Lines Matching +full:sig +full:- +full:dir +full:- +full:cmd
1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <[email protected]>
9 * Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
25 #include <linux/backing-dev.h>
101 /* Boot-time LSM user choice */
169 if (!lsm->enabled) in is_enabled()
172 return *lsm->enabled; in is_enabled()
182 * a hard-coded location for storing the default enabled state. in set_enabled()
184 if (!lsm->enabled) { in set_enabled()
186 lsm->enabled = &lsm_enabled_true; in set_enabled()
188 lsm->enabled = &lsm_enabled_false; in set_enabled()
189 } else if (lsm->enabled == &lsm_enabled_true) { in set_enabled()
191 lsm->enabled = &lsm_enabled_false; in set_enabled()
192 } else if (lsm->enabled == &lsm_enabled_false) { in set_enabled()
194 lsm->enabled = &lsm_enabled_true; in set_enabled()
196 *lsm->enabled = enabled; in set_enabled()
224 if (!lsm->enabled) in append_ordered_lsm()
225 lsm->enabled = &lsm_enabled_true; in append_ordered_lsm()
228 init_debug("%s ordered: %s (%s)\n", from, lsm->name, in append_ordered_lsm()
240 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { in lsm_allowed()
241 init_debug("exclusive disabled: %s\n", lsm->name); in lsm_allowed()
265 lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); in lsm_set_blob_sizes()
266 lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); in lsm_set_blob_sizes()
267 lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib); in lsm_set_blob_sizes()
272 if (needed->lbs_inode && blob_sizes.lbs_inode == 0) in lsm_set_blob_sizes()
274 lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); in lsm_set_blob_sizes()
275 lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); in lsm_set_blob_sizes()
276 lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key); in lsm_set_blob_sizes()
277 lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); in lsm_set_blob_sizes()
278 lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event); in lsm_set_blob_sizes()
279 lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); in lsm_set_blob_sizes()
280 lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); in lsm_set_blob_sizes()
281 lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); in lsm_set_blob_sizes()
282 lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev); in lsm_set_blob_sizes()
283 lsm_set_blob_size(&needed->lbs_xattr_count, in lsm_set_blob_sizes()
285 lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev); in lsm_set_blob_sizes()
296 /* If enabled, do pre-initialization work. */ in prepare_lsm()
298 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { in prepare_lsm()
300 init_debug("exclusive chosen: %s\n", lsm->name); in prepare_lsm()
303 lsm_set_blob_sizes(lsm->blobs); in prepare_lsm()
313 init_debug("initializing %s\n", lsm->name); in initialize_lsm()
314 ret = lsm->init(); in initialize_lsm()
315 WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); in initialize_lsm()
325 /* Populate ordered LSMs list from comma-separated LSM name list. */
333 if (lsm->order == LSM_ORDER_FIRST) in ordered_lsm_parse()
345 * all non-matching Legacy Major LSMs. in ordered_lsm_parse()
349 if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && in ordered_lsm_parse()
350 strcmp(major->name, chosen_major_lsm) != 0) { in ordered_lsm_parse()
353 chosen_major_lsm, major->name); in ordered_lsm_parse()
365 if (strcmp(lsm->name, name) == 0) { in ordered_lsm_parse()
366 if (lsm->order == LSM_ORDER_MUTABLE) in ordered_lsm_parse()
382 if (strcmp(lsm->name, chosen_major_lsm) == 0) in ordered_lsm_parse()
389 if (lsm->order == LSM_ORDER_LAST) in ordered_lsm_parse()
399 origin, lsm->name); in ordered_lsm_parse()
407 struct lsm_static_call *scall = hl->scalls; in lsm_static_call_init()
412 if (!scall->hl) { in lsm_static_call_init()
413 __static_call_update(scall->key, scall->trampoline, in lsm_static_call_init()
414 hl->hook.lsm_func_addr); in lsm_static_call_init()
415 scall->hl = hl; in lsm_static_call_init()
416 static_branch_enable(scall->active); in lsm_static_call_init()
421 panic("%s - Ran out of static slots.\n", __func__); in lsm_static_call_init()
440 pr_cont("%s%s", first++ == 0 ? "" : ",", early->name); in report_lsm_order()
443 pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name); in report_lsm_order()
496 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
507 if (!lsm->enabled) in early_security_init()
508 lsm->enabled = &lsm_enabled_true; in early_security_init()
517 * security_init - initializes the security framework
534 init_debug(" early started: %s (%s)\n", lsm->name, in security_init()
536 if (lsm->enabled) in security_init()
537 lsm_append(lsm->name, &lsm_names); in security_init()
592 return -ENOMEM; in lsm_append()
599 return -ENOMEM; in lsm_append()
607 * security_add_hooks - Add a modules hooks to the hook lists.
625 if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) { in security_add_hooks()
641 if (lsm_append(lsmid->name, &lsm_names) < 0) in security_add_hooks()
642 panic("%s - Cannot get early memory.\n", __func__); in security_add_hooks()
668 * lsm_blob_alloc - allocate a composite blob
675 * Returns 0, or -ENOMEM if memory can't be allocated.
686 return -ENOMEM; in lsm_blob_alloc()
691 * lsm_cred_alloc - allocate a composite cred blob
697 * Returns 0, or -ENOMEM if memory can't be allocated.
701 return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
705 * lsm_early_cred - during initialization allocate a composite cred blob
719 * lsm_file_alloc - allocate a composite file blob
724 * Returns 0, or -ENOMEM if memory can't be allocated.
729 file->f_security = NULL; in lsm_file_alloc()
733 file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); in lsm_file_alloc()
734 if (file->f_security == NULL) in lsm_file_alloc()
735 return -ENOMEM; in lsm_file_alloc()
740 * lsm_inode_alloc - allocate a composite inode blob
746 * Returns 0, or -ENOMEM if memory can't be allocated.
751 inode->i_security = NULL; in lsm_inode_alloc()
755 inode->i_security = kmem_cache_zalloc(lsm_inode_cache, gfp); in lsm_inode_alloc()
756 if (inode->i_security == NULL) in lsm_inode_alloc()
757 return -ENOMEM; in lsm_inode_alloc()
762 * lsm_task_alloc - allocate a composite task blob
767 * Returns 0, or -ENOMEM if memory can't be allocated.
771 return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
775 * lsm_ipc_alloc - allocate a composite ipc blob
780 * Returns 0, or -ENOMEM if memory can't be allocated.
784 return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
789 * lsm_key_alloc - allocate a composite key blob
794 * Returns 0, or -ENOMEM if memory can't be allocated.
798 return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL); in lsm_key_alloc()
803 * lsm_msg_msg_alloc - allocate a composite msg_msg blob
808 * Returns 0, or -ENOMEM if memory can't be allocated.
812 return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg, in lsm_msg_msg_alloc()
817 * lsm_bdev_alloc - allocate a composite block_device blob
822 * Returns 0, or -ENOMEM if memory can't be allocated.
827 bdev->bd_security = NULL; in lsm_bdev_alloc()
831 bdev->bd_security = kzalloc(blob_sizes.lbs_bdev, GFP_KERNEL); in lsm_bdev_alloc()
832 if (!bdev->bd_security) in lsm_bdev_alloc()
833 return -ENOMEM; in lsm_bdev_alloc()
839 * lsm_early_task - during initialization allocate a composite task blob
853 * lsm_superblock_alloc - allocate a composite superblock blob
858 * Returns 0, or -ENOMEM if memory can't be allocated.
862 return lsm_blob_alloc(&sb->s_security, blob_sizes.lbs_superblock, in lsm_superblock_alloc()
867 * lsm_fill_user_ctx - Fill a user space lsm_ctx structure
879 * Returns 0 on success, -E2BIG if userspace buffer is not large enough,
880 * -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
892 rc = -E2BIG; in lsm_fill_user_ctx()
896 /* no buffer - return success/0 and set @uctx_len to the req size */ in lsm_fill_user_ctx()
902 rc = -ENOMEM; in lsm_fill_user_ctx()
905 nctx->id = id; in lsm_fill_user_ctx()
906 nctx->flags = flags; in lsm_fill_user_ctx()
907 nctx->len = nctx_len; in lsm_fill_user_ctx()
908 nctx->ctx_len = val_len; in lsm_fill_user_ctx()
909 memcpy(nctx->ctx, val, val_len); in lsm_fill_user_ctx()
912 rc = -EFAULT; in lsm_fill_user_ctx()
982 scall - static_calls_table.NAME < MAX_LSM_COUNT; scall++) \
983 if (static_key_enabled(&scall->active->key))
988 * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
1001 * security_binder_transaction() - Check if a binder transaction is allowed
1016 * security_binder_transfer_binder() - Check if a binder transfer is allowed
1031 * security_binder_transfer_file() - Check if a binder file xfer is allowed
1047 * security_ptrace_access_check() - Check if tracing is allowed
1066 * security_ptrace_traceme() - Check if tracing is allowed
1081 * security_capget() - Get the capability sets for a process
1103 * security_capset() - Set the capability sets for a process
1125 * security_capable() - Check if a process has the necessary capability
1146 * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
1162 * security_quota_on() - Check if QUOTAON is allowed for a dentry
1175 * security_syslog() - Check if accessing the kernel message ring is allowed
1190 * security_settime64() - Check if changing the system time is allowed
1205 * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
1230 rc = scall->hl->hook.vm_enough_memory(mm, pages); in security_vm_enough_memory_mm()
1240 * security_bprm_creds_for_exec() - Prepare the credentials for exec()
1243 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
1244 * properly for executing @bprm->file, update the LSM's portion of
1245 * @bprm->cred->security to be what commit_creds needs to install for the new
1247 * transitions between security domains). The hook must set @bprm->secureexec
1251 * If execveat(2) is called with the AT_EXECVE_CHECK flag, bprm->is_check is
1255 * This hook must not change current->cred, only @bprm->cred.
1265 * security_bprm_creds_from_file() - Update linux_binprm creds based on file
1270 * exec, update @bprm->cred to reflect that change. This is called after
1275 * transitions between security domains). The hook must set @bprm->secureexec
1277 * hook must add to @bprm->per_clear any personality flags that should be
1278 * cleared from current->personality. @bprm contains the linux_binprm
1289 * security_bprm_check() - Mediate binary handler search
1293 * It allows a check against the @bprm->cred->security value which was set in
1306 * security_bprm_committing_creds() - Install creds for a process during exec()
1311 * by @current->cred and the information set in @bprm->cred by the
1323 * security_bprm_committed_creds() - Tidy up after cred install during exec()
1328 * point, been set to @current->cred. @bprm points to the linux_binprm
1330 * process such as clearing out non-inheritable signal state. This is called
1339 * security_fs_context_submount() - Initialise fc->security
1343 * Fill out the ->security field for a new fs_context.
1353 * security_fs_context_dup() - Duplicate a fs_context LSM blob
1357 * Allocate and attach a security structure to sc->security. This pointer is
1369 * security_fs_context_parse_param() - Configure a filesystem context
1377 * returned to the caller -ENOPARAM is returned, otherwise a negative
1385 int rc = -ENOPARAM; in security_fs_context_parse_param()
1388 trc = scall->hl->hook.fs_context_parse_param(fc, param); in security_fs_context_parse_param()
1391 else if (trc != -ENOPARAM) in security_fs_context_parse_param()
1398 * security_sb_alloc() - Allocate a super_block LSM blob
1401 * Allocate and attach a security structure to the sb->s_security field. The
1420 * security_sb_delete() - Release super_block LSM associated objects
1432 * security_sb_free() - Free a super_block LSM blob
1435 * Deallocate and clear the sb->s_security field. @sb contains the super_block
1441 kfree(sb->s_security); in security_sb_free()
1442 sb->s_security = NULL; in security_sb_free()
1446 * security_free_mnt_opts() - Free memory associated with mount options
1461 * security_sb_eat_lsm_opts() - Consume LSM mount options
1476 * security_sb_mnt_opts_compat() - Check if new mount options are allowed
1493 * security_sb_remount() - Verify no incompatible mount changes during remount
1510 * security_sb_kern_mount() - Check if a kernel mount is allowed
1523 * security_sb_show_options() - Output the mount options for a superblock
1537 * security_sb_statfs() - Check if accessing fs stats is allowed
1551 * security_sb_mount() - Check permission for mounting a filesystem
1574 * security_sb_umount() - Check permission for unmounting a filesystem
1588 * security_sb_pivotroot() - Check permissions for pivoting the rootfs
1603 * security_sb_set_mnt_opts() - Set the mount options for a filesystem
1619 int rc = mnt_opts ? -EOPNOTSUPP : LSM_RET_DEFAULT(sb_set_mnt_opts); in security_sb_set_mnt_opts()
1622 rc = scall->hl->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags, in security_sb_set_mnt_opts()
1632 * security_sb_clone_mnt_opts() - Duplicate superblock mount options
1653 * security_move_mount() - Check permissions for moving a mount
1668 * security_path_notify() - Check if setting a watch is allowed
1685 * security_inode_alloc() - Allocate an inode LSM blob
1689 * Allocate and attach a security structure to @inode->i_security. The
1715 * security_inode_free() - Free an inode's LSM blob
1725 * a call to security_inode_free(). For this reason the inode->i_security
1733 if (!inode->i_security) in security_inode_free()
1735 call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); in security_inode_free()
1739 * security_dentry_init_security() - Perform dentry initialization
1763 * security_dentry_create_files_as() - Perform dentry initialization
1787 * security_inode_init_security() - Initialize an inode's LSM context
1789 * @dir: parent directory
1803 * slot, the hook function should set ->name to the attribute name suffix
1804 * (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1805 * to the attribute value, to set ->value_len to the length of the value. If
1808 * -EOPNOTSUPP to skip this processing.
1813 int security_inode_init_security(struct inode *inode, struct inode *dir, in security_inode_init_security() argument
1819 int ret = -EOPNOTSUPP, xattr_count = 0; in security_inode_init_security()
1832 return -ENOMEM; in security_inode_init_security()
1836 ret = scall->hl->hook.inode_init_security(inode, dir, qstr, new_xattrs, in security_inode_init_security()
1838 if (ret && ret != -EOPNOTSUPP) in security_inode_init_security()
1841 * As documented in lsm_hooks.h, -EOPNOTSUPP in this context in security_inode_init_security()
1854 for (; xattr_count > 0; xattr_count--) in security_inode_init_security()
1855 kfree(new_xattrs[xattr_count - 1].value); in security_inode_init_security()
1857 return (ret == -EOPNOTSUPP) ? 0 : ret; in security_inode_init_security()
1862 * security_inode_init_security_anon() - Initialize an anonymous inode
1870 * Return: Returns 0 on success, -EACCES if the security module denies the
1871 * creation of this inode, or another -errno upon other errors.
1883 * security_path_mknod() - Check if creating a special file is allowed
1884 * @dir: parent directory
1894 int security_path_mknod(const struct path *dir, struct dentry *dentry, in security_path_mknod() argument
1897 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mknod()
1899 return call_int_hook(path_mknod, dir, dentry, mode, dev); in security_path_mknod()
1904 * security_path_post_mknod() - Update inode security after reg file creation
1918 * security_path_mkdir() - Check if creating a new directory is allowed
1919 * @dir: parent directory
1927 int security_path_mkdir(const struct path *dir, struct dentry *dentry, in security_path_mkdir() argument
1930 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mkdir()
1932 return call_int_hook(path_mkdir, dir, dentry, mode); in security_path_mkdir()
1937 * security_path_rmdir() - Check if removing a directory is allowed
1938 * @dir: parent directory
1945 int security_path_rmdir(const struct path *dir, struct dentry *dentry) in security_path_rmdir() argument
1947 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_rmdir()
1949 return call_int_hook(path_rmdir, dir, dentry); in security_path_rmdir()
1953 * security_path_unlink() - Check if removing a hard link is allowed
1954 * @dir: parent directory
1961 int security_path_unlink(const struct path *dir, struct dentry *dentry) in security_path_unlink() argument
1963 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_unlink()
1965 return call_int_hook(path_unlink, dir, dentry); in security_path_unlink()
1970 * security_path_symlink() - Check if creating a symbolic link is allowed
1971 * @dir: parent directory
1979 int security_path_symlink(const struct path *dir, struct dentry *dentry, in security_path_symlink() argument
1982 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_symlink()
1984 return call_int_hook(path_symlink, dir, dentry, old_name); in security_path_symlink()
1988 * security_path_link - Check if creating a hard link is allowed
2006 * security_path_rename() - Check if renaming a file is allowed
2032 * security_path_truncate() - Check if truncating a file is allowed
2043 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_truncate()
2049 * security_path_chmod() - Check if changing the file's mode is allowed
2061 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chmod()
2067 * security_path_chown() - Check if changing the file's owner/group is allowed
2078 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chown()
2084 * security_path_chroot() - Check if changing the root directory is allowed
2098 * security_inode_create() - Check if creating a file is allowed
2099 * @dir: the parent directory
2107 int security_inode_create(struct inode *dir, struct dentry *dentry, in security_inode_create() argument
2110 if (unlikely(IS_PRIVATE(dir))) in security_inode_create()
2112 return call_int_hook(inode_create, dir, dentry, mode); in security_inode_create()
2117 * security_inode_post_create_tmpfile() - Update inode security of new tmpfile
2132 * security_inode_link() - Check if creating a hard link is allowed
2134 * @dir: new parent directory
2141 int security_inode_link(struct dentry *old_dentry, struct inode *dir, in security_inode_link() argument
2146 return call_int_hook(inode_link, old_dentry, dir, new_dentry); in security_inode_link()
2150 * security_inode_unlink() - Check if removing a hard link is allowed
2151 * @dir: parent directory
2158 int security_inode_unlink(struct inode *dir, struct dentry *dentry) in security_inode_unlink() argument
2162 return call_int_hook(inode_unlink, dir, dentry); in security_inode_unlink()
2166 * security_inode_symlink() - Check if creating a symbolic link is allowed
2167 * @dir: parent directory
2175 int security_inode_symlink(struct inode *dir, struct dentry *dentry, in security_inode_symlink() argument
2178 if (unlikely(IS_PRIVATE(dir))) in security_inode_symlink()
2180 return call_int_hook(inode_symlink, dir, dentry, old_name); in security_inode_symlink()
2184 * security_inode_mkdir() - Check if creation a new director is allowed
2185 * @dir: parent directory
2190 * associated with inode structure @dir.
2194 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) in security_inode_mkdir() argument
2196 if (unlikely(IS_PRIVATE(dir))) in security_inode_mkdir()
2198 return call_int_hook(inode_mkdir, dir, dentry, mode); in security_inode_mkdir()
2203 * security_inode_rmdir() - Check if removing a directory is allowed
2204 * @dir: parent directory
2211 int security_inode_rmdir(struct inode *dir, struct dentry *dentry) in security_inode_rmdir() argument
2215 return call_int_hook(inode_rmdir, dir, dentry); in security_inode_rmdir()
2219 * security_inode_mknod() - Check if creating a special file is allowed
2220 * @dir: parent directory
2232 int security_inode_mknod(struct inode *dir, struct dentry *dentry, in security_inode_mknod() argument
2235 if (unlikely(IS_PRIVATE(dir))) in security_inode_mknod()
2237 return call_int_hook(inode_mknod, dir, dentry, mode, dev); in security_inode_mknod()
2241 * security_inode_rename() - Check if renaming a file is allowed
2273 * security_inode_readlink() - Check if reading a symbolic link is allowed
2288 * security_inode_follow_link() - Check if following a symbolic link is allowed
2291 * @rcu: true if in RCU-walk mode
2307 * security_inode_permission() - Check if accessing an inode is allowed
2328 * security_inode_setattr() - Check if setting file attributes is allowed
2350 * security_inode_post_setattr() - Update the inode after a setattr operation
2366 * security_inode_getattr() - Check if getting file attributes is allowed
2375 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_inode_getattr()
2381 * security_inode_setxattr() - Check if setting file xattrs is allowed
2427 * security_inode_set_acl() - Check if setting posix acls is allowed
2448 * security_inode_post_set_acl() - Update inode security from posix acls set
2465 * security_inode_get_acl() - Check if reading posix acls is allowed
2484 * security_inode_remove_acl() - Check if removing a posix acl is allowed
2503 * security_inode_post_remove_acl() - Update inode security after rm posix acls
2520 * security_inode_post_setxattr() - Update the inode after a setxattr operation
2538 * security_inode_getxattr() - Check if xattr access is allowed
2555 * security_inode_listxattr() - Check if listing xattrs is allowed
2571 * security_inode_removexattr() - Check if removing an xattr is allowed
2612 * security_inode_post_removexattr() - Update the inode after a removexattr op
2626 * security_inode_need_killpriv() - Check if security_inode_killpriv() required
2642 * security_inode_killpriv() - The setuid bit is removed, update LSM state
2647 * Called with the dentry->d_inode->i_mutex held.
2659 * security_inode_getsecurity() - Get the xattr security label of an inode
2686 * security_inode_setsecurity() - Set the xattr security label of an inode
2711 * security_inode_listsecurity() - List the xattr security label names
2733 * security_inode_getlsmprop() - Get an inode's LSM data
2745 * security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2746 * @src: union dentry of copy-up file
2763 * security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2764 * @src: union dentry of copy-up file
2771 * Return: Returns 0 to accept the xattr, -ECANCELED to discard the xattr,
2772 * -EOPNOTSUPP if the security module does not know about attribute,
2788 * security_inode_setintegrity() - Set the inode's integrity data
2808 * security_kernfs_init_security() - Init LSM context for a kernfs node
2824 * security_file_permission() - Check file permissions
2837 * memory-mapped files. Security modules must handle this separately if they
2848 * security_file_alloc() - Allocate and init a file's LSM blob
2851 * Allocate and attach a security structure to the file->f_security field. The
2869 * security_file_release() - Perform actions before releasing the file ref
2880 * security_file_free() - Free a file's LSM blob
2883 * Deallocate and free any security structures stored in file->f_security.
2891 blob = file->f_security; in security_file_free()
2893 file->f_security = NULL; in security_file_free()
2899 * security_file_ioctl() - Check if an ioctl is allowed
2901 * @cmd: ioctl cmd
2911 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) in security_file_ioctl() argument
2913 return call_int_hook(file_ioctl, file, cmd, arg); in security_file_ioctl()
2918 * security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2920 * @cmd: ioctl cmd
2923 * Compat version of security_file_ioctl() that correctly handles 32-bit
2924 * processes running on 64-bit kernels.
2928 int security_file_ioctl_compat(struct file *file, unsigned int cmd, in security_file_ioctl_compat() argument
2931 return call_int_hook(file_ioctl_compat, file, cmd, arg); in security_file_ioctl_compat()
2943 if (!(current->personality & READ_IMPLIES_EXEC)) in mmap_prot()
2954 if (!path_noexec(&file->f_path)) { in mmap_prot()
2956 if (file->f_op->mmap_capabilities) { in mmap_prot()
2957 unsigned caps = file->f_op->mmap_capabilities(file); in mmap_prot()
2969 * security_mmap_file() - Check if mmap'ing a file is allowed
2987 * security_mmap_addr() - Check if mmap'ing an address is allowed
3000 * security_file_mprotect() - Check if changing memory protections is allowed
3016 * security_file_lock() - Check if a file lock is allowed
3018 * @cmd: lock operation (e.g. F_RDLCK, F_WRLCK)
3025 int security_file_lock(struct file *file, unsigned int cmd) in security_file_lock() argument
3027 return call_int_hook(file_lock, file, cmd); in security_file_lock()
3031 * security_file_fcntl() - Check if fcntl() op is allowed
3033 * @cmd: fcntl command
3036 * Check permission before allowing the file operation specified by @cmd from
3044 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) in security_file_fcntl() argument
3046 return call_int_hook(file_fcntl, file, cmd, arg); in security_file_fcntl()
3050 * security_file_set_fowner() - Set the file owner info in the LSM blob
3053 * Save owner security information (typically from current->security) in
3054 * file->f_security for later use by the send_sigiotask hook.
3056 * This hook is called with file->f_owner.lock held.
3066 * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
3069 * @sig: signal to be sent, SIGIO is sent if 0
3080 struct fown_struct *fown, int sig) in security_file_send_sigiotask() argument
3082 return call_int_hook(file_send_sigiotask, tsk, fown, sig); in security_file_send_sigiotask()
3086 * security_file_receive() - Check if receiving a file via IPC is allowed
3100 * security_file_open() - Save open() time state for late use by the LSM
3103 * Save open-time permission checking state for later use upon file_permission,
3107 * directly or indirectly (e.g. ELF's ld.so) by checking file->f_flags &
3118 * security_file_post_open() - Evaluate a file after it has been opened
3135 * security_file_truncate() - Check if truncating a file is allowed
3150 * security_task_alloc() - Allocate a task's LSM blob
3154 * Handle allocation of task-related resources.
3171 * security_task_free() - Free a task's LSM blob and related resources
3174 * Handle release of task-related resources. Note that this can be called from
3181 kfree(task->security); in security_task_free()
3182 task->security = NULL; in security_task_free()
3186 * security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
3209 * security_cred_free() - Free the cred's LSM blob and associated resources
3212 * Deallocate and clear the cred->security field in a set of credentials.
3218 * may result in a call here with ->security being NULL. in security_cred_free()
3220 if (unlikely(cred->security == NULL)) in security_cred_free()
3225 kfree(cred->security); in security_cred_free()
3226 cred->security = NULL; in security_cred_free()
3230 * security_prepare_creds() - Prepare a new set of credentials
3253 * security_transfer_creds() - Transfer creds
3265 * security_cred_getsecid() - Get the secid from a set of credentials
3280 * security_cred_getlsmprop() - Get the LSM data from a set of credentials
3295 * security_kernel_act_as() - Set the kernel credentials to act as secid
3310 * security_kernel_create_files_as() - Set file creation context using an inode
3326 * security_kernel_module_request() - Check if loading a module is allowed
3340 * security_kernel_read_file() - Read a file specified by userspace
3357 * security_kernel_post_read_file() - Read a file specified by userspace
3377 * security_kernel_load_data() - Load data provided by userspace
3392 * security_kernel_post_load_data() - Load userspace data from a non-file source
3398 * Load data provided by a non-file source (usually userspace buffer). This
3414 * security_task_fix_setuid() - Update LSM with new user id attributes
3423 * rather than to @current->cred.
3434 * security_task_fix_setgid() - Update LSM with new group id attributes
3443 * @current->cred.
3454 * security_task_fix_setgroups() - Update LSM with new supplementary groups
3461 * @current->cred.
3471 * security_task_setpgid() - Check if setting the pgid is allowed
3486 * security_task_getpgid() - Check if getting the pgid is allowed
3500 * security_task_getsid() - Check if getting the session id is allowed
3513 * security_current_getlsmprop_subj() - Current task's subjective LSM data
3527 * security_task_getlsmprop_obj() - Get a task's objective LSM data
3542 * security_task_setnice() - Check if setting a task's nice value is allowed
3556 * security_task_setioprio() - Check if setting a task's ioprio is allowed
3570 * security_task_getioprio() - Check if getting a task's ioprio is allowed
3583 * security_task_prlimit() - Check if get/setting resources limits is allowed
3600 * security_task_setrlimit() - Check if setting a new rlimit value is allowed
3607 * dereferencing (p->signal->rlim + resource).
3618 * security_task_setscheduler() - Check if setting sched policy/param is allowed
3632 * security_task_getscheduler() - Check if getting scheduling info is allowed
3645 * security_task_movememory() - Check if moving memory is allowed
3658 * security_task_kill() - Check if sending a signal is allowed
3661 * @sig: signal value
3664 * Check permission before sending signal @sig to @p. @info can be NULL, the
3673 int sig, const struct cred *cred) in security_task_kill() argument
3675 return call_int_hook(task_kill, p, info, sig, cred); in security_task_kill()
3679 * security_task_prctl() - Check if a prctl op is allowed
3689 * Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3700 thisrc = scall->hl->hook.task_prctl(option, arg2, arg3, arg4, arg5); in security_task_prctl()
3711 * security_task_to_inode() - Set the security attributes of a task's inode
3724 * security_create_user_ns() - Check if creating a new userns is allowed
3737 * security_ipc_permission() - Check if sysv ipc access is allowed
3751 * security_ipc_getlsmprop() - Get the sysv ipc object LSM data
3765 * security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3768 * Allocate and attach a security structure to the msg->security field. The
3786 * security_msg_msg_free() - Free a sysv ipc message LSM blob
3794 kfree(msg->security); in security_msg_msg_free()
3795 msg->security = NULL; in security_msg_msg_free()
3799 * security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3820 * security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3823 * Deallocate security field @perm->security for the message queue.
3828 kfree(msq->security); in security_msg_queue_free()
3829 msq->security = NULL; in security_msg_queue_free()
3833 * security_msg_queue_associate() - Check if a msg queue operation is allowed
3849 * security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3851 * @cmd: operation
3853 * Check permission when a message control operation specified by @cmd is to be
3858 int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) in security_msg_queue_msgctl() argument
3860 return call_int_hook(msg_queue_msgctl, msq, cmd); in security_msg_queue_msgctl()
3864 * security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3881 * security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3902 * security_shm_alloc() - Allocate a sysv shm LSM blob
3923 * security_shm_free() - Free a sysv shm LSM blob
3926 * Deallocate the security structure @perm->security for the memory segment.
3931 kfree(shp->security); in security_shm_free()
3932 shp->security = NULL; in security_shm_free()
3936 * security_shm_associate() - Check if a sysv shm operation is allowed
3953 * security_shm_shmctl() - Check if a sysv shm operation is allowed
3955 * @cmd: operation
3957 * Check permission when a shared memory control operation specified by @cmd is
3962 int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) in security_shm_shmctl() argument
3964 return call_int_hook(shm_shmctl, shp, cmd); in security_shm_shmctl()
3968 * security_shm_shmat() - Check if a sysv shm attach operation is allowed
3986 * security_sem_alloc() - Allocate a sysv semaphore LSM blob
4007 * security_sem_free() - Free a sysv semaphore LSM blob
4010 * Deallocate security structure @sma->security for the semaphore.
4015 kfree(sma->security); in security_sem_free()
4016 sma->security = NULL; in security_sem_free()
4020 * security_sem_associate() - Check if a sysv semaphore operation is allowed
4036 * security_sem_semctl() - Check if a sysv semaphore operation is allowed
4038 * @cmd: operation
4040 * Check permission when a semaphore operation specified by @cmd is to be
4045 int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) in security_sem_semctl() argument
4047 return call_int_hook(sem_semctl, sma, cmd); in security_sem_semctl()
4051 * security_sem_semop() - Check if a sysv semaphore operation is allowed
4069 * security_d_instantiate() - Populate an inode's LSM state based on a dentry
4088 * security_getselfattr - Read an LSM attribute of the current process.
4090 * @uctx: the user-space destination for the information, or NULL
4101 * If @size is insufficient to contain the data -E2BIG is returned.
4118 return -EINVAL; in security_getselfattr()
4120 return -EINVAL; in security_getselfattr()
4122 return -EFAULT; in security_getselfattr()
4129 return -EINVAL; in security_getselfattr()
4131 return -EFAULT; in security_getselfattr()
4136 return -EINVAL; in security_getselfattr()
4145 if (single && lctx.id != scall->hl->lsmid->id) in security_getselfattr()
4150 rc = scall->hl->hook.getselfattr(attr, uctx, &entrysize, flags); in security_getselfattr()
4151 if (rc == -EOPNOTSUPP) in security_getselfattr()
4153 if (rc == -E2BIG) { in security_getselfattr()
4160 left -= entrysize; in security_getselfattr()
4168 return -EFAULT; in security_getselfattr()
4170 return -E2BIG; in security_getselfattr()
4181 * security_setselfattr - Set an LSM attribute on the current process.
4183 * @uctx: the user-space source for the information
4190 * Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT
4203 return -EINVAL; in security_setselfattr()
4205 return -EINVAL; in security_setselfattr()
4207 return -E2BIG; in security_setselfattr()
4213 if (size < lctx->len || in security_setselfattr()
4214 check_add_overflow(sizeof(*lctx), lctx->ctx_len, &required_len) || in security_setselfattr()
4215 lctx->len < required_len) { in security_setselfattr()
4216 rc = -EINVAL; in security_setselfattr()
4221 if ((scall->hl->lsmid->id) == lctx->id) { in security_setselfattr()
4222 rc = scall->hl->hook.setselfattr(attr, lctx, size, flags); in security_setselfattr()
4232 * security_getprocattr() - Read an attribute for a task
4248 if (lsmid != 0 && lsmid != scall->hl->lsmid->id) in security_getprocattr()
4250 return scall->hl->hook.getprocattr(p, name, value); in security_getprocattr()
4256 * security_setprocattr() - Set an attribute for a task
4272 if (lsmid != 0 && lsmid != scall->hl->lsmid->id) in security_setprocattr()
4274 return scall->hl->hook.setprocattr(name, value, size); in security_setprocattr()
4280 * security_netlink_send() - Save info and check if netlink sending is allowed
4298 * security_ismaclabel() - Check if the named attribute is a MAC label
4312 * security_secid_to_secctx() - Convert a secid to a secctx
4330 * security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
4348 * security_secctx_to_secid() - Convert a secctx to a secid
4365 * security_release_secctx() - Free a secctx buffer
4378 * security_inode_invalidate_secctx() - Invalidate an inode's security label
4391 * security_inode_notifysecctx() - Notify the LSM of an inode's security label
4401 * Must be called with inode->i_mutex locked.
4412 * security_inode_setsecctx() - Change the security label of an inode
4423 * inode->i_mutex locked.
4434 * security_inode_getsecctx() - Get the security label of an inode
4452 * security_post_notification() - Check if a watch notification can be posted
4471 * security_watch_key() - Check if a task is allowed to watch for key events
4487 * security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4515 * security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4541 * security_socket_create() - Check if creating a new socket is allowed
4557 * security_socket_post_create() - Initialize a newly created socket
4564 * This hook allows a module to update or allocate a per-socket security
4568 * and attach security information to SOCK_INODE(sock)->i_security. This hook
4569 * may be used to update the SOCK_INODE(sock)->i_security field with additional
4582 * security_socket_socketpair() - Check if creating a socketpair is allowed
4598 * security_socket_bind() - Check if a socket bind operation is allowed
4616 * security_socket_connect() - Check if a socket connect operation is allowed
4633 * security_socket_listen() - Check if a socket is allowed to listen
4647 * security_socket_accept() - Check if a socket is allowed to accept connections
4663 * security_socket_sendmsg() - Check if sending a message is allowed
4678 * security_socket_recvmsg() - Check if receiving a message is allowed
4695 * security_socket_getsockname() - Check if reading the socket addr is allowed
4709 * security_socket_getpeername() - Check if reading the peer's addr is allowed
4722 * security_socket_getsockopt() - Check if reading a socket option is allowed
4738 * security_socket_setsockopt() - Check if setting a socket option is allowed
4753 * security_socket_shutdown() - Checks if shutting down the socket is allowed
4768 * security_sock_rcv_skb() - Check if an incoming network packet is allowed
4786 * security_socket_getpeersec_stream() - Get the remote peer label
4808 * security_socket_getpeersec_dgram() - Get the remote peer label
4814 * for udp sockets on a per-packet basis to userspace via getsockopt
4829 * lsm_sock_alloc - allocate a composite sock blob
4835 * Returns 0, or -ENOMEM if memory can't be allocated.
4839 return lsm_blob_alloc(&sock->sk_security, blob_sizes.lbs_sock, gfp); in lsm_sock_alloc()
4843 * security_sk_alloc() - Allocate and initialize a sock's LSM blob
4848 * Allocate and attach a security structure to the sk->sk_security field, which
4866 * security_sk_free() - Free the sock's LSM blob
4874 kfree(sk->sk_security); in security_sk_free()
4875 sk->sk_security = NULL; in security_sk_free()
4879 * security_sk_clone() - Clone a sock's LSM state
4892 * security_sk_classify_flow() - Set a flow's secid based on socket
4900 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); in security_sk_classify_flow()
4905 * security_req_classify_flow() - Set a flow's secid based on request_sock
4919 * security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
4933 * security_inet_conn_request() - Set request_sock state using incoming connect
4950 * security_inet_csk_clone() - Set new sock LSM state based on request_sock
4963 * security_inet_conn_established() - Update sock's LSM state with connection
4977 * security_secmark_relabel_packet() - Check if setting a secmark is allowed
4991 * security_secmark_refcount_inc() - Increment the secmark labeling rule count
5002 * security_secmark_refcount_dec() - Decrement the secmark labeling rule count
5013 * security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
5039 * security_tun_dev_free_security() - Free a TUN device LSM blob
5051 * security_tun_dev_create() - Check if creating a TUN device is allowed
5064 * security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
5078 * security_tun_dev_attach() - Update TUN device LSM state on attach
5094 * security_tun_dev_open() - Update TUN device LSM state on open
5109 * security_sctp_assoc_request() - Update the LSM on a SCTP association req
5113 * Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
5125 * security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
5146 * security_sctp_sk_clone() - Clone a SCTP sock's LSM state
5163 * security_sctp_assoc_established() - Update LSM state when assoc established
5167 * Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
5180 * security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
5200 * security_ib_pkey_access() - Check if access to an IB pkey is allowed
5216 * security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
5233 * security_ib_alloc_security() - Allocate an Infiniband LSM blob
5238 * Return: Returns 0 on success, non-zero on failure.
5258 * security_ib_free_security() - Free an Infiniband LSM blob
5272 * security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
5277 * Allocate a security structure to the xp->security field; the security field
5291 * security_xfrm_policy_clone() - Clone xfrm policy LSM state
5307 * security_xfrm_policy_free() - Free a xfrm security context
5319 * security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
5332 * security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
5336 * Allocate a security structure to the @x->security field; the security field
5350 * security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
5355 * Allocate a security structure to the x->security field; the security field
5368 * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
5371 * Authorize deletion of x->security.
5382 * security_xfrm_state_free() - Free a xfrm state
5385 * Deallocate x->security.
5393 * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
5398 * packet. The hook is called when selecting either a per-socket policy or a
5401 * Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
5410 * security_xfrm_state_pol_flow_match() - Check for a xfrm match
5436 rc = scall->hl->hook.xfrm_state_pol_flow_match(x, xp, flic); in security_xfrm_state_pol_flow_match()
5443 * security_xfrm_decode_session() - Determine the xfrm secid for a packet
5458 int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid, in security_skb_classify_flow()
5468 * security_key_alloc() - Allocate and initialize a kernel key LSM blob
5476 * Return: Return 0 if permission is granted, -ve error otherwise.
5492 * security_key_free() - Free a kernel key LSM blob
5499 kfree(key->security); in security_key_free()
5500 key->security = NULL; in security_key_free()
5504 * security_key_permission() - Check if a kernel key operation is allowed
5511 * Return: Return 0 if permission is granted, -ve error otherwise.
5520 * security_key_getsecurity() - Get the key's security label
5526 * storage for the NUL-terminated string and the caller should free it.
5528 * Return: Returns the length of @buffer (including terminating NUL) or -ve if
5539 * security_key_post_create_or_update() - Notification of key create or update
5560 * security_audit_rule_init() - Allocate and init an LSM audit rule struct
5569 * Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5579 * security_audit_rule_known() - Check if an audit rule contains LSM fields
5593 * security_audit_rule_free() - Free an LSM audit rule struct
5605 * security_audit_rule_match() - Check if a label matches an audit rule
5614 * Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5626 * security_bpf() - Check if the bpf syscall operation is allowed
5627 * @cmd: command
5633 * check the specific cmd they need.
5637 int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) in security_bpf() argument
5639 return call_int_hook(bpf, cmd, attr, size); in security_bpf()
5643 * security_bpf_map() - Check if access to a bpf map is allowed
5658 * security_bpf_prog() - Check if access to a bpf program is allowed
5672 * security_bpf_map_create() - Check if BPF map creation is allowed
5689 * security_bpf_prog_load() - Check if loading of BPF program is allowed
5707 * security_bpf_token_create() - Check if creating of BPF token is allowed
5724 * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5727 * @cmd: BPF syscall command requested to be delegated by BPF token
5734 int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd) in security_bpf_token_cmd() argument
5736 return call_int_hook(bpf_token_cmd, token, cmd); in security_bpf_token_cmd()
5740 * security_bpf_token_capable() - Check if BPF token is allowed to delegate
5741 * requested BPF-related capability
5746 * delegation of requested BPF-related capabilities.
5756 * security_bpf_map_free() - Free a bpf map's LSM blob
5767 * security_bpf_prog_free() - Free a BPF program's LSM blob
5778 * security_bpf_token_free() - Free a BPF token's LSM blob
5790 * security_locked_down() - Check if a kernel feature is allowed
5805 * security_bdev_alloc() - Allocate a block device LSM blob
5808 * Allocate and attach a security structure to @bdev->bd_security. The
5831 * security_bdev_free() - Free a block device's LSM blob
5834 * Deallocate the bdev security structure and set @bdev->bd_security to NULL.
5838 if (!bdev->bd_security) in security_bdev_free()
5843 kfree(bdev->bd_security); in security_bdev_free()
5844 bdev->bd_security = NULL; in security_bdev_free()
5849 * security_bdev_setintegrity() - Set the device's integrity data
5858 * information is updated to keep these data current. For example, in dm-verity,
5859 * if the mapping table is reloaded and configured to use a different dm-verity
5861 * data in the LSM blob will become obsolete. It is crucial to re-invoke the
5863 * arises from the design of device-mapper, where a device-mapper device is
5885 * security_perf_event_open() - Check if a perf event open is allowed
5899 * security_perf_event_alloc() - Allocate a perf event LSM blob
5910 rc = lsm_blob_alloc(&event->security, blob_sizes.lbs_perf_event, in security_perf_event_alloc()
5917 kfree(event->security); in security_perf_event_alloc()
5918 event->security = NULL; in security_perf_event_alloc()
5924 * security_perf_event_free() - Free a perf event LSM blob
5931 kfree(event->security); in security_perf_event_free()
5932 event->security = NULL; in security_perf_event_free()
5936 * security_perf_event_read() - Check if reading a perf event label is allowed
5949 * security_perf_event_write() - Check if writing a perf event label is allowed
5964 * security_uring_override_creds() - Check if overriding creds is allowed
5978 * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5991 * security_uring_cmd() - Check if a io_uring passthrough command is allowed
6005 * security_initramfs_populated() - Notify LSMs that initramfs has been loaded