| /security/apparmor/ |
| D | resource.c | 100 (profile->rlimits.mask & (1 << resource) && in aa_task_setrlimit()
114 unsigned int mask = 0; in __aa_transition_rlimits() local
121 if (old->rlimits.mask) { in __aa_transition_rlimits()
122 for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) { in __aa_transition_rlimits()
123 if (old->rlimits.mask & mask) { in __aa_transition_rlimits()
133 if (!new->rlimits.mask) in __aa_transition_rlimits()
135 for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) { in __aa_transition_rlimits()
136 if (!(new->rlimits.mask & mask)) in __aa_transition_rlimits()
|
| D | lsm.c | 162 static int common_perm(int op, struct path *path, u32 mask, in common_perm() argument
170 error = aa_path_perm(op, profile, path, 0, mask, cond); in common_perm()
186 struct dentry *dentry, u32 mask, in common_perm_dir_dentry() argument
191 return common_perm(op, &path, mask, cond); in common_perm_dir_dentry()
204 struct dentry *dentry, u32 mask) in common_perm_mnt_dentry() argument
211 return common_perm(op, &path, mask, &cond); in common_perm_mnt_dentry()
224 struct dentry *dentry, u32 mask) in common_perm_rm() argument
235 return common_perm_dir_dentry(op, dir, dentry, mask, &cond); in common_perm_rm()
249 u32 mask, umode_t mode) in common_perm_create() argument
256 return common_perm_dir_dentry(op, dir, dentry, mask, &cond); in common_perm_create()
[all …]
|
| D | file.c | 30 static void audit_file_mask(struct audit_buffer *ab, u32 mask) in audit_file_mask() argument
36 if (mask & AA_EXEC_MMAP) in audit_file_mask()
38 if (mask & (MAY_READ | AA_MAY_META_READ)) in audit_file_mask()
40 if (mask & (MAY_WRITE | AA_MAY_META_WRITE | AA_MAY_CHMOD | in audit_file_mask()
43 else if (mask & MAY_APPEND) in audit_file_mask()
45 if (mask & AA_MAY_CREATE) in audit_file_mask()
47 if (mask & AA_MAY_DELETE) in audit_file_mask()
49 if (mask & AA_MAY_LINK) in audit_file_mask()
51 if (mask & AA_MAY_LOCK) in audit_file_mask()
53 if (mask & MAY_EXEC) in audit_file_mask()
[all …]
|
| D | policy_unpack.c | 440 profile->rlimits.mask = tmp; in unpack_rlimits()
|
| /security/integrity/ima/ |
| D | ima_policy.c | 40 int mask; member
68 {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,
70 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
72 {.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = 0,
100 struct inode *inode, enum ima_hooks func, int mask) in ima_match_rules() argument
108 if ((rule->flags & IMA_MASK) && rule->mask != mask) in ima_match_rules()
164 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask) in ima_match_policy() argument
171 rc = ima_match_rules(entry, inode, func, mask); in ima_match_policy()
330 if (entry->mask) in ima_parse_rule()
334 entry->mask = MAY_EXEC; in ima_parse_rule()
[all …]
|
| D | ima_main.c | 122 int mask, int function) in process_measurement() argument
131 rc = ima_must_measure(inode, mask, function); in process_measurement()
212 int ima_file_check(struct file *file, int mask) in ima_file_check() argument
218 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), in ima_file_check()
|
| D | ima.h | 101 int ima_must_measure(struct inode *inode, int mask, int function);
119 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);
|
| D | ima_api.c | 111 int ima_must_measure(struct inode *inode, int mask, int function) in ima_must_measure() argument
115 must_measure = ima_match_policy(inode, function, mask); in ima_must_measure()
|
| /security/apparmor/include/ |
| D | file.h | 102 static inline u16 dfa_map_xindex(u16 mask) in dfa_map_xindex() argument
104 u16 old_index = (mask >> 10) & 0xf; in dfa_map_xindex()
107 if (mask & 0x100) in dfa_map_xindex()
109 if (mask & 0x200) in dfa_map_xindex()
111 if (mask & 0x80) in dfa_map_xindex()
|
| D | resource.h | 33 unsigned int mask; member
|
| /security/selinux/ss/ |
| D | avtab.c | 29 static inline int avtab_hash(struct avtab_key *keyp, u16 mask) in avtab_hash() argument
32 (keyp->source_type << 9)) & mask); in avtab_hash()
80 hvalue = avtab_hash(key, h->mask); in avtab_insert()
124 hvalue = avtab_hash(key, h->mask); in avtab_insert_nonunique()
155 hvalue = avtab_hash(key, h->mask); in avtab_search()
190 hvalue = avtab_hash(key, h->mask); in avtab_search_node()
263 h->mask = 0; in avtab_destroy()
275 u16 mask = 0; in avtab_alloc() local
292 mask = nslot - 1; in avtab_alloc()
301 h->mask = mask; in avtab_alloc()
|
| D | policydb.h | 184 u32 mask; member
188 u32 mask[4]; member
|
| D | avtab.h | 89 u16 mask; /* mask to compute hash func */ member
|
| D | services.c | 515 u32 mask = (1 << index); in security_dump_masked_av() local
517 if ((mask & permissions) == 0) in security_dump_masked_av()
2234 static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask) in match_ipv6_addrmask() argument
2239 if (addr[i] != (input[i] & mask[i])) { in match_ipv6_addrmask()
2276 if (c->u.node.addr == (addr & c->u.node.mask)) in security_node_sid()
2290 c->u.node6.mask)) in security_node_sid()
|
| D | policydb.c | 2218 c->u.node.mask = nodebuf[1]; /* network order */ in ocontext_read()
2256 c->u.node6.mask[k] = nodebuf[k+4]; in ocontext_read()
3156 nodebuf[1] = c->u.node.mask; /* network order */ in ocontext_write()
3182 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ in ocontext_write()
|
| /security/ |
| D | device_cgroup.c | 468 int __devcgroup_inode_permission(struct inode *inode, int mask) in __devcgroup_inode_permission() argument
489 if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE)) in __devcgroup_inode_permission()
491 if ((mask & MAY_READ) && !(wh->access & ACC_READ)) in __devcgroup_inode_permission()
|
| D | capability.c | 148 umode_t mask) in cap_inode_create() argument
171 umode_t mask) in cap_inode_mkdir() argument
204 static int cap_inode_permission(struct inode *inode, int mask) in cap_inode_permission() argument
318 static int cap_file_permission(struct file *file, int mask) in cap_file_permission() argument
|
| D | security.c | 543 int security_inode_permission(struct inode *inode, int mask) in security_inode_permission() argument
547 return security_ops->inode_permission(inode, mask); in security_inode_permission()
654 int security_file_permission(struct file *file, int mask) in security_file_permission() argument
658 ret = security_ops->file_permission(file, mask); in security_file_permission()
662 return fsnotify_perm(file, mask); in security_file_permission()
|
| /security/selinux/ |
| D | hooks.c | 1793 static inline u32 file_mask_to_av(int mode, int mask) in file_mask_to_av() argument
1798 if (mask & MAY_EXEC) in file_mask_to_av()
1800 if (mask & MAY_READ) in file_mask_to_av()
1803 if (mask & MAY_APPEND) in file_mask_to_av()
1805 else if (mask & MAY_WRITE) in file_mask_to_av()
1809 if (mask & MAY_EXEC) in file_mask_to_av()
1811 if (mask & MAY_WRITE) in file_mask_to_av()
1813 if (mask & MAY_READ) in file_mask_to_av()
2751 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask) in selinux_inode_mkdir() argument
2786 static int selinux_inode_permission(struct inode *inode, int mask) in selinux_inode_permission() argument
[all …]
|
| /security/smack/ |
| D | smackfs.c | 896 struct in_addr mask; in smk_write_netlbladdr() local
950 mask.s_addr = cpu_to_be32(temp_mask); in smk_write_netlbladdr()
952 newname.sin_addr.s_addr &= mask.s_addr; in smk_write_netlbladdr()
964 skp->smk_mask.s_addr == mask.s_addr) { in smk_write_netlbladdr()
978 skp->smk_mask.s_addr = mask.s_addr; in smk_write_netlbladdr()
|
| D | smack_lsm.c | 734 static int smack_inode_permission(struct inode *inode, int mask) in smack_inode_permission() argument
737 int no_block = mask & MAY_NOT_BLOCK; in smack_inode_permission()
739 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); in smack_inode_permission()
743 if (mask == 0) in smack_inode_permission()
751 return smk_curacc(smk_of_inode(inode), mask, &ad); in smack_inode_permission()
1051 static int smack_file_permission(struct file *file, int mask) in smack_file_permission() argument
|