Lines Matching +full:sig +full:- +full:dir
1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
28 #include <linux/backing-dev.h>
36 #define LSM_COUNT (__end_lsm_info - __start_lsm_info)
82 /* Boot-time LSM user choice */
101 if (!lsm->enabled) in is_enabled()
104 return *lsm->enabled; in is_enabled()
114 * a hard-coded location for storing the default enabled state. in set_enabled()
116 if (!lsm->enabled) { in set_enabled()
118 lsm->enabled = &lsm_enabled_true; in set_enabled()
120 lsm->enabled = &lsm_enabled_false; in set_enabled()
121 } else if (lsm->enabled == &lsm_enabled_true) { in set_enabled()
123 lsm->enabled = &lsm_enabled_false; in set_enabled()
124 } else if (lsm->enabled == &lsm_enabled_false) { in set_enabled()
126 lsm->enabled = &lsm_enabled_true; in set_enabled()
128 *lsm->enabled = enabled; in set_enabled()
156 if (!lsm->enabled) in append_ordered_lsm()
157 lsm->enabled = &lsm_enabled_true; in append_ordered_lsm()
160 init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, in append_ordered_lsm()
172 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { in lsm_allowed()
173 init_debug("exclusive disabled: %s\n", lsm->name); in lsm_allowed()
196 lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); in lsm_set_blob_sizes()
197 lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); in lsm_set_blob_sizes()
202 if (needed->lbs_inode && blob_sizes.lbs_inode == 0) in lsm_set_blob_sizes()
204 lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); in lsm_set_blob_sizes()
205 lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); in lsm_set_blob_sizes()
206 lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); in lsm_set_blob_sizes()
207 lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); in lsm_set_blob_sizes()
208 lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); in lsm_set_blob_sizes()
219 /* If enabled, do pre-initialization work. */ in prepare_lsm()
221 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { in prepare_lsm()
223 init_debug("exclusive chosen: %s\n", lsm->name); in prepare_lsm()
226 lsm_set_blob_sizes(lsm->blobs); in prepare_lsm()
236 init_debug("initializing %s\n", lsm->name); in initialize_lsm()
237 ret = lsm->init(); in initialize_lsm()
238 WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); in initialize_lsm()
242 /* Populate ordered LSMs list from comma-separated LSM name list. */
250 if (lsm->order == LSM_ORDER_FIRST) in ordered_lsm_parse()
262 * all non-matching Legacy Major LSMs. in ordered_lsm_parse()
266 if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && in ordered_lsm_parse()
267 strcmp(major->name, chosen_major_lsm) != 0) { in ordered_lsm_parse()
270 chosen_major_lsm, major->name); in ordered_lsm_parse()
282 if (lsm->order == LSM_ORDER_MUTABLE && in ordered_lsm_parse()
283 strcmp(lsm->name, name) == 0) { in ordered_lsm_parse()
298 if (strcmp(lsm->name, chosen_major_lsm) == 0) in ordered_lsm_parse()
308 init_debug("%s disabled: %s\n", origin, lsm->name); in ordered_lsm_parse()
358 lsm_early_cred((struct cred *) current->cred); in ordered_lsm_init()
377 if (!lsm->enabled) in early_security_init()
378 lsm->enabled = &lsm_enabled_true; in early_security_init()
387 * security_init - initializes the security framework
402 if (lsm->enabled) in security_init()
403 lsm_append(lsm->name, &lsm_names); in security_init()
458 return -ENOMEM; in lsm_append()
465 return -ENOMEM; in lsm_append()
473 * security_add_hooks - Add a modules hooks to the hook lists.
496 panic("%s - Cannot get early memory.\n", __func__); in security_add_hooks()
522 * lsm_cred_alloc - allocate a composite cred blob
528 * Returns 0, or -ENOMEM if memory can't be allocated.
533 cred->security = NULL; in lsm_cred_alloc()
537 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
538 if (cred->security == NULL) in lsm_cred_alloc()
539 return -ENOMEM; in lsm_cred_alloc()
544 * lsm_early_cred - during initialization allocate a composite cred blob
558 * lsm_file_alloc - allocate a composite file blob
563 * Returns 0, or -ENOMEM if memory can't be allocated.
568 file->f_security = NULL; in lsm_file_alloc()
572 file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); in lsm_file_alloc()
573 if (file->f_security == NULL) in lsm_file_alloc()
574 return -ENOMEM; in lsm_file_alloc()
579 * lsm_inode_alloc - allocate a composite inode blob
584 * Returns 0, or -ENOMEM if memory can't be allocated.
589 inode->i_security = NULL; in lsm_inode_alloc()
593 inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_NOFS); in lsm_inode_alloc()
594 if (inode->i_security == NULL) in lsm_inode_alloc()
595 return -ENOMEM; in lsm_inode_alloc()
600 * lsm_task_alloc - allocate a composite task blob
605 * Returns 0, or -ENOMEM if memory can't be allocated.
610 task->security = NULL; in lsm_task_alloc()
614 task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
615 if (task->security == NULL) in lsm_task_alloc()
616 return -ENOMEM; in lsm_task_alloc()
621 * lsm_ipc_alloc - allocate a composite ipc blob
626 * Returns 0, or -ENOMEM if memory can't be allocated.
631 kip->security = NULL; in lsm_ipc_alloc()
635 kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
636 if (kip->security == NULL) in lsm_ipc_alloc()
637 return -ENOMEM; in lsm_ipc_alloc()
642 * lsm_msg_msg_alloc - allocate a composite msg_msg blob
647 * Returns 0, or -ENOMEM if memory can't be allocated.
652 mp->security = NULL; in lsm_msg_msg_alloc()
656 mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL); in lsm_msg_msg_alloc()
657 if (mp->security == NULL) in lsm_msg_msg_alloc()
658 return -ENOMEM; in lsm_msg_msg_alloc()
663 * lsm_early_task - during initialization allocate a composite task blob
677 * lsm_superblock_alloc - allocate a composite superblock blob
682 * Returns 0, or -ENOMEM if memory can't be allocated.
687 sb->s_security = NULL; in lsm_superblock_alloc()
691 sb->s_security = kzalloc(blob_sizes.lbs_superblock, GFP_KERNEL); in lsm_superblock_alloc()
692 if (sb->s_security == NULL) in lsm_superblock_alloc()
693 return -ENOMEM; in lsm_superblock_alloc()
731 P->hook.FUNC(__VA_ARGS__); \
740 RC = P->hook.FUNC(__VA_ARGS__); \
843 rc = hp->hook.vm_enough_memory(mm, pages); in security_vm_enough_memory_mm()
889 return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param); in security_fs_context_parse_param()
912 kfree(sb->s_security); in security_sb_free()
913 sb->s_security = NULL; in security_sb_free()
982 mnt_opts ? -EOPNOTSUPP : 0, sb, in security_sb_set_mnt_opts()
1000 return call_int_hook(sb_add_mnt_opt, -EINVAL, in security_add_mnt_opt()
1046 * leave the current inode->i_security pointer intact. in security_inode_free()
1049 if (inode->i_security) in security_inode_free()
1050 call_rcu((struct rcu_head *)inode->i_security, in security_inode_free()
1058 return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, in security_dentry_init_security()
1072 int security_inode_init_security(struct inode *inode, struct inode *dir, in security_inode_init_security() argument
1084 return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, in security_inode_init_security()
1085 dir, qstr, NULL, NULL, NULL); in security_inode_init_security()
1088 ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, in security_inode_init_security()
1089 &lsm_xattr->name, in security_inode_init_security()
1090 &lsm_xattr->value, in security_inode_init_security()
1091 &lsm_xattr->value_len); in security_inode_init_security()
1101 for (xattr = new_xattrs; xattr->value != NULL; xattr++) in security_inode_init_security()
1102 kfree(xattr->value); in security_inode_init_security()
1103 return (ret == -EOPNOTSUPP) ? 0 : ret; in security_inode_init_security()
1115 int security_old_inode_init_security(struct inode *inode, struct inode *dir, in security_old_inode_init_security() argument
1120 return -EOPNOTSUPP; in security_old_inode_init_security()
1121 return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, in security_old_inode_init_security()
1127 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, in security_path_mknod() argument
1130 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mknod()
1132 return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); in security_path_mknod()
1136 int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) in security_path_mkdir() argument
1138 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_mkdir()
1140 return call_int_hook(path_mkdir, 0, dir, dentry, mode); in security_path_mkdir()
1144 int security_path_rmdir(const struct path *dir, struct dentry *dentry) in security_path_rmdir() argument
1146 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_rmdir()
1148 return call_int_hook(path_rmdir, 0, dir, dentry); in security_path_rmdir()
1151 int security_path_unlink(const struct path *dir, struct dentry *dentry) in security_path_unlink() argument
1153 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_unlink()
1155 return call_int_hook(path_unlink, 0, dir, dentry); in security_path_unlink()
1159 int security_path_symlink(const struct path *dir, struct dentry *dentry, in security_path_symlink() argument
1162 if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) in security_path_symlink()
1164 return call_int_hook(path_symlink, 0, dir, dentry, old_name); in security_path_symlink()
1197 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_truncate()
1204 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chmod()
1211 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_path_chown()
1222 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) in security_inode_create() argument
1224 if (unlikely(IS_PRIVATE(dir))) in security_inode_create()
1226 return call_int_hook(inode_create, 0, dir, dentry, mode); in security_inode_create()
1230 int security_inode_link(struct dentry *old_dentry, struct inode *dir, in security_inode_link() argument
1235 return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry); in security_inode_link()
1238 int security_inode_unlink(struct inode *dir, struct dentry *dentry) in security_inode_unlink() argument
1242 return call_int_hook(inode_unlink, 0, dir, dentry); in security_inode_unlink()
1245 int security_inode_symlink(struct inode *dir, struct dentry *dentry, in security_inode_symlink() argument
1248 if (unlikely(IS_PRIVATE(dir))) in security_inode_symlink()
1250 return call_int_hook(inode_symlink, 0, dir, dentry, old_name); in security_inode_symlink()
1253 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) in security_inode_mkdir() argument
1255 if (unlikely(IS_PRIVATE(dir))) in security_inode_mkdir()
1257 return call_int_hook(inode_mkdir, 0, dir, dentry, mode); in security_inode_mkdir()
1261 int security_inode_rmdir(struct inode *dir, struct dentry *dentry) in security_inode_rmdir() argument
1265 return call_int_hook(inode_rmdir, 0, dir, dentry); in security_inode_rmdir()
1268 int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) in security_inode_mknod() argument
1270 if (unlikely(IS_PRIVATE(dir))) in security_inode_mknod()
1272 return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev); in security_inode_mknod()
1331 if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) in security_inode_getattr()
1430 rc = hp->hook.inode_getsecurity(mnt_userns, inode, name, buffer, alloc); in security_inode_getsecurity()
1448 rc = hp->hook.inode_setsecurity(inode, name, value, size, in security_inode_setsecurity()
1482 * xattr), -EOPNOTSUPP if it does not know anything about the xattr or in security_inode_copy_up_xattr()
1487 rc = hp->hook.inode_copy_up_xattr(name); in security_inode_copy_up_xattr()
1531 blob = file->f_security; in security_file_free()
1533 file->f_security = NULL; in security_file_free()
1552 if (!(current->personality & READ_IMPLIES_EXEC)) in mmap_prot()
1563 if (!path_noexec(&file->f_path)) { in mmap_prot()
1565 if (file->f_op->mmap_capabilities) { in mmap_prot()
1566 unsigned caps = file->f_op->mmap_capabilities(file); in mmap_prot()
1620 struct fown_struct *fown, int sig) in security_file_send_sigiotask() argument
1622 return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig); in security_file_send_sigiotask()
1657 kfree(task->security); in security_task_free()
1658 task->security = NULL; in security_task_free()
1678 * may result in a call here with ->security being NULL. in security_cred_free()
1680 if (unlikely(cred->security == NULL)) in security_cred_free()
1685 kfree(cred->security); in security_cred_free()
1686 cred->security = NULL; in security_cred_free()
1867 int sig, const struct cred *cred) in security_task_kill() argument
1869 return call_int_hook(task_kill, 0, p, info, sig, cred); in security_task_kill()
1880 thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); in security_task_prctl()
1921 kfree(msg->security); in security_msg_msg_free()
1922 msg->security = NULL; in security_msg_msg_free()
1940 kfree(msq->security); in security_msg_queue_free()
1941 msq->security = NULL; in security_msg_queue_free()
1981 kfree(shp->security); in security_shm_free()
1982 shp->security = NULL; in security_shm_free()
2015 kfree(sma->security); in security_sem_free()
2016 sma->security = NULL; in security_sem_free()
2049 if (lsm != NULL && strcmp(lsm, hp->lsm)) in security_getprocattr()
2051 return hp->hook.getprocattr(p, name, value); in security_getprocattr()
2062 if (lsm != NULL && strcmp(lsm, hp->lsm)) in security_setprocattr()
2064 return hp->hook.setprocattr(name, value, size); in security_setprocattr()
2090 rc = hp->hook.secid_to_secctx(secid, secdata, seclen); in security_secid_to_secctx()
2132 return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); in security_inode_getsecctx()
2249 return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, in security_socket_getpeersec_stream()
2255 return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, in security_socket_getpeersec_dgram()
2278 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); in security_sk_classify_flow()
2493 rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic); in security_xfrm_state_pol_flow_match()
2506 int rc = call_int_hook(xfrm_decode_session, 0, skb, &flic->flowic_secid, in security_skb_classify_flow()