ptrace.c - OpenGrok cross reference for /Linux-v6.1/security/landlock/ptrace.c

Lines Matching +full:parent +full:- +full:child
1 // SPDX-License-Identifier: GPL-2.0-only
3  * Landlock LSM - Ptrace hooks
5  * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
6  * Copyright © 2019-2020 ANSSI
24  * domain_scope_le - Checks domain ordering for scoped ptrace
26  * @parent: Parent domain.
27  * @child: Potential child of @parent.
29  * Checks if the @parent domain is less or equal to (i.e. an ancestor, which
30  * means a subset of) the @child domain.
32 static bool domain_scope_le(const struct landlock_ruleset *const parent,  in domain_scope_le()  argument
33 			    const struct landlock_ruleset *const child)  in domain_scope_le()  argument
37 	if (!parent)  in domain_scope_le()
39 	if (!child)  in domain_scope_le()
41 	for (walker = child->hierarchy; walker; walker = walker->parent) {  in domain_scope_le()
42 		if (walker == parent->hierarchy)  in domain_scope_le()
43 			/* @parent is in the scoped hierarchy of @child. */  in domain_scope_le()
46 	/* There is no relationship between @parent and @child. */  in domain_scope_le()
50 static bool task_is_scoped(const struct task_struct *const parent,  in task_is_scoped()  argument
51 			   const struct task_struct *const child)  in task_is_scoped()  argument
57 	dom_parent = landlock_get_task_domain(parent);  in task_is_scoped()
58 	dom_child = landlock_get_task_domain(child);  in task_is_scoped()
64 static int task_ptrace(const struct task_struct *const parent,  in task_ptrace()  argument
65 		       const struct task_struct *const child)  in task_ptrace()  argument
67 	/* Quick return for non-landlocked tasks. */  in task_ptrace()
68 	if (!landlocked(parent))  in task_ptrace()
70 	if (task_is_scoped(parent, child))  in task_ptrace()
72 	return -EPERM;  in task_ptrace()
76  * hook_ptrace_access_check - Determines whether the current process may access
79  * @child: Process to be accessed.
82  * If the current task has Landlock rules, then the child must have at least
86  * granted, -errno if denied.
88 static int hook_ptrace_access_check(struct task_struct *const child,  in hook_ptrace_access_check()  argument
91 	return task_ptrace(current, child);  in hook_ptrace_access_check()
95  * hook_ptrace_traceme - Determines whether another process may trace the
98  * @parent: Task proposed to be the tracer.
100  * If the parent has Landlock rules, then the current task must have the same
104  * process, returning 0 if permission is granted, -errno if denied.
106 static int hook_ptrace_traceme(struct task_struct *const parent)  in hook_ptrace_traceme()  argument
108 	return task_ptrace(parent, current);  in hook_ptrace_traceme()