|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/export.h>#include <linux/cred.h>#include <linux/slab.h>#include <linux/sched.h>#include <linux/key.h>#include <linux/keyctl.h>#include <linux/init_task.h>#include <linux/security.h>#include <linux/binfmts.h>#include <linux/cn_proc.h>Go to the source code of this file.
Macros | |
| #define | kdebug(FMT,...) no_printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__) |
Variables | |
| struct cred | init_cred |
| #define kdebug | ( | FMT, | |
| ... | |||
| ) | no_printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__) |
commit_creds - Install new credentials upon the current task : The credentials to be assigned
Install a new set of credentials to the current task, using RCU to replace the old set. Both the objective and the subjective credentials pointers are updated. This function may not be called if the subjective credentials are in an overridden state.
This function eats the caller's reference to the new credentials.
Always returns 0 thus allowing this function to be tail-called at the end of, say, sys_setgid().
| int copy_creds | ( | struct task_struct * | p, |
| unsigned long | clone_flags | ||
| ) |
| void exit_creds | ( | struct task_struct * | tsk | ) |
| EXPORT_SYMBOL | ( | __put_cred | ) |
| EXPORT_SYMBOL | ( | prepare_creds | ) |
| EXPORT_SYMBOL | ( | commit_creds | ) |
| EXPORT_SYMBOL | ( | abort_creds | ) |
| EXPORT_SYMBOL | ( | override_creds | ) |
| EXPORT_SYMBOL | ( | revert_creds | ) |
| EXPORT_SYMBOL | ( | prepare_kernel_cred | ) |
| EXPORT_SYMBOL | ( | set_security_override | ) |
| EXPORT_SYMBOL | ( | set_security_override_from_ctx | ) |
| EXPORT_SYMBOL | ( | set_create_files_as | ) |
|
read |
get_task_cred - Get another task's objective credentials : The task to query
Get the objective credentials of a task, pinning them so that they can't go away. Accessing a task's credentials directly is not permitted.
The caller must also make sure task doesn't get deleted, either by holding a ref on task or by holding tasklist_lock to prevent it from being unlinked.
prepare_creds - Prepare a new set of credentials for modification
Prepare a new set of task credentials for modification. A task's creds shouldn't generally be modified directly, therefore this function is used to prepare a new copy, which the caller then modifies and then commits by calling commit_creds().
Preparation involves making a copy of the objective creds for modification.
Returns a pointer to the new creds-to-be if successful, NULL otherwise.
Call commit_creds() or abort_creds() to clean up.
|
read |
prepare_kernel_cred - Prepare a set of credentials for a kernel service : A userspace daemon to be used as a reference
Prepare a set of credentials for a kernel service. This can then be used to override a task's own credentials so that work can be done on behalf of that task that requires a different subjective context.
is used to provide a base for the security record, but can be NULL. If is supplied, then the security data will be derived from that; otherwise they'll be set to 0 and no groups, full capabilities and no keys.
The caller may change these controls afterwards if desired.
Returns the new credentials or NULL if out of memory.
Does not take, and does not return holding current->cred_replace_mutex.
set_create_files_as - Set the LSM file create context in a set of credentials : The credentials to alter : The inode to take the context from
Change the LSM file creation context in a set of credentials to be the same as the object context of the specified inode, so that the new inodes have the same MAC context as that inode.
set_security_override_from_ctx - Set the security ID in a set of credentials : The credentials to alter : The LSM security context to generate the security ID from.
Set the LSM security ID in a set of credentials so that the subjective security is overridden when an alternative set of credentials is used. The security ID is specified in string form as a security context to be interpreted by the LSM.
1.8.2