Home
last modified time | relevance | path

Searched refs:subj_cred (Results 1 – 18 of 18) sorted by relevance

/linux-6.15/security/apparmor/include/
H A Dmount.h28 int aa_remount(const struct cred *subj_cred,
32 int aa_bind_mount(const struct cred *subj_cred,
37 int aa_mount_change_type(const struct cred *subj_cred,
41 int aa_move_mount_old(const struct cred *subj_cred,
44 int aa_move_mount(const struct cred *subj_cred,
48 int aa_new_mount(const struct cred *subj_cred,
53 int aa_umount(const struct cred *subj_cred,
56 int aa_pivotroot(const struct cred *subj_cred,
H A Dfile.h86 int aa_path_perm(const char *op, const struct cred *subj_cred,
90 int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
94 int aa_file_perm(const char *op, const struct cred *subj_cred,
H A Dnet.h99 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
112 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
H A Dpolicy.h389 bool aa_policy_view_capable(const struct cred *subj_cred,
391 bool aa_policy_admin_capable(const struct cred *subj_cred,
393 int aa_may_manage_policy(const struct cred *subj_cred,
H A Dipc.h16 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
H A Dcapability.h39 int aa_capable(const struct cred *subj_cred, struct aa_label *label,
H A Dresource.h36 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
H A Daudit.h116 const struct cred *subj_cred; member
/linux-6.15/security/apparmor/
H A Dfile.c48 kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid(); in file_audit_cb()
94 int aa_audit_file(const struct cred *subj_cred, in aa_audit_file() argument
103 ad.subj_cred = subj_cred; in aa_audit_file()
160 aa_audit_file(subj_cred, in path_name()
230 return aa_audit_file(subj_cred, in __aa_path_perm()
396 return aa_audit_file(subj_cred, in profile_path_link()
420 int aa_path_link(const struct cred *subj_cred, in aa_path_link() argument
499 profile_path_perm(op, subj_cred, profile, in __file_path_perm()
513 profile_path_perm(op, subj_cred, in __file_path_perm()
519 profile_path_perm(op, subj_cred, in __file_path_perm()
[all …]
H A Dmount.c134 static int audit_mount(const struct cred *subj_cred, in audit_mount() argument
173 ad.subj_cred = subj_cred; in audit_mount()
367 static int match_mnt(const struct cred *subj_cred, in match_mnt() argument
396 int aa_remount(const struct cred *subj_cred, in aa_remount() argument
414 match_mnt(subj_cred, profile, path, buffer, NULL, in aa_remount()
422 int aa_bind_mount(const struct cred *subj_cred, in aa_bind_mount() argument
487 int aa_move_mount(const struct cred *subj_cred, in aa_move_mount() argument
584 match_mnt(subj_cred, profile, path, buffer, in aa_new_mount()
589 match_mnt_path_str(subj_cred, profile, path, in aa_new_mount()
739 build_pivotroot(subj_cred, profile, new_path, in aa_pivotroot()
[all …]
H A Dresource.c56 static int audit_resource(const struct cred *subj_cred, in audit_resource() argument
64 ad.subj_cred = subj_cred; in audit_resource()
88 static int profile_setrlimit(const struct cred *subj_cred, in profile_setrlimit() argument
99 return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max, in profile_setrlimit()
115 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, in aa_task_setrlimit() argument
135 aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0) in aa_task_setrlimit()
137 audit_resource(subj_cred, profile, resource, in aa_task_setrlimit()
142 profile_setrlimit(subj_cred, profile, resource, in aa_task_setrlimit()
H A Ddomain.c839 profile_transition(subj_cred, profile, bprm, in handle_onexec()
866 const struct cred *subj_cred; in apparmor_bprm_creds_for_exec() local
879 subj_cred = current_cred(); in apparmor_bprm_creds_for_exec()
1168 const struct cred *subj_cred; in aa_change_hat() local
1177 subj_cred = get_current_cred(); in aa_change_hat()
1178 label = aa_get_newest_cred_label(subj_cred); in aa_change_hat()
1261 put_cred(subj_cred); in aa_change_hat()
1280 const struct cred *subj_cred, in change_profile_perms_wrapper() argument
1427 subj_cred, in aa_change_profile()
1498 aa_audit_file(subj_cred, in aa_change_profile()
[all …]
H A Dcapability.c97 if (ad->subj_cred == ent->ad_subj_cred && ktime_get_ns() <= ent->ktime_ns_expiration[cap]) { in audit_caps()
104 ent->ad_subj_cred = get_cred(ad->subj_cred); in audit_caps()
157 int aa_capable(const struct cred *subj_cred, struct aa_label *label, in aa_capable() argument
164 ad.subj_cred = subj_cred; in aa_capable()
H A Dnet.c138 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, in aa_af_perm() argument
149 static int aa_label_sk_perm(const struct cred *subj_cred, in aa_label_sk_perm() argument
164 ad.subj_cred = subj_cred; in aa_label_sk_perm()
189 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label, in aa_sock_file_perm() argument
196 return aa_label_sk_perm(subj_cred, label, op, request, sock->sk); in aa_sock_file_perm()
H A Dipc.c92 ad->subj_cred = cred; in profile_signal_perm()
103 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender, in aa_may_signal() argument
113 profile_signal_perm(subj_cred, profile, target, in aa_may_signal()
H A Dpolicy.c784 static int policy_ns_capable(const struct cred *subj_cred, in policy_ns_capable() argument
791 err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE); in policy_ns_capable()
793 err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE); in policy_ns_capable()
809 bool aa_policy_view_capable(const struct cred *subj_cred, in aa_policy_view_capable() argument
812 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_view_capable()
829 bool aa_policy_admin_capable(const struct cred *subj_cred, in aa_policy_admin_capable() argument
832 struct user_namespace *user_ns = subj_cred->user_ns; in aa_policy_admin_capable()
833 bool capable = policy_ns_capable(subj_cred, label, user_ns, in aa_policy_admin_capable()
839 return aa_policy_view_capable(subj_cred, label, ns) && capable && in aa_policy_admin_capable()
876 int aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label, in aa_may_manage_policy() argument
[all …]
H A Dtask.c235 ad->subj_cred = cred; in profile_ptrace_perm()
H A Dlsm.c1051 ad.subj_cred = current_cred(); in apparmor_userns_create()