Home
last modified time | relevance | path

Searched refs:level (Results 1 – 25 of 26) sorted by relevance

12

/security/selinux/ss/
Dcontext.h46 dst->range.level[0].sens = src->range.level[0].sens; in mls_context_cpy()
47 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); in mls_context_cpy()
51 dst->range.level[1].sens = src->range.level[1].sens; in mls_context_cpy()
52 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat); in mls_context_cpy()
54 ebitmap_destroy(&dst->range.level[0].cat); in mls_context_cpy()
66 dst->range.level[0].sens = src->range.level[0].sens; in mls_context_cpy_low()
67 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); in mls_context_cpy_low()
71 dst->range.level[1].sens = src->range.level[0].sens; in mls_context_cpy_low()
72 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat); in mls_context_cpy_low()
74 ebitmap_destroy(&dst->range.level[0].cat); in mls_context_cpy_low()
[all …]
Dmls.c48 int index_sens = context->range.level[l].sens; in mls_compute_context_len()
54 e = &context->range.level[l].cat; in mls_compute_context_len()
73 if (mls_level_eq(&context->range.level[0], in mls_compute_context_len()
74 &context->range.level[1])) in mls_compute_context_len()
108 context->range.level[l].sens - 1)); in mls_sid_to_context()
114 e = &context->range.level[l].cat; in mls_sid_to_context()
150 if (mls_level_eq(&context->range.level[0], in mls_sid_to_context()
151 &context->range.level[1])) in mls_sid_to_context()
178 return ebitmap_contains(&levdatum->level->cat, &l->cat, in mls_level_isvalid()
184 return (mls_level_isvalid(p, &r->level[0]) && in mls_range_isvalid()
[all …]
Dsidtab.c124 u32 level = 0; in sidtab_level_from_count() local
128 ++level; in sidtab_level_from_count()
130 return level; in sidtab_level_from_count()
133 static int sidtab_alloc_roots(struct sidtab *s, u32 level) in sidtab_alloc_roots() argument
143 for (l = 1; l <= level; ++l) in sidtab_alloc_roots()
158 u32 level, capacity_shift, leaf_index = index / SIDTAB_LEAF_ENTRIES; in sidtab_do_lookup() local
161 level = sidtab_level_from_count(index + 1); in sidtab_do_lookup()
162 capacity_shift = level * SIDTAB_INNER_SHIFT; in sidtab_do_lookup()
165 if (alloc && sidtab_alloc_roots(s, level) != 0) in sidtab_do_lookup()
169 entry = &s->roots[level]; in sidtab_do_lookup()
[all …]
Dmls_types.h27 struct mls_level level[2]; /* low == level[0], high == level[1] */ member
49 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
50 mls_level_dom(&(r1).level[1], &(r2).level[1]))
Dservices.c329 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
330 l2 = &(tcontext->range.level[0]); in constraint_expr_eval()
333 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
334 l2 = &(tcontext->range.level[1]); in constraint_expr_eval()
337 l1 = &(scontext->range.level[1]); in constraint_expr_eval()
338 l2 = &(tcontext->range.level[0]); in constraint_expr_eval()
341 l1 = &(scontext->range.level[1]); in constraint_expr_eval()
342 l2 = &(tcontext->range.level[1]); in constraint_expr_eval()
345 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
346 l2 = &(scontext->range.level[1]); in constraint_expr_eval()
[all …]
Dpolicydb.c290 ebitmap_destroy(&usrdatum->range.level[0].cat); in user_destroy()
291 ebitmap_destroy(&usrdatum->range.level[1].cat); in user_destroy()
305 if (levdatum->level) in sens_destroy()
306 ebitmap_destroy(&levdatum->level->cat); in sens_destroy()
307 kfree(levdatum->level); in sens_destroy()
348 ebitmap_destroy(&rt->level[0].cat); in range_tr_destroy()
349 ebitmap_destroy(&rt->level[1].cat); in range_tr_destroy()
623 if (!levdatum->level->sens || in sens_index()
624 levdatum->level->sens > p->p_levels.nprim) in sens_index()
627 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; in sens_index()
[all …]
Dpolicydb.h128 struct mls_level *level; /* sensitivity and associated categories */ member
/security/lockdown/
Dlockdown.c51 static int lock_kernel_down(const char *where, enum lockdown_reason level) in lock_kernel_down() argument
53 if (kernel_locked_down >= level) in lock_kernel_down()
56 kernel_locked_down = level; in lock_kernel_down()
62 static int __init lockdown_param(char *level) in lockdown_param() argument
64 if (!level) in lockdown_param()
67 if (strcmp(level, "integrity") == 0) in lockdown_param()
69 else if (strcmp(level, "confidentiality") == 0) in lockdown_param()
122 enum lockdown_reason level = lockdown_levels[i]; in lockdown_read() local
124 if (lockdown_reasons[level]) { in lockdown_read()
125 const char *label = lockdown_reasons[level]; in lockdown_read()
[all …]
/security/apparmor/
Dpolicy_ns.c255 ns->level = parent->level + 1; in __aa_create_ns()
256 mutex_lock_nested(&ns->lock, ns->level); in __aa_create_ns()
312 mutex_lock_nested(&parent->lock, parent->level); in aa_prepare_ns()
335 mutex_lock_nested(&ns->lock, ns->level); in destroy_ns()
Dapparmorfs.c540 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_read()
550 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_read()
584 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_poll()
1184 seq_printf(seq, "%d\n", labels_ns(label)->level); in seq_ns_level_show()
1201 SEQ_NS_FOPS(level);
1710 mutex_lock_nested(&parent->lock, parent->level); in ns_mkdir_op()
1759 mutex_lock_nested(&parent->lock, parent->level); in ns_rmdir_op()
1814 mutex_lock_nested(&sub->lock, sub->level); in __aafs_ns_rmdir()
1944 mutex_lock_nested(&sub->lock, sub->level); in __aafs_ns_mkdir()
1988 mutex_lock_nested(&next->lock, next->level); in __next_ns()
[all …]
Dpolicy.c550 mutex_lock_nested(&profile->ns->lock, profile->ns->level); in aa_new_null_profile()
655 user_ns->level == view_ns->level))) in policy_view_capable()
912 mutex_lock_nested(&ns->lock, ns->level); in aa_replace_profiles()
1126 mutex_lock_nested(&ns->parent->lock, ns->level); in aa_remove_profiles()
1132 mutex_lock_nested(&ns->lock, ns->level); in aa_remove_profiles()
Dlsm.c978 int level, int optname) in aa_sock_opt_perm() argument
985 opt_perm(op, request, sock, level, optname), in aa_sock_opt_perm()
992 static int apparmor_socket_getsockopt(struct socket *sock, int level, in apparmor_socket_getsockopt() argument
996 level, optname); in apparmor_socket_getsockopt()
1002 static int apparmor_socket_setsockopt(struct socket *sock, int level, in apparmor_socket_setsockopt() argument
1006 level, optname); in apparmor_socket_setsockopt()
Dlabel.c119 res = a->level - b->level; in ns_cmp()
2129 mutex_lock_nested(&child->lock, child->level); in __aa_labelset_update_subtree()
Dpolicy_unpack.c157 mutex_lock_nested(&ns->lock, ns->level); in do_loaddata_free()
/security/selinux/
Dnetlabel.c482 static inline int selinux_netlbl_option(int level, int optname) in selinux_netlbl_option() argument
484 return (level == IPPROTO_IP && optname == IP_OPTIONS) || in selinux_netlbl_option()
485 (level == IPPROTO_IPV6 && optname == IPV6_HOPOPTS); in selinux_netlbl_option()
502 int level, in selinux_netlbl_socket_setsockopt() argument
510 if (selinux_netlbl_option(level, optname) && in selinux_netlbl_socket_setsockopt()
/security/keys/
Dkeyring.c268 static unsigned long keyring_get_key_chunk(const void *data, int level) in keyring_get_key_chunk() argument
275 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE; in keyring_get_key_chunk()
276 switch (level) { in keyring_get_key_chunk()
286 level -= 4; in keyring_get_key_chunk()
291 d += level * sizeof(long); in keyring_get_key_chunk()
303 static unsigned long keyring_get_object_key_chunk(const void *object, int level) in keyring_get_object_key_chunk() argument
306 return keyring_get_key_chunk(&key->index_key, level); in keyring_get_object_key_chunk()
331 int level, i; in keyring_diff_objects() local
333 level = 0; in keyring_diff_objects()
338 level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8; in keyring_diff_objects()
[all …]
DKconfig57 LSMs gets to rule on which admin-level processes get to access the
/security/selinux/include/
Dnetlabel.h53 int level,
139 int level, in selinux_netlbl_socket_setsockopt() argument
/security/apparmor/include/
Dpolicy_ns.h67 int level; member
/security/smack/
Dsmack_access.c485 int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, in smk_netlbl_mls() argument
495 sap->attr.mls.lvl = level; in smk_netlbl_mls()
/security/integrity/
DKconfig82 controls the level of integrity auditing messages.
/security/
DKconfig.hardening13 such variables, depending on the chosen level of coverage.
38 This chooses the level of coverage over classes of potentially
Dcommoncap.c83 if (ns->level <= cred->user_ns->level) in cap_capable()
Dsecurity.c2033 int security_socket_getsockopt(struct socket *sock, int level, int optname) in security_socket_getsockopt() argument
2035 return call_int_hook(socket_getsockopt, 0, sock, level, optname); in security_socket_getsockopt()
2038 int security_socket_setsockopt(struct socket *sock, int level, int optname) in security_socket_setsockopt() argument
2040 return call_int_hook(socket_setsockopt, 0, sock, level, optname); in security_socket_setsockopt()
DKconfig113 correctly. This level of protection requires a root of trust outside

12