Home
last modified time | relevance | path

Searched refs:state (Results 1 – 25 of 33) sorted by relevance

12

/security/selinux/include/
Dsecurity.h121 static inline bool enforcing_enabled(struct selinux_state *state) in enforcing_enabled() argument
123 return state->enforcing; in enforcing_enabled()
126 static inline void enforcing_set(struct selinux_state *state, bool value) in enforcing_set() argument
128 state->enforcing = value; in enforcing_set()
131 static inline bool enforcing_enabled(struct selinux_state *state) in enforcing_enabled() argument
136 static inline void enforcing_set(struct selinux_state *state, bool value) in enforcing_set() argument
143 struct selinux_state *state = &selinux_state; in selinux_policycap_netpeer() local
145 return state->policycap[POLICYDB_CAPABILITY_NETPEER]; in selinux_policycap_netpeer()
150 struct selinux_state *state = &selinux_state; in selinux_policycap_openperm() local
152 return state->policycap[POLICYDB_CAPABILITY_OPENPERM]; in selinux_policycap_openperm()
[all …]
Davc.h55 struct selinux_state *state; member
100 int slow_avc_audit(struct selinux_state *state,
125 static inline int avc_audit(struct selinux_state *state, in avc_audit() argument
140 return slow_avc_audit(state, ssid, tsid, tclass, in avc_audit()
148 int avc_has_perm_noaudit(struct selinux_state *state,
154 int avc_has_perm(struct selinux_state *state,
158 int avc_has_perm_flags(struct selinux_state *state,
164 int avc_has_extended_perms(struct selinux_state *state,
169 u32 avc_policy_seqno(struct selinux_state *state);
Dconditional.h16 int security_get_bools(struct selinux_state *state,
19 int security_set_bools(struct selinux_state *state,
22 int security_get_bool_value(struct selinux_state *state,
/security/apparmor/
Dmatch.c375 #define match_char(state, def, base, next, check, C) \ argument
377 u32 b = (base)[(state)]; \
379 if ((check)[pos] != (state)) { \
380 (state) = (def)[(state)]; \
385 (state) = (next)[pos]; \
412 unsigned int state = start; in aa_dfa_match_len() local
414 if (state == 0) in aa_dfa_match_len()
422 match_char(state, def, base, next, check, in aa_dfa_match_len()
427 match_char(state, def, base, next, check, (u8) *str++); in aa_dfa_match_len()
430 return state; in aa_dfa_match_len()
[all …]
Dmount.c193 static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state, in match_mnt_flags() argument
200 state = aa_dfa_next(dfa, state, i + 1); in match_mnt_flags()
203 return state; in match_mnt_flags()
214 unsigned int state) in compute_mnt_perms() argument
217 .allow = dfa_user_allow(dfa, state), in compute_mnt_perms()
218 .audit = dfa_user_audit(dfa, state), in compute_mnt_perms()
219 .quiet = dfa_user_quiet(dfa, state), in compute_mnt_perms()
220 .xindex = dfa_user_xindex(dfa, state), in compute_mnt_perms()
245 unsigned int state; in do_match_mnt() local
250 state = aa_dfa_match(dfa, start, mntpnt); in do_match_mnt()
[all …]
Ddomain.c99 bool stack, unsigned int state) in match_component() argument
104 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component()
106 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
110 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
111 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component()
112 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
113 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
134 unsigned int state, bool subns, u32 request, in label_compound_match() argument
145 state = match_component(profile, tp, stack, state); in label_compound_match()
146 if (!state) in label_compound_match()
[all …]
Dfile.c224 struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, in aa_compute_fperms() argument
235 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms()
236 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in aa_compute_fperms()
237 perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); in aa_compute_fperms()
238 perms.xindex = dfa_user_xindex(dfa, state); in aa_compute_fperms()
240 perms.allow = map_old_perms(dfa_other_allow(dfa, state)); in aa_compute_fperms()
241 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in aa_compute_fperms()
242 perms.quiet = map_old_perms(dfa_other_quiet(dfa, state)); in aa_compute_fperms()
243 perms.xindex = dfa_other_xindex(dfa, state); in aa_compute_fperms()
248 if (ACCEPT_TABLE(dfa)[state] & 0x80000000) in aa_compute_fperms()
[all …]
Dlib.c325 void aa_compute_perms(struct aa_dfa *dfa, unsigned int state, in aa_compute_perms() argument
329 .allow = dfa_user_allow(dfa, state), in aa_compute_perms()
330 .audit = dfa_user_audit(dfa, state), in aa_compute_perms()
331 .quiet = dfa_user_quiet(dfa, state), in aa_compute_perms()
337 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms()
338 perms->audit |= map_other(dfa_other_audit(dfa, state)); in aa_compute_perms()
339 perms->quiet |= map_other(dfa_other_quiet(dfa, state)); in aa_compute_perms()
385 unsigned int state; in aa_profile_match_label() local
387 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label()
390 aa_label_match(profile, label, state, false, request, perms); in aa_profile_match_label()
Dnet.c110 unsigned int state; in aa_profile_af_perm() local
118 state = PROFILE_MEDIATES(profile, AA_CLASS_NET); in aa_profile_af_perm()
119 if (!state) in aa_profile_af_perm()
124 state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer, in aa_profile_af_perm()
126 aa_compute_perms(profile->policy.dfa, state, &perms); in aa_profile_af_perm()
Dlabel.c1276 unsigned int state) in match_component() argument
1281 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1285 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
1286 state = aa_dfa_match(profile->policy.dfa, state, ns_name); in match_component()
1287 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
1288 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1308 unsigned int state, bool subns, u32 request, in label_compound_match() argument
1318 state = match_component(profile, tp, state); in label_compound_match()
1319 if (!state) in label_compound_match()
1332 state = aa_dfa_match(profile->policy.dfa, state, "//&"); in label_compound_match()
[all …]
Dipc.c192 unsigned int state; in profile_signal_perm() local
200 state = aa_dfa_next(profile->policy.dfa, in profile_signal_perm()
203 aa_label_match(profile, peer, state, false, request, &perms); in profile_signal_perm()
/security/selinux/ss/
Dstatus.c42 struct page *selinux_kernel_status_page(struct selinux_state *state) in selinux_kernel_status_page() argument
47 mutex_lock(&state->ss->status_lock); in selinux_kernel_status_page()
48 if (!state->ss->status_page) { in selinux_kernel_status_page()
49 state->ss->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); in selinux_kernel_status_page()
51 if (state->ss->status_page) { in selinux_kernel_status_page()
52 status = page_address(state->ss->status_page); in selinux_kernel_status_page()
56 status->enforcing = enforcing_enabled(state); in selinux_kernel_status_page()
65 !security_get_allow_unknown(state); in selinux_kernel_status_page()
68 result = state->ss->status_page; in selinux_kernel_status_page()
69 mutex_unlock(&state->ss->status_lock); in selinux_kernel_status_page()
[all …]
Dservices.c244 int security_mls_enabled(struct selinux_state *state) in security_mls_enabled() argument
246 struct policydb *p = &state->ss->policydb; in security_mls_enabled()
718 static int security_validtrans_handle_fail(struct selinux_state *state, in security_validtrans_handle_fail() argument
724 struct policydb *p = &state->ss->policydb; in security_validtrans_handle_fail()
743 if (!enforcing_enabled(state)) in security_validtrans_handle_fail()
748 static int security_compute_validatetrans(struct selinux_state *state, in security_compute_validatetrans() argument
763 if (!state->initialized) in security_compute_validatetrans()
766 read_lock(&state->ss->policy_rwlock); in security_compute_validatetrans()
768 policydb = &state->ss->policydb; in security_compute_validatetrans()
769 sidtab = state->ss->sidtab; in security_compute_validatetrans()
[all …]
Dconditional.c37 s[sp] = p->bool_val_to_struct[cur->bool - 1]->state; in cond_evaluate_expr()
211 if (!(b->state == 0 || b->state == 1)) in bool_isvalid()
233 booldatum->state = le32_to_cpu(buf[1]); in cond_read_bool()
501 buf[1] = cpu_to_le32(booldatum->state); in cond_write_bool()
/security/apparmor/include/
Dfile.h143 #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ argument
144 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
145 #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) argument
146 #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) argument
147 #define dfa_user_xindex(dfa, state) \ argument
148 (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))
150 #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ argument
152 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
153 #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) argument
154 #define dfa_other_quiet(dfa, state) \ argument
[all …]
Dlabel.h336 unsigned int state; in aa_label_strn_split() local
338 state = aa_dfa_matchn_until(stacksplitdfa, DFA_START, str, n, &pos); in aa_label_strn_split()
339 if (!ACCEPT_TABLE(stacksplitdfa)[state]) in aa_label_strn_split()
348 unsigned int state; in aa_label_str_split() local
350 state = aa_dfa_match_until(stacksplitdfa, DFA_START, str, &pos); in aa_label_str_split()
351 if (!ACCEPT_TABLE(stacksplitdfa)[state]) in aa_label_str_split()
361 unsigned int state, bool subns, u32 request,
Dpolicy.h228 unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET); in PROFILE_MEDIATES_AF() local
231 if (!state) in PROFILE_MEDIATES_AF()
233 return aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2); in PROFILE_MEDIATES_AF()
Dmatch.h128 unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
Dperms.h144 void aa_compute_perms(struct aa_dfa *dfa, unsigned int state,
/security/selinux/
Dselinuxfs.c79 struct selinux_state *state; member
93 fsi->state = &selinux_state; in selinux_fs_info_create()
129 enforcing_enabled(fsi->state)); in sel_read_enforce()
139 struct selinux_state *state = fsi->state; in sel_write_enforce() local
161 old_value = enforcing_enabled(state); in sel_write_enforce()
176 enforcing_set(state, new_value); in sel_write_enforce()
178 avc_ss_reset(state->avc, 0); in sel_write_enforce()
180 selinux_status_update_setenforce(state, new_value); in sel_write_enforce()
203 struct selinux_state *state = fsi->state; in sel_read_handle_unknown() local
208 security_get_reject_unknown(state) : in sel_read_handle_unknown()
[all …]
Davc.c414 static inline int avc_xperms_audit(struct selinux_state *state, in avc_xperms_audit() argument
427 return slow_avc_audit(state, ssid, tsid, tclass, requested, in avc_xperms_audit()
710 rc = security_sid_to_context(sad->state, sad->ssid, &scontext, in avc_audit_post_callback()
719 rc = security_sid_to_context(sad->state, sad->tsid, &scontext, in avc_audit_post_callback()
734 rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext, in avc_audit_post_callback()
744 rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext, in avc_audit_post_callback()
756 noinline int slow_avc_audit(struct selinux_state *state, in slow_avc_audit() argument
779 sad.state = state; in slow_avc_audit()
996 struct avc_node *avc_compute_av(struct selinux_state *state, in avc_compute_av() argument
1003 security_compute_av(state, ssid, tsid, tclass, avd, &xp_node->xp); in avc_compute_av()
[all …]
/security/lockdown/
Dlockdown.c148 char *state; in lockdown_write() local
151 state = memdup_user_nul(buf, n); in lockdown_write()
152 if (IS_ERR(state)) in lockdown_write()
153 return PTR_ERR(state); in lockdown_write()
155 len = strlen(state); in lockdown_write()
156 if (len && state[len-1] == '\n') { in lockdown_write()
157 state[len-1] = '\0'; in lockdown_write()
165 if (label && !strcmp(state, label)) in lockdown_write()
169 kfree(state); in lockdown_write()
/security/keys/
Dgc.c127 short state = key->state; in key_gc_unused_keys() local
135 if (state == KEY_IS_POSITIVE && key->type->destroy) in key_gc_unused_keys()
149 if (state != KEY_IS_UNINSTANTIATED) in key_gc_unused_keys()
Dproc.c161 short state; in proc_keys_show() local
220 state = key_read_state(key); in proc_keys_show()
228 state != KEY_IS_UNINSTANTIATED ? 'I' : '-', in proc_keys_show()
233 state < 0 ? 'N' : '-', in proc_keys_show()
/security/smack/
Dsmack_netfilter.c25 const struct nf_hook_state *state) in smack_ipv6_output() argument
43 const struct nf_hook_state *state) in smack_ipv4_output() argument

12