Lines Matching full:security
2 * Linux Security Module interfaces
28 #include <linux/security.h>
33 * union security_list_options - Linux Security Module hook function list
35 * Security hooks for program execution operations.
38 * If the setup in prepare_exec_creds did not setup @bprm->cred->security
40 * @bprm->cred->security to be what commit_creds needs to install for the
42 * (e.g. for transitions between security domains).
55 * between security domains).
64 * begin. It allows a check against the @bprm->cred->security value
71 * Prepare to install the new security attributes of a process being
80 * Tidy up after the installation of the new security attributes of a
87 * Security hooks for mount using fs_context.
91 * Allocate and attach a security structure to sc->security. This pointer
103 * Security hooks for filesystem operations.
106 * Allocate and attach a security structure to the sb->s_security field.
141 * so that the security module can extract security-specific mount
143 * This also allows the original mount data to be stripped of security-
146 * @copy copied data which will be passed to the security module.
155 * Extracts security system specific mount options and verifies no changes
176 * Set the security relevant mount options used for a superblock
177 * @sb the superblock to set security mount options for
180 * Copy all security options from a given superblock to another
184 * Parse a string of security data filling in the opts structure
197 * @xattr_name pointer to place the pointer to security xattr name.
214 * Security hooks for inode operations.
217 * Allocate and attach a security structure to @inode->i_security. The
224 * Deallocate the inode security structure and set @inode->i_security to
227 * Obtain the security attribute name suffix and value to set on a newly
228 * created inode and set up the incore security field for the new inode.
234 * If the security module does not use security attributes or does
235 * not wish to put a security attribute on this particular inode,
244 * -EOPNOTSUPP if no security attribute is needed, or
247 * Set up the incore security field for the new anonymous inode
248 * and return whether the inode creation is permitted by the security
253 * Returns 0 on success, -EACCES if the security module denies the
395 * existing Linux permission function, so a security module can use it to
424 * Update inode security field after successful setxattr operation.
440 * security label associated with @name for @inode via @buffer. Note that
441 * @name is the remainder of the attribute name after the security prefix
446 * Set the security label associated with @name for @inode from the
450 * security. prefix has been removed.
453 * Copy the extended attribute names for the security labels
465 * The setuid bit is being removed. Remove similar security labels.
478 * overlay filesystem. Security module can prepare a set of new creds
490 * security module does not know about attribute or a negative error code
494 * Fill in @inode security information for a @dentry if allowed.
500 * Security hooks for kernfs node operations
503 * Initialize the security context of a newly created kernfs node based
509 * Security hooks for file operations
513 * called by various operations that read or write files. A security
523 * Security modules must handle this separately if they need such
529 * Allocate and attach a security structure to the file->f_security field.
530 * The security field is initialized to NULL when the structure is first
535 * Deallocate and free any security structures stored in file->f_security.
544 * should never be used by the security module.
576 * never be used by the security module.
582 * Save owner security information (typically from current->security) in
590 * struct file, so the file structure (and associated security information)
597 * This hook allows security modules to control the ability of a process
606 * Security hooks for task operations.
624 * Deallocate and clear the cred->security field in a set of credentials.
635 * Retrieve the security identifier of the cred structure @c
641 * @secid specifies the security ID to be set
729 * Retrieve the subjective security identifier of the current task and
733 * Retrieve the objective security identifier of the task_struct in @p
805 * Set the security attributes for an inode based on an associated task's
806 * security attributes, e.g. for /proc/pid inodes.
814 * Security hooks for Netlink messaging.
817 * Save security information for a netlink message so that permission
818 * checking can be performed when the message is processed. The security
827 * Security hooks for Unix domain networking.
853 * Security hooks for socket operations.
863 * This hook allows a module to update or allocate a per-socket security
864 * structure. Note that the security field was not added directly to the
865 * socket structure, but rather, the socket security information is stored
867 * allocate and attach security information to
960 * This hook allows the security module to provide peer socket security
965 * @optval userspace memory where the security state is to be copied.
967 * of the security state.
973 * This hook allows the security module to provide peer socket security
977 * security state returned by this hook for a packet via the SCM_SECURITY
984 * Allocate and attach a security structure to the sk->sk_security field,
985 * which is used to copy security attributes between local stream sockets.
987 * Deallocate security structure.
989 * Clone/copy security structure.
1012 * This hook allows a module to allocate a security structure for a TUN
1014 * @security pointer to a security structure pointer.
1017 * This hook allows a module to free the security structure for a TUN
1019 * @security pointer to the TUN device's security structure
1024 * @security pointer to the TUN device's security structure.
1026 * This hook can be used by the module to update any security state
1029 * @security pointer to the TUN device's security structure.
1031 * This hook can be used by the module to update any security state
1032 * associated with the TUN device's security structure.
1033 * @security pointer to the TUN devices's security structure.
1035 * Security hooks for SCTP
1039 * the security module.
1063 * to the security module.
1067 * Security hooks for Infiniband
1073 * @sec pointer to a security structure.
1078 * @sec pointer to a security structure.
1080 * Allocate a security structure for Infiniband objects.
1081 * @sec pointer to a security structure pointer.
1084 * Deallocate an Infiniband security structure.
1085 * @sec contains the security structure to be freed.
1087 * Security hooks for XFRM operations.
1090 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
1092 * @sec_ctx contains the security context information being provided by
1094 * Allocate a security structure to the xp->security field; the security
1101 * Allocate a security structure in new_ctxp that contains the
1106 * Deallocate xp->security.
1109 * Authorize deletion of xp->security.
1111 * @x contains the xfrm_state being added to the Security Association
1113 * @sec_ctx contains the security context information being provided by
1115 * Allocate a security structure to the x->security field; the security
1120 * @x contains the xfrm_state being added to the Security Association
1122 * @polsec contains the policy's security context.
1125 * Allocate a security structure to the x->security field; the security
1131 * Deallocate x->security.
1134 * Authorize deletion of x->security.
1138 * @fl_secid contains the flow security label that is used to authorize
1157 * Security hooks affecting all Key Management operations
1160 * Permit allocation of a key and assign security data. Note that key does
1166 * Notification of destruction; free security data.
1174 * evaluate the security data on the key.
1178 * Get a textual representation of the security context attached to a key
1189 * Security hooks affecting all System V IPC operations.
1202 * Security hooks for individual messages held in System V IPC message queues
1205 * Allocate and attach a security structure to the msg->security field.
1206 * The security field is initialized to NULL when the structure is first
1211 * Deallocate the security structure for this message.
1214 * Security hooks for System V IPC Message Queues
1217 * Allocate and attach a security structure to the
1218 * @perm->security field. The security field is initialized to
1223 * Deallocate security field @perm->security for the message queue.
1259 * Security hooks for System V Shared Memory Segments
1262 * Allocate and attach a security structure to the @perm->security
1263 * field. The security field is initialized to NULL when the structure is
1268 * Deallocate the security structure @perm->security for the memory segment.
1294 * Security hooks for System V Semaphores
1297 * Allocate and attach a security structure to the @perm->security
1298 * field. The security field is initialized to NULL when the structure is
1303 * Deallocate security structure @perm->security for the semaphore.
1352 * Security modules may also want to perform a process tracing check
1355 * binprm_security_ops if the process is being traced and its security
1391 * @opts contains options for the capable check <include/linux/security.h>
1424 * Convert secid to security context. If secdata is NULL the length of
1429 * @secid contains the security ID.
1430 * @secdata contains the pointer that stores the converted security
1434 * Convert security context to secid.
1435 * @secid contains the pointer to the generated security ID.
1436 * @secdata contains the security context.
1439 * Release the security context.
1440 * @secdata contains the security context.
1441 * @seclen contains the length of the security context.
1443 * Security hooks for Audit
1464 * @secid contains the security id in question.
1476 * Notify the security module that it must revalidate the security context
1480 * Notify the security module of what the security context of an inode
1481 * should be. Initializes the incore security context managed by the
1482 * security module for this inode. Example usage: NFS client invokes
1483 * this hook to initialize the security context in its incore inode to the
1487 * @inode we wish to set the security context of.
1492 * Change the security context of an inode. Updates the
1493 * incore security context managed by the security module and invokes the
1496 * this hook to change the security context in its incore inode and on the
1500 * @dentry contains the inode we wish to set the security context of.
1505 * On success, returns 0 and fills out @ctx and @ctxlen with the security
1507 * @inode we wish to get the security context of.
1508 * @ctx is a pointer in which to place the allocated security context.
1511 * Security hooks for the general notification queue:
1525 * Security hooks for using the eBPF maps and programs functionalities through
1530 * into the kernel. The actual security module can implement their own
1547 * Initialize the security field inside bpf map.
1550 * Clean up the security information stored inside bpf map.
1553 * Initialize the security field inside bpf program.
1556 * Clean up the security information stored inside bpf prog.
1564 * Security hooks for perf events
1569 * Allocate and save perf_event security info.
1571 * Release (free) perf_event security info.
1573 * Read perf_event security info if allowed.
1575 * Write perf_event security info if allowed.
1577 * Security hooks for io_uring
1606 * Security module hook list structure.
1617 * Security blob size or offset data.
1682 * Assuring the safety of deleting a security module is up to
1683 * the security module involved. This may entail ordering the