| /security/apparmor/ |
| D | policy.c | 278 struct aa_namespace *ns; in alloc_namespace() local
280 ns = kzalloc(sizeof(*ns), GFP_KERNEL); in alloc_namespace()
281 AA_DEBUG("%s(%p)\n", __func__, ns); in alloc_namespace()
282 if (!ns) in alloc_namespace()
284 if (!policy_init(&ns->base, prefix, name)) in alloc_namespace()
287 INIT_LIST_HEAD(&ns->sub_ns); in alloc_namespace()
288 rwlock_init(&ns->lock); in alloc_namespace()
291 ns->unconfined = aa_alloc_profile("unconfined"); in alloc_namespace()
292 if (!ns->unconfined) in alloc_namespace()
295 ns->unconfined->sid = aa_alloc_sid(); in alloc_namespace()
[all …]
|
| D | domain.c | 102 struct aa_namespace *ns, in change_profile_perms() argument
116 } else if ((ns == profile->ns)) { in change_profile_perms()
124 state = aa_dfa_match(profile->file.dfa, start, ns->base.name); in change_profile_perms()
179 static struct aa_profile *find_attach(struct aa_namespace *ns, in find_attach() argument
184 read_lock(&ns->lock); in find_attach()
186 read_unlock(&ns->lock); in find_attach()
248 struct aa_namespace *ns = profile->ns; in x_table_lookup() local
276 new_ns = aa_find_namespace(ns, ns_name); in x_table_lookup()
288 new_profile = aa_lookup_profile(new_ns ? new_ns : ns, xname); in x_table_lookup()
310 struct aa_namespace *ns = profile->ns; in x_to_profile() local
[all …]
|
| D | procattr.c | 42 struct aa_namespace *ns = profile->ns; in aa_getprocattr() local
43 struct aa_namespace *current_ns = __aa_current_profile()->ns; in aa_getprocattr()
46 if (!aa_ns_visible(current_ns, ns)) in aa_getprocattr()
49 ns_name = aa_ns_name(current_ns, ns); in aa_getprocattr()
|
| D | audit.c | 140 if (profile->ns != root_ns) { in audit_pre()
142 audit_log_untrustedstring(ab, profile->ns->base.hname); in audit_pre()
|
| D | context.c | 91 if (unconfined(profile) || (cxt->profile->ns != profile->ns)) { in aa_replace_current_profile()
|
| D | policy_unpack.c | 627 static int verify_header(struct aa_ext *e, const char **ns) in verify_header() argument
644 if (!unpack_str(e, ns, "namespace")) in verify_header()
645 *ns = NULL; in verify_header()
704 struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns) in aa_unpack() argument
714 error = verify_header(&e, ns); in aa_unpack()
|
| D | lsm.c | 139 static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, in apparmor_capable() argument
144 int error = cap_capable(cred, ns, cap, audit); in apparmor_capable()
|
| /security/selinux/ |
| D | netif.c | 56 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) in sel_netif_hashfn() argument
58 return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1)); in sel_netif_hashfn()
71 static inline struct sel_netif *sel_netif_find(const struct net *ns, in sel_netif_find() argument
74 int idx = sel_netif_hashfn(ns, ifindex); in sel_netif_find()
78 if (net_eq(netif->nsec.ns, ns) && in sel_netif_find()
101 idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex); in sel_netif_insert()
136 static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) in sel_netif_sid_slow() argument
146 dev = dev_get_by_index(ns, ifindex); in sel_netif_sid_slow()
155 netif = sel_netif_find(ns, ifindex); in sel_netif_sid_slow()
169 new->nsec.ns = ns; in sel_netif_sid_slow()
[all …]
|
| D | hooks.c | 1998 static int selinux_capable(const struct cred *cred, struct user_namespace *ns, in selinux_capable() argument
2003 rc = cap_capable(cred, ns, cap, audit); in selinux_capable()
4275 static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex, in selinux_inet_sys_rcv_skb() argument
4283 err = sel_netif_sid(ns, ifindex, &if_sid); in selinux_inet_sys_rcv_skb()
|
| /security/apparmor/include/ |
| D | policy.h | 181 struct aa_namespace *ns; member
229 static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns) in aa_get_namespace() argument
231 if (ns) in aa_get_namespace()
232 kref_get(&(ns->base.count)); in aa_get_namespace()
234 return ns; in aa_get_namespace()
243 static inline void aa_put_namespace(struct aa_namespace *ns) in aa_put_namespace() argument
245 if (ns) in aa_put_namespace()
246 kref_put(&ns->base.count, aa_free_namespace_kref); in aa_put_namespace()
253 struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *name);
254 struct aa_profile *aa_match_profile(struct aa_namespace *ns, const char *name);
|
| D | policy_unpack.h | 18 struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns);
|
| /security/tomoyo/ |
| D | common.c | 343 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) in tomoyo_init_policy_namespace() argument
347 INIT_LIST_HEAD(&ns->acl_group[idx]); in tomoyo_init_policy_namespace()
349 INIT_LIST_HEAD(&ns->group_list[idx]); in tomoyo_init_policy_namespace()
351 INIT_LIST_HEAD(&ns->policy_list[idx]); in tomoyo_init_policy_namespace()
352 ns->profile_version = 20110903; in tomoyo_init_policy_namespace()
354 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); in tomoyo_init_policy_namespace()
369 container_of(head->r.ns, in tomoyo_print_namespace()
485 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
491 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
497 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
[all …]
|
| D | domain.c | 179 list = &domain->ns->acl_group[domain->group]; in tomoyo_check_acl()
265 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_write_transition_control()
332 (const struct tomoyo_policy_namespace *ns, in tomoyo_transition_type() argument
340 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_transition_type()
402 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_write_aggregator()
425 struct tomoyo_policy_namespace *ns; in tomoyo_find_namespace() local
426 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_find_namespace()
427 if (strncmp(name, ns->name, len) || in tomoyo_find_namespace()
430 return ns; in tomoyo_find_namespace()
519 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
[all …]
|
| D | gc.c | 514 struct tomoyo_policy_namespace *ns; in tomoyo_collect_entry() local
527 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_collect_entry()
529 tomoyo_collect_member(id, &ns->policy_list[id]); in tomoyo_collect_entry()
531 tomoyo_collect_acl(&ns->acl_group[i]); in tomoyo_collect_entry()
544 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_collect_entry()
546 struct list_head *list = &ns->group_list[i]; in tomoyo_collect_entry()
|
| D | common.h | 682 struct tomoyo_policy_namespace *ns; member
778 struct tomoyo_policy_namespace *ns; member
797 struct list_head *ns; member
817 struct tomoyo_policy_namespace *ns; member
966 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
1027 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
1043 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
1273 return tomoyo_domain()->ns; in tomoyo_current_namespace()
|
| D | memory.c | 107 list = ¶m->ns->group_list[idx]; in tomoyo_get_group()
197 tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; in tomoyo_mm_init()
|
| D | audit.c | 323 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, in tomoyo_get_audit() argument
334 p = tomoyo_profile(ns, profile); in tomoyo_get_audit()
366 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()
|
| D | util.c | 972 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument
980 p = tomoyo_profile(ns, profile); in tomoyo_get_mode()
1010 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1073 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
|
| D | file.c | 564 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
596 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
|
| /security/ |
| D | commoncap.c | 83 struct user_namespace *ns = targ_ns; in cap_capable() local
98 if (ns == cred->user_ns) in cap_capable()
102 if (ns == &init_user_ns) in cap_capable()
109 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
116 ns = ns->parent; in cap_capable()
|
| D | security.c | 196 int security_capable(const struct cred *cred, struct user_namespace *ns, in security_capable() argument
199 return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); in security_capable()
202 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, in security_capable_noaudit() argument
205 return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); in security_capable_noaudit()
|
| /security/selinux/include/ |
| D | netif.h | 24 int sel_netif_sid(struct net *ns, int ifindex, u32 *sid);
|
| D | objsec.h | 82 struct net *ns; /* network namespace */ member
|