Home
last modified time | relevance | path

Searched refs:subj_cred (Results 1 – 20 of 20) sorted by relevance

/linux/security/apparmor/include/
H A Dmount.h28 int aa_remount(const struct cred *subj_cred,
32 int aa_bind_mount(const struct cred *subj_cred,
37 int aa_mount_change_type(const struct cred *subj_cred,
41 int aa_move_mount_old(const struct cred *subj_cred,
44 int aa_move_mount(const struct cred *subj_cred,
48 int aa_new_mount(const struct cred *subj_cred,
53 int aa_umount(const struct cred *subj_cred,
56 int aa_pivotroot(const struct cred *subj_cred,
H A Dfile.h87 int __aa_path_perm(const char *op, const struct cred *subj_cred,
91 int aa_path_perm(const char *op, const struct cred *subj_cred,
95 int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
99 int aa_file_perm(const char *op, const struct cred *subj_cred,
H A Dnet.h69 NAME.subj_cred = (CRED); \
99 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
112 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
H A Daf_unix.h35 int aa_unix_peer_perm(const struct cred *subj_cred,
52 int aa_unix_file_perm(const struct cred *subj_cred, struct aa_label *label,
H A Dpolicy.h416 bool aa_policy_view_capable(const struct cred *subj_cred,
418 bool aa_policy_admin_capable(const struct cred *subj_cred,
420 int aa_may_manage_policy(const struct cred *subj_cred,
H A Dipc.h19 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
H A Dresource.h36 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
H A Dcapability.h40 int aa_capable(const struct cred *subj_cred, struct aa_label *label,
H A Daudit.h116 const struct cred *subj_cred; member
/linux/security/apparmor/
H A Dfile.c49 kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid(); in file_audit_cb()
95 int aa_audit_file(const struct cred *subj_cred, in aa_audit_file() argument
104 ad.subj_cred = subj_cred; in aa_audit_file()
148 static int path_name(const char *op, const struct cred *subj_cred, in path_name() argument
161 aa_audit_file(subj_cred, in path_name()
221 int __aa_path_perm(const char *op, const struct cred *subj_cred, in __aa_path_perm() argument
236 return aa_audit_file(subj_cred, in __aa_path_perm()
242 static int profile_path_perm(const char *op, const struct cred *subj_cred, in profile_path_perm() argument
254 error = path_name(op, subj_cred, &profile->label, path, in profile_path_perm()
259 return __aa_path_perm(op, subj_cred, profile, name, request, cond, in profile_path_perm()
[all …]
H A Dmount.c134 static int audit_mount(const struct cred *subj_cred, in audit_mount() argument
173 ad.subj_cred = subj_cred; in audit_mount()
305 static int match_mnt_path_str(const struct cred *subj_cred, in match_mnt_path_str() argument
346 return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname, in match_mnt_path_str()
366 static int match_mnt(const struct cred *subj_cred, in match_mnt() argument
390 return match_mnt_path_str(subj_cred, profile, path, buffer, devname, in match_mnt()
394 int aa_remount(const struct cred *subj_cred, in aa_remount() argument
412 match_mnt(subj_cred, profile, path, buffer, NULL, in aa_remount()
420 int aa_bind_mount(const struct cred *subj_cred, in aa_bind_mount() argument
448 match_mnt(subj_cred, profile, path, buffer, &old_path, in aa_bind_mount()
[all …]
H A Dresource.c56 static int audit_resource(const struct cred *subj_cred, in audit_resource() argument
64 ad.subj_cred = subj_cred; in audit_resource()
88 static int profile_setrlimit(const struct cred *subj_cred, in profile_setrlimit() argument
98 return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max, in profile_setrlimit()
114 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, in aa_task_setrlimit() argument
134 aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0) in aa_task_setrlimit()
136 audit_resource(subj_cred, profile, resource, in aa_task_setrlimit()
141 profile_setrlimit(subj_cred, profile, resource, in aa_task_setrlimit()
H A Ddomain.c659 static struct aa_label *profile_transition(const struct cred *subj_cred, in profile_transition() argument
706 (void) aa_audit_file(subj_cred, profile, &perms, in profile_transition()
781 aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, in profile_transition()
792 static int profile_onexec(const struct cred *subj_cred, in profile_onexec() argument
860 return aa_audit_file(subj_cred, profile, &perms, OP_EXEC, in profile_onexec()
867 static struct aa_label *handle_onexec(const struct cred *subj_cred, in handle_onexec() argument
885 profile_onexec(subj_cred, profile, onexec, stack, in handle_onexec()
894 profile_transition(subj_cred, profile, bprm, in handle_onexec()
901 aa_audit_file(subj_cred, profile, &nullperms, in handle_onexec()
921 const struct cred *subj_cred; in apparmor_bprm_creds_for_exec() local
[all …]
H A Daf_unix.c33 static int unix_fs_perm(const char *op, u32 mask, const struct cred *subj_cred, in unix_fs_perm() argument
55 return aa_path_perm(op, subj_cred, label, path, in unix_fs_perm()
240 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_sk_perm()
303 ad->subj_cred, &profile->label, in profile_listen_perm()
338 ad->subj_cred, &profile->label, in profile_accept_perm()
369 ad->subj_cred, &profile->label, in profile_opt_perm()
410 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_peer_perm()
413 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_peer_perm()
445 static int aa_unix_label_sk_perm(const struct cred *subj_cred, in aa_unix_label_sk_perm() argument
452 DEFINE_AUDIT_SK(ad, op, subj_cred, sk); in aa_unix_label_sk_perm()
[all …]
H A Dnet.c272 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, in aa_af_perm() argument
276 DEFINE_AUDIT_NET(ad, op, subj_cred, NULL, family, type, protocol); in aa_af_perm()
283 static int aa_label_sk_perm(const struct cred *subj_cred, in aa_label_sk_perm() argument
296 DEFINE_AUDIT_SK(ad, op, subj_cred, sk); in aa_label_sk_perm()
298 ad.subj_cred = subj_cred; in aa_label_sk_perm()
323 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label, in aa_sock_file_perm() argument
333 return aa_unix_file_perm(subj_cred, label, op, request, file); in aa_sock_file_perm()
334 return aa_label_sk_perm(subj_cred, label, op, request, sock->sk); in aa_sock_file_perm()
H A Dcapability.c97 if (ad->subj_cred == ent->ad_subj_cred && ktime_get_ns() <= ent->ktime_ns_expiration[cap]) { in audit_caps()
104 ent->ad_subj_cred = get_cred(ad->subj_cred); in audit_caps()
179 int aa_capable(const struct cred *subj_cred, struct aa_label *label, in aa_capable() argument
186 ad.subj_cred = subj_cred; in aa_capable()
H A Dipc.c90 ad->subj_cred = cred; in profile_signal_perm()
102 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender, in aa_may_signal() argument
112 profile_signal_perm(subj_cred, profile, target, in aa_may_signal()
H A Dpolicy.c821 static int policy_ns_capable(const struct cred *subj_cred, in policy_ns_capable() argument
828 err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE); in policy_ns_capable()
830 err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE); in policy_ns_capable()
846 bool aa_policy_view_capable(const struct cred *subj_cred, in aa_policy_view_capable() argument
849 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_view_capable()
866 bool aa_policy_admin_capable(const struct cred *subj_cred, in aa_policy_admin_capable() argument
869 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_admin_capable()
870 bool capable = policy_ns_capable(subj_cred, label, user_ns, in aa_policy_admin_capable()
876 return aa_policy_view_capable(subj_cred, label, ns) && capable && in aa_policy_admin_capable()
913 int aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label, in aa_may_manage_policy() argument
[all …]
H A Dtask.c234 ad->subj_cred = cred; in profile_ptrace_perm()
H A Dlsm.c1064 ad.subj_cred = current_cred(); in apparmor_userns_create()