Lines Matching full:check
481 * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
484 * Check whether @mgr is allowed to be the binder context manager.
494 * security_binder_transaction() - Check if a binder transaction is allowed
498 * Check whether @from is allowed to invoke a binder transaction call to @to.
509 * security_binder_transfer_binder() - Check if a binder transfer is allowed
513 * Check whether @from is allowed to transfer a binder reference to @to.
524 * security_binder_transfer_file() - Check if a binder file xfer is allowed
529 * Check whether @from is allowed to transfer @file to @to.
540 * security_ptrace_access_check() - Check if tracing is allowed
544 * Check permission before allowing the current process to trace the @child
545 * process. Security modules may also want to perform a process tracing check
546 * during an execve in the set_security or apply_creds hooks of tracing check
559 * security_ptrace_traceme() - Check if tracing is allowed
562 * Check that the @parent process has sufficient permission to trace the
618 * security_capable() - Check if a process has the necessary capability
622 * @opts: capability check options
624 * Check whether the @tsk process has the @cap capability in the indicated
626 * @opts contains options for the capable check <include/linux/security.h>.
639 * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
645 * Check whether the quotactl syscall is allowed for this @sb.
655 * security_quota_on() - Check if QUOTAON is allowed for a dentry
658 * Check whether QUOTAON is allowed for @dentry.
668 * security_syslog() - Check if accessing the kernel message ring is allowed
671 * Check permission before accessing the kernel message ring or changing
683 * security_settime64() - Check if changing the system time is allowed
687 * Check permission to change the system time, struct timespec64 is defined in
698 * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
702 * Check permissions for allocating a new virtual mapping. If all LSMs return
739 * program. This hook may also optionally check permissions (e.g. for
767 * different file. This hook may also optionally check permissions (e.g. for
786 * It allows a check against the @bprm->cred->security value which was set in
969 * security_sb_mnt_opts_compat() - Check if new mount options are allowed
1003 * security_sb_kern_mount() - Check if a kernel mount is allowed
1030 * security_sb_statfs() - Check if accessing fs stats is allowed
1033 * Check permission before obtaining filesystem statistics for the @mnt
1044 * security_sb_mount() - Check permission for mounting a filesystem
1051 * Check permission before an object specified by @dev_name is mounted on the
1067 * security_sb_umount() - Check permission for unmounting a filesystem
1071 * Check permission before the @mnt file system is unmounted.
1081 * security_sb_pivotroot() - Check permissions for pivoting the rootfs
1085 * Check permission before pivoting the root filesystem.
1146 * security_move_mount() - Check permissions for moving a mount
1150 * Check permission before a mount is moved.
1161 * security_path_notify() - Check if setting a watch is allowed
1166 * Check permissions before setting a watch on events as defined by @mask, on
1376 * security_path_mknod() - Check if creating a special file is allowed
1382 * Check permissions when creating a file. Note that this hook is called even
1411 * security_path_mkdir() - Check if creating a new directory is allowed
1416 * Check permissions to create a new directory in the existing directory.
1430 * security_path_rmdir() - Check if removing a directory is allowed
1434 * Check the permission to remove a directory.
1446 * security_path_unlink() - Check if removing a hard link is allowed
1450 * Check the permission to remove a hard link to a file.
1463 * security_path_symlink() - Check if creating a symbolic link is allowed
1468 * Check the permission to create a symbolic link to a file.
1481 * security_path_link - Check if creating a hard link is allowed
1486 * Check permission before creating a new hard link to a file.
1499 * security_path_rename() - Check if renaming a file is allowed
1506 * Check for permission to rename a file or directory.
1525 * security_path_truncate() - Check if truncating a file is allowed
1528 * Check permission before truncating the file indicated by path. Note that
1542 * security_path_chmod() - Check if changing the file's mode is allowed
1546 * Check for permission to change a mode of the file @path. The new mode is
1560 * security_path_chown() - Check if changing the file's owner/group is allowed
1565 * Check for permission to change owner/group of a file or directory.
1577 * security_path_chroot() - Check if changing the root directory is allowed
1580 * Check for permission to change root directory.
1591 * security_inode_create() - Check if creating a file is allowed
1596 * Check permission to create a regular file.
1625 * security_inode_link() - Check if creating a hard link is allowed
1630 * Check permission before creating a new hard link to a file.
1643 * security_inode_unlink() - Check if removing a hard link is allowed
1647 * Check the permission to remove a hard link to a file.
1659 * security_inode_symlink() - Check if creating a symbolic link is allowed
1664 * Check the permission to create a symbolic link to a file.
1677 * security_inode_mkdir() - Check if creating a new directory is allowed
1682 * Check permissions to create a new directory in the existing directory
1696 * security_inode_rmdir() - Check if removing a directory is allowed
1700 * Check the permission to remove a directory.
1712 * security_inode_mknod() - Check if creating a special file is allowed
1718 * Check permissions when creating a special file (or a socket or a fifo file
1734 * security_inode_rename() - Check if renaming a file is allowed
1741 * Check for permission to rename a file or directory.
1766 * security_inode_readlink() - Check if reading a symbolic link is allowed
1769 * Check the permission to read the symbolic link.
1781 * security_inode_follow_link() - Check if following a symbolic link is allowed
1786 * Check permission to follow a symbolic link when looking up a pathname. If
1800 * security_inode_permission() - Check if accessing an inode is allowed
1804 * Check permission before accessing an inode. This hook is called by the
1821 * security_inode_setattr() - Check if setting file attributes is allowed
1826 * Check permission before setting file attributes. Note that the kernel call
1859 * security_inode_getattr() - Check if getting file attributes is allowed
1862 * Check permission before obtaining file attributes.
1874 * security_inode_setxattr() - Check if setting file xattrs is allowed
1885 * need to perform an additional capability check at the LSM layer.
1887 * Normally we enforce a capability check prior to executing the various LSM
1888 * hook implementations, but if a LSM wants to avoid this capability check,
1890 * xattrs that it wants to avoid the capability check, leaving the LSM fully
1893 * or return a 0 (the default return value), the capability check is still
1895 * check is performed.
1920 * security_inode_set_acl() - Check if setting posix acls is allowed
1926 * Check permission before setting posix acls, the posix acls in @kacl are
1958 * security_inode_get_acl() - Check if reading posix acls is allowed
1963 * Check permission before getting osix acls, the posix acls are identified by
1977 * security_inode_remove_acl() - Check if removing a posix acl is allowed
1982 * Check permission before removing posix acls, the posix acls are identified
2031 * security_inode_getxattr() - Check if xattr access is allowed
2035 * Check permission before obtaining the extended attributes identified by
2048 * security_inode_listxattr() - Check if listing xattrs is allowed
2051 * Check permission before obtaining the list of extended attribute names for
2064 * security_inode_removexattr() - Check if removing an xattr is allowed
2072 * need to perform an additional capability check at the LSM layer.
2074 * Normally we enforce a capability check prior to executing the various LSM
2075 * hook implementations, but if a LSM wants to avoid this capability check,
2077 * xattrs that it wants to avoid the capability check, leaving the LSM fully
2080 * or return a 0 (the default return value), the capability check is still
2082 * check is performed.
2119 * security_inode_file_setattr() - check if setting fsxattr is allowed
2134 * security_inode_file_getattr() - check if retrieving fsxattr is allowed
2149 * security_inode_need_killpriv() - Check if security_inode_killpriv() required
2347 * security_file_permission() - Check file permissions
2351 * Check file permissions before accessing an open file. This hook is called
2422 * security_file_ioctl() - Check if an ioctl is allowed
2427 * Check permission for an ioctl operation on @file. Note that @arg sometimes
2441 * security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2492 * security_mmap_file() - Check if mmap'ing a file is allowed
2497 * Check permissions for a mmap operation. The @file may be NULL, e.g. if
2510 * security_mmap_addr() - Check if mmap'ing an address is allowed
2513 * Check permissions for a mmap operation at @addr.
2523 * security_file_mprotect() - Check if changing memory protections is allowed
2528 * Check permissions before changing memory access permissions.
2539 * security_file_lock() - Check if a file lock is allowed
2543 * Check permission before performing file locking operations. Note the hook
2554 * security_file_fcntl() - Check if fcntl() op is allowed
2559 * Check permission before allowing the file operation specified by @cmd from
2589 * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2594 * Check permission for the file owner @fown to send SIGIO or SIGURG to the
2609 * security_file_receive() - Check if receiving a file via IPC is allowed
2629 * We can check if a file is opened for execution (e.g. execve(2) call), either
2658 * security_file_truncate() - Check if truncating a file is allowed
2661 * Check permission before truncating a file, i.e. using ftruncate. Note that
2849 * security_kernel_module_request() - Check if loading a module is allowed
2994 * security_task_setpgid() - Check if setting the pgid is allowed
2998 * Check permission before setting the process group identifier of the process
3009 * security_task_getpgid() - Check if getting the pgid is allowed
3012 * Check permission before getting the process group identifier of the process
3023 * security_task_getsid() - Check if getting the session id is allowed
3026 * Check permission before getting the session identifier of the process @p.
3065 * security_task_setnice() - Check if setting a task's nice value is allowed
3069 * Check permission before setting the nice value of @p to @nice.
3079 * security_task_setioprio() - Check if setting a task's ioprio is allowed
3083 * Check permission before setting the ioprio value of @p to @ioprio.
3093 * security_task_getioprio() - Check if getting a task's ioprio is allowed
3096 * Check permission before getting the ioprio value of @p.
3106 * security_task_prlimit() - Check if get/setting resources limits is allowed
3111 * Check permission before getting and/or setting the resource limits of
3123 * security_task_setrlimit() - Check if setting a new rlimit value is allowed
3128 * Check permission before setting the resource limits of process @p for
3141 * security_task_setscheduler() - Check if setting sched policy/param is allowed
3144 * Check permission before setting scheduling policy and/or parameters of
3155 * security_task_getscheduler() - Check if getting scheduling info is allowed
3158 * Check permission before obtaining scheduling information for process @p.
3168 * security_task_movememory() - Check if moving memory is allowed
3171 * Check permission before moving memory owned by process @p.
3181 * security_task_kill() - Check if sending a signal is allowed
3187 * Check permission before sending signal @sig to @p. @info can be NULL, the
3202 * security_task_prctl() - Check if a prctl op is allowed
3209 * Check permission before performing a process control operation on the
3247 * security_create_user_ns() - Check if creating a new userns is allowed
3250 * Check permission prior to creating a new user namespace.
3260 * security_ipc_permission() - Check if sysv ipc access is allowed
3264 * Check permissions for access to IPC.
3356 * security_msg_queue_associate() - Check if a msg queue operation is allowed
3360 * Check permission when a message queue is requested through the msgget system
3372 * security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3376 * Check permission when a message control operation specified by @cmd is to be
3387 * security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3392 * Check permission before a message, @msg, is enqueued on the message queue
3404 * security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3411 * Check permission before a message, @msg, is removed from the message queue.
3459 * security_shm_associate() - Check if a sysv shm operation is allowed
3463 * Check permission when a shared memory region is requested through the shmget
3476 * security_shm_shmctl() - Check if a sysv shm operation is allowed
3480 * Check permission when a shared memory control operation specified by @cmd is
3491 * security_shm_shmat() - Check if a sysv shm attach operation is allowed
3496 * Check permissions prior to allowing the shmat system call to attach the
3543 * security_sem_associate() - Check if a sysv semaphore operation is allowed
3547 * Check permission when a semaphore is requested through the semget system
3559 * security_sem_semctl() - Check if a sysv semaphore operation is allowed
3563 * Check permission when a semaphore operation specified by @cmd is to be
3574 * security_sem_semop() - Check if a sysv semaphore operation is allowed
3580 * Check permissions before performing operations on members of the semaphore
3803 * security_ismaclabel() - Check if the named attribute is a MAC label
3806 * Check if the extended attribute specified by @name represents a MAC label.
3823 * does mean that the length could change between calls to check the length and
3842 * length could change between calls to check the length and the
3971 * security_post_notification() - Check if a watch notification can be posted
3976 * Check to see if a watch notification can be posted to a particular queue.
3990 * security_watch_key() - Check if a task is allowed to watch for key events
3993 * Check to see if a process is allowed to watch for event notifications from
4006 * security_netlink_send() - Save info and check if netlink sending is allowed
4024 * security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4029 * Check permissions before establishing a Unix domain stream connection
4052 * security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4056 * Check permissions before connecting or sending datagrams from @sock to
4078 * security_socket_create() - Check if creating a new socket is allowed
4084 * Check permissions prior to creating a new socket.
4119 * security_socket_socketpair() - Check if creating a socketpair is allowed
4123 * Check permissions before creating a fresh pair of sockets.
4135 * security_socket_bind() - Check if a socket bind operation is allowed
4140 * Check permission before socket protocol layer bind operation is performed
4153 * security_socket_connect() - Check if a socket connect operation is allowed
4158 * Check permission before socket protocol layer connect operation attempts to
4170 * security_socket_listen() - Check if a socket is allowed to listen
4174 * Check permission before socket protocol layer listen operation.
4184 * security_socket_accept() - Check if a socket is allowed to accept connections
4188 * Check permission before accepting a new connection. Note that the new
4200 * security_socket_sendmsg() - Check if sending a message is allowed
4205 * Check permission before transmitting a message to another socket.
4215 * security_socket_recvmsg() - Check if receiving a message is allowed
4221 * Check permission before receiving a message from a socket.
4232 * security_socket_getsockname() - Check if reading the socket addr is allowed
4235 * Check permission before reading the local address (name) of the socket
4246 * security_socket_getpeername() - Check if reading the peer's addr is allowed
4249 * Check permission before the remote address (name) of a socket object.
4259 * security_socket_getsockopt() - Check if reading a socket option is allowed
4264 * Check permissions before retrieving the options associated with socket
4275 * security_socket_setsockopt() - Check if setting a socket option is allowed
4280 * Check permissions before setting the options associated with socket @sock.
4305 * security_sock_rcv_skb() - Check if an incoming network packet is allowed
4309 * Check permissions on incoming network packets. This hook is distinct from
4514 * security_secmark_relabel_packet() - Check if setting a secmark is allowed
4517 * Check if the process should be allowed to relabel packets to @secid.
4588 * security_tun_dev_create() - Check if creating a TUN device is allowed
4590 * Check permissions prior to creating a new TUN device.
4601 * security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4604 * Check permissions prior to attaching to a TUN device queue.
4737 * security_ib_pkey_access() - Check if access to an IB pkey is allowed
4742 * Check permission to access a pkey when modifying a QP.
4753 * security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
4758 * Check permissions to send and receive SMPs on a end port.
4856 * security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
4905 * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
4930 * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
4934 * Check permission when a flow selects a xfrm_policy for processing XFRMs on a
4947 * security_xfrm_state_pol_flow_match() - Check for a xfrm match
4949 * @xp: xfrm policy to check for a match
4950 * @flic: flow to check for a match.
4952 * Check @xp and @flic for a match with @x.
5041 * security_key_permission() - Check if a kernel key operation is allowed
5116 * security_audit_rule_known() - Check if an audit rule contains LSM fields
5142 * security_audit_rule_match() - Check if a label matches an audit rule
5163 * security_bpf() - Check if the bpf syscall operation is allowed
5169 * Do a initial check for all bpf syscalls after the attribute is copied into
5171 * check the specific cmd they need.
5181 * security_bpf_map() - Check if access to a bpf map is allowed
5185 * Do a check when the kernel generates and returns a file descriptor for eBPF
5196 * security_bpf_prog() - Check if access to a bpf program is allowed
5199 * Do a check when the kernel generates and returns a file descriptor for eBPF
5210 * security_bpf_map_create() - Check if BPF map creation is allowed
5216 * Do a check when the kernel creates a new BPF map. This is also the
5237 * security_bpf_prog_load() - Check if loading of BPF program is allowed
5243 * Perform an access control check when the kernel loads a BPF program and
5265 * security_bpf_token_create() - Check if creating of BPF token is allowed
5270 * Do a check when the kernel instantiates a new BPF token object from BPF FS
5291 * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5296 * Do a check when the kernel decides whether provided BPF token should allow
5307 * security_bpf_token_capable() - Check if BPF token is allowed to delegate
5312 * Do a check when the kernel decides whether provided BPF token should allow
5363 * security_locked_down() - Check if a kernel feature is allowed
5458 * security_perf_event_open() - Check if a perf event open is allowed
5461 * Check whether the @type of perf_event_open syscall is allowed.
5508 * security_perf_event_read() - Check if reading a perf event label is allowed
5521 * security_perf_event_write() - Check if writing a perf event label is allowed
5536 * security_uring_override_creds() - Check if overriding creds is allowed
5539 * Check if the current task, executing an io_uring operation, is allowed to
5550 * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5552 * Check whether the current task is allowed to spawn a io_uring polling thread
5563 * security_uring_cmd() - Check if a io_uring passthrough command is allowed
5566 * Check whether the file_operations uring_cmd is allowed to run.
5576 * security_uring_allowed() - Check if io_uring_setup() is allowed
5578 * Check whether the current task is allowed to call io_uring_setup().