| /security/apparmor/ |
| D | policy_ns.c | 93 struct aa_ns *ns; in alloc_ns() local
95 ns = kzalloc(sizeof(*ns), GFP_KERNEL); in alloc_ns()
96 AA_DEBUG("%s(%p)\n", __func__, ns); in alloc_ns()
97 if (!ns) in alloc_ns()
99 if (!aa_policy_init(&ns->base, prefix, name, GFP_KERNEL)) in alloc_ns()
102 INIT_LIST_HEAD(&ns->sub_ns); in alloc_ns()
103 INIT_LIST_HEAD(&ns->rawdata_list); in alloc_ns()
104 mutex_init(&ns->lock); in alloc_ns()
105 init_waitqueue_head(&ns->wait); in alloc_ns()
108 ns->unconfined = aa_alloc_profile("unconfined", NULL, GFP_KERNEL); in alloc_ns()
[all …]
|
| D | policy.c | 120 AA_BUG(!profile->ns); in __add_profile()
121 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
126 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
146 AA_BUG(!profile->ns); in __list_remove_profile()
147 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __list_remove_profile()
162 AA_BUG(!profile->ns); in __remove_profile()
163 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __remove_profile()
223 aa_put_ns(profile->ns); in aa_free_profile()
358 static struct aa_policy *__lookup_parent(struct aa_ns *ns, in __lookup_parent() argument
365 policy = &ns->base; in __lookup_parent()
[all …]
|
| D | apparmorfs.c | 416 loff_t *pos, struct aa_ns *ns) in policy_update() argument
427 error = aa_may_manage_policy(label, ns, mask); in policy_update()
434 error = aa_replace_profiles(ns, label, mask, data); in policy_update()
446 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); in profile_load() local
447 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns); in profile_load()
449 aa_put_ns(ns); in profile_load()
463 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); in profile_replace() local
465 buf, size, pos, ns); in profile_replace()
466 aa_put_ns(ns); in profile_replace()
483 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); in profile_remove() local
[all …]
|
| D | label.c | 145 AA_BUG(!a->ns); in profile_cmp()
146 AA_BUG(!b->ns); in profile_cmp()
152 res = ns_cmp(a->ns, b->ns); in profile_cmp()
379 struct aa_ns *ns = labels_ns(label); in aa_label_kref() local
381 if (!ns) { in aa_label_kref()
1238 return aa_ns_visible(profile->ns, labels_ns(label), true); in label_is_visible()
1252 if (profile->ns == tp->ns) in match_component()
1256 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
1288 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
1302 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
[all …]
|
| D | policy_unpack.c | 84 if (aad(sa)->iface.ns) { in audit_cb()
86 audit_log_untrustedstring(ab, aad(sa)->iface.ns); in audit_cb()
115 aad(&sa)->iface.ns = ns_name; in audit_iface()
129 AA_BUG(!data->ns); in __aa_loaddata_update()
131 AA_BUG(!mutex_is_locked(&data->ns->lock)); in __aa_loaddata_update()
157 struct aa_ns *ns = aa_get_ns(d->ns); in do_loaddata_free() local
159 if (ns) { in do_loaddata_free()
160 mutex_lock(&ns->lock); in do_loaddata_free()
162 mutex_unlock(&ns->lock); in do_loaddata_free()
163 aa_put_ns(ns); in do_loaddata_free()
[all …]
|
| D | domain.c | 108 if (profile->ns == tp->ns) in match_component()
112 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
146 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
160 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
208 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_components_match()
224 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_components_match()
352 static struct aa_label *find_attach(struct aa_ns *ns, struct list_head *list, in find_attach() argument
428 struct aa_ns *ns = profile->ns; in x_to_label() local
450 new = find_attach(ns, &profile->base.profiles, in x_to_label()
454 new = find_attach(ns, &ns->base.profiles, in x_to_label()
[all …]
|
| D | procattr.c | 39 struct aa_ns *ns = labels_ns(label); in aa_getprocattr() local
43 if (!aa_ns_visible(current_ns, ns, true)) { in aa_getprocattr()
|
| D | audit.c | 86 if (profile->ns != root_ns) { in audit_pre()
89 profile->ns->base.hname); in audit_pre()
|
| /security/keys/ |
| D | persistent.c | 24 static int key_create_persistent_register(struct user_namespace *ns) in key_create_persistent_register() argument
35 ns->persistent_keyring_register = reg; in key_create_persistent_register()
44 static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid, in key_create_persistent() argument
50 if (!ns->persistent_keyring_register) { in key_create_persistent()
51 long err = key_create_persistent_register(ns); in key_create_persistent()
55 reg_ref = make_key_ref(ns->persistent_keyring_register, true); in key_create_persistent()
66 ns->persistent_keyring_register); in key_create_persistent()
77 static long key_get_persistent(struct user_namespace *ns, kuid_t uid, in key_get_persistent() argument
89 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid)); in key_get_persistent()
91 if (ns->persistent_keyring_register) { in key_get_persistent()
[all …]
|
| /security/selinux/ |
| D | netif.c | 56 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) in sel_netif_hashfn() argument
58 return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1)); in sel_netif_hashfn()
71 static inline struct sel_netif *sel_netif_find(const struct net *ns, in sel_netif_find() argument
74 int idx = sel_netif_hashfn(ns, ifindex); in sel_netif_find()
78 if (net_eq(netif->nsec.ns, ns) && in sel_netif_find()
101 idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex); in sel_netif_insert()
136 static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) in sel_netif_sid_slow() argument
146 dev = dev_get_by_index(ns, ifindex); in sel_netif_sid_slow()
155 netif = sel_netif_find(ns, ifindex); in sel_netif_sid_slow()
169 new->nsec.ns = ns; in sel_netif_sid_slow()
[all …]
|
| /security/apparmor/include/ |
| D | policy_ns.h | 89 void aa_free_ns(struct aa_ns *ns);
101 void __aa_remove_ns(struct aa_ns *ns);
106 mutex_is_locked(&p->ns->lock)); in aa_deref_parent()
116 static inline struct aa_ns *aa_get_ns(struct aa_ns *ns) in aa_get_ns() argument
118 if (ns) in aa_get_ns()
119 aa_get_profile(ns->unconfined); in aa_get_ns()
121 return ns; in aa_get_ns()
130 static inline void aa_put_ns(struct aa_ns *ns) in aa_put_ns() argument
132 if (ns) in aa_put_ns()
133 aa_put_profile(ns->unconfined); in aa_put_ns()
|
| D | policy.h | 136 struct aa_ns *ns; member
167 #define profiles_ns(P) ((P)->ns)
181 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
183 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name);
186 struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name);
291 bool policy_view_capable(struct aa_ns *ns);
292 bool policy_admin_capable(struct aa_ns *ns);
293 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns,
|
| D | apparmorfs.h | 111 void __aa_bump_ns_revision(struct aa_ns *ns);
116 void __aafs_ns_rmdir(struct aa_ns *ns);
117 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
122 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata);
|
| D | label.h | 56 #define vec_ns(VEC, SIZE) (vec_last((VEC), (SIZE))->ns)
213 while ((L)->vec[___i] && (L)->vec[___i]->ns != (NS)) \
280 void __aa_labelset_update_subtree(struct aa_ns *ns);
307 bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp);
316 int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label,
318 int aa_label_acntsxprint(char __counted **strp, struct aa_ns *ns,
320 void aa_label_xaudit(struct audit_buffer *ab, struct aa_ns *ns,
322 void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns,
324 void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
|
| D | context.h | 209 struct aa_ns *ns; in aa_get_current_ns() local
212 ns = aa_get_ns(labels_ns(label)); in aa_get_current_ns()
215 return ns; in aa_get_current_ns()
|
| D | policy_unpack.h | 66 struct aa_ns *ns; member
76 int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
|
| D | perms.h | 114 if (P1->ns == P2->ns) \
|
| /security/tomoyo/ |
| D | common.c | 344 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) in tomoyo_init_policy_namespace() argument
348 INIT_LIST_HEAD(&ns->acl_group[idx]); in tomoyo_init_policy_namespace()
350 INIT_LIST_HEAD(&ns->group_list[idx]); in tomoyo_init_policy_namespace()
352 INIT_LIST_HEAD(&ns->policy_list[idx]); in tomoyo_init_policy_namespace()
353 ns->profile_version = 20110903; in tomoyo_init_policy_namespace()
355 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); in tomoyo_init_policy_namespace()
370 container_of(head->r.ns, in tomoyo_print_namespace()
486 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
492 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
498 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
[all …]
|
| D | domain.c | 182 list = &domain->ns->acl_group[domain->group]; in tomoyo_check_acl()
268 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_write_transition_control()
335 (const struct tomoyo_policy_namespace *ns, in tomoyo_transition_type() argument
343 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_transition_type()
405 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_write_aggregator()
428 struct tomoyo_policy_namespace *ns; in tomoyo_find_namespace() local
429 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_find_namespace()
430 if (strncmp(name, ns->name, len) || in tomoyo_find_namespace()
433 return ns; in tomoyo_find_namespace()
522 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
[all …]
|
| D | gc.c | 515 struct tomoyo_policy_namespace *ns; in tomoyo_collect_entry() local
528 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_collect_entry()
530 tomoyo_collect_member(id, &ns->policy_list[id]); in tomoyo_collect_entry()
532 tomoyo_collect_acl(&ns->acl_group[i]); in tomoyo_collect_entry()
545 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_collect_entry()
547 struct list_head *list = &ns->group_list[i]; in tomoyo_collect_entry()
|
| D | common.h | 683 struct tomoyo_policy_namespace *ns; member
779 struct tomoyo_policy_namespace *ns; member
798 struct list_head *ns; member
818 struct tomoyo_policy_namespace *ns; member
967 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
1028 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
1044 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
1274 return tomoyo_domain()->ns; in tomoyo_current_namespace()
|
| D | memory.c | 108 list = ¶m->ns->group_list[idx]; in tomoyo_get_group()
198 tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; in tomoyo_mm_init()
|
| D | audit.c | 322 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, in tomoyo_get_audit() argument
333 p = tomoyo_profile(ns, profile); in tomoyo_get_audit()
365 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()
|
| /security/ |
| D | commoncap.c | 78 struct user_namespace *ns = targ_ns; in __cap_capable() local
86 if (ns == cred->user_ns) in __cap_capable()
93 if (ns->level <= cred->user_ns->level) in __cap_capable()
100 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in __cap_capable()
107 ns = ns->parent; in __cap_capable()
356 struct user_namespace *ns; in rootid_owns_currentns() local
361 for (ns = current_user_ns(); ; ns = ns->parent) { in rootid_owns_currentns()
362 if (from_kuid(ns, kroot) == 0) in rootid_owns_currentns()
364 if (ns == &init_user_ns) in rootid_owns_currentns()
|
| /security/selinux/include/ |
| D | netif.h | 24 int sel_netif_sid(struct net *ns, int ifindex, u32 *sid);
|