| /security/tomoyo/ |
| D | audit.c | 118 static inline const char *tomoyo_filetype(const umode_t mode) in tomoyo_filetype() argument
120 switch (mode & S_IFMT) { in tomoyo_filetype()
168 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], in tomoyo_print_header()
188 umode_t mode; in tomoyo_print_header() local
194 mode = stat->mode; in tomoyo_print_header()
203 stat->mode & S_IALLUGO); in tomoyo_print_header()
213 mode & S_IALLUGO, tomoyo_filetype(mode)); in tomoyo_print_header()
214 if (S_ISCHR(mode) || S_ISBLK(mode)) { in tomoyo_print_header()
332 u8 mode; in tomoyo_get_audit() local
345 mode = p->config[index]; in tomoyo_get_audit()
[all …]
|
| D | file.c | 201 r->param.mkdev.mode, r->param.mkdev.major, in tomoyo_audit_mkdev_log()
323 tomoyo_compare_number_union(r->param.mkdev.mode, in tomoyo_check_mkdev_acl()
324 &acl->mode) && in tomoyo_check_mkdev_acl()
420 tomoyo_same_number_union(&p1->mode, &p2->mode) && in tomoyo_same_mkdev_acl()
472 !tomoyo_parse_number_union(param, &e.mode) || in tomoyo_update_mkdev_acl()
481 tomoyo_put_number_union(&e.mode); in tomoyo_update_mkdev_acl()
579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
580 if (r->mode == TOMOYO_CONFIG_DISABLED) in tomoyo_path_permission()
611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
618 if (r->mode != TOMOYO_CONFIG_DISABLED) in tomoyo_execute_permission()
[all …]
|
| D | tomoyo.c | 169 umode_t mode) in tomoyo_path_mkdir() argument
174 mode & S_IALLUGO); in tomoyo_path_mkdir()
220 umode_t mode, unsigned int dev) in tomoyo_path_mknod() argument
224 const unsigned int perm = mode & S_IALLUGO; in tomoyo_path_mknod()
226 switch (mode & S_IFMT) { in tomoyo_path_mknod()
238 switch (mode & S_IFMT) { in tomoyo_path_mknod()
346 static int tomoyo_path_chmod(const struct path *path, umode_t mode) in tomoyo_path_chmod() argument
349 mode & S_IALLUGO); in tomoyo_path_chmod()
|
| D | util.c | 973 u8 mode; in tomoyo_get_mode() local
979 mode = p->config[index]; in tomoyo_get_mode()
980 if (mode == TOMOYO_CONFIG_USE_DEFAULT) in tomoyo_get_mode()
981 mode = p->config[tomoyo_index2category[index] in tomoyo_get_mode()
983 if (mode == TOMOYO_CONFIG_USE_DEFAULT) in tomoyo_get_mode()
984 mode = p->default_config; in tomoyo_get_mode()
985 return mode & 3; in tomoyo_get_mode()
1009 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1010 return r->mode; in tomoyo_init_request_info()
1028 if (r->mode != TOMOYO_CONFIG_LEARNING) in tomoyo_domain_quota_is_ok()
|
| D | Kconfig | 19 int "Default maximal count for learning mode"
25 that are automatically appended into policy at "learning mode".
27 such programs in "learning mode" dulls the system response
55 enforcing mode from the beginning, you can reduce the possibility of
|
| D | securityfs_if.c | 223 static void __init tomoyo_create_entry(const char *name, const umode_t mode, in tomoyo_create_entry() argument
226 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, in tomoyo_create_entry()
|
| D | common.h | 449 unsigned int mode; member
499 u8 mode; /* One of tomoyo_mode_index . */ member
571 umode_t mode; member
732 struct tomoyo_number_union mode; member
983 const unsigned int mode, unsigned int dev);
|
| D | domain.c | 631 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
633 if (!r->mode || !envp_count) in tomoyo_environ()
687 if (r->mode != TOMOYO_CONFIG_ENFORCING) in tomoyo_environ()
855 } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) in tomoyo_find_next_domain()
|
| D | common.c | 632 u8 mode; in tomoyo_set_mode() local
634 for (mode = 0; mode < 4; mode++) in tomoyo_set_mode()
635 if (strstr(value, tomoyo_mode[mode])) in tomoyo_set_mode()
640 config = (config & ~7) | mode; in tomoyo_set_mode()
1498 tomoyo_print_number_union(head, &ptr->mode); in tomoyo_print_entry()
2078 if (r->mode) in tomoyo_supervisor()
2079 tomoyo_update_stat(r->mode); in tomoyo_supervisor()
2080 switch (r->mode) { in tomoyo_supervisor()
|
| /security/keys/ |
| D | sysctl.c | 17 .mode = 0644,
26 .mode = 0644,
35 .mode = 0644,
44 .mode = 0644,
53 .mode = 0644,
63 .mode = 0644,
|
| /security/ |
| D | inode.c | 107 static struct dentry *securityfs_create_dentry(const char *name, umode_t mode, in securityfs_create_dentry() argument
116 if (!(mode & S_IFMT)) in securityfs_create_dentry()
117 mode = (mode & S_IALLUGO) | S_IFREG; in securityfs_create_dentry()
147 inode->i_mode = mode; in securityfs_create_dentry()
150 if (S_ISDIR(mode)) { in securityfs_create_dentry()
155 } else if (S_ISLNK(mode)) { in securityfs_create_dentry()
200 struct dentry *securityfs_create_file(const char *name, umode_t mode, in securityfs_create_file() argument
204 return securityfs_create_dentry(name, mode, parent, data, fops, NULL); in securityfs_create_file()
|
| D | security.c | 696 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) in security_ptrace_access_check() argument
698 return call_int_hook(ptrace_access_check, 0, child, mode); in security_ptrace_access_check()
951 int security_dentry_init_security(struct dentry *dentry, int mode, in security_dentry_init_security() argument
955 return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, in security_dentry_init_security()
960 int security_dentry_create_files_as(struct dentry *dentry, int mode, in security_dentry_create_files_as() argument
964 return call_int_hook(dentry_create_files_as, 0, dentry, mode, in security_dentry_create_files_as()
1016 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, in security_path_mknod() argument
1021 return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); in security_path_mknod()
1025 int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) in security_path_mkdir() argument
1029 return call_int_hook(path_mkdir, 0, dir, dentry, mode); in security_path_mkdir()
[all …]
|
| /security/apparmor/include/ |
| D | apparmorfs.h | 29 umode_t mode; member
43 { .name = (_name), .mode = 0444, \
47 { .name = (_name), .mode = 0444, \
51 { .name = (_name), .mode = 0444, \
56 .mode = (_mode), .file_ops = (_fops) }
|
| D | policy.h | 43 ((_profile)->mode == (_mode)))
140 long mode; member
201 #define profile_unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
|
| /security/smack/ |
| D | Kconfig | 21 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule with the "b" mode a
25 of access initially with the bringup mode set on the
31 "permissive" mode of other systems.
|
| D | smack_access.c | 220 u32 mode, struct smk_audit_info *a) in smk_tskacc() argument
229 rc = smk_access(sbj_known, obj_known, mode, NULL); in smk_tskacc()
240 if ((mode & may) == mode) in smk_tskacc()
255 mode, rc, a); in smk_tskacc()
272 u32 mode, struct smk_audit_info *a) in smk_curacc() argument
276 return smk_tskacc(tsp, obj_known, mode, a); in smk_curacc()
|
| D | smack_lsm.c | 97 static void smk_bu_mode(int mode, char *s) in smk_bu_mode() argument
101 if (mode & MAY_READ) in smk_bu_mode()
103 if (mode & MAY_WRITE) in smk_bu_mode()
105 if (mode & MAY_EXEC) in smk_bu_mode()
107 if (mode & MAY_APPEND) in smk_bu_mode()
109 if (mode & MAY_TRANSMUTE) in smk_bu_mode()
111 if (mode & MAY_LOCK) in smk_bu_mode()
121 struct smack_known *oskp, int mode, int rc) in smk_bu_note() argument
130 smk_bu_mode(mode, acc); in smk_bu_note()
136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) argument
[all …]
|
| /security/lockdown/ |
| D | Kconfig | 20 prompt "Kernel default lockdown mode"
36 The kernel runs in integrity mode by default. Features that allow
42 The kernel runs in confidentiality mode by default. Features that
|
| /security/yama/ |
| D | yama_lsm.c | 355 unsigned int mode) in yama_ptrace_access_check() argument
360 if (mode & PTRACE_MODE_ATTACH) { in yama_ptrace_access_check()
388 if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) in yama_ptrace_access_check()
461 .mode = 0644,
|
| /security/apparmor/ |
| D | lsm.c | 106 unsigned int mode) in apparmor_ptrace_access_check() argument
114 (mode & PTRACE_MODE_READ) ? AA_PTRACE_READ in apparmor_ptrace_access_check()
265 cond.mode = inode->i_mode; in common_perm_rm()
281 struct dentry *dentry, u32 mask, umode_t mode) in common_perm_create() argument
283 struct path_cond cond = { current_fsuid(), mode }; in common_perm_create()
297 umode_t mode) in apparmor_path_mkdir() argument
309 umode_t mode, unsigned int dev) in apparmor_path_mknod() argument
311 return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); in apparmor_path_mknod()
377 static int apparmor_path_chmod(const struct path *path, umode_t mode) in apparmor_path_chmod() argument
1286 module_param_call(mode, param_set_mode, param_get_mode,
[all …]
|
| D | apparmorfs.c | 182 umode_t mode, void *data, char *link, in __aafs_setup_d_inode() argument
195 inode->i_mode = mode; in __aafs_setup_d_inode()
198 if (S_ISDIR(mode)) { in __aafs_setup_d_inode()
203 } else if (S_ISLNK(mode)) { in __aafs_setup_d_inode()
231 static struct dentry *aafs_create(const char *name, umode_t mode, in aafs_create() argument
243 if (!(mode & S_IFMT)) in aafs_create()
244 mode = (mode & S_IALLUGO) | S_IFREG; in aafs_create()
264 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); in aafs_create()
292 static struct dentry *aafs_create_file(const char *name, umode_t mode, in aafs_create_file() argument
296 return aafs_create(name, mode, parent, data, NULL, fops, NULL); in aafs_create_file()
[all …]
|
| D | label.c | 1510 const char *modestr = aa_profile_mode_names[profile->mode]; in aa_profile_snxprint()
1530 int mode = -1, count = 0; in label_modename() local
1534 if (profile->mode == APPARMOR_UNCONFINED) in label_modename()
1541 if (mode == -1) in label_modename()
1542 mode = profile->mode; in label_modename()
1543 else if (mode != profile->mode) in label_modename()
1550 if (mode == -1) in label_modename()
1552 mode = APPARMOR_UNCONFINED; in label_modename()
1554 return aa_profile_mode_names[mode]; in label_modename()
|
| /security/selinux/ |
| D | Kconfig | 55 kernel will start in permissive mode (log everything, deny nothing)
57 can interactively toggle the kernel between enforcing mode and
58 permissive mode (if permitted by the policy) via /selinux/enforce.
|
| /security/integrity/ima/ |
| D | ima_main.c | 114 fmode_t mode = file->f_mode; in ima_rdwr_violation_check() local
117 if (mode & FMODE_WRITE) { in ima_rdwr_violation_check()
149 fmode_t mode = file->f_mode; in ima_check_last_writer() local
152 if (!(mode & FMODE_WRITE)) in ima_check_last_writer()
|
| /security/integrity/evm/ |
| D | evm_crypto.c | 150 umode_t mode; in hmac_add_misc() member
171 hmac_misc.mode = inode->i_mode; in hmac_add_misc()
|