| /security/tomoyo/ |
| D | file.c | 165 static int tomoyo_audit_path_log(struct tomoyo_request_info *r) in tomoyo_audit_path_log() argument
167 return tomoyo_supervisor(r, "file %s %s\n", tomoyo_path_keyword in tomoyo_audit_path_log()
168 [r->param.path.operation], in tomoyo_audit_path_log()
169 r->param.path.filename->name); in tomoyo_audit_path_log()
179 static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) in tomoyo_audit_path2_log() argument
181 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords in tomoyo_audit_path2_log()
182 [tomoyo_pp2mac[r->param.path2.operation]], in tomoyo_audit_path2_log()
183 r->param.path2.filename1->name, in tomoyo_audit_path2_log()
184 r->param.path2.filename2->name); in tomoyo_audit_path2_log()
194 static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) in tomoyo_audit_mkdev_log() argument
[all …]
|
| D | mount.c | 28 static int tomoyo_audit_mount_log(struct tomoyo_request_info *r) in tomoyo_audit_mount_log() argument
30 return tomoyo_supervisor(r, "file mount %s %s %s 0x%lX\n", in tomoyo_audit_mount_log()
31 r->param.mount.dev->name, in tomoyo_audit_mount_log()
32 r->param.mount.dir->name, in tomoyo_audit_mount_log()
33 r->param.mount.type->name, in tomoyo_audit_mount_log()
34 r->param.mount.flags); in tomoyo_audit_mount_log()
45 static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, in tomoyo_check_mount_acl() argument
50 return tomoyo_compare_number_union(r->param.mount.flags, in tomoyo_check_mount_acl()
52 tomoyo_compare_name_union(r->param.mount.type, in tomoyo_check_mount_acl()
54 tomoyo_compare_name_union(r->param.mount.dir, in tomoyo_check_mount_acl()
[all …]
|
| D | common.c | 213 while (head->r.w_pos) { in tomoyo_flush()
214 const char *w = head->r.w[0]; in tomoyo_flush()
227 head->r.w[0] = w; in tomoyo_flush()
238 head->r.w_pos--; in tomoyo_flush()
239 for (len = 0; len < head->r.w_pos; len++) in tomoyo_flush()
240 head->r.w[len] = head->r.w[len + 1]; in tomoyo_flush()
242 head->r.avail = 0; in tomoyo_flush()
258 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { in tomoyo_set_string()
259 head->r.w[head->r.w_pos++] = string; in tomoyo_set_string()
279 size_t pos = head->r.avail; in tomoyo_io_printf()
[all …]
|
| D | network.c | 362 static int tomoyo_audit_net_log(struct tomoyo_request_info *r, in tomoyo_audit_net_log() argument
366 return tomoyo_supervisor(r, "network %s %s %s %s\n", family, in tomoyo_audit_net_log()
378 static int tomoyo_audit_inet_log(struct tomoyo_request_info *r) in tomoyo_audit_inet_log() argument
382 const __be32 *address = r->param.inet_network.address; in tomoyo_audit_inet_log()
384 if (r->param.inet_network.is_ipv6) in tomoyo_audit_inet_log()
391 r->param.inet_network.port); in tomoyo_audit_inet_log()
392 return tomoyo_audit_net_log(r, "inet", r->param.inet_network.protocol, in tomoyo_audit_inet_log()
393 r->param.inet_network.operation, buf); in tomoyo_audit_inet_log()
403 static int tomoyo_audit_unix_log(struct tomoyo_request_info *r) in tomoyo_audit_unix_log() argument
405 return tomoyo_audit_net_log(r, "unix", r->param.unix_network.protocol, in tomoyo_audit_unix_log()
[all …]
|
| D | audit.c | 147 static char *tomoyo_print_header(struct tomoyo_request_info *r) in tomoyo_print_header() argument
151 struct tomoyo_obj_info *obj = r->obj; in tomoyo_print_header()
168 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, in tomoyo_print_header()
169 tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, in tomoyo_print_header()
243 char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, in tomoyo_init_log() argument
252 const char *domainname = r->domain->domainname->name; in tomoyo_init_log()
253 header = tomoyo_print_header(r); in tomoyo_init_log()
258 if (r->ee) { in tomoyo_init_log()
259 struct file *file = r->ee->bprm->file; in tomoyo_init_log()
261 bprm_info = tomoyo_print_bprm(r->ee->bprm, &r->ee->dump); in tomoyo_init_log()
[all …]
|
| D | environ.c | 17 static bool tomoyo_check_env_acl(struct tomoyo_request_info *r, in tomoyo_check_env_acl() argument
23 return tomoyo_path_matches_pattern(r->param.environ.name, acl->env); in tomoyo_check_env_acl()
33 static int tomoyo_audit_env_log(struct tomoyo_request_info *r) in tomoyo_audit_env_log() argument
35 return tomoyo_supervisor(r, "misc env %s\n", in tomoyo_audit_env_log()
36 r->param.environ.name->name); in tomoyo_audit_env_log()
49 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env) in tomoyo_env_perm() argument
58 r->param_type = TOMOYO_TYPE_ENV_ACL; in tomoyo_env_perm()
59 r->param.environ.name = &environ; in tomoyo_env_perm()
61 tomoyo_check_acl(r, tomoyo_check_env_acl); in tomoyo_env_perm()
62 error = tomoyo_audit_env_log(r); in tomoyo_env_perm()
|
| D | domain.c | 156 void tomoyo_check_acl(struct tomoyo_request_info *r, in tomoyo_check_acl() argument
160 const struct tomoyo_domain_info *domain = r->domain; in tomoyo_check_acl()
167 if (ptr->is_deleted || ptr->type != r->param_type) in tomoyo_check_acl()
169 if (!check_entry(r, ptr)) in tomoyo_check_acl()
171 if (!tomoyo_condition(r, ptr->cond)) in tomoyo_check_acl()
173 r->matched_acl = ptr; in tomoyo_check_acl()
174 r->granted = true; in tomoyo_check_acl()
182 r->granted = false; in tomoyo_check_acl()
568 struct tomoyo_request_info r; in tomoyo_assign_domain() local
569 tomoyo_init_request_info(&r, entry, in tomoyo_assign_domain()
[all …]
|
| D | securityfs_if.c | 18 static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, in tomoyo_check_task_acl() argument
23 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); in tomoyo_check_task_acl()
57 struct tomoyo_request_info r; in tomoyo_write_self() local
61 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); in tomoyo_write_self()
62 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; in tomoyo_write_self()
63 r.param.task.domainname = &name; in tomoyo_write_self()
64 tomoyo_check_acl(&r, tomoyo_check_task_acl); in tomoyo_write_self()
65 if (!r.granted) in tomoyo_write_self()
|
| D | util.c | 98 bool r; in tomoyo_convert_time() local
111 r = (y & 3) == 0; in tomoyo_convert_time()
112 for (m = 0; m < 11 && time >= tomoyo_eom[r][m]; m++) in tomoyo_convert_time()
115 time -= tomoyo_eom[r][m - 1]; in tomoyo_convert_time()
999 int tomoyo_init_request_info(struct tomoyo_request_info *r, in tomoyo_init_request_info() argument
1003 memset(r, 0, sizeof(*r)); in tomoyo_init_request_info()
1006 r->domain = domain; in tomoyo_init_request_info()
1008 r->profile = profile; in tomoyo_init_request_info()
1009 r->type = index; in tomoyo_init_request_info()
1010 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
[all …]
|
| D | common.h | 618 struct tomoyo_request_info r; member
815 } r; member
920 bool tomoyo_condition(struct tomoyo_request_info *r,
926 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
945 char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
962 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
963 int tomoyo_execute_permission(struct tomoyo_request_info *r,
968 int tomoyo_init_request_info(struct tomoyo_request_info *r,
992 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1035 void tomoyo_check_acl(struct tomoyo_request_info *r,
[all …]
|
| D | condition.c | 744 bool tomoyo_condition(struct tomoyo_request_info *r, in tomoyo_condition() argument
765 obj = r->obj; in tomoyo_condition()
766 if (r->ee) in tomoyo_condition()
767 bprm = r->ee->bprm; in tomoyo_condition()
801 ee = r->ee; in tomoyo_condition()
1091 if (r->ee && (argc || envc)) in tomoyo_condition()
1092 return tomoyo_scan_bprm(r->ee, argc, argv, envc, envp); in tomoyo_condition()
|
| D | gc.c | 49 if (head->r.domain == element || head->r.group == element || in tomoyo_struct_used_by_io_buffer()
50 head->r.acl == element || &head->w.domain->list == element) in tomoyo_struct_used_by_io_buffer()
83 const char *w = head->r.w[i]; in tomoyo_name_used_by_io_buffer()
|
| /security/selinux/ss/ |
| D | mls.c | 188 int mls_range_isvalid(struct policydb *p, struct mls_range *r) in mls_range_isvalid() argument
190 return (mls_level_isvalid(p, &r->level[0]) && in mls_range_isvalid()
191 mls_level_isvalid(p, &r->level[1]) && in mls_range_isvalid()
192 mls_level_dom(&r->level[1], &r->level[0])); in mls_range_isvalid()
519 struct mls_range *r; in mls_compute_sid() local
532 r = hashtab_search(policydb.range_tr, &rtr); in mls_compute_sid()
533 if (r) in mls_compute_sid()
534 return mls_range_set(newcontext, r); in mls_compute_sid()
|
| D | policydb.c | 989 static int mls_read_range_helper(struct mls_range *r, void *fp) in mls_read_range_helper() argument
1012 r->level[0].sens = le32_to_cpu(buf[0]); in mls_read_range_helper()
1014 r->level[1].sens = le32_to_cpu(buf[1]); in mls_read_range_helper()
1016 r->level[1].sens = r->level[0].sens; in mls_read_range_helper()
1018 rc = ebitmap_read(&r->level[0].cat, fp); in mls_read_range_helper()
1024 rc = ebitmap_read(&r->level[1].cat, fp); in mls_read_range_helper()
1030 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); in mls_read_range_helper()
1039 ebitmap_destroy(&r->level[0].cat); in mls_read_range_helper()
1869 struct mls_range *r = NULL; in range_read() local
1909 r = kzalloc(sizeof(*r), GFP_KERNEL); in range_read()
[all …]
|
| D | mls.h | 30 int mls_range_isvalid(struct policydb *p, struct mls_range *r);
|
| /security/keys/ |
| D | proc.c | 289 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) in key_user_first() argument
291 struct rb_node *n = rb_first(r); in key_user_first()
|
| /security/selinux/ |
| D | selinuxfs.c | 795 char *r, *w; in sel_write_create() local
798 r = w = namebuf; in sel_write_create()
800 c1 = *r++; in sel_write_create()
804 c1 = hex_to_bin(*r++); in sel_write_create()
807 c2 = hex_to_bin(*r++); in sel_write_create()
|