| /security/apparmor/ |
| H A D | context.c | 24 * cred or task context but instead creates a new one. Ideally the task
33 * aa_alloc_task_context - allocate a new task_cxt
60 * @new: a blank task context (NOT NULL)
63 void aa_dup_task_context(struct aa_task_cxt *new, const struct aa_task_cxt *old) argument
65 *new = *old;
66 aa_get_profile(new->profile);
67 aa_get_profile(new->previous);
68 aa_get_profile(new->onexec);
90 * @profile: new profile (NOT NULL)
97 struct cred *new; local
135 struct cred *new = prepare_creds(); local
161 struct cred *new = prepare_creds(); local
199 struct cred *new = prepare_creds(); local
[all...] |
| H A D | policy.c | 268 * alloc_namespace - allocate, initialize and return a new namespace
370 * aa_prepare_namespace - find an existing or create a new namespace of @name
641 * aa_alloc_profile - allocate, initialize and return a new profile
675 * aa_new_null_profile - create a new null-X learning profile
686 * Returns: new refcounted profile else NULL on failure
783 * is used to load a new profile.
954 if (ent->new == profile)
956 if (strncmp(ent->new->base.hname, profile->base.hname, len) ==
957 0 && ent->new->base.hname[len] == 0)
958 return ent->new;
977 __replace_profile(struct aa_profile *old, struct aa_profile *new, bool share_replacedby) argument
[all...] |
| H A D | resource.c | 85 * @new_rlim - the new resource limit (NOT NULL)
117 * __aa_transition_rlimits - apply new profile rlimits
119 * @new: new profile with rlimits to apply (NOT NULL)
121 void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new) argument
141 /* set any new hard limits as dictated by the new profile */
142 if (!new->rlimits.mask)
145 if (!(new->rlimits.mask & mask))
150 new
[all...] |
| H A D | file.c | 157 * map_old_perms - map old file perms layout to the new layout
160 * Returns: new permission mapping
164 u32 new = old & 0xf; local
166 new |= AA_MAY_META_READ;
168 new |= AA_MAY_META_WRITE | AA_MAY_CREATE | AA_MAY_DELETE |
171 new |= AA_MAY_LINK;
176 new |= AA_MAY_LOCK | AA_LINK_SUBSET;
178 new |= AA_EXEC_MMAP;
180 return new;
199 /* FIXME: change over to new df
[all...] |
| H A D | policy_unpack.c | 84 * @new: profile if it has been allocated (MAYBE NULL)
92 static int audit_iface(struct aa_profile *new, const char *name, argument
102 aad.iface.target = new;
723 aa_put_profile(ent->new);
789 ent->new = profile;
|
| H A D | lsm.c | 70 * prepare new aa_task_cxt for modification by prepare_cred block
72 static int apparmor_cred_prepare(struct cred *new, const struct cred *old, argument
81 cred_cxt(new) = cxt;
88 static void apparmor_cred_transfer(struct cred *new, const struct cred *old) argument
91 struct aa_task_cxt *new_cxt = cred_cxt(new);
|
| /security/ |
| H A D | commoncap.c | 246 * @new: The proposed new credentials; alterations should be made here
248 * @effective: A pointer to the proposed new effective capabilities set
249 * @inheritable: A pointer to the proposed new inheritable capabilities set
250 * @permitted: A pointer to the proposed new permitted capabilities set
253 * process's capability sets. The changes are made to the proposed new
256 int cap_capset(struct cred *new, argument
272 /* no new pI capabilities outside bounding set */
275 /* verify restrictions on target's new Permitted set */
283 new
350 struct cred *new = bprm->cred; local
496 struct cred *new = bprm->cred; local
705 cap_emulate_setxuid(struct cred *new, const struct cred *old) argument
734 cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) argument
841 struct cred *new; local
871 struct cred *new; local
[all...] |
| H A D | security.c | 188 int security_capset(struct cred *new, const struct cred *old, argument
193 return security_ops->capset(new, old,
848 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) argument
850 return security_ops->cred_prepare(new, old, gfp);
853 void security_transfer_creds(struct cred *new, const struct cred *old) argument
855 security_ops->cred_transfer(new, old);
858 int security_kernel_act_as(struct cred *new, u32 secid) argument
860 return security_ops->kernel_act_as(new, secid);
863 int security_kernel_create_files_as(struct cred *new, struct inode *inode) argument
865 return security_ops->kernel_create_files_as(new, inod
894 security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) argument
[all...] |
| H A D | device_cgroup.c | 69 struct dev_exception_item *ex, *tmp, *new; local
74 new = kmemdup(ex, sizeof(*ex), GFP_KERNEL);
75 if (!new)
77 list_add_tail(&new->list, dest);
389 * verify_new_ex - verifies if a new exception is allowed by parent cgroup's permissions
391 * @refex: new exception
410 * new exception in the child doesn't matter, only
416 * new exception in the child will add more devices
433 * the new exception will add access to more devices and must
452 * when adding a new allo
[all...] |
| H A D | capability.c | 405 static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) argument
410 static void cap_cred_transfer(struct cred *new, const struct cred *old) argument
414 static int cap_kernel_act_as(struct cred *new, u32 secid) argument
419 static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) argument
|
| /security/keys/ |
| H A D | process_keys.c | 128 * Install a fresh thread keyring directly to new credentials. This keyring is
131 int install_thread_keyring_to_cred(struct cred *new) argument
135 keyring = keyring_alloc("_tid", new->uid, new->gid, new,
141 new->thread_keyring = keyring;
150 struct cred *new; local
153 new = prepare_creds();
154 if (!new)
157 BUG_ON(new
174 install_process_keyring_to_cred(struct cred *new) argument
200 struct cred *new; local
257 struct cred *new; local
756 struct cred *new; local
828 struct cred *new = container_of(twork, struct cred, rcu); local
[all...] |
| H A D | keyctl.c | 49 * Extract the description of a new key from userspace and either add it as a
50 * new key to the specified keyring or update a matching key in that keyring.
57 * If successful, the new key's serial number is returned, otherwise an error
479 * new key.
787 * If the UID is to be changed, the new user must have sufficient quota to
789 * the new user should the attribute be changed.
845 /* transfer the quota burden to the new user */
988 struct cred *new; local
990 new = prepare_creds();
991 if (!new)
1261 struct cred *new; local
[all...] |
| /security/apparmor/include/ |
| H A D | policy_unpack.h | 22 struct aa_profile *new;
|
| H A D | resource.h | 43 void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
|
| H A D | apparmorfs.h | 98 struct aa_profile *new);
|
| H A D | context.h | 80 void aa_dup_task_context(struct aa_task_cxt *new,
|
| H A D | policy.h | 361 struct aa_profile *new)
366 rcu_assign_pointer(orig->replacedby->profile, aa_get_profile(new));
360 __aa_update_replacedby(struct aa_profile *orig, struct aa_profile *new) argument
|
| /security/selinux/ |
| H A D | netif.c | 86 * sel_netif_insert - Insert a new interface into the table
87 * @netif: the new interface record
90 * Add a new interface record to the network interface hash table. Returns
140 struct sel_netif *new = NULL; local
161 new = kzalloc(sizeof(*new), GFP_ATOMIC);
162 if (new == NULL) {
166 ret = security_netif_sid(dev->name, &new->nsec.sid);
169 new->nsec.ns = ns;
170 new
[all...] |
| H A D | netnode.c | 149 * sel_netnode_insert - Insert a new node into the table
150 * @node: the new node record
153 * Add a new node record to the network address hash table.
204 struct sel_netnode *new = NULL; local
213 new = kzalloc(sizeof(*new), GFP_ATOMIC);
214 if (new == NULL)
220 new->nsec.addr.ipv4 = *(__be32 *)addr;
225 new->nsec.addr.ipv6 = *(struct in6_addr *)addr;
234 new
[all...] |
| H A D | netport.c | 108 * sel_netport_insert - Insert a new port into the table
109 * @port: the new port record
112 * Add a new port record to the network address hash table.
152 struct sel_netport *new = NULL; local
161 new = kzalloc(sizeof(*new), GFP_ATOMIC);
162 if (new == NULL)
168 new->psec.port = pnum;
169 new->psec.protocol = protocol;
170 new
[all...] |
| H A D | hooks.c | 837 struct superblock_security_struct *new = newsb->s_security; local
839 char newflags = new->flags & SE_MNTMASK;
843 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
845 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
847 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
2030 static int selinux_capset(struct cred *new, const struct cred *old, argument
2037 error = cap_capset(new, old,
2042 return cred_has_perm(old, new, PROCESS__SETCAP);
2130 * Check that a process has enough memory to allocate a new virtual
2380 * Prepare a process for imminent new credentia
3579 selinux_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) argument
3598 selinux_cred_transfer(struct cred *new, const struct cred *old) argument
3610 selinux_kernel_act_as(struct cred *new, u32 secid) argument
3633 selinux_kernel_create_files_as(struct cred *new, struct inode *inode) argument
5654 struct cred *new; local
[all...] |
| /security/selinux/ss/ |
| H A D | ebitmap.c | 51 struct ebitmap_node *n, *new, *prev; local
57 new = kzalloc(sizeof(*new), GFP_ATOMIC);
58 if (!new) {
62 new->startbit = n->startbit;
63 memcpy(new->maps, n->maps, EBITMAP_SIZE / 8);
64 new->next = NULL;
66 prev->next = new;
68 dst->node = new;
69 prev = new;
252 struct ebitmap_node *n, *prev, *new; local
[all...] |
| /security/tomoyo/ |
| H A D | tomoyo.c | 13 * @new: Pointer to "struct cred".
18 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) argument
20 new->security = NULL;
27 * @new: Pointer to "struct cred".
33 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, argument
37 new->security = domain;
46 * @new: Pointer to "struct cred".
49 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) argument
51 tomoyo_cred_prepare(new, old, 0);
|
| /security/smack/ |
| H A D | smack_lsm.c | 237 * Returns the new blob or NULL if there's no memory available
258 * Returns the new blob or NULL if there's no memory available
279 * @nhead - new rules header pointer
712 * smack_bprm_committing_creds - Prepare to install the new credentials
831 * @new_dentry: the new object
932 * @new_dentry: the new object
935 * new directories.
1685 * @new: the new credentials
1731 * smack_cred_prepare - prepare new se
1738 smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) argument
1764 smack_cred_transfer(struct cred *new, const struct cred *old) argument
1785 smack_kernel_act_as(struct cred *new, u32 secid) argument
1805 smack_kernel_create_files_as(struct cred *new, struct inode *inode) argument
3234 struct cred *new; local
[all...] |
| H A D | smackfs.c | 213 * during the allocation of the new pair to add.
253 * If this is a global as opposed to self and a new rule
1108 * @new : netlabel to insert
1115 static void smk_netlbladdr_insert(struct smk_netlbladdr *new) argument
1120 list_add_rcu(&new->list, &smk_netlbladdr_list);
1128 if (new->smk_mask.s_addr > m->smk_mask.s_addr) {
1129 list_add_rcu(&new->list, &smk_netlbladdr_list);
1135 list_add_rcu(&new->list, &m->list);
1140 if (new->smk_mask.s_addr > m_next->smk_mask.s_addr) {
1141 list_add_rcu(&new
[all...] |