| /security/tomoyo/ |
| D | mount.c | 35 r->param.mount.type->name, in tomoyo_audit_mount_log()
55 tomoyo_compare_name_union(r->param.mount.type, in tomoyo_check_mount_acl()
79 const struct path *dir, const char *type, in tomoyo_mount_acl() argument
97 requested_type = tomoyo_encode(type); in tomoyo_mount_acl()
114 if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) { in tomoyo_mount_acl()
116 } else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] || in tomoyo_mount_acl()
117 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] || in tomoyo_mount_acl()
118 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] || in tomoyo_mount_acl()
119 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) { in tomoyo_mount_acl()
121 } else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] || in tomoyo_mount_acl()
[all …]
|
| D | network.c | 284 struct tomoyo_inet_acl e = { .head.type = TOMOYO_TYPE_INET_ACL }; in tomoyo_write_inet_network()
286 u8 type; in tomoyo_write_inet_network() local
293 for (type = 0; type < TOMOYO_MAX_NETWORK_OPERATION; type++) in tomoyo_write_inet_network()
294 if (tomoyo_permstr(operation, tomoyo_socket_keyword[type])) in tomoyo_write_inet_network()
295 e.perm |= 1 << type; in tomoyo_write_inet_network()
329 struct tomoyo_unix_acl e = { .head.type = TOMOYO_TYPE_UNIX_ACL }; in tomoyo_write_unix_network()
331 u8 type; in tomoyo_write_unix_network() local
338 for (type = 0; type < TOMOYO_MAX_NETWORK_OPERATION; type++) in tomoyo_write_unix_network()
339 if (tomoyo_permstr(operation, tomoyo_socket_keyword[type])) in tomoyo_write_unix_network()
340 e.perm |= 1 << type; in tomoyo_write_unix_network()
[all …]
|
| D | file.c | 214 const u8 type = r->param.path_number.operation; in tomoyo_audit_path_number_log() local
218 switch (type) { in tomoyo_audit_path_number_log()
236 [tomoyo_pn2mac[type]], in tomoyo_audit_path_number_log()
390 .head.type = TOMOYO_TYPE_PATH_ACL, in tomoyo_update_path_acl()
466 .head.type = TOMOYO_TYPE_MKDEV_ACL, in tomoyo_update_mkdev_acl()
545 .head.type = TOMOYO_TYPE_PATH2_ACL, in tomoyo_update_path2_acl()
578 r->type = tomoyo_p2mac[operation]; in tomoyo_path_permission()
579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
610 r->type = TOMOYO_MAC_FILE_EXECUTE; in tomoyo_execute_permission()
611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
[all …]
|
| D | domain.c | 76 return a->type == b->type && a->cond == b->cond; in tomoyo_same_acl_head()
116 !(new_entry->type == TOMOYO_TYPE_PATH_ACL && in tomoyo_update_domain()
173 if (ptr->is_deleted || ptr->type != r->param_type) in tomoyo_check_acl()
229 return p1->type == p2->type && p1->is_last_name == p2->is_last_name in tomoyo_same_transition_control()
243 const u8 type) in tomoyo_write_transition_control() argument
245 struct tomoyo_transition_control e = { .type = type }; in tomoyo_write_transition_control()
253 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP || in tomoyo_write_transition_control()
254 type == TOMOYO_TRANSITION_CONTROL_KEEP) { in tomoyo_write_transition_control()
300 const enum tomoyo_transition_type type) in tomoyo_scan_transition() argument
306 if (ptr->head.is_deleted || ptr->type != type) in tomoyo_scan_transition()
[all …]
|
| D | util.c | 225 const unsigned long value, const u8 type) in tomoyo_print_ulong() argument
227 if (type == TOMOYO_VALUE_TYPE_DECIMAL) in tomoyo_print_ulong()
229 else if (type == TOMOYO_VALUE_TYPE_OCTAL) in tomoyo_print_ulong()
231 else if (type == TOMOYO_VALUE_TYPE_HEXADECIMAL) in tomoyo_print_ulong()
234 snprintf(buffer, buffer_len, "type(%u)", type); in tomoyo_print_ulong()
274 u8 type; in tomoyo_parse_number_union() local
284 type = tomoyo_parse_ulong(&v, &data); in tomoyo_parse_number_union()
285 if (type == TOMOYO_VALUE_TYPE_INVALID) in tomoyo_parse_number_union()
288 ptr->value_type[0] = type; in tomoyo_parse_number_union()
291 ptr->value_type[1] = type; in tomoyo_parse_number_union()
[all …]
|
| D | tomoyo.c | 223 int type = TOMOYO_TYPE_CREATE; in tomoyo_path_mknod() local
228 type = TOMOYO_TYPE_MKCHAR; in tomoyo_path_mknod()
231 type = TOMOYO_TYPE_MKBLOCK; in tomoyo_path_mknod()
236 return tomoyo_mkdev_perm(type, &path, perm, dev); in tomoyo_path_mknod()
240 type = TOMOYO_TYPE_MKFIFO; in tomoyo_path_mknod()
243 type = TOMOYO_TYPE_MKSOCK; in tomoyo_path_mknod()
246 return tomoyo_path_number_perm(type, &path, perm); in tomoyo_path_mknod()
398 const char *type, unsigned long flags, void *data) in tomoyo_sb_mount() argument
400 return tomoyo_mount_permission(dev_name, path, type, flags, data); in tomoyo_sb_mount()
|
| D | group.c | 74 int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type) in tomoyo_write_group() argument
76 struct tomoyo_group *group = tomoyo_get_group(param, type); in tomoyo_write_group()
82 if (type == TOMOYO_PATH_GROUP) { in tomoyo_write_group()
93 } else if (type == TOMOYO_NUMBER_GROUP) { in tomoyo_write_group()
|
| /security/apparmor/ |
| D | audit.c | 61 audit_log_string(ab, aa_audit_type[aad(sa)->type]); in audit_pre()
107 void aa_audit_msg(int type, struct common_audit_data *sa, in aa_audit_msg() argument
110 aad(sa)->type = type; in aa_audit_msg()
125 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, in aa_audit() argument
130 if (type == AUDIT_APPARMOR_AUTO) { in aa_audit()
134 type = AUDIT_APPARMOR_AUDIT; in aa_audit()
136 type = AUDIT_APPARMOR_ALLOWED; in aa_audit()
138 type = AUDIT_APPARMOR_DENIED; in aa_audit()
141 (type == AUDIT_APPARMOR_DENIED && in aa_audit()
145 if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) in aa_audit()
[all …]
|
| D | net.c | 81 if (sock_type_names[aad(sa)->net.type]) in audit_net_cb()
82 audit_log_string(ab, sock_type_names[aad(sa)->net.type]); in audit_net_cb()
84 audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type); in audit_net_cb()
107 u32 request, u16 family, int type) in aa_profile_af_perm() argument
114 AA_BUG(type < 0 || type >= SOCK_MAX); in aa_profile_af_perm()
123 buffer[1] = cpu_to_be16((u16) type); in aa_profile_af_perm()
133 int type, int protocol) in aa_af_perm() argument
136 DEFINE_AUDIT_NET(sa, op, NULL, family, type, protocol); in aa_af_perm()
140 type)); in aa_af_perm()
|
| D | mount.c | 90 if (aad(sa)->mnt.type) { in audit_cb()
92 audit_log_untrustedstring(ab, aad(sa)->mnt.type); in audit_cb()
132 const char *type, const char *trans, in audit_mount() argument
170 aad(&sa)->mnt.type = type; in audit_mount()
241 const char *type, unsigned long flags, in do_match_mnt() argument
260 if (type) in do_match_mnt()
261 state = aa_dfa_match(dfa, state, type); in do_match_mnt()
317 const char *devname, const char *type, in match_mnt_path_str() argument
346 mntpnt, devname, type, flags, data, binary, &perms); in match_mnt_path_str()
354 return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL, in match_mnt_path_str()
[all …]
|
| D | lib.c | 382 int type, u32 request, struct aa_perms *perms) in aa_profile_match_label() argument
389 type); in aa_profile_match_label()
396 u32 request, int type, u32 *deny, in aa_profile_label_perm() argument
405 aa_profile_match_label(profile, &target->label, type, request, &perms); in aa_profile_label_perm()
433 int type, error; in aa_check_perms() local
442 type = AUDIT_APPARMOR_AUDIT; in aa_check_perms()
448 type = AUDIT_APPARMOR_KILL; in aa_check_perms()
450 type = AUDIT_APPARMOR_ALLOWED; in aa_check_perms()
452 type = AUDIT_APPARMOR_DENIED; in aa_check_perms()
467 aa_audit_msg(type, sa, cb); in aa_check_perms()
[all …]
|
| D | capability.c | 68 int type = AUDIT_APPARMOR_AUTO; in audit_caps() local
77 type = AUDIT_APPARMOR_AUDIT; in audit_caps()
80 type = AUDIT_APPARMOR_KILL; in audit_caps()
102 return aa_audit(type, profile, sa, audit_cb); in audit_caps()
|
| /security/keys/ |
| D | key.c | 224 struct key *key_alloc(struct key_type *type, const char *desc, in key_alloc() argument
238 if (type->vet_description) { in key_alloc()
239 ret = type->vet_description(desc); in key_alloc()
247 quotalen = desclen + 1 + type->def_datalen; in key_alloc()
284 key->index_key.type = type; in key_alloc()
289 lockdep_set_class(&key->sem, &type->lock_class); in key_alloc()
292 key->datalen = type->def_datalen; in key_alloc()
440 ret = key->type->instantiate(key, prep); in __key_instantiate_and_link()
507 prep.quotalen = key->type->def_datalen; in key_instantiate_and_link()
509 if (key->type->preparse) { in key_instantiate_and_link()
[all …]
|
| D | keyring.c | 47 if (key->type == &key_type_keyring) in keyring_key_to_ptr()
168 unsigned long hash, type; in hash_key_type_and_desc() local
173 type = (unsigned long)index_key->type; in hash_key_type_and_desc()
174 acc = mult_64x32_and_fold(type, desc_len + 13); in hash_key_type_and_desc()
203 if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0) in hash_key_type_and_desc()
205 else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0) in hash_key_type_and_desc()
222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key()
282 return (unsigned long)index_key->type; in keyring_get_key_chunk()
314 return key->index_key.type == index_key->type && in keyring_compare_object()
351 seg_a = (unsigned long)a->type; in keyring_diff_objects()
[all …]
|
| D | request_key.c | 241 if (key->type->request_key) in construct_key()
242 actor = key->type->request_key; in construct_key()
379 ctx->index_key.type->name, ctx->index_key.description); in construct_alloc_key()
386 if (ctx->index_key.type->read) in construct_alloc_key()
388 if (ctx->index_key.type == &key_type_keyring || in construct_alloc_key()
389 ctx->index_key.type->update) in construct_alloc_key()
392 key = key_alloc(ctx->index_key.type, ctx->index_key.description, in construct_alloc_key()
486 if (ctx->index_key.type == &key_type_keyring) in construct_key_and_link()
558 struct key *request_key_and_link(struct key_type *type, in request_key_and_link() argument
568 .index_key.type = type, in request_key_and_link()
[all …]
|
| D | gc.c | 135 if (state == KEY_IS_POSITIVE && key->type->destroy) in key_gc_unused_keys()
136 key->type->destroy(key); in key_gc_unused_keys()
220 if (key->type == key_gc_dead_keytype) { in key_garbage_collector()
225 } else if (key->type == &key_type_keyring && in key_garbage_collector()
240 if (key->type == key_gc_dead_keytype) in key_garbage_collector()
245 if (key->type == &key_type_keyring) in key_garbage_collector()
250 if (key->type == key_gc_dead_keytype) in key_garbage_collector()
358 key->type = &key_type_dead; in key_garbage_collector()
|
| D | keyctl_pkey.c | 103 if (!params->key->type->asym_query) in keyctl_pkey_params_get()
132 ret = params->key->type->asym_query(params, &info); in keyctl_pkey_params_get_2()
175 ret = params.key->type->asym_query(¶ms, &res); in keyctl_pkey_query()
221 if (!params.key->type->asym_eds_op) in keyctl_pkey_e_d_s()
249 ret = params.key->type->asym_eds_op(¶ms, in, out); in keyctl_pkey_e_d_s()
297 if (!params.key->type->asym_verify_signature) in keyctl_pkey_verify()
313 ret = params.key->type->asym_verify_signature(¶ms, in, in2); in keyctl_pkey_verify()
|
| D | keyctl.c | 43 static int key_get_type_from_user(char *type, in key_get_type_from_user() argument
49 ret = strncpy_from_user(type, _type, len); in key_get_type_from_user()
54 if (type[0] == '.') in key_get_type_from_user()
56 type[len - 1] = '\0'; in key_get_type_from_user()
79 char type[32], *description; in SYSCALL_DEFINE5() local
88 ret = key_get_type_from_user(type, _type, sizeof(type)); in SYSCALL_DEFINE5()
103 (strncmp(type, "keyring", 7) == 0)) { in SYSCALL_DEFINE5()
132 key_ref = key_create_or_update(keyring_ref, type, description, in SYSCALL_DEFINE5()
177 char type[32], *description, *callout_info; in SYSCALL_DEFINE4() local
181 ret = key_get_type_from_user(type, _type, sizeof(type)); in SYSCALL_DEFINE4()
[all …]
|
| /security/ |
| D | device_cgroup.c | 34 short type; member
97 if (walk->type != ex->type) in dev_exception_add()
125 if (walk->type != ex->type) in dev_exception_rm()
248 static char type_to_char(short type) in type_to_char() argument
250 if (type == DEVCG_DEV_ALL) in type_to_char()
252 if (type == DEVCG_DEV_CHAR) in type_to_char()
254 if (type == DEVCG_DEV_BLOCK) in type_to_char()
291 seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type), in devcgroup_seq_show()
313 static bool match_exception(struct list_head *exceptions, short type, in match_exception() argument
319 if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK)) in match_exception()
[all …]
|
| /security/integrity/evm/ |
| D | evm_crypto.c | 74 static struct shash_desc *init_desc(char type, uint8_t hash_algo) in init_desc() argument
81 if (type == EVM_XATTR_HMAC) { in init_desc()
108 if (type == EVM_XATTR_HMAC) { in init_desc()
143 char type, char *digest) in hmac_add_misc() argument
157 if (type != EVM_XATTR_PORTABLE_DIGSIG) { in hmac_add_misc()
174 type != EVM_XATTR_PORTABLE_DIGSIG) in hmac_add_misc()
190 uint8_t type, struct evm_digest *data) in evm_calc_hmac_or_hash() argument
205 desc = init_desc(type, data->hdr.algo); in evm_calc_hmac_or_hash()
242 hmac_add_misc(desc, inode, type, data->digest); in evm_calc_hmac_or_hash()
245 if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) in evm_calc_hmac_or_hash()
[all …]
|
| /security/apparmor/include/ |
| D | audit.h | 109 int type; member
134 int type, protocol; member
148 const char *type; member
163 .type = (T), \
168 void aa_audit_msg(int type, struct common_audit_data *sa,
170 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
|
| /security/integrity/ |
| D | integrity.h | 77 u8 type; member
95 u8 type; member
98 u8 type; member
110 uint8_t type; /* xattr type */ member
236 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
238 return audit_log_start(ctx, gfp_mask, type); in integrity_audit_log_start()
250 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
|
| /security/integrity/ima/ |
| D | ima_appraise.c | 68 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST; in ima_fix_xattr()
71 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG; in ima_fix_xattr()
160 switch (xattr_value->type) { in ima_get_hash_algo()
215 switch (xattr_value->type) { in xattr_verify()
227 if (xattr_len - sizeof(xattr_value->type) - hash_start >= in xattr_verify()
379 (!xattr_value || xattr_value->type == IMA_XATTR_DIGEST_NG || in ima_appraise_measurement()
401 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { in ima_appraise_measurement()
408 xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG) { in ima_appraise_measurement()
520 if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) in ima_inode_setxattr()
523 xvalue->type == EVM_IMA_XATTR_DIGSIG); in ima_inode_setxattr()
|
| /security/selinux/ss/ |
| D | context.h | 30 u32 type; member
125 dst->type = src->type; in context_cpy()
146 c->user = c->role = c->type = c->hash = 0; in context_destroy()
163 (c1->type == c2->type) && in context_cmp()
|
| D | services.c | 301 val1 = scontext->type; in constraint_expr_eval()
302 val2 = tcontext->type; in constraint_expr_eval()
409 val1 = c->type; in constraint_expr_eval()
545 source = policydb->type_val_to_struct[scontext->type - 1]; in type_attribute_bounds_av()
551 target = policydb->type_val_to_struct[tcontext->type - 1]; in type_attribute_bounds_av()
557 lo_scontext.type = source->bounds; in type_attribute_bounds_av()
561 lo_tcontext.type = target->bounds; in type_attribute_bounds_av()
651 sattr = &policydb->type_attr_map_array[scontext->type - 1]; in context_struct_compute_av()
652 tattr = &policydb->type_attr_map_array[tcontext->type - 1]; in context_struct_compute_av()
859 struct type_datum *type; in security_bounded_transition() local
[all …]
|