| /security/integrity/evm/ |
| D | Kconfig | 9 EVM protects a file's security extended attributes against
35 In addition to the original security xattrs (eg. security.selinux,
36 security.SMACK64, security.capability, and security.ima) included
38 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
39 security.SMACK64MMAP.
|
| /security/selinux/ |
| D | xfrm.c | 70 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
181 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
182 if (x->security) in selinux_xfrm_state_pol_flow_match()
189 if (!x->security) in selinux_xfrm_state_pol_flow_match()
197 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
221 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
236 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
334 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
371 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
383 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
|
| D | hooks.c | 200 cred->security = tsec; in cred_init_security()
210 tsec = cred->security; in cred_sid()
446 const struct task_security_struct *tsec = cred->security; in may_context_mount_sb_relabel()
463 const struct task_security_struct *tsec = cred->security; in may_context_mount_inode_relabel()
2425 new_tsec = bprm->cred->security; in selinux_bprm_set_creds()
2583 new_tsec = bprm->cred->security; in selinux_bprm_committing_creds()
2944 rc = selinux_determine_inode_label(old->security, in selinux_dentry_create_files_as()
2951 tsec = new->security; in selinux_dentry_create_files_as()
3432 tsec = new_creds->security; in selinux_inode_copy_up()
3835 cred->security = tsec; in selinux_cred_alloc_blank()
[all …]
|
| D | Makefile | 17 ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
|
| D | Kconfig | 55 kernel hardening feature for security hooks. Please consider
|
| /security/ |
| D | Kconfig | 7 source security/keys/Kconfig
31 bool "Enable different security models"
35 This allows you to choose different security modules to be
38 If this option is not selected, the default Linux security
61 This enables the socket and networking security hooks.
62 If enabled, a security module can use these hooks to
81 This enables the Infiniband security hooks.
82 If enabled, a security module can use these hooks to
90 This enables the XFRM (IPSec) networking security hooks.
91 If enabled, a security module can use these hooks to
[all …]
|
| D | security.c | 1002 if (unlikely(cred->security == NULL)) in security_cred_free()
1505 int security_tun_dev_alloc_security(void **security) in security_tun_dev_alloc_security() argument
1507 return call_int_hook(tun_dev_alloc_security, 0, security); in security_tun_dev_alloc_security()
1511 void security_tun_dev_free_security(void *security) in security_tun_dev_free_security() argument
1513 call_void_hook(tun_dev_free_security, security); in security_tun_dev_free_security()
1523 int security_tun_dev_attach_queue(void *security) in security_tun_dev_attach_queue() argument
1525 return call_int_hook(tun_dev_attach_queue, 0, security); in security_tun_dev_attach_queue()
1529 int security_tun_dev_attach(struct sock *sk, void *security) in security_tun_dev_attach() argument
1531 return call_int_hook(tun_dev_attach, 0, sk, security); in security_tun_dev_attach()
1535 int security_tun_dev_open(void *security) in security_tun_dev_open() argument
[all …]
|
| D | Makefile | 19 obj-$(CONFIG_SECURITY) += security.o
|
| /security/tomoyo/ |
| D | tomoyo.c | 21 new->security = NULL; in tomoyo_cred_alloc_blank()
37 struct tomoyo_domain_info *domain = old->security; in tomoyo_cred_prepare()
38 new->security = domain; in tomoyo_cred_prepare()
62 struct tomoyo_domain_info *domain = cred->security; in tomoyo_cred_free()
97 bprm->cred->security)->users); in tomoyo_bprm_set_creds()
102 bprm->cred->security = NULL; in tomoyo_bprm_set_creds()
115 struct tomoyo_domain_info *domain = bprm->cred->security; in tomoyo_bprm_check_security()
548 cred->security = &tomoyo_kernel_domain; in tomoyo_init()
|
| D | securityfs_if.c | 75 cred->security; in tomoyo_write_self()
76 cred->security = new_domain; in tomoyo_write_self()
240 if (current_cred()->security != &tomoyo_kernel_domain) in tomoyo_initerface_init()
|
| D | Kconfig | 38 You can read the log via /sys/kernel/security/tomoyo/audit.
|
| D | common.h | 1206 return current_cred()->security; in tomoyo_domain()
1219 return task_cred_xxx(task, security); in tomoyo_real_domain()
|
| D | domain.c | 846 bprm->cred->security = domain; in tomoyo_find_next_domain()
|
| /security/yama/ |
| D | Kconfig | 7 system-wide security settings beyond regular Linux discretionary
9 Like capabilities, this security module stacks with other LSMs.
|
| /security/smack/ |
| D | smack_lsm.c | 227 struct task_smack *tsp = cred->security; in smk_bu_credfile()
431 tsp = __task_cred(tracer)->security; in smk_ptrace_rule_check()
915 struct task_smack *bsp = bprm->cred->security; in smack_bprm_set_creds()
1843 struct smack_known *tkp = smk_of_task(tsk->cred->security); in smack_file_send_sigiotask()
1933 struct task_smack *tsp = cred->security; in smack_file_open()
1967 cred->security = tsp; in smack_cred_alloc_blank()
1980 struct task_smack *tsp = cred->security; in smack_cred_free()
1987 cred->security = NULL; in smack_cred_free()
2010 struct task_smack *old_tsp = old->security; in smack_cred_prepare()
2018 new->security = new_tsp; in smack_cred_prepare()
[all …]
|
| D | Kconfig | 12 of other mandatory security schemes.
40 This enables security marking of network packets using
|
| D | smack.h | 389 skp = smk_of_task(__task_cred(t)->security); in smk_of_task_struct()
|
| /security/integrity/ |
| D | Kconfig | 69 source security/integrity/ima/Kconfig
70 source security/integrity/evm/Kconfig
|
| /security/loadpin/ |
| D | Kconfig | 6 (kernel modules, firmware, kexec images, security policy)
|
| /security/apparmor/include/ |
| D | context.h | 25 #define cred_ctx(X) ((X)->security)
|
| /security/apparmor/ |
| D | Kconfig | 10 This enables the AppArmor security module.
|
| /security/integrity/ima/ |
| D | Kconfig | 150 It requires the system to be labeled with a security extended
152 the security extended attributes from offline attack, enable
|