Home
last modified time | relevance | path

Searched refs:from (Results 1 – 18 of 18) sorted by relevance

/security/integrity/ima/
Dima_policy.c886 char *from; in ima_parse_rule() local
968 ima_log_string(ab, "func", args[0].from); in ima_parse_rule()
973 if (strcmp(args[0].from, "FILE_CHECK") == 0) in ima_parse_rule()
976 else if (strcmp(args[0].from, "PATH_CHECK") == 0) in ima_parse_rule()
978 else if (strcmp(args[0].from, "MODULE_CHECK") == 0) in ima_parse_rule()
980 else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0) in ima_parse_rule()
982 else if ((strcmp(args[0].from, "FILE_MMAP") == 0) in ima_parse_rule()
983 || (strcmp(args[0].from, "MMAP_CHECK") == 0)) in ima_parse_rule()
985 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) in ima_parse_rule()
987 else if (strcmp(args[0].from, "CREDS_CHECK") == 0) in ima_parse_rule()
[all …]
DKconfig154 the security extended attributes from offline attack, enable
182 to be signed. Unsigned files might prevent the system from
183 booting or applications from working properly.
234 (eg. fix, log) from the boot command line.
298 loading from the kernel onto the '.ima' trusted keyring.
/security/tomoyo/policy/
Dexception_policy.conf.default1 initialize_domain /sbin/modprobe from any
2 initialize_domain /sbin/hotplug from any
/security/keys/
Dcompat.c30 struct iov_iter from; in compat_keyctl_instantiate_key_iov() local
38 &from); in compat_keyctl_instantiate_key_iov()
42 ret = keyctl_instantiate_key_common(id, &from, ringid); in compat_keyctl_instantiate_key_iov()
Dtrusted.c774 opt->pcrinfo_len = strlen(args[0].from) / 2; in getoptions()
777 res = hex2bin(opt->pcrinfo, args[0].from, in getoptions()
783 res = kstrtoul(args[0].from, 16, &handle); in getoptions()
790 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) in getoptions()
792 res = hex2bin(opt->keyauth, args[0].from, in getoptions()
798 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) in getoptions()
800 res = hex2bin(opt->blobauth, args[0].from, in getoptions()
806 if (*args[0].from == '0') in getoptions()
812 res = kstrtoul(args[0].from, 10, &lock); in getoptions()
821 if (!strcmp(args[0].from, hash_algo_name[i])) { in getoptions()
[all …]
Dkeyctl.c1097 struct iov_iter *from, in keyctl_instantiate_key_common() argument
1103 size_t plen = from ? iov_iter_count(from) : 0; in keyctl_instantiate_key_common()
1110 from = NULL; in keyctl_instantiate_key_common()
1130 if (from) { in keyctl_instantiate_key_common()
1137 if (!copy_from_iter_full(payload, plen, from)) in keyctl_instantiate_key_common()
1183 struct iov_iter from; in keyctl_instantiate_key() local
1187 &iov, &from); in keyctl_instantiate_key()
1191 return keyctl_instantiate_key_common(id, &from, ringid); in keyctl_instantiate_key()
1212 struct iov_iter from; in keyctl_instantiate_key_iov() local
1219 ARRAY_SIZE(iovstack), &iov, &from); in keyctl_instantiate_key_iov()
[all …]
Dkeyctl_pkey.c53 q = args[0].from; in keyctl_pkey_params_parse()
/security/safesetid/
DKconfig9 restrict UID/GID transitions from a given UID/GID to only those
11 the given UIDs/GIDs from obtaining auxiliary privileges associated
/security/integrity/evm/
DKconfig65 This option enables X509 certificate loading from the kernel
67 verify EVM integrity starting from the 'init' process.
/security/integrity/
DKconfig31 usually only added from initramfs.
61 the kernel automatically populates during initialization from values
/security/
DKconfig.hardening15 This plugin was originally ported from grsecurity/PaX. More
114 bool "Poison kernel stack before returning from syscalls"
119 returning from system calls. This has the effect of leaving
134 This plugin was ported from grsecurity/PaX. More information at:
DKconfig84 derived from IPSec policy. Non-IPSec communications are
130 int "Low address space for LSM to protect from user allocation"
136 from userspace allocation. Keeping a user from writing to low pages
159 copying memory to/from the kernel (via copy_to_user() and
Dsecurity.c111 static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) in append_ordered_lsm() argument
117 if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) in append_ordered_lsm()
125 init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, in append_ordered_lsm()
678 int security_binder_transaction(struct task_struct *from, in security_binder_transaction() argument
681 return call_int_hook(binder_transaction, 0, from, to); in security_binder_transaction()
684 int security_binder_transfer_binder(struct task_struct *from, in security_binder_transfer_binder() argument
687 return call_int_hook(binder_transfer_binder, 0, from, to); in security_binder_transfer_binder()
690 int security_binder_transfer_file(struct task_struct *from, in security_binder_transfer_file() argument
693 return call_int_hook(binder_transfer_file, 0, from, to, file); in security_binder_transfer_file()
/security/loadpin/
DKconfig9 enabled, any files that come from other filesystems will be
/security/selinux/
DKconfig36 support runtime disabling of SELinux, e.g. from /sbin/init, for
83 The checkreqprot flag may be changed from the default via the
Dhooks.c2059 static int selinux_binder_transaction(struct task_struct *from, in selinux_binder_transaction() argument
2063 u32 fromsid = task_sid(from); in selinux_binder_transaction()
2080 static int selinux_binder_transfer_binder(struct task_struct *from, in selinux_binder_transfer_binder() argument
2083 u32 fromsid = task_sid(from); in selinux_binder_transfer_binder()
2091 static int selinux_binder_transfer_file(struct task_struct *from, in selinux_binder_transfer_file() argument
2628 char *from = options; in selinux_sb_eat_lsm_opts() local
2634 int len = opt_len(from); in selinux_sb_eat_lsm_opts()
2638 token = match_opt_prefix(from, len, &arg); in selinux_sb_eat_lsm_opts()
2645 for (p = q = arg; p < from + len; p++) { in selinux_sb_eat_lsm_opts()
2663 from--; in selinux_sb_eat_lsm_opts()
[all …]
/security/smack/
Dsmack_lsm.c724 char *from = options, *to = options; in smack_sb_eat_lsm_opts() local
728 char *next = strchr(from, ','); in smack_sb_eat_lsm_opts()
733 len = next - from; in smack_sb_eat_lsm_opts()
735 len = strlen(from); in smack_sb_eat_lsm_opts()
737 token = match_opt_prefix(from, len, &arg); in smack_sb_eat_lsm_opts()
739 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); in smack_sb_eat_lsm_opts()
750 from--; in smack_sb_eat_lsm_opts()
753 if (to != from) in smack_sb_eat_lsm_opts()
754 memmove(to, from, len); in smack_sb_eat_lsm_opts()
758 if (!from[len]) in smack_sb_eat_lsm_opts()
[all …]
/security/tomoyo/
DKconfig55 enforcing mode from the beginning, you can reduce the possibility of