| /kernel/linux/linux-6.6/security/apparmor/include/ |
| H A D | mount.h | 28 int aa_remount(const struct cred *subj_cred,
32 int aa_bind_mount(const struct cred *subj_cred,
37 int aa_mount_change_type(const struct cred *subj_cred,
41 int aa_move_mount_old(const struct cred *subj_cred,
44 int aa_move_mount(const struct cred *subj_cred,
48 int aa_new_mount(const struct cred *subj_cred,
53 int aa_umount(const struct cred *subj_cred,
56 int aa_pivotroot(const struct cred *subj_cred,
|
| H A D | file.h | 123 int aa_path_perm(const char *op, const struct cred *subj_cred,
127 int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
131 int aa_file_perm(const char *op, const struct cred *subj_cred,
|
| H A D | net.h | 96 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
109 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
|
| H A D | ipc.h | 16 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
|
| H A D | resource.h | 36 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
|
| H A D | capability.h | 39 int aa_capable(const struct cred *subj_cred, struct aa_label *label,
|
| H A D | policy.h | 373 bool aa_policy_view_capable(const struct cred *subj_cred,
375 bool aa_policy_admin_capable(const struct cred *subj_cred,
377 int aa_may_manage_policy(const struct cred *subj_cred,
|
| H A D | audit.h | 112 const struct cred *subj_cred; member
|
| /kernel/linux/linux-6.6/security/apparmor/ |
| H A D | file.c | 48 kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid(); in file_audit_cb()
80 * @subj_cred: cred of the subject
94 int aa_audit_file(const struct cred *subj_cred, in aa_audit_file() argument
103 ad.subj_cred = subj_cred; in aa_audit_file()
160 static int path_name(const char *op, const struct cred *subj_cred, in path_name() argument
173 aa_audit_file(subj_cred, in path_name()
228 static int __aa_path_perm(const char *op, const struct cred *subj_cred, in __aa_path_perm() argument
243 return aa_audit_file(subj_cred, in __aa_path_perm()
249 profile_path_perm(const char *op, const struct cred *subj_cred, struct aa_profile *profile, const struct path *path, char *buffer, u32 request, struct path_cond *cond, int flags, struct aa_perms *perms) profile_path_perm() argument
282 aa_path_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, const struct path *path, int flags, u32 request, struct path_cond *cond) aa_path_perm() argument
326 profile_path_link(const struct cred *subj_cred, struct aa_profile *profile, const struct path *link, char *buffer, const struct path *target, char *buffer2, struct path_cond *cond) profile_path_link() argument
433 aa_path_link(const struct cred *subj_cred, struct aa_label *label, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) aa_path_link() argument
484 __file_path_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, struct aa_label *flabel, struct file *file, u32 request, u32 denied, bool in_atomic) __file_path_perm() argument
545 __file_sock_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, struct aa_label *flabel, struct file *file, u32 request, u32 denied) __file_sock_perm() argument
584 aa_file_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, struct file *file, u32 request, bool in_atomic) aa_file_perm() argument
633 revalidate_tty(const struct cred *subj_cred, struct aa_label *label) revalidate_tty() argument
[all...] |
| H A D | mount.c | 116 * @subj_cred: cred of the subject
132 static int audit_mount(const struct cred *subj_cred, in audit_mount() argument
171 ad.subj_cred = subj_cred; in audit_mount()
290 * @subj_cred: cred of confined subject
303 static int match_mnt_path_str(const struct cred *subj_cred, in match_mnt_path_str() argument
345 return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname, in match_mnt_path_str()
352 * @subj_cred: cred of the subject
365 static int match_mnt(const struct cred *subj_cred, in match_mnt() argument
390 return match_mnt_path_str(subj_cred, profil in match_mnt()
394 aa_remount(const struct cred *subj_cred, struct aa_label *label, const struct path *path, unsigned long flags, void *data) aa_remount() argument
420 aa_bind_mount(const struct cred *subj_cred, struct aa_label *label, const struct path *path, const char *dev_name, unsigned long flags) aa_bind_mount() argument
458 aa_mount_change_type(const struct cred *subj_cred, struct aa_label *label, const struct path *path, unsigned long flags) aa_mount_change_type() argument
485 aa_move_mount(const struct cred *subj_cred, struct aa_label *label, const struct path *from_path, const struct path *to_path) aa_move_mount() argument
517 aa_move_mount_old(const struct cred *subj_cred, struct aa_label *label, const struct path *path, const char *orig_name) aa_move_mount_old() argument
535 aa_new_mount(const struct cred *subj_cred, struct aa_label *label, const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) aa_new_mount() argument
601 profile_umount(const struct cred *subj_cred, struct aa_profile *profile, const struct path *path, char *buffer) profile_umount() argument
636 aa_umount(const struct cred *subj_cred, struct aa_label *label, struct vfsmount *mnt, int flags) aa_umount() argument
662 build_pivotroot(const struct cred *subj_cred, struct aa_profile *profile, const struct path *new_path, char *new_buffer, const struct path *old_path, char *old_buffer) build_pivotroot() argument
718 aa_pivotroot(const struct cred *subj_cred, struct aa_label *label, const struct path *old_path, const struct path *new_path) aa_pivotroot() argument
[all...] |
| H A D | resource.c | 46 * @subj_cred: cred setting the resource
56 static int audit_resource(const struct cred *subj_cred, in audit_resource() argument
64 ad.subj_cred = subj_cred; in audit_resource()
88 static int profile_setrlimit(const struct cred *subj_cred, in profile_setrlimit() argument
99 return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max, in profile_setrlimit()
105 * @subj_cred: cred setting the limit
115 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, in aa_task_setrlimit() argument
135 aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0) in aa_task_setrlimit()
137 audit_resource(subj_cred, profil in aa_task_setrlimit()
[all...] |
| H A D | domain.c | 629 static struct aa_label *profile_transition(const struct cred *subj_cred, in profile_transition() argument
720 aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, in profile_transition()
731 static int profile_onexec(const struct cred *subj_cred, in profile_onexec() argument
800 return aa_audit_file(subj_cred, profile, &perms, OP_EXEC, in profile_onexec()
807 static struct aa_label *handle_onexec(const struct cred *subj_cred, in handle_onexec() argument
825 profile_onexec(subj_cred, profile, onexec, stack, in handle_onexec()
831 profile_transition(subj_cred, profile, bprm, in handle_onexec()
838 profile_onexec(subj_cred, profile, onexec, stack, bprm, in handle_onexec()
845 profile_transition(subj_cred, profile, bprm, in handle_onexec()
855 aa_audit_file(subj_cred, profil in handle_onexec()
875 const struct cred *subj_cred; apparmor_bprm_creds_for_exec() local
1009 build_change_hat(const struct cred *subj_cred, struct aa_profile *profile, const char *name, bool sibling) build_change_hat() argument
1059 change_hat(const struct cred *subj_cred, struct aa_label *label, const char *hats[], int count, int flags) change_hat() argument
1177 const struct cred *subj_cred; aa_change_hat() local
1288 change_profile_perms_wrapper(const char *op, const char *name, const struct cred *subj_cred, struct aa_profile *profile, struct aa_label *target, bool stack, u32 request, struct aa_perms *perms) change_profile_perms_wrapper() argument
1334 const struct cred *subj_cred = get_current_cred(); aa_change_profile() local
[all...] |
| H A D | net.c | 138 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, in aa_af_perm() argument
149 static int aa_label_sk_perm(const struct cred *subj_cred, in aa_label_sk_perm() argument
164 ad.subj_cred = subj_cred; in aa_label_sk_perm()
189 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label, in aa_sock_file_perm() argument
196 return aa_label_sk_perm(subj_cred, label, op, request, sock->sk); in aa_sock_file_perm()
|
| H A D | capability.c | 152 int aa_capable(const struct cred *subj_cred, struct aa_label *label, in aa_capable() argument
159 ad.subj_cred = subj_cred; in aa_capable()
|
| H A D | ipc.c | 92 ad->subj_cred = cred; in profile_signal_perm()
103 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender, in aa_may_signal() argument
113 profile_signal_perm(subj_cred, profile, target, in aa_may_signal()
|
| H A D | policy.c | 765 static int policy_ns_capable(const struct cred *subj_cred, in policy_ns_capable() argument
772 err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE); in policy_ns_capable()
774 err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE); in policy_ns_capable()
781 * @subj_cred: cred of subject
790 bool aa_policy_view_capable(const struct cred *subj_cred, in aa_policy_view_capable() argument
793 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_view_capable()
810 bool aa_policy_admin_capable(const struct cred *subj_cred, in aa_policy_admin_capable() argument
813 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_admin_capable()
814 bool capable = policy_ns_capable(subj_cred, label, user_ns, in aa_policy_admin_capable()
820 return aa_policy_view_capable(subj_cred, labe in aa_policy_admin_capable()
857 aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label, struct aa_ns *ns, u32 mask) aa_may_manage_policy() argument
[all...] |
| H A D | task.c | 238 ad->subj_cred = cred; in profile_ptrace_perm()
|