/linux-master/security/apparmor/include/ |
H A D | mount.h | 28 int aa_remount(const struct cred *subj_cred, 32 int aa_bind_mount(const struct cred *subj_cred, 37 int aa_mount_change_type(const struct cred *subj_cred, 41 int aa_move_mount_old(const struct cred *subj_cred, 44 int aa_move_mount(const struct cred *subj_cred, 48 int aa_new_mount(const struct cred *subj_cred, 53 int aa_umount(const struct cred *subj_cred, 56 int aa_pivotroot(const struct cred *subj_cred,
|
H A D | ipc.h | 16 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
|
H A D | capability.h | 39 int aa_capable(const struct cred *subj_cred, struct aa_label *label,
|
H A D | resource.h | 36 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
|
H A D | file.h | 86 int aa_path_perm(const char *op, const struct cred *subj_cred, 90 int aa_path_link(const struct cred *subj_cred, struct aa_label *label, 94 int aa_file_perm(const char *op, const struct cred *subj_cred,
|
H A D | net.h | 100 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, 113 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
|
H A D | policy.h | 390 bool aa_policy_view_capable(const struct cred *subj_cred, 392 bool aa_policy_admin_capable(const struct cred *subj_cred, 394 int aa_may_manage_policy(const struct cred *subj_cred,
|
H A D | audit.h | 116 const struct cred *subj_cred; member in struct:apparmor_audit_data
|
/linux-master/security/apparmor/ |
H A D | resource.c | 46 * @subj_cred: cred setting the resource 56 static int audit_resource(const struct cred *subj_cred, argument 64 ad.subj_cred = subj_cred; 88 static int profile_setrlimit(const struct cred *subj_cred, argument 99 return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max, 105 * @subj_cred: cred setting the limit 115 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, argument 135 aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0) 137 audit_resource(subj_cred, profil [all...] |
H A D | file.c | 48 kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid(); 80 * @subj_cred: cred of the subject 94 int aa_audit_file(const struct cred *subj_cred, argument 103 ad.subj_cred = subj_cred; 160 static int path_name(const char *op, const struct cred *subj_cred, argument 173 aa_audit_file(subj_cred, 228 static int __aa_path_perm(const char *op, const struct cred *subj_cred, argument 243 return aa_audit_file(subj_cred, 249 profile_path_perm(const char *op, const struct cred *subj_cred, struct aa_profile *profile, const struct path *path, char *buffer, u32 request, struct path_cond *cond, int flags, struct aa_perms *perms) argument 282 aa_path_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, const struct path *path, int flags, u32 request, struct path_cond *cond) argument 326 profile_path_link(const struct cred *subj_cred, struct aa_profile *profile, const struct path *link, char *buffer, const struct path *target, char *buffer2, struct path_cond *cond) argument 433 aa_path_link(const struct cred *subj_cred, struct aa_label *label, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) argument 484 __file_path_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, struct aa_label *flabel, struct file *file, u32 request, u32 denied, bool in_atomic) argument 545 __file_sock_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, struct aa_label *flabel, struct file *file, u32 request, u32 denied) argument 584 aa_file_perm(const char *op, const struct cred *subj_cred, struct aa_label *label, struct file *file, u32 request, bool in_atomic) argument 633 revalidate_tty(const struct cred *subj_cred, struct aa_label *label) argument [all...] |
H A D | mount.c | 116 * @subj_cred: cred of the subject 132 static int audit_mount(const struct cred *subj_cred, argument 171 ad.subj_cred = subj_cred; 290 * @subj_cred: cred of confined subject 303 static int match_mnt_path_str(const struct cred *subj_cred, argument 345 return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname, 352 * @subj_cred: cred of the subject 365 static int match_mnt(const struct cred *subj_cred, argument 390 return match_mnt_path_str(subj_cred, profil 394 aa_remount(const struct cred *subj_cred, struct aa_label *label, const struct path *path, unsigned long flags, void *data) argument 420 aa_bind_mount(const struct cred *subj_cred, struct aa_label *label, const struct path *path, const char *dev_name, unsigned long flags) argument 458 aa_mount_change_type(const struct cred *subj_cred, struct aa_label *label, const struct path *path, unsigned long flags) argument 485 aa_move_mount(const struct cred *subj_cred, struct aa_label *label, const struct path *from_path, const struct path *to_path) argument 517 aa_move_mount_old(const struct cred *subj_cred, struct aa_label *label, const struct path *path, const char *orig_name) argument 535 aa_new_mount(const struct cred *subj_cred, struct aa_label *label, const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) argument 601 profile_umount(const struct cred *subj_cred, struct aa_profile *profile, const struct path *path, char *buffer) argument 636 aa_umount(const struct cred *subj_cred, struct aa_label *label, struct vfsmount *mnt, int flags) argument 662 build_pivotroot(const struct cred *subj_cred, struct aa_profile *profile, const struct path *new_path, char *new_buffer, const struct path *old_path, char *old_buffer) argument 718 aa_pivotroot(const struct cred *subj_cred, struct aa_label *label, const struct path *old_path, const struct path *new_path) argument [all...] |
H A D | capability.c | 143 * @subj_cred: cred we are testing capability against 152 int aa_capable(const struct cred *subj_cred, struct aa_label *label, argument 159 ad.subj_cred = subj_cred;
|
H A D | ipc.c | 92 ad->subj_cred = cred; 103 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender, argument 113 profile_signal_perm(subj_cred, profile, target,
|
H A D | domain.c | 631 static struct aa_label *profile_transition(const struct cred *subj_cred, argument 722 aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, 733 static int profile_onexec(const struct cred *subj_cred, argument 802 return aa_audit_file(subj_cred, profile, &perms, OP_EXEC, 809 static struct aa_label *handle_onexec(const struct cred *subj_cred, argument 827 profile_onexec(subj_cred, profile, onexec, stack, 833 profile_transition(subj_cred, profile, bprm, 840 profile_onexec(subj_cred, profile, onexec, stack, bprm, 847 profile_transition(subj_cred, profile, bprm, 857 aa_audit_file(subj_cred, profil 877 const struct cred *subj_cred; local 1011 build_change_hat(const struct cred *subj_cred, struct aa_profile *profile, const char *name, bool sibling) argument 1061 change_hat(const struct cred *subj_cred, struct aa_label *label, const char *hats[], int count, int flags) argument 1179 const struct cred *subj_cred; local 1290 change_profile_perms_wrapper(const char *op, const char *name, const struct cred *subj_cred, struct aa_profile *profile, struct aa_label *target, bool stack, u32 request, struct aa_perms *perms) argument 1338 const struct cred *subj_cred = get_current_cred(); local [all...] |
H A D | net.c | 138 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, argument 149 static int aa_label_sk_perm(const struct cred *subj_cred, argument 164 ad.subj_cred = subj_cred; 189 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label, argument 196 return aa_label_sk_perm(subj_cred, label, op, request, sock->sk);
|
H A D | policy.c | 789 static int policy_ns_capable(const struct cred *subj_cred, argument 796 err = cap_capable(subj_cred, userns, cap, CAP_OPT_NONE); 798 err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE); 805 * @subj_cred: cred of subject 814 bool aa_policy_view_capable(const struct cred *subj_cred, argument 817 struct user_namespace *user_ns = subj_cred->user_ns; 834 bool aa_policy_admin_capable(const struct cred *subj_cred, argument 837 struct user_namespace *user_ns = subj_cred->user_ns; 838 bool capable = policy_ns_capable(subj_cred, label, user_ns, 844 return aa_policy_view_capable(subj_cred, labe 881 aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label, struct aa_ns *ns, u32 mask) argument [all...] |
H A D | task.c | 235 ad->subj_cred = cred;
|
H A D | lsm.c | 1047 ad.subj_cred = current_cred();
|