xref: /linux/security/apparmor/lsm.c

150 	struct aa_label *label;  in apparmor_capget()  local
155 	label = aa_get_newest_cred_label(cred);  in apparmor_capget()
161 	if (!unconfined(label)) {  in apparmor_capget()
165 		label_for_each_confined(i, label, profile) {  in apparmor_capget()
175 	aa_put_label(label);  in apparmor_capget()
183 	struct aa_label *label;  in apparmor_capable()  local
186 	label = aa_get_newest_cred_label(cred);  in apparmor_capable()
187 	if (!unconfined(label))  in apparmor_capable()
188 		error = aa_capable(label, cap, opts);  in apparmor_capable()
189 	aa_put_label(label);  in apparmor_capable()
206 	struct aa_label *label;  in common_perm()  local
209 	label = __begin_current_label_crit_section();  in common_perm()
210 	if (!unconfined(label))  in common_perm()
211 		error = aa_path_perm(op, label, path, 0, mask, cond);  in common_perm()
212 	__end_current_label_crit_section(label);  in common_perm()
342 	struct aa_label *label;  in apparmor_path_link()  local
348 	label = begin_current_label_crit_section();  in apparmor_path_link()
349 	if (!unconfined(label))  in apparmor_path_link()
350 		error = aa_path_link(label, old_dentry, new_dir, new_dentry);  in apparmor_path_link()
351 	end_current_label_crit_section(label);  in apparmor_path_link()
359 	struct aa_label *label;  in apparmor_path_rename()  local
365 	label = begin_current_label_crit_section();  in apparmor_path_rename()
366 	if (!unconfined(label)) {  in apparmor_path_rename()
377 		error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,  in apparmor_path_rename()
382 			error = aa_path_perm(OP_RENAME_DEST, label, &new_path,  in apparmor_path_rename()
387 	end_current_label_crit_section(label);  in apparmor_path_rename()
410 	struct aa_label *label;  in apparmor_file_open()  local
426 	label = aa_get_newest_cred_label(file->f_cred);  in apparmor_file_open()
427 	if (!unconfined(label)) {  in apparmor_file_open()
435 		error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,  in apparmor_file_open()
440 	aa_put_label(label);  in apparmor_file_open()
448 	struct aa_label *label = begin_current_label_crit_section();  in apparmor_file_alloc_security()  local
451 	rcu_assign_pointer(ctx->label, aa_get_label(label));  in apparmor_file_alloc_security()
452 	end_current_label_crit_section(label);  in apparmor_file_alloc_security()
461 		aa_put_label(rcu_access_pointer(ctx->label));  in apparmor_file_free_security()
467 	struct aa_label *label;  in common_file_perm()  local
474 	label = __begin_current_label_crit_section();  in common_file_perm()
475 	error = aa_file_perm(op, label, file, mask, in_atomic);  in common_file_perm()
476 	__end_current_label_crit_section(label);  in common_file_perm()
541 	struct aa_label *label;  in apparmor_sb_mount()  local
550 	label = __begin_current_label_crit_section();  in apparmor_sb_mount()
551 	if (!unconfined(label)) {  in apparmor_sb_mount()
553 			error = aa_remount(label, path, flags, data);  in apparmor_sb_mount()
555 			error = aa_bind_mount(label, path, dev_name, flags);  in apparmor_sb_mount()
558 			error = aa_mount_change_type(label, path, flags);  in apparmor_sb_mount()
560 			error = aa_move_mount(label, path, dev_name);  in apparmor_sb_mount()
562 			error = aa_new_mount(label, dev_name, path, type,  in apparmor_sb_mount()
565 	__end_current_label_crit_section(label);  in apparmor_sb_mount()
572 	struct aa_label *label;  in apparmor_sb_umount()  local
575 	label = __begin_current_label_crit_section();  in apparmor_sb_umount()
576 	if (!unconfined(label))  in apparmor_sb_umount()
577 		error = aa_umount(label, mnt, flags);  in apparmor_sb_umount()
578 	__end_current_label_crit_section(label);  in apparmor_sb_umount()
586 	struct aa_label *label;  in apparmor_sb_pivotroot()  local
589 	label = aa_get_current_label();  in apparmor_sb_pivotroot()
590 	if (!unconfined(label))  in apparmor_sb_pivotroot()
591 		error = aa_pivotroot(label, old_path, new_path);  in apparmor_sb_pivotroot()
592 	aa_put_label(label);  in apparmor_sb_pivotroot()
604 	struct aa_label *label = NULL;  in apparmor_getprocattr()  local
607 		label = aa_get_newest_label(cred_label(cred));  in apparmor_getprocattr()
609 		label = aa_get_newest_label(ctx->previous);  in apparmor_getprocattr()
611 		label = aa_get_newest_label(ctx->onexec);  in apparmor_getprocattr()
615 	if (label)  in apparmor_getprocattr()
616 		error = aa_getprocattr(label, value);  in apparmor_getprocattr()
618 	aa_put_label(label);  in apparmor_getprocattr()
689 	aad(&sa)->label = begin_current_label_crit_section();  in apparmor_setprocattr()
693 	end_current_label_crit_section(aad(&sa)->label);  in apparmor_setprocattr()
703 	struct aa_label *label = aa_current_raw_label();  in apparmor_bprm_committing_creds()  local
707 	if ((new_label->proxy == label->proxy) ||  in apparmor_bprm_committing_creds()
716 	__aa_transition_rlimits(label, new_label);  in apparmor_bprm_committing_creds()
733 	struct aa_label *label = aa_get_task_label(p);  in apparmor_task_getsecid()  local
734 	*secid = label->secid;  in apparmor_task_getsecid()
735 	aa_put_label(label);  in apparmor_task_getsecid()
741 	struct aa_label *label = __begin_current_label_crit_section();  in apparmor_task_setrlimit()  local
744 	if (!unconfined(label))  in apparmor_task_setrlimit()
745 		error = aa_task_setrlimit(label, task, resource, new_rlim);  in apparmor_task_setrlimit()
746 	__end_current_label_crit_section(label);  in apparmor_task_setrlimit()
802 	aa_put_label(ctx->label);  in apparmor_sk_free_security()
816 	if (new->label)  in apparmor_sk_clone_security()
817 		aa_put_label(new->label);  in apparmor_sk_clone_security()
818 	new->label = aa_get_label(ctx->label);  in apparmor_sk_clone_security()
830 	struct aa_label *label;  in apparmor_socket_create()  local
835 	label = begin_current_label_crit_section();  in apparmor_socket_create()
836 	if (!(kern || unconfined(label)))  in apparmor_socket_create()
838 				  create_perm(label, family, type, protocol),  in apparmor_socket_create()
839 				  aa_af_perm(label, OP_CREATE, AA_MAY_CREATE,  in apparmor_socket_create()
841 	end_current_label_crit_section(label);  in apparmor_socket_create()
859 	struct aa_label *label;  in apparmor_socket_post_create()  local
864 		label = aa_get_label(ns_unconfined(ns));  in apparmor_socket_post_create()
867 		label = aa_get_current_label();  in apparmor_socket_post_create()
872 		aa_put_label(ctx->label);  in apparmor_socket_post_create()
873 		ctx->label = aa_get_label(label);  in apparmor_socket_post_create()
875 	aa_put_label(label);  in apparmor_socket_post_create()
1060 	return apparmor_secmark_check(ctx->label, OP_RECVMSG, AA_MAY_RECEIVE,  in apparmor_socket_sock_rcv_skb()
1088 	struct aa_label *label;  in apparmor_socket_getpeersec_stream()  local
1091 	label = begin_current_label_crit_section();  in apparmor_socket_getpeersec_stream()
1097 	slen = aa_label_asxprint(&name, labels_ns(label), peer,  in apparmor_socket_getpeersec_stream()
1118 	end_current_label_crit_section(label);  in apparmor_socket_getpeersec_stream()
1154 	if (!ctx->label)  in apparmor_sock_graft()
1155 		ctx->label = aa_get_current_label();  in apparmor_sock_graft()
1167 	return apparmor_secmark_check(ctx->label, OP_CONNECT, AA_MAY_CONNECT,  in apparmor_inet_conn_request()
1768 	if (!apparmor_secmark_check(ctx->label, OP_SENDMSG, AA_MAY_SEND,  in apparmor_ip_postroute()

Last Index update Fri Sep 05 17:56:23 CST 2025