Lines Matching full:security
2 * Linux Security Module interfaces
28 #include <linux/security.h>
33 * union security_list_options - Linux Security Module hook function list
35 * Security hooks for program execution operations.
38 * Save security information in the bprm->security field, typically based
41 * transitions between security domains).
44 * checking to see if @bprm->security is non-NULL. If so, then the hook
45 * may decide either to retain the security information saved earlier or
55 * begin. It allows a check the @bprm->security value which is set in the
63 * Prepare to install the new security attributes of a process being
72 * Tidy up after the installation of the new security attributes of a
79 * Security hooks for mount using fs_context.
83 * Allocate and attach a security structure to sc->security. This pointer
95 * Security hooks for filesystem operations.
98 * Allocate and attach a security structure to the sb->s_security field.
126 * so that the security module can extract security-specific mount
128 * This also allows the original mount data to be stripped of security-
131 * @copy copied data which will be passed to the security module.
134 * Extracts security system specific mount options and verifies no changes
151 * Set the security relevant mount options used for a superblock
152 * @sb the superblock to set security mount options for
155 * Copy all security options from a given superblock to another
159 * Parse a string of security data filling in the opts structure
186 * Security hooks for inode operations.
189 * Allocate and attach a security structure to @inode->i_security. The
196 * Deallocate the inode security structure and set @inode->i_security to
199 * Obtain the security attribute name suffix and value to set on a newly
200 * created inode and set up the incore security field for the new inode.
206 * If the security module does not use security attributes or does
207 * not wish to put a security attribute on this particular inode,
216 * -EOPNOTSUPP if no security attribute is needed, or
357 * existing Linux permission function, so a security module can use it to
386 * Update inode security field after successful setxattr operation.
402 * security label associated with @name for @inode via @buffer. Note that
403 * @name is the remainder of the attribute name after the security prefix
408 * Set the security label associated with @name for @inode from the
412 * security. prefix has been removed.
415 * Copy the extended attribute names for the security labels
427 * The setuid bit is being removed. Remove similar security labels.
439 * overlay filesystem. Security module can prepare a set of new creds
451 * security module does not know about attribute or a negative error code
455 * Security hooks for kernfs node operations
458 * Initialize the security context of a newly created kernfs node based
464 * Security hooks for file operations
468 * called by various operations that read or write files. A security
478 * Security modules must handle this separately if they need such
484 * Allocate and attach a security structure to the file->f_security field.
485 * The security field is initialized to NULL when the structure is first
490 * Deallocate and free any security structures stored in file->f_security.
499 * should never be used by the security module.
531 * never be used by the security module.
537 * Save owner security information (typically from current->security) in
545 * struct file, so the file structure (and associated security information)
552 * This hook allows security modules to control the ability of a process
561 * Security hooks for task operations.
579 * Deallocate and clear the cred->security field in a set of credentials.
590 * Retrieve the security identifier of the cred structure @c
596 * @secid specifies the security ID to be set
655 * Retrieve the security identifier of the process @p.
727 * Set the security attributes for an inode based on an associated task's
728 * security attributes, e.g. for /proc/pid inodes.
732 * Security hooks for Netlink messaging.
735 * Save security information for a netlink message so that permission
736 * checking can be performed when the message is processed. The security
745 * Security hooks for Unix domain networking.
771 * Security hooks for socket operations.
781 * This hook allows a module to update or allocate a per-socket security
782 * structure. Note that the security field was not added directly to the
783 * socket structure, but rather, the socket security information is stored
785 * allocate and and attach security information to
878 * This hook allows the security module to provide peer socket security
883 * @optval userspace memory where the security state is to be copied.
885 * of the security state.
891 * This hook allows the security module to provide peer socket security
895 * security state returned by this hook for a packet via the SCM_SECURITY
902 * Allocate and attach a security structure to the sk->sk_security field,
903 * which is used to copy security attributes between local stream sockets.
905 * Deallocate security structure.
907 * Clone/copy security structure.
930 * This hook allows a module to allocate a security structure for a TUN
932 * @security pointer to a security structure pointer.
935 * This hook allows a module to free the security structure for a TUN
937 * @security pointer to the TUN device's security structure
942 * @security pointer to the TUN device's security structure.
944 * This hook can be used by the module to update any security state
947 * @security pointer to the TUN device's security structure.
949 * This hook can be used by the module to update any security state
950 * associated with the TUN device's security structure.
951 * @security pointer to the TUN devices's security structure.
953 * Security hooks for SCTP
957 * the security module.
980 * Security hooks for Infiniband
986 * @sec pointer to a security structure.
991 * @sec pointer to a security structure.
993 * Allocate a security structure for Infiniband objects.
994 * @sec pointer to a security structure pointer.
997 * Deallocate an Infiniband security structure.
998 * @sec contains the security structure to be freed.
1000 * Security hooks for XFRM operations.
1003 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
1005 * @sec_ctx contains the security context information being provided by
1007 * Allocate a security structure to the xp->security field; the security
1014 * Allocate a security structure in new_ctxp that contains the
1019 * Deallocate xp->security.
1022 * Authorize deletion of xp->security.
1024 * @x contains the xfrm_state being added to the Security Association
1026 * @sec_ctx contains the security context information being provided by
1028 * Allocate a security structure to the x->security field; the security
1033 * @x contains the xfrm_state being added to the Security Association
1035 * @polsec contains the policy's security context.
1038 * Allocate a security structure to the x->security field; the security
1044 * Deallocate x->security.
1047 * Authorize deletion of x->security.
1051 * @fl_secid contains the flow security label that is used to authorize
1070 * Security hooks affecting all Key Management operations
1073 * Permit allocation of a key and assign security data. Note that key does
1079 * Notification of destruction; free security data.
1087 * evaluate the security data on the key.
1091 * Get a textual representation of the security context attached to a key
1102 * Security hooks affecting all System V IPC operations.
1115 * Security hooks for individual messages held in System V IPC message queues
1117 * Allocate and attach a security structure to the msg->security field.
1118 * The security field is initialized to NULL when the structure is first
1123 * Deallocate the security structure for this message.
1126 * Security hooks for System V IPC Message Queues
1129 * Allocate and attach a security structure to the
1130 * @perm->security field. The security field is initialized to
1135 * Deallocate security field @perm->security for the message queue.
1171 * Security hooks for System V Shared Memory Segments
1174 * Allocate and attach a security structure to the @perm->security
1175 * field. The security field is initialized to NULL when the structure is
1180 * Deallocate the security structure @perm->security for the memory segment.
1206 * Security hooks for System V Semaphores
1209 * Allocate and attach a security structure to the @perm->security
1210 * field. The security field is initialized to NULL when the structure is
1215 * Deallocate security structure @perm->security for the semaphore.
1264 * Security modules may also want to perform a process tracing check
1267 * binprm_security_ops if the process is being traced and its security
1303 * @opts contains options for the capable check <include/linux/security.h>
1332 * Convert secid to security context. If secdata is NULL the length of
1337 * @secid contains the security ID.
1338 * @secdata contains the pointer that stores the converted security
1342 * Convert security context to secid.
1343 * @secid contains the pointer to the generated security ID.
1344 * @secdata contains the security context.
1347 * Release the security context.
1348 * @secdata contains the security context.
1349 * @seclen contains the length of the security context.
1351 * Security hooks for Audit
1372 * @secid contains the security id in question.
1384 * Notify the security module that it must revalidate the security context
1388 * Notify the security module of what the security context of an inode
1389 * should be. Initializes the incore security context managed by the
1390 * security module for this inode. Example usage: NFS client invokes
1391 * this hook to initialize the security context in its incore inode to the
1395 * @inode we wish to set the security context of.
1400 * Change the security context of an inode. Updates the
1401 * incore security context managed by the security module and invokes the
1404 * this hook to change the security context in its incore inode and on the
1408 * @dentry contains the inode we wish to set the security context of.
1413 * On success, returns 0 and fills out @ctx and @ctxlen with the security
1415 * @inode we wish to get the security context of.
1416 * @ctx is a pointer in which to place the allocated security context.
1419 * Security hooks for using the eBPF maps and programs functionalities through
1424 * into the kernel. The actual security module can implement their own
1441 * Initialize the security field inside bpf map.
1444 * Clean up the security information stored inside bpf map.
1447 * Initialize the security field inside bpf program.
1450 * Clean up the security information stored inside bpf prog.
1546 /* Needed for inode based security check */
1747 int (*tun_dev_alloc_security)(void **security);
1748 void (*tun_dev_free_security)(void *security);
1750 int (*tun_dev_attach_queue)(void *security);
1751 int (*tun_dev_attach)(struct sock *sk, void *security);
1752 int (*tun_dev_open)(void *security);
1792 /* key management security hooks */
2066 * Security module hook list structure.
2077 * Security blob size or offset data.
2135 * Assuring the safety of deleting a security module is up to
2136 * the security module involved. This may entail ordering the