| /security/apparmor/ |
| D | file.c | 61 if (aad(sa)->request & AA_AUDIT_FILE_MASK) { in file_audit_cb()
63 audit_file_mask(ab, aad(sa)->request); in file_audit_cb()
69 if (aad(sa)->request & AA_AUDIT_FILE_MASK) { in file_audit_cb()
102 const char *op, u32 request, const char *name, in aa_audit_file() argument
110 aad(&sa)->request = request; in aa_audit_file()
126 aad(&sa)->request &= mask; in aa_audit_file()
128 if (likely(!aad(&sa)->request)) in aa_audit_file()
133 aad(&sa)->request = aad(&sa)->request & ~perms->allow; in aa_audit_file()
134 AA_BUG(!aad(&sa)->request); in aa_audit_file()
136 if (aad(&sa)->request & perms->kill) in aa_audit_file()
[all …]
|
| D | ipc.c | 49 if (aad(sa)->request & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
51 audit_ptrace_mask(ab, aad(sa)->request); in audit_ptrace_cb()
66 struct aa_label *peer, u32 request, in profile_ptrace_perm() argument
72 aa_profile_match_label(profile, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
75 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); in profile_ptrace_perm()
79 struct aa_label *tracer, u32 request, in profile_tracee_perm() argument
86 return profile_ptrace_perm(tracee, tracer, request, sa); in profile_tracee_perm()
90 struct aa_label *tracee, u32 request, in profile_tracer_perm() argument
97 return profile_ptrace_perm(tracer, tracee, request, sa); in profile_tracer_perm()
105 aad(sa)->request = 0; in profile_tracer_perm()
[all …]
|
| D | net.c | 87 if (aad(sa)->request & NET_PERMS_MASK) { in audit_net_cb()
89 aa_audit_perm_mask(ab, aad(sa)->request, NULL, 0, in audit_net_cb()
107 u32 request, u16 family, int type) in aa_profile_af_perm() argument
129 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); in aa_profile_af_perm()
132 int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family, in aa_af_perm() argument
139 aa_profile_af_perm(profile, &sa, request, family, in aa_af_perm()
143 static int aa_label_sk_perm(struct aa_label *label, const char *op, u32 request, in aa_label_sk_perm() argument
156 aa_profile_af_sk_perm(profile, &sa, request, sk)); in aa_label_sk_perm()
162 int aa_sk_perm(const char *op, u32 request, struct sock *sk) in aa_sk_perm() argument
172 error = aa_label_sk_perm(label, op, request, sk); in aa_sk_perm()
[all …]
|
| D | lib.c | 266 if (aad(sa)->request) { in aa_audit_perms_cb()
268 aa_audit_perm_mask(ab, aad(sa)->request, aa_file_perm_chrs, in aa_audit_perms_cb()
382 int type, u32 request, struct aa_perms *perms) in aa_profile_match_label() argument
390 aa_label_match(profile, label, state, false, request, perms); in aa_profile_match_label()
396 u32 request, int type, u32 *deny, in aa_profile_label_perm() argument
403 aad(sa)->request = request; in aa_profile_label_perm()
405 aa_profile_match_label(profile, &target->label, type, request, &perms); in aa_profile_label_perm()
407 *deny |= request & perms.deny; in aa_profile_label_perm()
408 return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb); in aa_profile_label_perm()
430 u32 request, struct common_audit_data *sa, in aa_check_perms() argument
[all …]
|
| D | domain.c | 134 unsigned int state, bool subns, u32 request, in label_compound_match() argument
166 if ((perms->allow & request) != request) in label_compound_match()
194 unsigned int start, bool subns, u32 request, in label_components_match() argument
231 if ((perms->allow & request) != request) in label_components_match()
254 bool stack, unsigned int state, bool subns, u32 request, in label_match() argument
261 request, perms); in label_match()
267 request, perms); in label_match()
288 u32 request, unsigned int start, in change_profile_perms() argument
298 return label_match(profile, target, stack, start, true, request, perms); in change_profile_perms()
1282 u32 request, struct aa_perms *perms) in change_profile_perms_wrapper() argument
[all …]
|
| D | mount.c | 133 unsigned long flags, const void *data, u32 request, in audit_mount() argument
146 request &= mask; in audit_mount()
148 if (likely(!request)) in audit_mount()
153 request = request & ~perms->allow; in audit_mount()
155 if (request & perms->kill) in audit_mount()
159 if ((request & perms->quiet) && in audit_mount()
162 request &= ~perms->quiet; in audit_mount()
164 if (!request) in audit_mount()
|
| D | lsm.c | 922 static int aa_sock_msg_perm(const char *op, u32 request, struct socket *sock, in aa_sock_msg_perm() argument
931 msg_perm(op, request, sock, msg, size), in aa_sock_msg_perm()
932 aa_sk_perm(op, request, sock->sk)); in aa_sock_msg_perm()
954 static int aa_sock_perm(const char *op, u32 request, struct socket *sock) in aa_sock_perm() argument
961 sock_perm(op, request, sock), in aa_sock_perm()
962 aa_sk_perm(op, request, sock->sk)); in aa_sock_perm()
982 static int aa_sock_opt_perm(const char *op, u32 request, struct socket *sock, in aa_sock_opt_perm() argument
990 opt_perm(op, request, sock, level, optname), in aa_sock_opt_perm()
991 aa_sk_perm(op, request, sock->sk)); in aa_sock_opt_perm()
|
| D | label.c | 1308 unsigned int state, bool subns, u32 request, in label_compound_match() argument
1339 if ((perms->allow & request) != request) in label_compound_match()
1366 bool subns, u32 request, in label_components_match() argument
1402 if ((perms->allow & request) != request) in label_components_match()
1424 unsigned int state, bool subns, u32 request, in aa_label_match() argument
1427 int error = label_compound_match(profile, label, state, subns, request, in aa_label_match()
1433 return label_components_match(profile, label, state, subns, request, in aa_label_match()
|
| /security/apparmor/include/ |
| D | net.h | 93 u32 request, u16 family, int type);
94 int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
98 u32 request, in aa_profile_af_sk_perm() argument
101 return aa_profile_af_perm(profile, sa, request, sk->sk_family, in aa_profile_af_sk_perm()
104 int aa_sk_perm(const char *op, u32 request, struct sock *sk);
106 int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
109 int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
|
| D | file.h | 160 const char *op, u32 request, const char *name,
190 const char *name, u32 request, struct path_cond *cond,
193 const struct path *path, int flags, u32 request,
200 u32 request);
|
| D | perms.h | 149 int type, u32 request, struct aa_perms *perms);
151 u32 request, int type, u32 *deny,
154 u32 request, struct common_audit_data *sa,
|
| D | ipc.h | 33 u32 request);
|
| D | audit.h | 114 u32 request; member
|
| D | label.h | 361 unsigned int state, bool subns, u32 request,
|
| /security/smack/ |
| D | smack_access.c | 116 int request, struct smk_audit_info *a) in smk_access() argument
153 if ((request & MAY_ANYREAD) == request || in smk_access()
154 (request & MAY_LOCK) == request) { in smk_access()
172 if (may <= 0 || (request & may) != request) { in smk_access()
200 request, rc, a); in smk_access()
322 if (sad->request[0] == '\0') in smack_log_callback()
325 audit_log_format(ab, " requested=%s", sad->request); in smack_log_callback()
339 void smack_log(char *subject_label, char *object_label, int request, in smack_log() argument
362 smack_str_from_perm(request_buffer, request); in smack_log()
380 sad->request = request_buffer; in smack_log()
[all …]
|
| D | smack.h | 278 char *request; member
436 int request,
|
| D | smack_lsm.c | 4281 int request = 0; in smack_key_permission() local
4314 request |= MAY_READ; in smack_key_permission()
4316 request |= MAY_WRITE; in smack_key_permission()
4317 rc = smk_access(tkp, keyp->security, request, &ad); in smack_key_permission()
4318 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); in smack_key_permission()
|
| /security/keys/ |
| D | Kconfig | 38 wants to request a key that is likely the same as the one requested
42 filesystem in which each method needs to request an authentication
|