Home
last modified time | relevance | path

Searched refs:allow (Results 1 – 16 of 16) sorted by relevance

/security/apparmor/
Dlib.c28 struct aa_perms allperms = { .allow = ALL_PERMS_MASK,
327 perms->allow = dfa_user_allow(dfa, state); in aa_compute_perms()
334 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms()
348 accum->allow &= addend->allow & ~addend->deny; in aa_perms_accum_raw()
349 accum->audit |= addend->audit & addend->allow; in aa_perms_accum_raw()
350 accum->quiet &= addend->quiet & ~addend->allow; in aa_perms_accum_raw()
351 accum->kill |= addend->kill & ~addend->allow; in aa_perms_accum_raw()
352 accum->stop |= addend->stop & ~addend->allow; in aa_perms_accum_raw()
353 accum->complain |= addend->complain & ~addend->allow & ~addend->deny; in aa_perms_accum_raw()
354 accum->cond |= addend->cond & ~addend->allow & ~addend->deny; in aa_perms_accum_raw()
[all …]
Dfile.c135 aad(&sa)->request = aad(&sa)->request & ~perms->allow; in aa_audit_file()
151 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file()
243 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms()
248 perms.allow = map_old_perms(dfa_other_allow(dfa, state)); in aa_compute_fperms()
253 perms.allow |= AA_MAY_GETATTR; in aa_compute_fperms()
257 perms.allow |= AA_MAY_CHANGE_PROFILE; in aa_compute_fperms()
259 perms.allow |= AA_MAY_ONEXEC; in aa_compute_fperms()
294 if (request & ~perms->allow) in __aa_path_perm()
401 if (!(lperms.allow & AA_MAY_LINK)) in profile_path_link()
415 if (!(perms.allow & AA_MAY_LINK)) { in profile_path_link()
[all …]
Dmount.c156 request = request & ~perms->allow; in audit_mount()
222 perms.allow = dfa_user_allow(dfa, state); in compute_mnt_perms()
274 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt()
278 if (data && !binary && (perms->allow & AA_MNT_CONT_MATCH)) { in do_match_mnt()
287 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt()
580 if (AA_MAY_UMOUNT & ~perms.allow) in profile_umount()
649 if (AA_MAY_PIVOTROOT & perms.allow) in build_pivotroot()
Ddomain.c169 if ((perms->allow & request) != request) in label_compound_match()
234 if ((perms->allow & request) != request) in label_components_match()
295 perms->allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC; in change_profile_perms()
530 if (perms.allow & MAY_EXEC) { in profile_transition()
540 perms.allow &= ~MAY_EXEC; in profile_transition()
575 perms.allow &= ~MAY_EXEC; in profile_transition()
639 if (!(perms.allow & AA_MAY_ONEXEC)) { in profile_onexec()
651 perms.allow &= ~AA_MAY_ONEXEC; in profile_onexec()
666 perms.allow &= ~AA_MAY_ONEXEC; in profile_onexec()
1268 perms.allow = 0; in aa_change_profile()
Dcapability.c123 if (cap_raised(profile->caps.allow, cap) && in profile_capable()
Dlsm.c158 profile->caps.allow); in apparmor_capget()
160 profile->caps.allow); in apparmor_capget()
406 fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP; in apparmor_file_open()
418 fctx->allow = aa_map_file_to_perms(file); in apparmor_file_open()
Dpolicy_unpack.c680 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
692 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
Dlabel.c1311 if ((perms->allow & request) != request) in label_compound_match()
1374 if ((perms->allow & request) != request) in label_components_match()
Dapparmorfs.c804 perms.allow, perms.deny, perms.audit, perms.quiet); in query_label()
/security/apparmor/include/
Dcapability.h33 kernel_cap_t allow; member
Dfile.h45 u32 allow; member
110 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
Dperms.h71 u32 allow; member
/security/integrity/
DKconfig27 Different keyrings improves search performance, but also allow
/security/selinux/ss/
Dservices.c1026 goto allow; in security_compute_xperms_decision()
1045 goto allow; in security_compute_xperms_decision()
1079 allow: in security_compute_xperms_decision()
1108 goto allow; in security_compute_av()
1131 goto allow; in security_compute_av()
1139 allow: in security_compute_av()
1154 goto allow; in security_compute_av_user()
1176 goto allow; in security_compute_av_user()
1184 allow: in security_compute_av_user()
/security/tomoyo/
DKconfig50 immediately after loading the fixed part of policy which will allow
/security/selinux/
DKconfig19 command line. The purpose of this option is to allow a single