| /security/apparmor/ |
| D | policy_ns.c | 89 struct aa_ns *ns; in alloc_ns() local
91 ns = kzalloc(sizeof(*ns), GFP_KERNEL); in alloc_ns()
92 AA_DEBUG("%s(%p)\n", __func__, ns); in alloc_ns()
93 if (!ns) in alloc_ns()
95 if (!aa_policy_init(&ns->base, prefix, name, GFP_KERNEL)) in alloc_ns()
98 INIT_LIST_HEAD(&ns->sub_ns); in alloc_ns()
99 INIT_LIST_HEAD(&ns->rawdata_list); in alloc_ns()
100 mutex_init(&ns->lock); in alloc_ns()
101 init_waitqueue_head(&ns->wait); in alloc_ns()
104 ns->unconfined = aa_alloc_profile("unconfined", NULL, GFP_KERNEL); in alloc_ns()
[all …]
|
| D | policy.c | 115 AA_BUG(!profile->ns); in __add_profile()
116 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
121 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
141 AA_BUG(!profile->ns); in __list_remove_profile()
142 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __list_remove_profile()
157 AA_BUG(!profile->ns); in __remove_profile()
158 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __remove_profile()
219 aa_put_ns(profile->ns); in aa_free_profile()
360 static struct aa_policy *__lookup_parent(struct aa_ns *ns, in __lookup_parent() argument
367 policy = &ns->base; in __lookup_parent()
[all …]
|
| D | apparmorfs.c | 414 loff_t *pos, struct aa_ns *ns) in policy_update() argument
425 error = aa_may_manage_policy(label, ns, mask); in policy_update()
432 error = aa_replace_profiles(ns, label, mask, data); in policy_update()
444 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); in profile_load() local
445 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns); in profile_load()
447 aa_put_ns(ns); in profile_load()
461 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); in profile_replace() local
463 buf, size, pos, ns); in profile_replace()
464 aa_put_ns(ns); in profile_replace()
481 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); in profile_remove() local
[all …]
|
| D | label.c | 141 AA_BUG(!a->ns); in profile_cmp()
142 AA_BUG(!b->ns); in profile_cmp()
148 res = ns_cmp(a->ns, b->ns); in profile_cmp()
375 struct aa_ns *ns = labels_ns(label); in aa_label_kref() local
377 if (!ns) { in aa_label_kref()
1233 return aa_ns_visible(profile->ns, labels_ns(label), true); in label_is_visible()
1247 if (profile->ns == tp->ns) in match_component()
1251 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
1283 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
1297 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
[all …]
|
| D | domain.c | 105 if (profile->ns == tp->ns) in match_component()
109 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
143 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
157 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_compound_match()
205 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_components_match()
221 if (!aa_ns_visible(profile->ns, tp->ns, subns)) in label_components_match()
382 struct aa_ns *ns, struct list_head *head, in find_attach() argument
396 &profile->label == ns_unconfined(profile->ns)) in find_attach()
425 long rev = READ_ONCE(ns->revision); in find_attach()
435 READ_ONCE(ns->revision)) in find_attach()
[all …]
|
| D | policy_unpack.c | 81 if (aad(sa)->iface.ns) { in audit_cb()
83 audit_log_untrustedstring(ab, aad(sa)->iface.ns); in audit_cb()
112 aad(&sa)->iface.ns = ns_name; in audit_iface()
126 AA_BUG(!data->ns); in __aa_loaddata_update()
128 AA_BUG(!mutex_is_locked(&data->ns->lock)); in __aa_loaddata_update()
154 struct aa_ns *ns = aa_get_ns(d->ns); in do_loaddata_free() local
156 if (ns) { in do_loaddata_free()
157 mutex_lock_nested(&ns->lock, ns->level); in do_loaddata_free()
159 mutex_unlock(&ns->lock); in do_loaddata_free()
160 aa_put_ns(ns); in do_loaddata_free()
[all …]
|
| D | procattr.c | 35 struct aa_ns *ns = labels_ns(label); in aa_getprocattr() local
39 if (!aa_ns_visible(current_ns, ns, true)) { in aa_getprocattr()
|
| D | audit.c | 82 if (profile->ns != root_ns) { in audit_pre()
85 profile->ns->base.hname); in audit_pre()
|
| /security/keys/ |
| D | persistent.c | 20 static int key_create_persistent_register(struct user_namespace *ns) in key_create_persistent_register() argument
31 ns->persistent_keyring_register = reg; in key_create_persistent_register()
40 static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid, in key_create_persistent() argument
46 if (!ns->persistent_keyring_register) { in key_create_persistent()
47 long err = key_create_persistent_register(ns); in key_create_persistent()
51 reg_ref = make_key_ref(ns->persistent_keyring_register, true); in key_create_persistent()
62 ns->persistent_keyring_register); in key_create_persistent()
73 static long key_get_persistent(struct user_namespace *ns, kuid_t uid, in key_get_persistent() argument
86 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid)); in key_get_persistent()
89 if (ns->persistent_keyring_register) { in key_get_persistent()
[all …]
|
| D | keyring.c | 57 void key_free_user_ns(struct user_namespace *ns) in key_free_user_ns() argument
60 list_del_init(&ns->keyring_name_list); in key_free_user_ns()
63 key_put(ns->user_keyring_register); in key_free_user_ns()
65 key_put(ns->persistent_keyring_register); in key_free_user_ns()
109 struct user_namespace *ns = current_user_ns(); in keyring_publish_name() local
115 list_add_tail(&keyring->name_link, &ns->keyring_name_list); in keyring_publish_name()
1145 struct user_namespace *ns = current_user_ns(); in find_keyring_by_name() local
1156 list_for_each_entry(keyring, &ns->keyring_name_list, name_link) { in find_keyring_by_name()
1157 if (!kuid_has_mapping(ns, keyring->user->uid)) in find_keyring_by_name()
|
| /security/selinux/ |
| D | netif.c | 53 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) in sel_netif_hashfn() argument
55 return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1)); in sel_netif_hashfn()
68 static inline struct sel_netif *sel_netif_find(const struct net *ns, in sel_netif_find() argument
71 int idx = sel_netif_hashfn(ns, ifindex); in sel_netif_find()
75 if (net_eq(netif->nsec.ns, ns) && in sel_netif_find()
98 idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex); in sel_netif_insert()
133 static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) in sel_netif_sid_slow() argument
143 dev = dev_get_by_index(ns, ifindex); in sel_netif_sid_slow()
151 netif = sel_netif_find(ns, ifindex); in sel_netif_sid_slow()
162 new->nsec.ns = ns; in sel_netif_sid_slow()
[all …]
|
| /security/apparmor/include/ |
| D | policy_ns.h | 85 void aa_free_ns(struct aa_ns *ns);
97 void __aa_remove_ns(struct aa_ns *ns);
102 mutex_is_locked(&p->ns->lock)); in aa_deref_parent()
112 static inline struct aa_ns *aa_get_ns(struct aa_ns *ns) in aa_get_ns() argument
114 if (ns) in aa_get_ns()
115 aa_get_profile(ns->unconfined); in aa_get_ns()
117 return ns; in aa_get_ns()
126 static inline void aa_put_ns(struct aa_ns *ns) in aa_put_ns() argument
128 if (ns) in aa_put_ns()
129 aa_put_profile(ns->unconfined); in aa_put_ns()
|
| D | policy.h | 133 struct aa_ns *ns; member
171 #define profiles_ns(P) ((P)->ns)
185 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
187 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name);
190 struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name);
304 bool policy_view_capable(struct aa_ns *ns);
305 bool policy_admin_capable(struct aa_ns *ns);
306 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns,
|
| D | apparmorfs.h | 107 void __aa_bump_ns_revision(struct aa_ns *ns);
112 void __aafs_ns_rmdir(struct aa_ns *ns);
113 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
118 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata);
|
| D | label.h | 52 #define vec_ns(VEC, SIZE) (vec_last((VEC), (SIZE))->ns)
209 while ((L)->vec[___i] && (L)->vec[___i]->ns != (NS)) \
276 void __aa_labelset_update_subtree(struct aa_ns *ns);
303 bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp);
312 int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label,
314 int aa_label_acntsxprint(char __counted **strp, struct aa_ns *ns,
316 void aa_label_xaudit(struct audit_buffer *ab, struct aa_ns *ns,
318 void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns,
320 void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
|
| D | cred.h | 179 struct aa_ns *ns; in aa_get_current_ns() local
182 ns = aa_get_ns(labels_ns(label)); in aa_get_current_ns()
185 return ns; in aa_get_current_ns()
|
| D | policy_unpack.h | 62 struct aa_ns *ns; member
72 int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
|
| D | perms.h | 110 if (P1->ns == P2->ns) \
|
| /security/tomoyo/ |
| D | common.c | 347 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) in tomoyo_init_policy_namespace() argument
352 INIT_LIST_HEAD(&ns->acl_group[idx]); in tomoyo_init_policy_namespace()
354 INIT_LIST_HEAD(&ns->group_list[idx]); in tomoyo_init_policy_namespace()
356 INIT_LIST_HEAD(&ns->policy_list[idx]); in tomoyo_init_policy_namespace()
357 ns->profile_version = 20150505; in tomoyo_init_policy_namespace()
359 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); in tomoyo_init_policy_namespace()
374 container_of(head->r.ns, in tomoyo_print_namespace()
491 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
498 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
504 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
[all …]
|
| D | domain.c | 186 list = &domain->ns->acl_group[i++]; in tomoyo_check_acl()
275 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_write_transition_control()
344 (const struct tomoyo_policy_namespace *ns, in tomoyo_transition_type() argument
353 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; in tomoyo_transition_type()
418 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; in tomoyo_write_aggregator()
441 struct tomoyo_policy_namespace *ns; in tomoyo_find_namespace() local
443 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_find_namespace()
444 if (strncmp(name, ns->name, len) || in tomoyo_find_namespace()
447 return ns; in tomoyo_find_namespace()
540 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
[all …]
|
| D | gc.c | 528 struct tomoyo_policy_namespace *ns; in tomoyo_collect_entry() local
543 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_collect_entry()
545 tomoyo_collect_member(id, &ns->policy_list[id]); in tomoyo_collect_entry()
547 tomoyo_collect_acl(&ns->acl_group[i]); in tomoyo_collect_entry()
561 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { in tomoyo_collect_entry()
563 struct list_head *list = &ns->group_list[i]; in tomoyo_collect_entry()
|
| D | common.h | 686 struct tomoyo_policy_namespace *ns; member
783 struct tomoyo_policy_namespace *ns; member
802 struct list_head *ns; member
822 struct tomoyo_policy_namespace *ns; member
977 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
1039 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
1055 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
1277 return tomoyo_domain()->ns; in tomoyo_current_namespace()
|
| D | memory.c | 111 list = ¶m->ns->group_list[idx]; in tomoyo_get_group()
203 tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace; in tomoyo_mm_init()
|
| /security/ |
| D | commoncap.c | 68 struct user_namespace *ns = targ_ns; in cap_capable() local
76 if (ns == cred->user_ns) in cap_capable()
83 if (ns->level <= cred->user_ns->level) in cap_capable()
90 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
97 ns = ns->parent; in cap_capable()
325 struct user_namespace *ns; in rootid_owns_currentns() local
330 for (ns = current_user_ns(); ; ns = ns->parent) { in rootid_owns_currentns()
331 if (from_kuid(ns, kroot) == 0) in rootid_owns_currentns()
333 if (ns == &init_user_ns) in rootid_owns_currentns()
|
| /security/selinux/include/ |
| D | netif.h | 21 int sel_netif_sid(struct net *ns, int ifindex, u32 *sid);
|