Searched refs:allow (Results 1 – 16 of 16) sorted by relevance
/security/apparmor/ |
D | lib.c | 28 struct aa_perms allperms = { .allow = ALL_PERMS_MASK, 327 perms->allow = dfa_user_allow(dfa, state); in aa_compute_perms() 334 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms() 348 accum->allow &= addend->allow & ~addend->deny; in aa_perms_accum_raw() 349 accum->audit |= addend->audit & addend->allow; in aa_perms_accum_raw() 350 accum->quiet &= addend->quiet & ~addend->allow; in aa_perms_accum_raw() 351 accum->kill |= addend->kill & ~addend->allow; in aa_perms_accum_raw() 352 accum->stop |= addend->stop & ~addend->allow; in aa_perms_accum_raw() 353 accum->complain |= addend->complain & ~addend->allow & ~addend->deny; in aa_perms_accum_raw() 354 accum->cond |= addend->cond & ~addend->allow & ~addend->deny; in aa_perms_accum_raw() [all …]
|
D | file.c | 135 aad(&sa)->request = aad(&sa)->request & ~perms->allow; in aa_audit_file() 151 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file() 243 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms() 248 perms.allow = map_old_perms(dfa_other_allow(dfa, state)); in aa_compute_fperms() 253 perms.allow |= AA_MAY_GETATTR; in aa_compute_fperms() 257 perms.allow |= AA_MAY_CHANGE_PROFILE; in aa_compute_fperms() 259 perms.allow |= AA_MAY_ONEXEC; in aa_compute_fperms() 294 if (request & ~perms->allow) in __aa_path_perm() 401 if (!(lperms.allow & AA_MAY_LINK)) in profile_path_link() 415 if (!(perms.allow & AA_MAY_LINK)) { in profile_path_link() [all …]
|
D | mount.c | 156 request = request & ~perms->allow; in audit_mount() 222 perms.allow = dfa_user_allow(dfa, state); in compute_mnt_perms() 274 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt() 278 if (data && !binary && (perms->allow & AA_MNT_CONT_MATCH)) { in do_match_mnt() 287 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt() 580 if (AA_MAY_UMOUNT & ~perms.allow) in profile_umount() 649 if (AA_MAY_PIVOTROOT & perms.allow) in build_pivotroot()
|
D | domain.c | 169 if ((perms->allow & request) != request) in label_compound_match() 234 if ((perms->allow & request) != request) in label_components_match() 295 perms->allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC; in change_profile_perms() 530 if (perms.allow & MAY_EXEC) { in profile_transition() 540 perms.allow &= ~MAY_EXEC; in profile_transition() 575 perms.allow &= ~MAY_EXEC; in profile_transition() 639 if (!(perms.allow & AA_MAY_ONEXEC)) { in profile_onexec() 651 perms.allow &= ~AA_MAY_ONEXEC; in profile_onexec() 666 perms.allow &= ~AA_MAY_ONEXEC; in profile_onexec() 1268 perms.allow = 0; in aa_change_profile()
|
D | capability.c | 123 if (cap_raised(profile->caps.allow, cap) && in profile_capable()
|
D | lsm.c | 158 profile->caps.allow); in apparmor_capget() 160 profile->caps.allow); in apparmor_capget() 406 fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP; in apparmor_file_open() 418 fctx->allow = aa_map_file_to_perms(file); in apparmor_file_open()
|
D | policy_unpack.c | 680 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile() 692 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
|
D | label.c | 1311 if ((perms->allow & request) != request) in label_compound_match() 1374 if ((perms->allow & request) != request) in label_components_match()
|
D | apparmorfs.c | 804 perms.allow, perms.deny, perms.audit, perms.quiet); in query_label()
|
/security/apparmor/include/ |
D | capability.h | 33 kernel_cap_t allow; member
|
D | file.h | 45 u32 allow; member 110 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
|
D | perms.h | 71 u32 allow; member
|
/security/integrity/ |
D | Kconfig | 27 Different keyrings improves search performance, but also allow
|
/security/selinux/ss/ |
D | services.c | 1026 goto allow; in security_compute_xperms_decision() 1045 goto allow; in security_compute_xperms_decision() 1079 allow: in security_compute_xperms_decision() 1108 goto allow; in security_compute_av() 1131 goto allow; in security_compute_av() 1139 allow: in security_compute_av() 1154 goto allow; in security_compute_av_user() 1176 goto allow; in security_compute_av_user() 1184 allow: in security_compute_av_user()
|
/security/tomoyo/ |
D | Kconfig | 50 immediately after loading the fixed part of policy which will allow
|
/security/selinux/ |
D | Kconfig | 19 command line. The purpose of this option is to allow a single
|