xref: /kernel/linux/linux-5.10/security/apparmor/lsm.c

25 #include <net/sock.h>
772 static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
788 static void apparmor_sk_free_security(struct sock *sk)
801 static void apparmor_sk_clone_security(const struct sock *sk,
802 				       struct sock *newsk)
847 static int apparmor_socket_post_create(struct socket *sock, int family,
860 	if (sock->sk) {
861 		struct aa_sk_ctx *ctx = SK_CTX(sock->sk);
874 static int apparmor_socket_bind(struct socket *sock,
877 	AA_BUG(!sock);
878 	AA_BUG(!sock->sk);
882 	return af_select(sock->sk->sk_family,
883 			 bind_perm(sock, address, addrlen),
884 			 aa_sk_perm(OP_BIND, AA_MAY_BIND, sock->sk));
888  * apparmor_socket_connect - check perms before connecting @sock to @address
890 static int apparmor_socket_connect(struct socket *sock,
893 	AA_BUG(!sock);
894 	AA_BUG(!sock->sk);
898 	return af_select(sock->sk->sk_family,
899 			 connect_perm(sock, address, addrlen),
900 			 aa_sk_perm(OP_CONNECT, AA_MAY_CONNECT, sock->sk));
906 static int apparmor_socket_listen(struct socket *sock, int backlog)
908 	AA_BUG(!sock);
909 	AA_BUG(!sock->sk);
912 	return af_select(sock->sk->sk_family,
913 			 listen_perm(sock, backlog),
914 			 aa_sk_perm(OP_LISTEN, AA_MAY_LISTEN, sock->sk));
923 static int apparmor_socket_accept(struct socket *sock, struct socket *newsock)
925 	AA_BUG(!sock);
926 	AA_BUG(!sock->sk);
930 	return af_select(sock->sk->sk_family,
931 			 accept_perm(sock, newsock),
932 			 aa_sk_perm(OP_ACCEPT, AA_MAY_ACCEPT, sock->sk));
935 static int aa_sock_msg_perm(const char *op, u32 request, struct socket *sock,
938 	AA_BUG(!sock);
939 	AA_BUG(!sock->sk);
943 	return af_select(sock->sk->sk_family,
944 			 msg_perm(op, request, sock, msg, size),
945 			 aa_sk_perm(op, request, sock->sk));
951 static int apparmor_socket_sendmsg(struct socket *sock,
954 	return aa_sock_msg_perm(OP_SENDMSG, AA_MAY_SEND, sock, msg, size);
960 static int apparmor_socket_recvmsg(struct socket *sock,
963 	return aa_sock_msg_perm(OP_RECVMSG, AA_MAY_RECEIVE, sock, msg, size);
967 static int aa_sock_perm(const char *op, u32 request, struct socket *sock)
969 	AA_BUG(!sock);
970 	AA_BUG(!sock->sk);
973 	return af_select(sock->sk->sk_family,
974 			 sock_perm(op, request, sock),
975 			 aa_sk_perm(op, request, sock->sk));
981 static int apparmor_socket_getsockname(struct socket *sock)
983 	return aa_sock_perm(OP_GETSOCKNAME, AA_MAY_GETATTR, sock);
989 static int apparmor_socket_getpeername(struct socket *sock)
991 	return aa_sock_perm(OP_GETPEERNAME, AA_MAY_GETATTR, sock);
995 static int aa_sock_opt_perm(const char *op, u32 request, struct socket *sock,
998 	AA_BUG(!sock);
999 	AA_BUG(!sock->sk);
1002 	return af_select(sock->sk->sk_family,
1003 			 opt_perm(op, request, sock, level, optname),
1004 			 aa_sk_perm(op, request, sock->sk));
1010 static int apparmor_socket_getsockopt(struct socket *sock, int level,
1013 	return aa_sock_opt_perm(OP_GETSOCKOPT, AA_MAY_GETOPT, sock,
1020 static int apparmor_socket_setsockopt(struct socket *sock, int level,
1023 	return aa_sock_opt_perm(OP_SETSOCKOPT, AA_MAY_SETOPT, sock,
1028  * apparmor_socket_shutdown - check perms before shutting down @sock conn
1030 static int apparmor_socket_shutdown(struct socket *sock, int how)
1032 	return aa_sock_perm(OP_SHUTDOWN, AA_MAY_SHUTDOWN, sock);
1044 static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
1064 static struct aa_label *sk_peer_label(struct sock *sk)
1079 static int apparmor_socket_getpeersec_stream(struct socket *sock,
1090 	peer = sk_peer_label(sock->sk);
1123  * @sock: the peer socket
1129 static int apparmor_socket_getpeersec_dgram(struct socket *sock,
1139  * @sk: child sock
1144  *       Labeling of sk for accept case - probably should be sock based
1148 static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
1157 static int apparmor_inet_conn_request(struct sock *sk, struct sk_buff *skb,
1755 	struct sock *sk;

Indexes created Thu Nov 07 10:32:03 CST 2024