Home
last modified time | relevance | path

Searched refs:security (Results 1 – 22 of 22) sorted by relevance

/security/integrity/evm/
DKconfig11 EVM protects a file's security extended attributes against
37 In addition to the original security xattrs (eg. security.selinux,
38 security.SMACK64, security.capability, and security.ima) included
40 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
41 security.SMACK64MMAP.
56 /sys/kernel/security/integrity/evm/evm_xattrs.
/security/selinux/
Dxfrm.c67 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
182 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
183 if (x->security) in selinux_xfrm_state_pol_flow_match()
190 if (!x->security) in selinux_xfrm_state_pol_flow_match()
198 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
223 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
238 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
336 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
374 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
386 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
DMakefile17 ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
Dhooks.c2784 const struct selinux_mnt_opts *src = src_fc->security; in selinux_fs_context_dup()
2790 fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL); in selinux_fs_context_dup()
2791 if (!fc->security) in selinux_fs_context_dup()
2794 opts = fc->security; in selinux_fs_context_dup()
2843 rc = selinux_add_opt(opt, param->string, &fc->security); in selinux_fs_context_parse_param()
5432 static int selinux_tun_dev_alloc_security(void **security) in selinux_tun_dev_alloc_security() argument
5441 *security = tunsec; in selinux_tun_dev_alloc_security()
5445 static void selinux_tun_dev_free_security(void *security) in selinux_tun_dev_free_security() argument
5447 kfree(security); in selinux_tun_dev_free_security()
5466 static int selinux_tun_dev_attach_queue(void *security) in selinux_tun_dev_attach_queue() argument
[all …]
DKconfig41 kernel hardening feature for security hooks. Please consider
/security/
DKconfig8 source "security/keys/Kconfig"
23 bool "Enable different security models"
27 This allows you to choose different security modules to be
30 If this option is not selected, the default Linux security
44 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
52 This enables the socket and networking security hooks.
53 If enabled, a security module can use these hooks to
72 This enables the Infiniband security hooks.
73 If enabled, a security module can use these hooks to
81 This enables the XFRM (IPSec) networking security hooks.
[all …]
Dsecurity.c496 cred->security = NULL; in lsm_cred_alloc()
500 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
501 if (cred->security == NULL) in lsm_cred_alloc()
573 task->security = NULL; in lsm_task_alloc()
577 task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
578 if (task->security == NULL) in lsm_task_alloc()
594 kip->security = NULL; in lsm_ipc_alloc()
598 kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
599 if (kip->security == NULL) in lsm_ipc_alloc()
615 mp->security = NULL; in lsm_msg_msg_alloc()
[all …]
DMakefile21 obj-$(CONFIG_SECURITY) += security.o
/security/selinux/include/
Dobjsec.h154 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
173 return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; in selinux_msg_msg()
179 return ipc->security + selinux_blob_sizes.lbs_ipc; in selinux_ipc()
/security/yama/
DKconfig8 system-wide security settings beyond regular Linux discretionary
10 Like capabilities, this security module stacks with other LSMs.
/security/apparmor/include/
Dcred.h24 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in cred_label()
33 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in set_cred_label()
Dtask.h15 return task->security + apparmor_blob_sizes.lbs_task; in task_ctx()
/security/lockdown/
DKconfig15 boot parameters that are otherwise parsed before the security
31 enabled via the kernel commandline or /sys/kernel/security/lockdown.
/security/smack/
Dsmack.h351 return cred->security + smack_blob_sizes.lbs_cred; in smack_cred()
367 return msg->security + smack_blob_sizes.lbs_msg_msg; in smack_msg_msg()
372 return ipc->security + smack_blob_sizes.lbs_ipc; in smack_ipc()
DKconfig13 of other mandatory security schemes.
41 This enables security marking of network packets using
Dsmack_lsm.c645 struct smack_mnt_opts *dst, *src = src_fc->security; in smack_fs_context_dup()
650 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); in smack_fs_context_dup()
651 if (!fc->security) in smack_fs_context_dup()
653 dst = fc->security; in smack_fs_context_dup()
716 rc = smack_add_opt(opt, param->string, &fc->security); in smack_fs_context_parse_param()
4224 key->security = skp; in smack_key_alloc()
4236 key->security = NULL; in smack_key_free()
4270 if (keyp->security == NULL) in smack_key_permission()
4290 rc = smk_access(tkp, keyp->security, request, &ad); in smack_key_permission()
4291 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); in smack_key_permission()
[all …]
/security/integrity/
DKconfig90 source "security/integrity/ima/Kconfig"
91 source "security/integrity/evm/Kconfig"
/security/loadpin/
DKconfig7 (kernel modules, firmware, kexec images, security policy)
/security/apparmor/
DKconfig11 This enables the AppArmor security module.
/security/tomoyo/
DKconfig39 You can read the log via /sys/kernel/security/tomoyo/audit.
Dcommon.h1222 return task->security + tomoyo_blob_sizes.lbs_task; in tomoyo_task()
/security/integrity/ima/
DKconfig152 It requires the system to be labeled with a security extended
154 the security extended attributes from offline attack, enable