本文整理汇总了C++中current_cred函数的典型用法代码示例。如果您正苦于以下问题:C++ current_cred函数的具体用法?C++ current_cred怎么用?C++ current_cred使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了current_cred函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: __integrity_init_keyring
static int __integrity_init_keyring(const unsigned int id, key_perm_t perm,
struct key_restriction *restriction)
{
const struct cred *cred = current_cred();
int err = 0;
keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
KGIDT_INIT(0), cred, perm,
KEY_ALLOC_NOT_IN_QUOTA, restriction, NULL);
if (IS_ERR(keyring[id])) {
err = PTR_ERR(keyring[id]);
pr_info("Can't allocate %s keyring (%d)\n",
keyring_name[id], err);
keyring[id] = NULL;
}
return err;
}
开发者ID:AlexShiLucky,项目名称:linux,代码行数:18,代码来源:digsig.c
示例2: module_verify_init
/*
* Load the compiled-in keys
*/
static __init int module_verify_init(void)
{
pr_notice("Initialise module verification\n");
modsign_keyring = key_alloc(&key_type_keyring, ".module_sign",
KUIDT_INIT(0), KGIDT_INIT(0),
current_cred(),
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_NOT_IN_QUOTA);
if (IS_ERR(modsign_keyring))
panic("Can't allocate module signing keyring\n");
if (key_instantiate_and_link(modsign_keyring, NULL, 0, NULL, NULL) < 0)
panic("Can't instantiate module signing keyring\n");
return 0;
}
开发者ID:AllenDou,项目名称:linux,代码行数:21,代码来源:modsign_pubkey.c
示例3: path_get
struct file *vfsub_dentry_open(struct path *path, int flags)
{
struct file *file;
int err;
path_get(path);
file = dentry_open(path->dentry, path->mnt, flags, current_cred());
if (IS_ERR(file))
goto out;
err = ima_file_check(file, au_conv_oflags(flags));
if (unlikely(err)) {
fput(file);
file = ERR_PTR(err);
}
out:
return file;
}
开发者ID:chrmorais,项目名称:miniemc2,代码行数:18,代码来源:vfsub.c
示例4: cap_ptrace_access_check
/**
* cap_ptrace_access_check - Determine whether the current process may access
* another
* @child: The process to be accessed
* @mode: The mode of attachment.
*
* If we are in the same or an ancestor user_ns and have all the target
* task's capabilities, then ptrace access is allowed.
* If we have the ptrace capability to the target user_ns, then ptrace
* access is allowed.
* Else denied.
*
* Determine whether a process may access another, returning 0 if permission
* granted, -ve if denied.
*/
int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
int ret = 0;
const struct cred *cred, *child_cred;
rcu_read_lock();
cred = current_cred();
child_cred = __task_cred(child);
if (cred->user_ns == child_cred->user_ns &&
cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
goto out;
if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
goto out;
ret = -EPERM;
out:
rcu_read_unlock();
return ret;
}
开发者ID:tsj123,项目名称:androidx86_remix,代码行数:33,代码来源:commoncap.c
示例5: push_group_info
static void push_group_info(struct lvfs_run_ctxt *save,
struct group_info *ginfo)
{
if (!ginfo) {
save->ngroups = current_ngroups;
current_ngroups = 0;
} else {
struct cred *cred;
task_lock(current);
save->group_info = current_cred()->group_info;
cred = prepare_creds();
if (cred) {
cred->group_info = ginfo;
commit_creds(cred);
}
task_unlock(current);
}
}
开发者ID:thoemy,项目名称:android_kernel_htc_endeavoru-new,代码行数:18,代码来源:lvfs_linux.c
示例6: fuse_allow_current_process
/*
* Calling into a user-controlled filesystem gives the filesystem
* daemon ptrace-like capabilities over the current process. This
* means, that the filesystem daemon is able to record the exact
* filesystem operations performed, and can also control the behavior
* of the requester process in otherwise impossible ways. For example
* it can delay the operation for arbitrary length of time allowing
* DoS against the requester.
*
* For this reason only those processes can call into the filesystem,
* for which the owner of the mount has ptrace privilege. This
* excludes processes started by other users, suid or sgid processes.
*/
int fuse_allow_current_process(struct fuse_conn *fc)
{
const struct cred *cred;
if (fc->allow_other)
return current_in_userns(fc->user_ns);
cred = current_cred();
if (uid_eq(cred->euid, fc->user_id) &&
uid_eq(cred->suid, fc->user_id) &&
uid_eq(cred->uid, fc->user_id) &&
gid_eq(cred->egid, fc->group_id) &&
gid_eq(cred->sgid, fc->group_id) &&
gid_eq(cred->gid, fc->group_id))
return 1;
return 0;
}
开发者ID:Anjali05,项目名称:linux,代码行数:31,代码来源:dir.c
示例7: cap_ptrace_traceme
/**
* cap_ptrace_traceme - Determine whether another process may trace the current
* @parent: The task proposed to be the tracer
*
* If parent is in the same or an ancestor user_ns and has all current's
* capabilities, then ptrace access is allowed.
* If parent has the ptrace capability to current's user_ns, then ptrace
* access is allowed.
* Else denied.
*
* Determine whether the nominated task is permitted to trace the current
* process, returning 0 if permission is granted, -ve if denied.
*/
int cap_ptrace_traceme(struct task_struct *parent)
{
int ret = 0;
const struct cred *cred, *child_cred;
rcu_read_lock();
cred = __task_cred(parent);
child_cred = current_cred();
if (cred->user_ns == child_cred->user_ns &&
cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
goto out;
if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE))
goto out;
ret = -EPERM;
out:
rcu_read_unlock();
return ret;
}
开发者ID:tsj123,项目名称:androidx86_remix,代码行数:31,代码来源:commoncap.c
示例8: scm_check_creds
static __inline__ int scm_check_creds(struct ucred *creds)
{
const struct cred *cred = current_cred();
kuid_t uid = make_kuid(cred->user_ns, creds->uid);
kgid_t gid = make_kgid(cred->user_ns, creds->gid);
if (!uid_valid(uid) || !gid_valid(gid))
return -EINVAL;
if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) &&
((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) ||
uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) ||
gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) {
return 0;
}
return -EPERM;
}
开发者ID:Forzaferrarileo,项目名称:linux,代码行数:18,代码来源:scm.c
示例9: gr_handle_fifo
int
gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
const struct dentry *dir, const int flag, const int acc_mode)
{
#ifdef CONFIG_GRKERNSEC_FIFO
const struct cred *cred = current_cred();
if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
!(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
(dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
(cred->fsuid != dentry->d_inode->i_uid)) {
if (!generic_permission(dentry->d_inode, acc_mode, NULL))
gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
return -EACCES;
}
#endif
return 0;
}
开发者ID:mikeberkelaar,项目名称:grhardened,代码行数:18,代码来源:grsec_fifo.c
示例10: wrapfs_open
static int wrapfs_open(struct inode *inode, struct file *file)
{
int err = 0;
struct file *lower_file = NULL;
struct path lower_path;
#ifdef DEBUG
TRACK;
#endif
/* don't open unhashed/deleted files */
if (d_unhashed(file->f_path.dentry)) {
err = -ENOENT;
goto out_err;
}
file->private_data =
kzalloc(sizeof(struct wrapfs_file_info), GFP_KERNEL);
if (!WRAPFS_F(file)) {
err = -ENOMEM;
goto out_err;
}
/* open lower object and link wrapfs's file struct to lower's */
wrapfs_get_lower_path(file->f_path.dentry, &lower_path);
lower_file = dentry_open(lower_path.dentry, lower_path.mnt,
file->f_flags, current_cred());
if (IS_ERR(lower_file)) {
err = PTR_ERR(lower_file);
lower_file = wrapfs_lower_file(file);
if (lower_file) {
wrapfs_set_lower_file(file, NULL);
fput(lower_file); /* fput calls dput for lower_dentry */
}
} else {
wrapfs_set_lower_file(file, lower_file);
}
if (err)
kfree(WRAPFS_F(file));
else
fsstack_copy_attr_all(inode, wrapfs_lower_inode(inode));
out_err:
return err;
}
开发者ID:richygerard,项目名称:extension-of-stackable-file-system,代码行数:44,代码来源:file.c
示例11: current_cred
/**
* request_key_and_link - Request a key and cache it in a keyring.
* @type: The type of key we want.
* @description: The searchable description of the key.
* @callout_info: The data to pass to the instantiation upcall (or NULL).
* @callout_len: The length of callout_info.
* @aux: Auxiliary data for the upcall.
* @dest_keyring: Where to cache the key.
* @flags: Flags to key_alloc().
*
* A key matching the specified criteria is searched for in the process's
* keyrings and returned with its usage count incremented if found. Otherwise,
* if callout_info is not NULL, a key will be allocated and some service
* (probably in userspace) will be asked to instantiate it.
*
* If successfully found or created, the key will be linked to the destination
* keyring if one is provided.
*
* Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
* or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
* found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
* if insufficient key quota was available to create a new key; or -ENOMEM if
* insufficient memory was available.
*
* If the returned key was created, then it may still be under construction,
* and wait_for_key_construction() should be used to wait for that to complete.
*/
struct key *request_key_and_link(struct key_type *type,
const char *description,
const void *callout_info,
size_t callout_len,
void *aux,
struct key *dest_keyring,
unsigned long flags)
{
const struct cred *cred = current_cred();
struct key *key;
key_ref_t key_ref;
kenter("%s,%s,%p,%zu,%p,%p,%lx",
type->name, description, callout_info, callout_len, aux,
dest_keyring, flags);
/* search all the process keyrings for a key */
key_ref = search_process_keyrings(type, description, type->match, cred);
if (!IS_ERR(key_ref)) {
key = key_ref_to_ptr(key_ref);
if (dest_keyring) {
construct_get_dest_keyring(&dest_keyring);
key_link(dest_keyring, key);
key_put(dest_keyring);
}
} else if (PTR_ERR(key_ref) != -EAGAIN) {
key = ERR_CAST(key_ref);
} else {
/* the search failed, but the keyrings were searchable, so we
* should consult userspace if we can */
key = ERR_PTR(-ENOKEY);
if (!callout_info)
goto error;
key = construct_key_and_link(type, description, callout_info,
callout_len, aux, dest_keyring,
flags);
}
error:
kleave(" = %p", key);
return key;
}
开发者ID:vps2fast,项目名称:openvz-kernel,代码行数:71,代码来源:request_key.c
示例12: int
/**
* lookup_instantiate_filp - instantiates the open intent filp
* @nd: pointer to nameidata
* @dentry: pointer to dentry
* @open: open callback
*
* Helper for filesystems that want to use lookup open intents and pass back
* a fully instantiated struct file to the caller.
* This function is meant to be called from within a filesystem's
* lookup method.
* Beware of calling it for non-regular files! Those ->open methods might block
* (e.g. in fifo_open), leaving you with parent locked (and in case of fifo,
* leading to a deadlock, as nobody can open that fifo anymore, because
* another process to open fifo will block on locked parent when doing lookup).
* Note that in case of error, nd->intent.open.file is destroyed, but the
* path information remains valid.
* If the open callback is set to NULL, then the standard f_op->open()
* filesystem callback is substituted.
*/
struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
int (*open)(struct inode *, struct file *))
{
const struct cred *cred = current_cred();
if (IS_ERR(nd->intent.open.file))
goto out;
if (IS_ERR(dentry))
goto out_err;
nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
nd->intent.open.file,
open, cred);
out:
return nd->intent.open.file;
out_err:
release_open_intent(nd);
nd->intent.open.file = ERR_CAST(dentry);
goto out;
}
开发者ID:boa19861105,项目名称:Blackout-Monarudo,代码行数:38,代码来源:open.c
示例13: gr_handle_hardlink
int
gr_handle_hardlink(const struct dentry *dentry,
const struct vfsmount *mnt,
const struct filename *to)
{
#ifdef CONFIG_GRKERNSEC_LINK
struct inode *inode = d_backing_inode(dentry);
const struct cred *cred = current_cred();
if (grsec_enable_link && !uid_eq(cred->fsuid, inode->i_uid) &&
(!d_is_reg(dentry) || is_privileged_binary(dentry) ||
(inode_permission(inode, MAY_READ | MAY_WRITE))) &&
!capable(CAP_FOWNER) && gr_is_global_nonroot(cred->uid)) {
gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to->name);
return -EPERM;
}
#endif
return 0;
}
开发者ID:ParrotSec,项目名称:linux-psec,代码行数:19,代码来源:grsec_link.c
示例14: file_inode
static struct file *ovl_open_realfile(const struct file *file,
struct inode *realinode)
{
struct inode *inode = file_inode(file);
struct file *realfile;
const struct cred *old_cred;
int flags = file->f_flags | O_NOATIME | FMODE_NONOTIFY;
old_cred = ovl_override_creds(inode->i_sb);
realfile = open_with_fake_path(&file->f_path, flags, realinode,
current_cred());
revert_creds(old_cred);
pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",
file, file, ovl_whatisit(inode, realinode), file->f_flags,
realfile, IS_ERR(realfile) ? 0 : realfile->f_flags);
return realfile;
}
开发者ID:avagin,项目名称:linux,代码行数:19,代码来源:file.c
示例15: set_task_ioprio
int set_task_ioprio(struct task_struct *task, int ioprio)
{
int err;
struct io_context *ioc;
const struct cred *cred = current_cred(), *tcred;
rcu_read_lock();
tcred = __task_cred(task);
if (tcred->uid != cred->euid &&
tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) {
rcu_read_unlock();
return -EPERM;
}
rcu_read_unlock();
err = security_task_setioprio(task, ioprio);
if (err)
return err;
task_lock(task);
do {
ioc = task->io_context;
/* see wmb() in current_io_context() */
smp_read_barrier_depends();
if (ioc)
break;
ioc = alloc_io_context(GFP_ATOMIC, -1);
if (!ioc) {
err = -ENOMEM;
break;
}
task->io_context = ioc;
} while (1);
if (!err) {
ioc->ioprio = ioprio;
ioc->ioprio_changed = 1;
}
task_unlock(task);
return err;
}
开发者ID:325116067,项目名称:semc-qsd8x50,代码行数:43,代码来源:ioprio.c
示例16: gr_handle_hardlink
int
gr_handle_hardlink(const struct dentry *dentry,
const struct vfsmount *mnt,
struct inode *inode, const int mode, const char *to)
{
#ifdef CONFIG_GRKERNSEC_LINK
const struct cred *cred = current_cred();
if (grsec_enable_link && cred->fsuid != inode->i_uid &&
(!S_ISREG(mode) || (mode & S_ISUID) ||
((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
(inode_permission(inode, MAY_READ | MAY_WRITE))) &&
!capable(CAP_FOWNER) && cred->uid) {
gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
return -EPERM;
}
#endif
return 0;
}
开发者ID:novic,项目名称:AniDroid-Hardened-Kernel,代码行数:19,代码来源:grsec_link.c
示例17: __cgroup1_procs_write
static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of,
char *buf, size_t nbytes, loff_t off,
bool threadgroup)
{
struct cgroup *cgrp;
struct task_struct *task;
const struct cred *cred, *tcred;
ssize_t ret;
cgrp = cgroup_kn_lock_live(of->kn, false);
if (!cgrp)
return -ENODEV;
task = cgroup_procs_write_start(buf, threadgroup);
ret = PTR_ERR_OR_ZERO(task);
if (ret)
goto out_unlock;
/*
* Even if we're attaching all tasks in the thread group, we only
* need to check permissions on one of them.
*/
cred = current_cred();
tcred = get_task_cred(task);
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid))
ret = -EACCES;
put_cred(tcred);
if (ret)
goto out_finish;
ret = cgroup_attach_task(cgrp, task, threadgroup);
out_finish:
cgroup_procs_write_finish(task);
out_unlock:
cgroup_kn_unlock(of->kn);
return ret ?: nbytes;
}
开发者ID:AlexShiLucky,项目名称:linux,代码行数:41,代码来源:cgroup-v1.c
示例18: integrity_init_keyring
int integrity_init_keyring(const unsigned int id)
{
const struct cred *cred = current_cred();
int err = 0;
keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
KGIDT_INIT(0), cred,
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ |
KEY_USR_WRITE | KEY_USR_SEARCH),
KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (!IS_ERR(keyring[id]))
set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
else {
err = PTR_ERR(keyring[id]);
pr_info("Can't allocate %s keyring (%d)\n",
keyring_name[id], err);
keyring[id] = NULL;
}
return err;
}
开发者ID:mikuhatsune001,项目名称:linux2.6.32,代码行数:21,代码来源:digsig.c
示例19: __ptrace_may_access
int __ptrace_may_access(struct task_struct *task, unsigned int mode)
{
const struct cred *cred = current_cred(), *tcred;
/* May we inspect the given task?
* This check is used both for attaching with ptrace
* and for allowing access to sensitive information in /proc.
*
* ptrace_attach denies several cases that /proc allows
* because setting up the necessary parent/child relationship
* or halting the specified task is impossible.
*/
int dumpable = 0;
/* Don't let security modules deny introspection */
if (task == current)
return 0;
rcu_read_lock();
tcred = __task_cred(task);
if (cred->user->user_ns == tcred->user->user_ns &&
(cred->uid == tcred->euid &&
cred->uid == tcred->suid &&
cred->uid == tcred->uid &&
cred->gid == tcred->egid &&
cred->gid == tcred->sgid &&
cred->gid == tcred->gid))
goto ok;
if (ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE))
goto ok;
rcu_read_unlock();
return -EPERM;
ok:
rcu_read_unlock();
smp_rmb();
if (task->mm)
dumpable = get_dumpable(task->mm);
if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
return -EPERM;
return security_ptrace_access_check(task, mode);
}
开发者ID:grzmot22,项目名称:android_kernel_hp_pine,代码行数:40,代码来源:ptrace.c
示例20: compat_sys_get_robust_list
asmlinkage long
compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
compat_size_t __user *len_ptr)
{
struct compat_robust_list_head __user *head;
unsigned long ret;
const struct cred *cred = current_cred(), *pcred;
if (!futex_cmpxchg_enabled)
return -ENOSYS;
if (!pid)
head = current->compat_robust_list;
else {
struct task_struct *p;
ret = -ESRCH;
read_lock(&tasklist_lock);
p = find_task_by_vpid(pid);
if (!p)
goto err_unlock;
ret = -EPERM;
pcred = __task_cred(p);
if (cred->euid != pcred->euid &&
cred->euid != pcred->uid &&
!capable(CAP_SYS_PTRACE))
goto err_unlock;
head = p->compat_robust_list;
read_unlock(&tasklist_lock);
}
if (put_user(sizeof(*head), len_ptr))
return -EFAULT;
return put_user(ptr_to_compat(head), head_ptr);
err_unlock:
read_unlock(&tasklist_lock);
return ret;
}
开发者ID:johnny,项目名称:CobraDroidBeta,代码行数:40,代码来源:futex_compat.c
注:本文中的current_cred函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论