Lines Matching refs:security
40 * all security modules to use the same descriptions for auditing
260 /* Process "security=", if given. */
265 * To match the original "security=" behavior, this
275 init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
300 /* Process "security=", if given. */
306 append_ordered_lsm(lsm, "security=");
361 pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
423 * security_init - initializes the security framework
431 init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
458 __setup("security=", choose_major_lsm);
516 * @lsm: the name of the security module
573 cred->security = NULL;
577 cred->security = kzalloc(blob_sizes.lbs_cred, gfp);
578 if (cred->security == NULL)
650 task->security = NULL;
654 task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL);
655 if (task->security == NULL)
671 kip->security = NULL;
675 kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL);
676 if (kip->security == NULL)
692 mp->security = NULL;
696 mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL);
697 if (mp->security == NULL)
858 * process is being traced and its security attributes would be changed by the
937 * @opts contains options for the capable check <include/linux/security.h>.
1048 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
1050 * @bprm->cred->security to be what commit_creds needs to install for the new
1052 * transitions between security domains). The hook must set @bprm->secureexec
1074 * transitions between security domains). The hook must set @bprm->secureexec
1092 * It allows a check against the @bprm->cred->security value which was set in
1113 * Prepare to install the new security attributes of a process being
1130 * Tidy up after the installation of the new security attributes of a process
1143 * security_fs_context_submount() - Initialise fc->security
1147 * Fill out the ->security field for a new fs_context.
1161 * Allocate and attach a security structure to sc->security. This pointer is
1206 * Allocate and attach a security structure to the sb->s_security field. The
1302 * Extracts security system specific mount options and verifies no changes are
1414 * Set the security relevant mount options used for a superblock.
1436 * Copy all security options from a given superblock to another.
1486 * Allocate and attach a security structure to @inode->i_security. The
1516 * Deallocate the inode security structure and set @inode->i_security to NULL.
1541 * @xattr_name: name of the security/LSM xattr
1560 * Only one module will provide a security context.
1605 * Obtain the security attribute name suffix and value to set on a newly
1606 * created inode and set up the incore security field for the new inode. This
1612 * lsm_get_xattr_slot() to retrieve the slots reserved by the security module
1617 * the security module does not use security attributes or does not wish to put
1618 * a security attribute on this particular inode, then it should return
1622 * security attributes that are required, negative values otherwise.
1683 * Set up the incore security field for the new anonymous inode and return
1684 * whether the inode creation is permitted by the security module or not.
1686 * Return: Returns 0 on success, -EACCES if the security module denies the
2099 * existing Linux permission function, so a security module can use it to
2278 * Update inode security field after successful setxattr operation.
2376 * The @dentry's setuid bit is being removed. Remove similar security labels.
2389 * security_inode_getsecurity() - Get the xattr security label of an inode
2393 * @buffer: security label buffer
2396 * Retrieve a copy of the extended attribute representation of the security
2398 * remainder of the attribute name after the security prefix has been removed.
2426 * security_inode_setsecurity() - Set the xattr security label of an inode
2429 * @value: security label
2430 * @size: length of security label
2433 * Set the security label associated with @name for @inode from the extended
2436 * remainder of the attribute name after the security. prefix has been removed.
2461 * security_inode_listsecurity() - List the xattr security label names
2466 * Copy the extended attribute names for the security labels associated with
2522 * if the security module does not know about attribute, or a negative
2551 * Initialize the security context of a newly created kernfs node based on its
2568 * by various operations that read or write files. A security module can use
2596 * Allocate and attach a security structure to the file->f_security field. The
2597 * security field is initialized to NULL when the structure is first created.
2617 * Deallocate and free any security structures stored in file->f_security.
2641 * by the security module.
2784 * security module.
2797 * Save owner security information (typically from current->security) in
2816 * so the file structure (and associated security information) can always be
2831 * This hook allows security modules to control the ability of a process to
2908 kfree(task->security);
2909 task->security = NULL;
2939 * Deallocate and clear the cred->security field in a set of credentials.
2945 * may result in a call here with ->security being NULL.
2947 if (unlikely(cred->security == NULL))
2952 kfree(cred->security);
2953 cred->security = NULL;
2996 * Retrieve the security identifier of the cred structure @c. In case of
3254 * Retrieve the subjective security identifier of the current task and return
3269 * Retrieve the objective security identifier of the task_struct in @p and
3449 * security_task_to_inode() - Set the security attributes of a task's inode
3453 * Set the security attributes for an inode based on an associated task's
3454 * security attributes, e.g. for /proc/pid inodes.
3506 * Allocate and attach a security structure to the msg->security field. The
3507 * security field is initialized to NULL when the structure is first created.
3527 * Deallocate the security structure for this message.
3532 kfree(msg->security);
3533 msg->security = NULL;
3540 * Allocate and attach a security structure to @msg. The security field is
3561 * Deallocate security field @perm->security for the message queue.
3566 kfree(msq->security);
3567 msq->security = NULL;
3643 * Allocate and attach a security structure to the @shp security field. The
3644 * security field is initialized to NULL when the structure is first created.
3664 * Deallocate the security structure @perm->security for the memory segment.
3669 kfree(shp->security);
3670 shp->security = NULL;
3727 * Allocate and attach a security structure to the @sma security field. The
3728 * security field is initialized to NULL when the structure is first created.
3748 * Deallocate security structure @sma->security for the semaphore.
3753 kfree(sma->security);
3754 sma->security = NULL;
3811 * Fill in @inode security information for a @dentry if allowed.
3875 * Save security information for a netlink message so that permission checking
3876 * can be performed when the message is processed. The security information
3908 * Convert secid to security context. If @secdata is NULL the length of the
3940 * Convert security context to secid.
3956 * Release the security context.
3965 * security_inode_invalidate_secctx() - Invalidate an inode's security label
3968 * Notify the security module that it must revalidate the security context of
3978 * security_inode_notifysecctx() - Nofify the LSM of an inode's security label
3983 * Notify the security module of what the security context of an inode should
3984 * be. Initializes the incore security context managed by the security module
3986 * the security context in its incore inode to the value provided by the server
3999 * security_inode_setsecctx() - Change the security label of an inode
4004 * Change the security context of an inode. Updates the incore security
4005 * context managed by the security module and invokes the fs code as needed
4007 * context. Example usage: NFS server invokes this hook to change the security
4021 * security_inode_getsecctx() - Get the security label of an inode
4026 * On success, returns 0 and fills out @ctx and @ctxlen with the security
4037 * Only one module will provide a security context.
4163 * This hook allows a module to update or allocate a per-socket security
4164 * structure. Note that the security field was not added directly to the socket
4165 * structure, but rather, the socket security information is stored in the
4167 * and attach security information to SOCK_INODE(sock)->i_security. This hook
4391 * This hook allows the security module to provide peer socket security state
4406 * Only one module will provide a security context.
4424 * This hook allows the security module to provide peer socket security state
4427 * option via getsockopt. It can then retrieve the security state returned by
4439 * Only one module will provide a security context.
4457 * Allocate and attach a security structure to the sk->sk_security field, which
4458 * is used to copy security attributes between local stream sockets.
4471 * Deallocate security structure.
4483 * Clone/copy security structure.
4614 * @security: pointer to the LSM blob
4616 * This hook allows a module to allocate a security structure for a TUN device,
4617 * returning the pointer in @security.
4621 int security_tun_dev_alloc_security(void **security)
4623 return call_int_hook(tun_dev_alloc_security, 0, security);
4629 * @security: LSM blob
4631 * This hook allows a module to free the security structure for a TUN device.
4633 void security_tun_dev_free_security(void *security)
4635 call_void_hook(tun_dev_free_security, security);
4654 * @security: TUN device LSM blob
4660 int security_tun_dev_attach_queue(void *security)
4662 return call_int_hook(tun_dev_attach_queue, 0, security);
4669 * @security: TUN device LSM blob
4671 * This hook can be used by the module to update any security state associated
4676 int security_tun_dev_attach(struct sock *sk, void *security)
4678 return call_int_hook(tun_dev_attach, 0, sk, security);
4684 * @security: TUN device LSM blob
4686 * This hook can be used by the module to update any security state associated
4687 * with the TUN device's security structure.
4691 int security_tun_dev_open(void *security)
4693 return call_int_hook(tun_dev_open, 0, security);
4758 * security module.
4827 * Allocate a security structure for Infiniband objects.
4841 * Deallocate an Infiniband security structure.
4853 * @ctxp: xfrm security context being added to the SPD
4854 * @sec_ctx: security label provided by userspace
4857 * Allocate a security structure to the xp->security field; the security field
4872 * @old_ctx: xfrm security context
4873 * @new_ctxp: target xfrm security context
4875 * Allocate a security structure in new_ctxp that contains the information from
4887 * security_xfrm_policy_free() - Free a xfrm security context
4888 * @ctx: xfrm security context
4900 * @ctx: xfrm security context
4914 * @sec_ctx: security label provided by userspace
4916 * Allocate a security structure to the @x->security field; the security field
4932 * @polsec: associated policy's security context
4935 * Allocate a security structure to the x->security field; the security field
4951 * Authorize deletion of x->security.
4965 * Deallocate x->security.
4974 * @ctx: target xfrm security context
5028 * Decode the packet in @skb and return the security label in @secid.
5054 * Permit allocation of a key and assign security data. Note that key does not
5069 * Notification of destruction; free security data.
5093 * security_key_getsecurity() - Get the key's security label
5095 * @buffer: security label buffer
5097 * Get a textual representation of the security context attached to a key for
5103 * there is no security label assigned to the key.
5158 * @secid: security label
5183 * the kernel. The actual security module can implement their own rules to
5226 * Initialize the security field inside bpf map.
5239 * Initialize the security field inside bpf program.
5252 * Clean up the security information stored inside bpf map.
5263 * Clean up the security information stored inside bpf prog.
5305 * Allocate and save perf_event security info.
5318 * Release (free) perf_event security info.
5329 * Read perf_event security info if allowed.
5342 * Write perf_event security info if allowed.