()
179 int aa_capable(const struct cred *subj_cred, struct aa_label *label, in aa_capable() argument
186 ad.subj_cred = subj_cred; in aa_capable()
H A Dipc.c90 ad->subj_cred = cred; in profile_signal_perm()
102 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender, in aa_may_signal() argument
112 profile_signal_perm(subj_cred, profile, target, in aa_may_signal()
H A Dpolicy.c869 static int policy_ns_capable(const struct cred *subj_cred, in policy_ns_capable()
876 err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE);
878 err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE);
885 * @subj_cred: cred of subject
894 bool aa_policy_view_capable(const struct cred *subj_cred, in aa_policy_view_capable()
897 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_view_capable()
914 bool aa_policy_admin_capable(const struct cred *subj_cred, in aa_policy_admin_capable()
917 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_admin_capable()
918 bool capable = policy_ns_capable(subj_cred, label, user_ns, in aa_policy_admin_capable()
924 return aa_policy_view_capable(subj_cred, labe in aa_current_policy_view_capable()
862 policy_ns_capable(const struct cred * subj_cred,struct aa_label * label,struct user_namespace * userns,int cap) policy_ns_capable() argument
887 aa_policy_view_capable(const struct cred * subj_cred,struct aa_label * label,struct aa_ns * ns) aa_policy_view_capable() argument
907 aa_policy_admin_capable(const struct cred * subj_cred,struct aa_label * label,struct aa_ns * ns) aa_policy_admin_capable() argument
981 aa_may_manage_policy(const struct cred * subj_cred,struct aa_label * label,struct aa_ns * ns,const struct cred * ocred,u32 mask) aa_may_manage_policy() argument
[all...]
H A Dtask.c235 ad->subj_cred = cred; in profile_ptrace_perm()
H A Dlsm.c1052 ad.subj_cred = current_cred(); in apparmor_userns_create()