Home
last modified time | relevance | path

Searched refs:flags (Results 1 – 25 of 73) sorted by relevance

123

/security/tomoyo/
Dmount.c36 r->param.mount.flags); in tomoyo_audit_mount_log()
53 return tomoyo_compare_number_union(r->param.mount.flags, in tomoyo_check_mount_acl()
54 &acl->flags) && in tomoyo_check_mount_acl()
80 unsigned long flags) in tomoyo_mount_acl() argument
163 r->param.mount.flags = flags; in tomoyo_mount_acl()
192 const char *type, unsigned long flags, in tomoyo_mount_permission() argument
202 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) in tomoyo_mount_permission()
203 flags &= ~MS_MGC_MSK; in tomoyo_mount_permission()
204 if (flags & MS_REMOUNT) { in tomoyo_mount_permission()
206 flags &= ~MS_REMOUNT; in tomoyo_mount_permission()
[all …]
/security/apparmor/
Dmount.c27 static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags) in audit_mnt_flags() argument
29 if (flags & MS_RDONLY) in audit_mnt_flags()
33 if (flags & MS_NOSUID) in audit_mnt_flags()
35 if (flags & MS_NODEV) in audit_mnt_flags()
37 if (flags & MS_NOEXEC) in audit_mnt_flags()
39 if (flags & MS_SYNCHRONOUS) in audit_mnt_flags()
41 if (flags & MS_REMOUNT) in audit_mnt_flags()
43 if (flags & MS_MANDLOCK) in audit_mnt_flags()
45 if (flags & MS_DIRSYNC) in audit_mnt_flags()
47 if (flags & MS_NOATIME) in audit_mnt_flags()
[all …]
Dlabel.c84 orig->flags |= FLAG_STALE; in __aa_proxy_redirect()
262 int aa_vec_unique(struct aa_profile **vec, int n, int flags) in aa_vec_unique() argument
305 if (flags & VEC_FLAG_TERMINATE) in aa_vec_unique()
355 if (label->flags & FLAG_NS_COUNT) in label_free_switch()
367 if (label->flags & FLAG_IN_TREE) in label_free_rcu()
577 if (label->flags & FLAG_IN_TREE) { in __label_remove()
579 label->flags &= ~FLAG_IN_TREE; in __label_remove()
607 AA_BUG(new->flags & FLAG_IN_TREE); in __label_replace()
612 if (old->flags & FLAG_IN_TREE) { in __label_replace()
614 old->flags &= ~FLAG_IN_TREE; in __label_replace()
[all …]
Dpath.c49 int flags, const char *disconnected) in disconnect() argument
53 if (!(flags & PATH_CONNECT_PATH) && in disconnect()
54 !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && in disconnect()
89 int flags, const char *disconnected) in d_namespace_path() argument
94 int isdir = (flags & PATH_IS_DIR) ? 1 : 0; in d_namespace_path()
113 error = disconnect(path, buf, name, flags, in d_namespace_path()
119 if (flags & PATH_CHROOT_REL) { in d_namespace_path()
152 error = disconnect(path, buf, name, flags, disconnected); in d_namespace_path()
161 !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) { in d_namespace_path()
197 int aa_path_name(const struct path *path, int flags, char *buffer, in aa_path_name() argument
[all …]
Dsecid.c48 unsigned long flags; in aa_secid_update() local
50 spin_lock_irqsave(&secid_lock, flags); in aa_secid_update()
52 spin_unlock_irqrestore(&secid_lock, flags); in aa_secid_update()
126 unsigned long flags; in aa_alloc_secid() local
130 spin_lock_irqsave(&secid_lock, flags); in aa_alloc_secid()
132 spin_unlock_irqrestore(&secid_lock, flags); in aa_alloc_secid()
151 unsigned long flags; in aa_free_secid() local
153 spin_lock_irqsave(&secid_lock, flags); in aa_free_secid()
155 spin_unlock_irqrestore(&secid_lock, flags); in aa_free_secid()
Dfile.c167 const struct path *path, int flags, char *buffer, in path_name() argument
174 error = aa_path_name(path, flags, buffer, name, &info, in path_name()
278 u32 request, struct path_cond *cond, int flags, in __aa_path_perm() argument
295 struct path_cond *cond, int flags, in profile_path_perm() argument
305 flags | profile->path_flags, buffer, &name, cond, in profile_path_perm()
309 return __aa_path_perm(op, profile, name, request, cond, flags, in profile_path_perm()
325 const struct path *path, int flags, u32 request, in aa_path_perm() argument
333 flags |= PATH_DELEGATE_DELETED | (S_ISDIR(cond->mode) ? PATH_IS_DIR : in aa_path_perm()
338 cond, flags, &perms)); in aa_path_perm()
519 int flags, error; in __file_path_perm() local
[all …]
Dlsm.c482 unsigned long flags) in common_mmap() argument
495 if ((prot & PROT_WRITE) && !(flags & MAP_PRIVATE)) in common_mmap()
504 unsigned long prot, unsigned long flags) in apparmor_mmap_file() argument
506 return common_mmap(OP_FMMAP, file, prot, flags); in apparmor_mmap_file()
517 const char *type, unsigned long flags, void *data) in apparmor_sb_mount() argument
523 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) in apparmor_sb_mount()
524 flags &= ~MS_MGC_MSK; in apparmor_sb_mount()
526 flags &= ~AA_MS_IGNORE_MASK; in apparmor_sb_mount()
530 if (flags & MS_REMOUNT) in apparmor_sb_mount()
531 error = aa_remount(label, path, flags, data); in apparmor_sb_mount()
[all …]
Dmatch.c144 static int verify_table_headers(struct table_header **tables, int flags) in verify_table_headers() argument
156 if (ACCEPT1_FLAGS(flags)) { in verify_table_headers()
162 if (ACCEPT2_FLAGS(flags)) { in verify_table_headers()
281 struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags) in aa_dfa_unpack() argument
306 dfa->flags = ntohs(*(__be16 *) (data + 12)); in aa_dfa_unpack()
307 if (dfa->flags != 0 && dfa->flags != YYTH_FLAG_DIFF_ENCODE) in aa_dfa_unpack()
320 if (!(table->td_flags & ACCEPT1_FLAGS(flags))) in aa_dfa_unpack()
324 if (!(table->td_flags & ACCEPT2_FLAGS(flags))) in aa_dfa_unpack()
352 error = verify_table_headers(dfa->tables, flags); in aa_dfa_unpack()
356 if (flags & DFA_FLAG_VERIFY_STATES) { in aa_dfa_unpack()
/security/integrity/ima/
Dima_policy.c66 unsigned int flags; member
97 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
98 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
99 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
100 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
101 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
102 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
103 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
104 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
105 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
[all …]
Dima_appraise.c131 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
134 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
137 iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
141 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
145 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
221 if (iint->flags & IMA_DIGSIG_REQUIRED) { in xattr_verify()
326 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; in ima_appraise_measurement()
337 cause = iint->flags & IMA_DIGSIG_REQUIRED ? in ima_appraise_measurement()
341 iint->flags |= IMA_NEW_FILE; in ima_appraise_measurement()
342 if ((iint->flags & IMA_NEW_FILE) && in ima_appraise_measurement()
[all …]
Dima_main.c161 (iint->flags & IMA_NEW_FILE)) { in ima_check_last_writer()
162 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); in ima_check_last_writer()
253 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | in process_measurement()
266 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
274 iint->flags |= action; in process_measurement()
276 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); in process_measurement()
289 iint->flags |= IMA_HASHED; in process_measurement()
315 if (iint->flags & IMA_MODSIG_ALLOWED) { in process_measurement()
319 iint->flags & IMA_MEASURED) in process_measurement()
349 if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) in process_measurement()
[all …]
Dima_api.c188 int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; in ima_get_action() local
190 flags &= ima_policy_flag; in ima_get_action()
192 return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, in ima_get_action()
230 if (iint->flags & IMA_COLLECTED) in ima_collect_measurement()
265 iint->flags |= IMA_COLLECTED; in ima_collect_measurement()
330 iint->flags |= IMA_MEASURED; in ima_store_measurement()
345 if (iint->flags & IMA_AUDITED) in ima_audit_measurement()
368 iint->flags |= IMA_AUDITED; in ima_audit_measurement()
/security/apparmor/include/
Dmount.h29 unsigned long flags, void *data);
32 const char *old_name, unsigned long flags);
36 unsigned long flags);
42 const struct path *path, const char *type, unsigned long flags,
45 int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags);
Dlabel.h58 int aa_vec_unique(struct aa_profile **vec, int n, int flags);
131 long flags; member
144 #define label_isprofile(X) ((X)->flags & FLAG_PROFILE)
145 #define label_unconfined(X) ((X)->flags & FLAG_UNCONFINED)
147 #define label_is_stale(X) ((X)->flags & FLAG_STALE)
148 #define __label_make_stale(X) ((X)->flags |= FLAG_STALE)
311 struct aa_label *label, int flags);
313 int flags, gfp_t gfp);
315 struct aa_label *label, int flags, gfp_t gfp);
317 struct aa_label *label, int flags, gfp_t gfp);
[all …]
Dfile.h191 int flags, struct aa_perms *perms);
193 const struct path *path, int flags, u32 request,
218 int flags = file->f_flags; in aa_map_file_to_perms() local
226 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms()
229 if (flags & O_TRUNC) in aa_map_file_to_perms()
231 if (flags & O_CREAT) in aa_map_file_to_perms()
Ddomain.h36 int aa_change_hat(const char *hats[], int count, u64 token, int flags);
37 int aa_change_profile(const char *fqname, int flags);
/security/selinux/
Dibpkey.c135 unsigned long flags; in sel_ib_pkey_sid_slow() local
137 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
141 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
163 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
207 unsigned long flags; in sel_ib_pkey_flush() local
209 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
218 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
/security/keys/
Dkey.c226 key_perm_t perm, unsigned long flags, in key_alloc() argument
256 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { in key_alloc()
263 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) { in key_alloc()
299 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) in key_alloc()
300 key->flags |= 1 << KEY_FLAG_IN_QUOTA; in key_alloc()
301 if (flags & KEY_ALLOC_BUILT_IN) in key_alloc()
302 key->flags |= 1 << KEY_FLAG_BUILTIN; in key_alloc()
303 if (flags & KEY_ALLOC_UID_KEYRING) in key_alloc()
304 key->flags |= 1 << KEY_FLAG_UID_KEYRING; in key_alloc()
311 ret = security_key_alloc(key, cred, flags); in key_alloc()
[all …]
Dpermission.c87 unsigned long flags = READ_ONCE(key->flags); in key_validate() local
90 if (flags & (1 << KEY_FLAG_INVALIDATED)) in key_validate()
94 if (flags & ((1 << KEY_FLAG_REVOKED) | in key_validate()
Dproc.c155 unsigned long flags; in proc_keys_show() local
169 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | in proc_keys_show()
223 flags = READ_ONCE(key->flags); in proc_keys_show()
227 showflag(flags, 'R', KEY_FLAG_REVOKED), in proc_keys_show()
228 showflag(flags, 'D', KEY_FLAG_DEAD), in proc_keys_show()
229 showflag(flags, 'Q', KEY_FLAG_IN_QUOTA), in proc_keys_show()
230 showflag(flags, 'U', KEY_FLAG_USER_CONSTRUCT), in proc_keys_show()
232 showflag(flags, 'i', KEY_FLAG_INVALIDATED), in proc_keys_show()
Drequest_key.c29 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | in check_cached_key()
198 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || in call_sbin_request_key()
249 !test_bit(KEY_FLAG_INVALIDATED, &authkey->flags)); in construct_key()
288 &authkey->flags)) in construct_get_dest_keyring()
368 unsigned long flags, in construct_alloc_key() argument
394 perm, flags, NULL); in construct_alloc_key()
398 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); in construct_alloc_key()
478 unsigned long flags) in construct_key_and_link() argument
499 ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key); in construct_key_and_link()
565 unsigned long flags) in request_key_and_link() argument
[all …]
Dkeyring.c222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key()
523 unsigned long flags, in keyring_alloc() argument
531 uid, gid, cred, perm, flags, restrict_link); in keyring_alloc()
582 unsigned long kflags = READ_ONCE(key->flags); in keyring_search_iterator()
594 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator()
605 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) in keyring_search_iterator()
619 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && in keyring_search_iterator()
627 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator()
688 BUG_ON((ctx->flags & STATE_CHECKS) == 0 || in search_nested_keyrings()
689 (ctx->flags & STATE_CHECKS) == STATE_CHECKS); in search_nested_keyrings()
[all …]
/security/selinux/ss/
Dsidtab.c240 unsigned long flags; in sidtab_context_to_sid() local
251 spin_lock_irqsave(&s->lock, flags); in sidtab_context_to_sid()
316 spin_unlock_irqrestore(&s->lock, flags); in sidtab_context_to_sid()
385 unsigned long flags; in sidtab_convert() local
389 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
393 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
405 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
416 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
426 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
428 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
[all …]
/security/selinux/include/
Davc.h104 unsigned flags);
132 int flags) in avc_audit() argument
140 a, flags); in avc_audit()
149 unsigned flags,
/security/
Dsecurity.c137 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { in lsm_allowed()
185 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { in prepare_lsm()
230 if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && in ordered_lsm_parse()
858 const char *type, unsigned long flags, void *data) in security_sb_mount() argument
860 return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); in security_sb_mount()
863 int security_sb_umount(struct vfsmount *mnt, int flags) in security_sb_umount() argument
865 return call_int_hook(sb_umount, 0, mnt, flags); in security_sb_umount()
1066 unsigned int flags) in security_path_rename() argument
1072 if (flags & RENAME_EXCHANGE) { in security_path_rename()
1167 unsigned int flags) in security_inode_rename() argument
[all …]

123