xref: /kernel/linux/linux-6.6/security/security.c

328 static void __init lsm_early_cred(struct cred *cred);
374 	init_debug("cred blob size       = %d\n", blob_sizes.lbs_cred);
395 	lsm_early_cred((struct cred *) current->cred);
562  * lsm_cred_alloc - allocate a composite cred blob
563  * @cred: the cred that needs a blob
566  * Allocate the cred blob for all the modules
570 static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
573 		cred->security = NULL;
577 	cred->security = kzalloc(blob_sizes.lbs_cred, gfp);
578 	if (cred->security == NULL)
584  * lsm_early_cred - during initialization allocate a composite cred blob
585  * @cred: the cred that needs a blob
587  * Allocate the cred blob for all the modules
589 static void __init lsm_early_cred(struct cred *cred)
591 	int rc = lsm_cred_alloc(cred, GFP_KERNEL);
594 		panic("%s: Early cred alloc failed.\n", __func__);
798 int security_binder_set_context_mgr(const struct cred *mgr)
812 int security_binder_transaction(const struct cred *from,
813 				const struct cred *to)
827 int security_binder_transfer_binder(const struct cred *from,
828 				    const struct cred *to)
843 int security_binder_transfer_file(const struct cred *from,
844 				  const struct cred *to, const struct file *file)
919 int security_capset(struct cred *new, const struct cred *old,
930  * @cred: credentials to examine
941 int security_capable(const struct cred *cred,
946 	return call_int_hook(capable, 0, cred, ns, cap, opts);
1048  * If the setup in prepare_exec_creds did not setup @bprm->cred->security
1050  * @bprm->cred->security to be what commit_creds needs to install for the new
1069  * exec, update @bprm->cred to reflect that change. This is called after
1092  * It allows a check against the @bprm->cred->security value which was set in
1115  * by @current->cred and the information set in @bprm->cred by the
1127  * security_bprm_committed_creds() - Tidy up after cred install during exec()
1132  * point, been set to @current->cred.  @bprm points to the linux_binprm
1590 				    const struct cred *old, struct cred *new)
2507 int security_inode_copy_up(struct dentry *src, struct cred **new)
2914  * @cred: credentials
2917  * Only allocate sufficient memory and attach to @cred such that
2922 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2924 	int rc = lsm_cred_alloc(cred, gfp);
2929 	rc = call_int_hook(cred_alloc_blank, 0, cred, gfp);
2931 		security_cred_free(cred);
2936  * security_cred_free() - Free the cred's LSM blob and associated resources
2937  * @cred: credentials
2939  * Deallocate and clear the cred->security field in a set of credentials.
2941 void security_cred_free(struct cred *cred)
2947 	if (unlikely(cred->security == NULL))
2950 	call_void_hook(cred_free, cred);
2952 	kfree(cred->security);
2953 	cred->security = NULL;
2966 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
2986 void security_transfer_creds(struct cred *new, const struct cred *old)
2996  * Retrieve the security identifier of the cred structure @c.  In case of
2999 void security_cred_getsecid(const struct cred *c, u32 *secid)
3016 int security_kernel_act_as(struct cred *new, u32 secid)
3032 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
3161  * rather than to @current->cred.
3165 int security_task_fix_setuid(struct cred *new, const struct cred *old,
3181  * @current->cred.
3185 int security_task_fix_setgid(struct cred *new, const struct cred *old,
3199  * @current->cred.
3203 int security_task_fix_setgroups(struct cred *new, const struct cred *old)
3322  * @cred: current task credentials
3331 int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
3334 	return call_int_hook(task_prlimit, 0, cred, tcred, flags);
3400  * @cred: credentials of the signal sender, NULL if @current
3411 		       int sig, const struct cred *cred)
3413 	return call_int_hook(task_kill, 0, p, info, sig, cred);
3463  * @cred: prepared creds
3469 int security_create_user_ns(const struct cred *cred)
3471 	return call_int_hook(userns_create, 0, cred);
4053  * @cred: credentials of the task which triggered the watch
4060 int security_post_notification(const struct cred *w_cred,
4061 			       const struct cred *cred,
4064 	return call_int_hook(post_notification, 0, w_cred, cred, n);
5051  * @cred: credentials
5059 int security_key_alloc(struct key *key, const struct cred *cred,
5062 	return call_int_hook(key_alloc, 0, key, cred, flags);
5079  * @cred: credentials of actor requesting access
5086 int security_key_permission(key_ref_t key_ref, const struct cred *cred,
5089 	return call_int_hook(key_permission, 0, key_ref, cred, need_perm);
5377 int security_uring_override_creds(const struct cred *new)

Indexes created Thu Nov 07 10:32:03 CST 2024