Lines Matching +full:sig +full:- +full:dir +full:- +full:cmd
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
33 * union security_list_options - Linux Security Module hook function list
38 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
39 * properly for executing @bprm->file, update the LSM's portion of
40 * @bprm->cred->security to be what commit_creds needs to install for the
43 * The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
49 * privilege upon exec, update @bprm->cred to reflect that change.
56 * The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
58 * The hook must add to @bprm->per_clear any personality flags that
59 * should be cleared from current->personality.
64 * begin. It allows a check against the @bprm->cred->security value
73 * pointed to by @current->cred and the information set in @bprm->cred by
82 * have, by this point, been set to @current->cred. @bprm points to the
84 * changes on the process such as clearing out non-inheritable signal
91 * Allocate and attach a security structure to sc->security. This pointer
98 * should return 0; otherwise it should return -ENOPARAM to pass it on to
106 * Allocate and attach a security structure to the sb->s_security field.
115 * Deallocate and clear the sb->s_security field.
137 * @data contains the filesystem-specific data.
141 * so that the security module can extract security-specific mount
143 * This also allows the original mount data to be stripped of security-
158 * @data contains the filesystem-specific data.
216 * Allocate and attach a security structure to @inode->i_security. The
223 * Deallocate the inode security structure and set @inode->i_security to
235 * then it should return -EOPNOTSUPP to skip this processing.
237 * @dir contains the inode structure of the parent directory.
243 * -EOPNOTSUPP if no security attribute is needed, or
244 * -ENOMEM on memory allocation failure.
252 * Returns 0 on success, -EACCES if the security module denies the
253 * creation of this inode, or another -errno upon other errors.
256 * @dir contains inode structure of the parent of the new file.
264 * @dir contains the inode structure of the parent directory
278 * @dir contains the inode structure of parent directory of the file.
283 * @dir contains the path structure of parent directory of the file.
288 * @dir contains the inode structure of parent directory of
295 * @dir contains the path structure of parent directory of
302 * associated with inode structure @dir.
303 * @dir contains the inode structure of parent of the directory
311 * @dir contains the path structure of parent of the directory
318 * @dir contains the inode structure of parent of the directory
324 * @dir contains the path structure of parent of the directory to be
333 * @dir contains the inode structure of parent of the new file.
341 * @dir contains the path structure of parent of the new file.
388 * @inode contains the inode, which itself is not stable in RCU-walk
389 * @rcu indicates whether we are in RCU-walk mode.
464 * Called with the dentry->d_inode->i_mutex held.
487 * Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP if
520 * address the revalidation of permissions for memory-mapped files.
527 * Allocate and attach a security structure to the file->f_security field.
533 * Deallocate and free any security structures stored in file->f_security.
537 * @cmd contains the operation to perform.
566 * @cmd contains the posix-translated lock operation to perform
570 * Check permission before allowing the file operation specified by @cmd
576 * @cmd contains the operation to be performed.
580 * Save owner security information (typically from current->security) in
581 * file->f_security for later use by the send_sigiotask hook.
592 * @sig is the signal that will be sent. When 0, kernel sends SIGIO.
600 * Save open-time permission checking state for later use upon
609 * Handle allocation of task-related resources.
613 * Handle release of task-related resources. (Note that this can be called
622 * Deallocate and clear the cred->security field in a set of credentials.
660 * Load data provided by a non-file source (usually userspace buffer).
664 * @description a text description of what was loaded, @id-specific
690 * should be made to this rather than to @current->cred.
699 * should be made to this rather than to @current->cred.
755 * be examined by dereferencing (p->signal->rlim + resource).
775 * Check permission before sending signal @sig to @p. @info can be NULL,
783 * @sig contains the signal value.
795 * Return -ENOSYS if no-one wanted to handle this op, any other value to
852 * This hook allows a module to update or allocate a per-socket security
857 * SOCK_INODE(sock)->i_security. This hook may be used to update the
858 * SOCK_INODE(sock)->i_security field with additional information that
963 * state for udp sockets on a per-packet basis to userspace via
973 * Allocate and attach a security structure to the sk->sk_security field,
980 * Retrieve the LSM-specific secid for the sock to enable caching
1027 * Passes the @ep and @chunk->skb of the association INIT packet to
1066 * Returns 0 on success, non-zero on failure
1077 * the user-level policy update program (e.g., setkey).
1078 * Allocate a security structure to the xp->security field; the security
1090 * Deallocate xp->security.
1093 * Authorize deletion of xp->security.
1098 * the user-level SA generation program (e.g., setkey or racoon).
1099 * Allocate a security structure to the x->security field; the security
1109 * Allocate a security structure to the x->security field; the security
1115 * Deallocate x->security.
1118 * Authorize deletion of x->security.
1124 * @dir contains the direction of the flow (input or output).
1127 * per-socket policy or a generic xfrm policy.
1128 * Return 0 if permission is granted, -ESRCH otherwise, or -errno
1148 * Return 0 if permission is granted, -ve error otherwise.
1160 * Return 0 if permission is granted, -ve error otherwise.
1164 * allocates the storage for the NUL-terminated string and the caller
1169 * Return the length of the string (including terminating NUL) or -ve if
1189 * Allocate and attach a security structure to the msg->security field.
1202 * @perm->security field. The security field is initialized to
1207 * Deallocate security field @perm->security for the message queue.
1218 * Check permission when a message control operation specified by @cmd
1222 * @cmd contains the operation to be performed.
1246 * Allocate and attach a security structure to the @perm->security
1252 * Deallocate the security structure @perm->security for the memory segment.
1264 * @cmd is to be performed on the shared memory region with permissions @perm.
1267 * @cmd contains the operation to be performed.
1281 * Allocate and attach a security structure to the @perm->security
1287 * Deallocate security structure @perm->security for the semaphore.
1298 * Check permission when a semaphore operation specified by @cmd is to be
1302 * @cmd contains the operation to be performed.
1437 * -EINVAL in case of an invalid rule.
1452 * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
1470 * Must be called with inode->i_mutex locked.
1483 * Must be called with inode->i_mutex locked.
1501 * @cred: The event-triggerer's credentials
1515 * rules to check the specific cmd they need.
1622 LSM_ORDER_FIRST = -1, /* This is only for capabilities. */