Lines Matching full:hook
33 * union security_list_options - Linux Security Module hook function list
41 * new program. This hook may also optionally check permissions
43 * The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
46 * Return 0 if the hook is successful and permission is granted.
54 * hook may also optionally check permissions (e.g. for transitions
56 * The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
58 * The hook must add to @bprm->per_clear any personality flags that
61 * Return 0 if the hook is successful and permission is granted.
63 * This hook mediates the point when a search for a binary handler will
66 * envp list are reliably available in @bprm. This hook may be called
69 * Return 0 if the hook is successful and permission is granted.
74 * the bprm_creds_for_exec hook. @bprm points to the linux_binprm
75 * structure. This hook is a good place to perform state changes on the
83 * linux_binprm structure. This hook is a good place to perform state
229 * This hook is called by the fs code as part of the inode creation
231 * the post_create/mkdir/... hooks called by the VFS. The hook function
332 * is being done for a regular file, then the create hook will be called
333 * and not this hook.
340 * Check permissions when creating a file. Note that this hook is called
394 * Check permission before accessing an inode. This hook is called by the
397 * Notice that this hook is called when a file is opened (as well as many
398 * other operations), whereas the file_security_ops permission hook is
492 * and writing the xattrs as this hook is merely a filter.
512 * Check file permissions before accessing an open file. This hook is
514 * module can use this hook to perform additional checking on these
516 * bracketing or policy changes. Notice that this hook is used when the
518 * inode_security_ops hook is called when a file is opened (as well as
520 * Caveat: Although this hook can be used to revalidate permissions for
533 * Return 0 if the hook is successful and permission is granted.
566 * Note the hook mediates both flock and fcntl style locks.
583 * file->f_security for later use by the send_sigiotask hook.
588 * process @tsk. Note that this hook is sometimes called from interrupt.
597 * This hook allows security modules to control the ability of a process
690 * indicates which of the set*uid system calls invoked this hook. If
699 * indicates which of the set*gid system calls invoked this hook.
786 * SIGIO signals are handled separately by the send_sigiotask hook in
863 * This hook allows a module to update or allocate a per-socket security
866 * in the associated inode. Typically, the inode alloc_security hook will
868 * SOCK_INODE(sock)->i_security. This hook may be used to update the
953 * Check permissions on incoming network packets. This hook is distinct
956 * Must not sleep inside this hook because some callers hold spinlocks.
960 * This hook allows the security module to provide peer socket security
973 * This hook allows the security module to provide peer socket security
977 * security state returned by this hook for a packet via the SCM_SECURITY
1012 * This hook allows a module to allocate a security structure for a TUN
1017 * This hook allows a module to free the security structure for a TUN
1026 * This hook can be used by the module to update any security state
1031 * This hook can be used by the module to update any security state
1142 * XFRMs on a packet. The hook is called when selecting either a
1227 * msgget system call. This hook is only called when returning the
1272 * shmget system call. This hook is only called when returning the shared
1307 * system call. This hook is only called when returning the semaphore
1354 * tracing check during an execve in the bprm_set_creds hook of
1368 * the @target process. The hook may also perform permission checking to
1483 * this hook to initialize the security context in its incore inode to the
1496 * this hook to change the security context in its incore inode and on the
1606 * Security module hook list structure.
1612 union security_list_options hook; member
1641 #define LSM_HOOK_INIT(HEAD, HOOK) \ argument
1642 { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }
1684 * module's hook list in a particular way, refusing to disable
1703 /* Currently required to handle SELinux runtime hook disable. */