| /security/tomoyo/ |
| D | audit.c | 118 static inline const char *tomoyo_filetype(const umode_t mode) in tomoyo_filetype() argument
120 switch (mode & S_IFMT) { in tomoyo_filetype()
168 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], in tomoyo_print_header()
188 umode_t mode; in tomoyo_print_header() local
194 mode = stat->mode; in tomoyo_print_header()
203 stat->mode & S_IALLUGO); in tomoyo_print_header()
213 mode & S_IALLUGO, tomoyo_filetype(mode)); in tomoyo_print_header()
214 if (S_ISCHR(mode) || S_ISBLK(mode)) { in tomoyo_print_header()
332 u8 mode; in tomoyo_get_audit() local
345 mode = p->config[index]; in tomoyo_get_audit()
[all …]
|
| D | file.c | 201 r->param.mkdev.mode, r->param.mkdev.major, in tomoyo_audit_mkdev_log()
323 tomoyo_compare_number_union(r->param.mkdev.mode, in tomoyo_check_mkdev_acl()
324 &acl->mode) && in tomoyo_check_mkdev_acl()
420 tomoyo_same_number_union(&p1->mode, &p2->mode) && in tomoyo_same_mkdev_acl()
472 !tomoyo_parse_number_union(param, &e.mode) || in tomoyo_update_mkdev_acl()
481 tomoyo_put_number_union(&e.mode); in tomoyo_update_mkdev_acl()
579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
580 if (r->mode == TOMOYO_CONFIG_DISABLED) in tomoyo_path_permission()
611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
618 if (r->mode != TOMOYO_CONFIG_DISABLED) in tomoyo_execute_permission()
[all …]
|
| D | tomoyo.c | 163 umode_t mode) in tomoyo_path_mkdir() argument
168 mode & S_IALLUGO); in tomoyo_path_mkdir()
214 umode_t mode, unsigned int dev) in tomoyo_path_mknod() argument
218 const unsigned int perm = mode & S_IALLUGO; in tomoyo_path_mknod()
220 switch (mode & S_IFMT) { in tomoyo_path_mknod()
232 switch (mode & S_IFMT) { in tomoyo_path_mknod()
340 static int tomoyo_path_chmod(const struct path *path, umode_t mode) in tomoyo_path_chmod() argument
343 mode & S_IALLUGO); in tomoyo_path_chmod()
|
| D | util.c | 990 u8 mode; in tomoyo_get_mode() local
996 mode = p->config[index]; in tomoyo_get_mode()
997 if (mode == TOMOYO_CONFIG_USE_DEFAULT) in tomoyo_get_mode()
998 mode = p->config[tomoyo_index2category[index] in tomoyo_get_mode()
1000 if (mode == TOMOYO_CONFIG_USE_DEFAULT) in tomoyo_get_mode()
1001 mode = p->default_config; in tomoyo_get_mode()
1002 return mode & 3; in tomoyo_get_mode()
1026 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1027 return r->mode; in tomoyo_init_request_info()
1045 if (r->mode != TOMOYO_CONFIG_LEARNING) in tomoyo_domain_quota_is_ok()
|
| D | Kconfig | 19 int "Default maximal count for learning mode"
25 that are automatically appended into policy at "learning mode".
27 such programs in "learning mode" dulls the system response
55 enforcing mode from the beginning, you can reduce the possibility of
|
| D | securityfs_if.c | 223 static void __init tomoyo_create_entry(const char *name, const umode_t mode, in tomoyo_create_entry() argument
226 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, in tomoyo_create_entry()
|
| D | common.h | 449 unsigned int mode; member
499 u8 mode; /* One of tomoyo_mode_index . */ member
571 umode_t mode; member
732 struct tomoyo_number_union mode; member
983 const unsigned int mode, unsigned int dev);
|
| D | domain.c | 631 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
633 if (!r->mode || !envp_count) in tomoyo_environ()
687 if (r->mode != TOMOYO_CONFIG_ENFORCING) in tomoyo_environ()
855 } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) in tomoyo_find_next_domain()
|
| D | common.c | 632 u8 mode; in tomoyo_set_mode() local
634 for (mode = 0; mode < 4; mode++) in tomoyo_set_mode()
635 if (strstr(value, tomoyo_mode[mode])) in tomoyo_set_mode()
640 config = (config & ~7) | mode; in tomoyo_set_mode()
1498 tomoyo_print_number_union(head, &ptr->mode); in tomoyo_print_entry()
2078 if (r->mode) in tomoyo_supervisor()
2079 tomoyo_update_stat(r->mode); in tomoyo_supervisor()
2080 switch (r->mode) { in tomoyo_supervisor()
|
| /security/keys/ |
| D | sysctl.c | 17 .mode = 0644,
26 .mode = 0644,
35 .mode = 0644,
44 .mode = 0644,
53 .mode = 0644,
63 .mode = 0644,
|
| /security/ |
| D | inode.c | 107 static struct dentry *securityfs_create_dentry(const char *name, umode_t mode, in securityfs_create_dentry() argument
116 if (!(mode & S_IFMT)) in securityfs_create_dentry()
117 mode = (mode & S_IALLUGO) | S_IFREG; in securityfs_create_dentry()
147 inode->i_mode = mode; in securityfs_create_dentry()
150 if (S_ISDIR(mode)) { in securityfs_create_dentry()
155 } else if (S_ISLNK(mode)) { in securityfs_create_dentry()
200 struct dentry *securityfs_create_file(const char *name, umode_t mode, in securityfs_create_file() argument
204 return securityfs_create_dentry(name, mode, parent, data, fops, NULL); in securityfs_create_file()
|
| D | security.c | 715 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) in security_ptrace_access_check() argument
717 return call_int_hook(ptrace_access_check, 0, child, mode); in security_ptrace_access_check()
988 int security_dentry_init_security(struct dentry *dentry, int mode, in security_dentry_init_security() argument
992 return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, in security_dentry_init_security()
997 int security_dentry_create_files_as(struct dentry *dentry, int mode, in security_dentry_create_files_as() argument
1001 return call_int_hook(dentry_create_files_as, 0, dentry, mode, in security_dentry_create_files_as()
1061 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, in security_path_mknod() argument
1066 return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); in security_path_mknod()
1070 int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) in security_path_mkdir() argument
1074 return call_int_hook(path_mkdir, 0, dir, dentry, mode); in security_path_mkdir()
[all …]
|
| /security/apparmor/include/ |
| D | apparmorfs.h | 29 umode_t mode; member
43 { .name = (_name), .mode = 0444, \
47 { .name = (_name), .mode = 0444, \
51 { .name = (_name), .mode = 0444, \
56 .mode = (_mode), .file_ops = (_fops) }
|
| D | policy.h | 43 ((_profile)->mode == (_mode)))
140 long mode; member
201 #define profile_unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
|
| /security/smack/ |
| D | Kconfig | 21 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule with the "b" mode a
25 of access initially with the bringup mode set on the
31 "permissive" mode of other systems.
|
| D | smack_access.c | 219 u32 mode, struct smk_audit_info *a) in smk_tskacc() argument
228 rc = smk_access(sbj_known, obj_known, mode, NULL); in smk_tskacc()
239 if ((mode & may) == mode) in smk_tskacc()
254 mode, rc, a); in smk_tskacc()
271 u32 mode, struct smk_audit_info *a) in smk_curacc() argument
275 return smk_tskacc(tsp, obj_known, mode, a); in smk_curacc()
|
| D | smack_lsm.c | 94 static void smk_bu_mode(int mode, char *s) in smk_bu_mode() argument
98 if (mode & MAY_READ) in smk_bu_mode()
100 if (mode & MAY_WRITE) in smk_bu_mode()
102 if (mode & MAY_EXEC) in smk_bu_mode()
104 if (mode & MAY_APPEND) in smk_bu_mode()
106 if (mode & MAY_TRANSMUTE) in smk_bu_mode()
108 if (mode & MAY_LOCK) in smk_bu_mode()
118 struct smack_known *oskp, int mode, int rc) in smk_bu_note() argument
127 smk_bu_mode(mode, acc); in smk_bu_note()
133 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) argument
[all …]
|
| /security/lockdown/ |
| D | Kconfig | 20 prompt "Kernel default lockdown mode"
36 The kernel runs in integrity mode by default. Features that allow
42 The kernel runs in confidentiality mode by default. Features that
|
| /security/yama/ |
| D | yama_lsm.c | 355 unsigned int mode) in yama_ptrace_access_check() argument
360 if (mode & PTRACE_MODE_ATTACH) { in yama_ptrace_access_check()
388 if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) in yama_ptrace_access_check()
461 .mode = 0644,
|
| /security/apparmor/ |
| D | lsm.c | 116 unsigned int mode) in apparmor_ptrace_access_check() argument
124 (mode & PTRACE_MODE_READ) ? AA_PTRACE_READ in apparmor_ptrace_access_check()
275 cond.mode = inode->i_mode; in common_perm_rm()
291 struct dentry *dentry, u32 mask, umode_t mode) in common_perm_create() argument
293 struct path_cond cond = { current_fsuid(), mode }; in common_perm_create()
307 umode_t mode) in apparmor_path_mkdir() argument
319 umode_t mode, unsigned int dev) in apparmor_path_mknod() argument
321 return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); in apparmor_path_mknod()
387 static int apparmor_path_chmod(const struct path *path, umode_t mode) in apparmor_path_chmod() argument
1311 module_param_call(mode, param_set_mode, param_get_mode,
[all …]
|
| D | apparmorfs.c | 212 umode_t mode, void *data, char *link, in __aafs_setup_d_inode() argument
225 inode->i_mode = mode; in __aafs_setup_d_inode()
228 if (S_ISDIR(mode)) { in __aafs_setup_d_inode()
233 } else if (S_ISLNK(mode)) { in __aafs_setup_d_inode()
261 static struct dentry *aafs_create(const char *name, umode_t mode, in aafs_create() argument
273 if (!(mode & S_IFMT)) in aafs_create()
274 mode = (mode & S_IALLUGO) | S_IFREG; in aafs_create()
294 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); in aafs_create()
322 static struct dentry *aafs_create_file(const char *name, umode_t mode, in aafs_create_file() argument
326 return aafs_create(name, mode, parent, data, NULL, fops, NULL); in aafs_create_file()
[all …]
|
| D | label.c | 1538 const char *modestr = aa_profile_mode_names[profile->mode]; in aa_profile_snxprint()
1558 int mode = -1, count = 0; in label_modename() local
1569 if (mode == -1) in label_modename()
1570 mode = profile->mode; in label_modename()
1571 else if (mode != profile->mode) in label_modename()
1578 if (mode == -1) in label_modename()
1580 mode = APPARMOR_UNCONFINED; in label_modename()
1582 return aa_profile_mode_names[mode]; in label_modename()
|
| /security/selinux/ |
| D | Kconfig | 58 kernel will start in permissive mode (log everything, deny nothing)
60 can interactively toggle the kernel between enforcing mode and
61 permissive mode (if permitted by the policy) via
|
| /security/integrity/ima/ |
| D | ima_main.c | 119 fmode_t mode = file->f_mode; in ima_rdwr_violation_check() local
122 if (mode & FMODE_WRITE) { in ima_rdwr_violation_check()
154 fmode_t mode = file->f_mode; in ima_check_last_writer() local
157 if (!(mode & FMODE_WRITE)) in ima_check_last_writer()
|
| /security/integrity/evm/ |
| D | evm_crypto.c | 148 umode_t mode; in hmac_add_misc() member
169 hmac_misc.mode = inode->i_mode; in hmac_add_misc()
|