xref: /kernel/linux/linux-6.6/security/apparmor/lsm.c

25 #include <net/sock.h>
856 static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
872 static void apparmor_sk_free_security(struct sock *sk)
885 static void apparmor_sk_clone_security(const struct sock *sk,
886 				       struct sock *newsk)
932 static int apparmor_socket_post_create(struct socket *sock, int family,
942 	if (sock->sk) {
943 		struct aa_sk_ctx *ctx = SK_CTX(sock->sk);
956 static int apparmor_socket_bind(struct socket *sock,
959 	AA_BUG(!sock);
960 	AA_BUG(!sock->sk);
964 	return af_select(sock->sk->sk_family,
965 			 bind_perm(sock, address, addrlen),
966 			 aa_sk_perm(OP_BIND, AA_MAY_BIND, sock->sk));
970  * apparmor_socket_connect - check perms before connecting @sock to @address
972 static int apparmor_socket_connect(struct socket *sock,
975 	AA_BUG(!sock);
976 	AA_BUG(!sock->sk);
980 	return af_select(sock->sk->sk_family,
981 			 connect_perm(sock, address, addrlen),
982 			 aa_sk_perm(OP_CONNECT, AA_MAY_CONNECT, sock->sk));
988 static int apparmor_socket_listen(struct socket *sock, int backlog)
990 	AA_BUG(!sock);
991 	AA_BUG(!sock->sk);
994 	return af_select(sock->sk->sk_family,
995 			 listen_perm(sock, backlog),
996 			 aa_sk_perm(OP_LISTEN, AA_MAY_LISTEN, sock->sk));
1005 static int apparmor_socket_accept(struct socket *sock, struct socket *newsock)
1007 	AA_BUG(!sock);
1008 	AA_BUG(!sock->sk);
1012 	return af_select(sock->sk->sk_family,
1013 			 accept_perm(sock, newsock),
1014 			 aa_sk_perm(OP_ACCEPT, AA_MAY_ACCEPT, sock->sk));
1017 static int aa_sock_msg_perm(const char *op, u32 request, struct socket *sock,
1020 	AA_BUG(!sock);
1021 	AA_BUG(!sock->sk);
1025 	return af_select(sock->sk->sk_family,
1026 			 msg_perm(op, request, sock, msg, size),
1027 			 aa_sk_perm(op, request, sock->sk));
1033 static int apparmor_socket_sendmsg(struct socket *sock,
1036 	return aa_sock_msg_perm(OP_SENDMSG, AA_MAY_SEND, sock, msg, size);
1042 static int apparmor_socket_recvmsg(struct socket *sock,
1045 	return aa_sock_msg_perm(OP_RECVMSG, AA_MAY_RECEIVE, sock, msg, size);
1049 static int aa_sock_perm(const char *op, u32 request, struct socket *sock)
1051 	AA_BUG(!sock);
1052 	AA_BUG(!sock->sk);
1055 	return af_select(sock->sk->sk_family,
1056 			 sock_perm(op, request, sock),
1057 			 aa_sk_perm(op, request, sock->sk));
1063 static int apparmor_socket_getsockname(struct socket *sock)
1065 	return aa_sock_perm(OP_GETSOCKNAME, AA_MAY_GETATTR, sock);
1071 static int apparmor_socket_getpeername(struct socket *sock)
1073 	return aa_sock_perm(OP_GETPEERNAME, AA_MAY_GETATTR, sock);
1077 static int aa_sock_opt_perm(const char *op, u32 request, struct socket *sock,
1080 	AA_BUG(!sock);
1081 	AA_BUG(!sock->sk);
1084 	return af_select(sock->sk->sk_family,
1085 			 opt_perm(op, request, sock, level, optname),
1086 			 aa_sk_perm(op, request, sock->sk));
1092 static int apparmor_socket_getsockopt(struct socket *sock, int level,
1095 	return aa_sock_opt_perm(OP_GETSOCKOPT, AA_MAY_GETOPT, sock,
1102 static int apparmor_socket_setsockopt(struct socket *sock, int level,
1105 	return aa_sock_opt_perm(OP_SETSOCKOPT, AA_MAY_SETOPT, sock,
1110  * apparmor_socket_shutdown - check perms before shutting down @sock conn
1112 static int apparmor_socket_shutdown(struct socket *sock, int how)
1114 	return aa_sock_perm(OP_SHUTDOWN, AA_MAY_SHUTDOWN, sock);
1126 static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
1139 static struct aa_label *sk_peer_label(struct sock *sk)
1154 static int apparmor_socket_getpeersec_stream(struct socket *sock,
1164 	peer = sk_peer_label(sock->sk);
1195  * @sock: the peer socket
1201 static int apparmor_socket_getpeersec_dgram(struct socket *sock,
1211  * @sk: child sock
1216  *       Labeling of sk for accept case - probably should be sock based
1220 static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
1229 static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
1837 	struct sock *sk;

Indexes created Thu Nov 07 10:32:03 CST 2024