| /kernel/linux/linux-4.19/security/selinux/include/ |
| D | avc.h | 53 u32 denied; member
70 u32 denied, audited; in avc_audit_required() local
71 denied = requested & ~avd->allowed; in avc_audit_required()
72 if (unlikely(denied)) { in avc_audit_required()
73 audited = denied & avd->auditdeny; in avc_audit_required()
79 * actual permissions that were denied. As an example lets in avc_audit_required()
82 * denied == READ in avc_audit_required()
86 * We will NOT audit the denial even though the denied in avc_audit_required()
93 audited = denied = requested; in avc_audit_required()
96 *deniedp = denied; in avc_audit_required()
[all …]
|
| /kernel/linux/linux-5.10/security/selinux/include/ |
| D | avc.h | 53 u32 denied; member
70 u32 denied, audited; in avc_audit_required() local
71 denied = requested & ~avd->allowed; in avc_audit_required()
72 if (unlikely(denied)) { in avc_audit_required()
73 audited = denied & avd->auditdeny; in avc_audit_required()
79 * actual permissions that were denied. As an example lets in avc_audit_required()
82 * denied == READ in avc_audit_required()
86 * We will NOT audit the denial even though the denied in avc_audit_required()
93 audited = denied = requested; in avc_audit_required()
96 *deniedp = denied; in avc_audit_required()
[all …]
|
| /kernel/linux/linux-5.10/include/trace/events/ |
| D | avc.h | 26 __field(u32, denied)
36 __entry->denied = sad->denied;
44 TP_printk("requested=0x%x denied=0x%x audited=0x%x result=%d scontext=%s tcontext=%s tclass=%s",
45 __entry->requested, __entry->denied, __entry->audited, __entry->result,
|
| /kernel/linux/linux-4.19/Documentation/ioctl/ |
| D | hdio.txt | 159 EACCES Access denied: requires CAP_SYS_ADMIN
197 EACCES Access denied: requires CAP_SYS_ADMIN
297 EACCES Access denied: requires CAP_SYS_ADMIN
385 EACCES Access denied: requires CAP_SYS_ADMIN
465 EACCES Access denied: requires CAP_SYS_ADMIN
485 EACCES Access denied: requires CAP_SYS_RAWIO
510 EACCES Access denied: requires CAP_SYS_ADMIN
765 EACCES Access denied: requires CAP_SYS_RAWIO
826 EACCES Access denied: requires CAP_SYS_RAWIO
859 EACCES Access denied: requires CAP_SYS_ADMIN
[all …]
|
| /kernel/linux/linux-5.10/security/apparmor/ |
| D | lib.c | 272 if (aad(sa)->denied) { in aa_audit_perms_cb()
274 aa_audit_perm_mask(ab, aad(sa)->denied, aa_file_perm_chrs, in aa_audit_perms_cb()
434 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms() local
436 if (likely(!denied)) { in aa_check_perms()
447 if (denied & perms->kill) in aa_check_perms()
449 else if (denied == (denied & perms->complain)) in aa_check_perms()
454 if (denied == (denied & perms->hide)) in aa_check_perms()
457 denied &= ~perms->quiet; in aa_check_perms()
458 if (!sa || !denied) in aa_check_perms()
465 aad(sa)->denied = denied; in aa_check_perms()
|
| D | file.c | 53 if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
55 map_mask_to_chr_mask(aad(sa)->denied)); in file_audit_cb()
121 /* only report permissions that were denied */ in aa_audit_file()
138 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file()
311 * Returns: %0 else error if access denied or other error
507 u32 request, u32 denied, bool in_atomic) in __file_path_perm() argument
519 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
532 if (denied && !error) { in __file_path_perm()
562 u32 request, u32 denied) in __file_sock_perm() argument
570 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| D | ipc.c | 51 if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
53 audit_ptrace_mask(aad(sa)->denied)); in audit_ptrace_cb()
116 * Returns: %0 else error code if permission denied or error
169 if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
171 audit_signal_mask(aad(sa)->denied)); in audit_signal_cb()
|
| /kernel/linux/linux-4.19/security/apparmor/ |
| D | lib.c | 276 if (aad(sa)->denied) { in aa_audit_perms_cb()
278 aa_audit_perm_mask(ab, aad(sa)->denied, aa_file_perm_chrs, in aa_audit_perms_cb()
438 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms() local
440 if (likely(!denied)) { in aa_check_perms()
451 if (denied & perms->kill) in aa_check_perms()
453 else if (denied == (denied & perms->complain)) in aa_check_perms()
458 if (denied == (denied & perms->hide)) in aa_check_perms()
461 denied &= ~perms->quiet; in aa_check_perms()
462 if (!sa || !denied) in aa_check_perms()
469 aad(sa)->denied = denied; in aa_check_perms()
|
| D | file.c | 69 if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
71 audit_file_mask(ab, aad(sa)->denied); in file_audit_cb()
136 /* only report permissions that were denied */ in aa_audit_file()
153 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file()
326 * Returns: %0 else error if access denied or other error
514 u32 request, u32 denied) in __file_path_perm() argument
526 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
537 if (denied && !error) { in __file_path_perm()
567 u32 request, u32 denied) in __file_sock_perm() argument
575 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| D | ipc.c | 57 if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
59 audit_ptrace_mask(ab, aad(sa)->denied); in audit_ptrace_cb()
122 * Returns: %0 else error code if permission denied or error
173 if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
175 audit_signal_mask(ab, aad(sa)->denied); in audit_signal_cb()
|
| D | net.c | 95 if (aad(sa)->denied & NET_PERMS_MASK) { in audit_net_cb()
97 aa_audit_perm_mask(ab, aad(sa)->denied, NULL, 0, in audit_net_cb()
|
| /kernel/linux/linux-4.19/Documentation/ABI/stable/ |
| D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
53 Might return "<denied>" in case of special security settings
102 Might return "<denied>" in case of special security settings
|
| /kernel/linux/linux-4.19/Documentation/cgroup-v1/ |
| D | devices.txt | 16 never receive a device access which is denied by its parent.
70 If a device is denied in group A:
75 group whitelist entries denied devices
87 group whitelist entries denied devices
95 group whitelist entries denied devices
|
| /kernel/linux/linux-5.10/security/selinux/ |
| D | avc.c | 394 u32 denied, audited; in avc_xperms_audit_required() local
396 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
397 if (unlikely(denied)) { in avc_xperms_audit_required()
398 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
404 audited = denied = requested; in avc_xperms_audit_required()
413 *deniedp = denied; in avc_xperms_audit_required()
424 u32 audited, denied; in avc_xperms_audit() local
427 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
431 audited, denied, result, ad); in avc_xperms_audit()
672 audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /kernel/linux/linux-4.19/security/selinux/ |
| D | avc.c | 462 u32 denied, audited; in avc_xperms_audit_required() local
464 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
465 if (unlikely(denied)) { in avc_xperms_audit_required()
466 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
472 audited = denied = requested; in avc_xperms_audit_required()
481 *deniedp = denied; in avc_xperms_audit_required()
492 u32 audited, denied; in avc_xperms_audit() local
495 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
499 audited, denied, result, ad); in avc_xperms_audit()
736 ad->selinux_audit_data->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /kernel/linux/linux-5.10/Documentation/ABI/stable/ |
| D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
56 Might return "<denied>" in case of special security settings
105 Might return "<denied>" in case of special security settings
|
| /kernel/linux/linux-5.10/security/apparmor/include/ |
| D | capability.h | 23 * @denied: caps that are explicitly denied
31 kernel_cap_t denied; member
|
| D | audit.h | 27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
115 u32 denied; member
|
| /kernel/linux/linux-4.19/security/apparmor/include/ |
| D | capability.h | 27 * @denied: caps that are explicitly denied
35 kernel_cap_t denied; member
|
| D | audit.h | 31 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
119 u32 denied; member
|
| /kernel/linux/linux-5.10/Documentation/userspace-api/ioctl/ |
| D | hdio.rst | 185 - EACCES Access denied: requires CAP_SYS_ADMIN
235 - EACCES Access denied: requires CAP_SYS_ADMIN
359 - EACCES Access denied: requires CAP_SYS_ADMIN
487 - EACCES Access denied: requires CAP_SYS_ADMIN
596 - EACCES Access denied: requires CAP_SYS_ADMIN
622 - EACCES Access denied: requires CAP_SYS_RAWIO
658 - EACCES Access denied: requires CAP_SYS_ADMIN
947 - EACCES Access denied: requires CAP_SYS_RAWIO
1016 - EACCES Access denied: requires CAP_SYS_RAWIO
1059 - EACCES Access denied: requires CAP_SYS_ADMIN
[all …]
|
| /kernel/linux/linux-5.10/Documentation/admin-guide/cgroup-v1/ |
| D | devices.rst | 19 never receive a device access which is denied by its parent.
77 If a device is denied in group A::
84 group whitelist entries denied devices
97 group whitelist entries denied devices
107 group whitelist entries denied devices
|
| /kernel/linux/linux-4.19/security/ |
| D | commoncap.c | 115 * information, returning 0 if permission granted, -ve if denied.
134 * Else denied.
137 * granted, -ve if denied.
171 * Else denied.
174 * process, returning 0 if permission is granted, -ve if denied.
914 * permission is granted, -ve if denied.
947 * permission is granted, -ve if denied.
1110 * specified task, returning 0 if permission is granted, -ve if denied.
1123 * task, returning 0 if permission is granted, -ve if denied.
1136 * specified task, returning 0 if permission is granted, -ve if denied.
|
| /kernel/linux/linux-5.10/security/ |
| D | commoncap.c | 109 * information, returning 0 if permission granted, -ve if denied.
128 * Else denied.
131 * granted, -ve if denied.
165 * Else denied.
168 * process, returning 0 if permission is granted, -ve if denied.
927 * permission is granted, -ve if denied.
960 * permission is granted, -ve if denied.
1123 * specified task, returning 0 if permission is granted, -ve if denied.
1136 * task, returning 0 if permission is granted, -ve if denied.
1149 * specified task, returning 0 if permission is granted, -ve if denied.
|
| /kernel/linux/linux-4.19/arch/um/os-Linux/ |
| D | execvp.c | 92 /* Record the we got a `Permission denied' error. If we end in execvp_noalloc()
94 that we did find one but were denied access. */ in execvp_noalloc()
|