| /security/tomoyo/ |
| D | mount.c | 35 r->param.mount.type->name, in tomoyo_audit_mount_log()
55 tomoyo_compare_name_union(r->param.mount.type, in tomoyo_check_mount_acl()
79 const struct path *dir, const char *type, in tomoyo_mount_acl() argument
97 requested_type = tomoyo_encode(type); in tomoyo_mount_acl()
114 if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) { in tomoyo_mount_acl()
116 } else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] || in tomoyo_mount_acl()
117 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] || in tomoyo_mount_acl()
118 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] || in tomoyo_mount_acl()
119 type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) { in tomoyo_mount_acl()
121 } else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] || in tomoyo_mount_acl()
[all …]
|
| D | network.c | 284 struct tomoyo_inet_acl e = { .head.type = TOMOYO_TYPE_INET_ACL }; in tomoyo_write_inet_network()
286 u8 type; in tomoyo_write_inet_network() local
293 for (type = 0; type < TOMOYO_MAX_NETWORK_OPERATION; type++) in tomoyo_write_inet_network()
294 if (tomoyo_permstr(operation, tomoyo_socket_keyword[type])) in tomoyo_write_inet_network()
295 e.perm |= 1 << type; in tomoyo_write_inet_network()
329 struct tomoyo_unix_acl e = { .head.type = TOMOYO_TYPE_UNIX_ACL }; in tomoyo_write_unix_network()
331 u8 type; in tomoyo_write_unix_network() local
338 for (type = 0; type < TOMOYO_MAX_NETWORK_OPERATION; type++) in tomoyo_write_unix_network()
339 if (tomoyo_permstr(operation, tomoyo_socket_keyword[type])) in tomoyo_write_unix_network()
340 e.perm |= 1 << type; in tomoyo_write_unix_network()
[all …]
|
| D | file.c | 214 const u8 type = r->param.path_number.operation; in tomoyo_audit_path_number_log() local
218 switch (type) { in tomoyo_audit_path_number_log()
236 [tomoyo_pn2mac[type]], in tomoyo_audit_path_number_log()
390 .head.type = TOMOYO_TYPE_PATH_ACL, in tomoyo_update_path_acl()
466 .head.type = TOMOYO_TYPE_MKDEV_ACL, in tomoyo_update_mkdev_acl()
545 .head.type = TOMOYO_TYPE_PATH2_ACL, in tomoyo_update_path2_acl()
578 r->type = tomoyo_p2mac[operation]; in tomoyo_path_permission()
579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
610 r->type = TOMOYO_MAC_FILE_EXECUTE; in tomoyo_execute_permission()
611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
[all …]
|
| D | domain.c | 76 return a->type == b->type && a->cond == b->cond; in tomoyo_same_acl_head()
116 !(new_entry->type == TOMOYO_TYPE_PATH_ACL && in tomoyo_update_domain()
173 if (ptr->is_deleted || ptr->type != r->param_type) in tomoyo_check_acl()
229 return p1->type == p2->type && p1->is_last_name == p2->is_last_name in tomoyo_same_transition_control()
243 const u8 type) in tomoyo_write_transition_control() argument
245 struct tomoyo_transition_control e = { .type = type }; in tomoyo_write_transition_control()
253 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP || in tomoyo_write_transition_control()
254 type == TOMOYO_TRANSITION_CONTROL_KEEP) { in tomoyo_write_transition_control()
300 const enum tomoyo_transition_type type) in tomoyo_scan_transition() argument
306 if (ptr->head.is_deleted || ptr->type != type) in tomoyo_scan_transition()
[all …]
|
| D | util.c | 227 const unsigned long value, const u8 type) in tomoyo_print_ulong() argument
229 if (type == TOMOYO_VALUE_TYPE_DECIMAL) in tomoyo_print_ulong()
231 else if (type == TOMOYO_VALUE_TYPE_OCTAL) in tomoyo_print_ulong()
233 else if (type == TOMOYO_VALUE_TYPE_HEXADECIMAL) in tomoyo_print_ulong()
236 snprintf(buffer, buffer_len, "type(%u)", type); in tomoyo_print_ulong()
276 u8 type; in tomoyo_parse_number_union() local
286 type = tomoyo_parse_ulong(&v, &data); in tomoyo_parse_number_union()
287 if (type == TOMOYO_VALUE_TYPE_INVALID) in tomoyo_parse_number_union()
290 ptr->value_type[0] = type; in tomoyo_parse_number_union()
293 ptr->value_type[1] = type; in tomoyo_parse_number_union()
[all …]
|
| D | tomoyo.c | 217 int type = TOMOYO_TYPE_CREATE; in tomoyo_path_mknod() local
222 type = TOMOYO_TYPE_MKCHAR; in tomoyo_path_mknod()
225 type = TOMOYO_TYPE_MKBLOCK; in tomoyo_path_mknod()
230 return tomoyo_mkdev_perm(type, &path, perm, dev); in tomoyo_path_mknod()
234 type = TOMOYO_TYPE_MKFIFO; in tomoyo_path_mknod()
237 type = TOMOYO_TYPE_MKSOCK; in tomoyo_path_mknod()
240 return tomoyo_path_number_perm(type, &path, perm); in tomoyo_path_mknod()
392 const char *type, unsigned long flags, void *data) in tomoyo_sb_mount() argument
394 return tomoyo_mount_permission(dev_name, path, type, flags, data); in tomoyo_sb_mount()
|
| /security/apparmor/ |
| D | audit.c | 61 aa_audit_type[aad(sa)->type]); in audit_pre()
105 void aa_audit_msg(int type, struct common_audit_data *sa, in aa_audit_msg() argument
108 aad(sa)->type = type; in aa_audit_msg()
123 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, in aa_audit() argument
128 if (type == AUDIT_APPARMOR_AUTO) { in aa_audit()
132 type = AUDIT_APPARMOR_AUDIT; in aa_audit()
134 type = AUDIT_APPARMOR_ALLOWED; in aa_audit()
136 type = AUDIT_APPARMOR_DENIED; in aa_audit()
139 (type == AUDIT_APPARMOR_DENIED && in aa_audit()
143 if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) in aa_audit()
[all …]
|
| D | net.c | 81 if (sock_type_names[aad(sa)->net.type]) in audit_net_cb()
83 sock_type_names[aad(sa)->net.type]); in audit_net_cb()
86 aad(sa)->net.type); in audit_net_cb()
109 u32 request, u16 family, int type) in aa_profile_af_perm() argument
116 AA_BUG(type < 0 || type >= SOCK_MAX); in aa_profile_af_perm()
125 buffer[1] = cpu_to_be16((u16) type); in aa_profile_af_perm()
135 int type, int protocol) in aa_af_perm() argument
138 DEFINE_AUDIT_NET(sa, op, NULL, family, type, protocol); in aa_af_perm()
142 type)); in aa_af_perm()
|
| D | mount.c | 90 if (aad(sa)->mnt.type) { in audit_cb()
92 audit_log_untrustedstring(ab, aad(sa)->mnt.type); in audit_cb()
132 const char *type, const char *trans, in audit_mount() argument
170 aad(&sa)->mnt.type = type; in audit_mount()
242 const char *type, unsigned long flags, in do_match_mnt() argument
261 if (type) in do_match_mnt()
262 state = aa_dfa_match(dfa, state, type); in do_match_mnt()
318 const char *devname, const char *type, in match_mnt_path_str() argument
347 mntpnt, devname, type, flags, data, binary, &perms); in match_mnt_path_str()
355 return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL, in match_mnt_path_str()
[all …]
|
| D | lib.c | 382 int type, u32 request, struct aa_perms *perms) in aa_profile_match_label() argument
389 type); in aa_profile_match_label()
396 u32 request, int type, u32 *deny, in aa_profile_label_perm() argument
405 aa_profile_match_label(profile, &target->label, type, request, &perms); in aa_profile_label_perm()
433 int type, error; in aa_check_perms() local
442 type = AUDIT_APPARMOR_AUDIT; in aa_check_perms()
448 type = AUDIT_APPARMOR_KILL; in aa_check_perms()
450 type = AUDIT_APPARMOR_ALLOWED; in aa_check_perms()
452 type = AUDIT_APPARMOR_DENIED; in aa_check_perms()
467 aa_audit_msg(type, sa, cb); in aa_check_perms()
[all …]
|
| D | capability.c | 68 int type = AUDIT_APPARMOR_AUTO; in audit_caps() local
77 type = AUDIT_APPARMOR_AUDIT; in audit_caps()
80 type = AUDIT_APPARMOR_KILL; in audit_caps()
102 return aa_audit(type, profile, sa, audit_cb); in audit_caps()
|
| /security/ |
| D | device_cgroup.c | 36 short type; member
110 if (walk->type != ex->type) in dev_exception_add()
138 if (walk->type != ex->type) in dev_exception_rm()
261 static char type_to_char(short type) in type_to_char() argument
263 if (type == DEVCG_DEV_ALL) in type_to_char()
265 if (type == DEVCG_DEV_CHAR) in type_to_char()
267 if (type == DEVCG_DEV_BLOCK) in type_to_char()
304 seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type), in devcgroup_seq_show()
326 static bool match_exception(struct list_head *exceptions, short type, in match_exception() argument
332 if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK)) in match_exception()
[all …]
|
| /security/keys/ |
| D | key.c | 225 struct key *key_alloc(struct key_type *type, const char *desc, in key_alloc() argument
239 if (type->vet_description) { in key_alloc()
240 ret = type->vet_description(desc); in key_alloc()
248 quotalen = desclen + 1 + type->def_datalen; in key_alloc()
285 key->index_key.type = type; in key_alloc()
290 lockdep_set_class(&key->sem, &type->lock_class); in key_alloc()
293 key->datalen = type->def_datalen; in key_alloc()
444 ret = key->type->instantiate(key, prep); in __key_instantiate_and_link()
509 prep.quotalen = key->type->def_datalen; in key_instantiate_and_link()
511 if (key->type->preparse) { in key_instantiate_and_link()
[all …]
|
| D | keyring.c | 47 if (key->type == &key_type_keyring) in keyring_key_to_ptr()
168 unsigned long hash, type; in hash_key_type_and_desc() local
173 type = (unsigned long)index_key->type; in hash_key_type_and_desc()
174 acc = mult_64x32_and_fold(type, desc_len + 13); in hash_key_type_and_desc()
203 if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0) in hash_key_type_and_desc()
205 else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0) in hash_key_type_and_desc()
222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key()
282 return (unsigned long)index_key->type; in keyring_get_key_chunk()
314 return key->index_key.type == index_key->type && in keyring_compare_object()
351 seg_a = (unsigned long)a->type; in keyring_diff_objects()
[all …]
|
| D | request_key.c | 244 if (key->type->request_key) in construct_key()
245 actor = key->type->request_key; in construct_key()
382 ctx->index_key.type->name, ctx->index_key.description); in construct_alloc_key()
389 if (ctx->index_key.type->read) in construct_alloc_key()
391 if (ctx->index_key.type == &key_type_keyring || in construct_alloc_key()
392 ctx->index_key.type->update) in construct_alloc_key()
395 key = key_alloc(ctx->index_key.type, ctx->index_key.description, in construct_alloc_key()
502 if (ctx->index_key.type == &key_type_keyring) in construct_key_and_link()
574 struct key *request_key_and_link(struct key_type *type, in request_key_and_link() argument
584 .index_key.type = type, in request_key_and_link()
[all …]
|
| D | gc.c | 76 if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) in key_set_expiry()
153 if (state == KEY_IS_POSITIVE && key->type->destroy) in key_gc_unused_keys()
154 key->type->destroy(key); in key_gc_unused_keys()
233 if (key->type == key_gc_dead_keytype) { in key_garbage_collector()
238 } else if (key->type == &key_type_keyring && in key_garbage_collector()
246 if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) in key_garbage_collector()
256 if (key->type == key_gc_dead_keytype) in key_garbage_collector()
261 if (key->type == &key_type_keyring) in key_garbage_collector()
266 if (key->type == key_gc_dead_keytype) in key_garbage_collector()
374 key->type = &key_type_dead; in key_garbage_collector()
|
| D | keyctl_pkey.c | 103 if (!params->key->type->asym_query) in keyctl_pkey_params_get()
132 ret = params->key->type->asym_query(params, &info); in keyctl_pkey_params_get_2()
183 ret = params.key->type->asym_query(¶ms, &res); in keyctl_pkey_query()
229 if (!params.key->type->asym_eds_op) in keyctl_pkey_e_d_s()
257 ret = params.key->type->asym_eds_op(¶ms, in, out); in keyctl_pkey_e_d_s()
305 if (!params.key->type->asym_verify_signature) in keyctl_pkey_verify()
321 ret = params.key->type->asym_verify_signature(¶ms, in, in2); in keyctl_pkey_verify()
|
| D | keyctl.c | 45 static int key_get_type_from_user(char *type, in key_get_type_from_user() argument
51 ret = strncpy_from_user(type, _type, len); in key_get_type_from_user()
56 if (type[0] == '.') in key_get_type_from_user()
58 type[len - 1] = '\0'; in key_get_type_from_user()
81 char type[32], *description; in SYSCALL_DEFINE5() local
90 ret = key_get_type_from_user(type, _type, sizeof(type)); in SYSCALL_DEFINE5()
105 (strncmp(type, "keyring", 7) == 0)) { in SYSCALL_DEFINE5()
134 key_ref = key_create_or_update(keyring_ref, type, description, in SYSCALL_DEFINE5()
176 char type[32], *description, *callout_info; in SYSCALL_DEFINE4() local
180 ret = key_get_type_from_user(type, _type, sizeof(type)); in SYSCALL_DEFINE4()
[all …]
|
| /security/integrity/evm/ |
| D | evm_crypto.c | 72 static struct shash_desc *init_desc(char type, uint8_t hash_algo) in init_desc() argument
79 if (type == EVM_XATTR_HMAC) { in init_desc()
107 if (type == EVM_XATTR_HMAC) { in init_desc()
141 char type, char *digest) in hmac_add_misc() argument
155 if (type != EVM_XATTR_PORTABLE_DIGSIG) { in hmac_add_misc()
172 type != EVM_XATTR_PORTABLE_DIGSIG) in hmac_add_misc()
188 uint8_t type, struct evm_digest *data) in evm_calc_hmac_or_hash() argument
203 desc = init_desc(type, data->hdr.algo); in evm_calc_hmac_or_hash()
240 hmac_add_misc(desc, inode, type, data->digest); in evm_calc_hmac_or_hash()
243 if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present) in evm_calc_hmac_or_hash()
[all …]
|
| /security/apparmor/include/ |
| D | audit.h | 109 int type; member
134 int type, protocol; member
148 const char *type; member
163 .type = (T), \
168 void aa_audit_msg(int type, struct common_audit_data *sa,
170 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
|
| /security/safesetid/ |
| D | securityfs.c | 53 if (rule->type == UID){ in parse_policy_line()
58 } else if (rule->type == GID){ in parse_policy_line()
90 if (pol->type == UID) in insert_rule()
92 else if (pol->type == GID) in insert_rule()
106 if (pol->type == UID) { in verify_ruleset()
110 } else if (pol->type == GID) { in verify_ruleset()
124 if (pol->type == UID){ in verify_ruleset()
127 nrule->type = UID; in verify_ruleset()
131 nrule->type = GID; in verify_ruleset()
150 pol->type = policy_type; in handle_policy_update()
[all …]
|
| /security/integrity/ |
| D | integrity.h | 84 u8 type; member
102 u8 type; member
105 u8 type; member
117 uint8_t type; /* xattr type */ member
250 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
252 return audit_log_start(ctx, gfp_mask, type); in integrity_audit_log_start()
272 integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) in integrity_audit_log_start() argument
|
| /security/integrity/ima/ |
| D | ima_appraise.c | 86 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST; in ima_fix_xattr()
89 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG; in ima_fix_xattr()
178 switch (xattr_value->type) { in ima_get_hash_algo()
233 switch (xattr_value->type) { in xattr_verify()
245 if (xattr_len - sizeof(xattr_value->type) - hash_start >= in xattr_verify()
430 (!xattr_value || xattr_value->type == IMA_XATTR_DIGEST_NG || in ima_appraise_measurement()
452 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { in ima_appraise_measurement()
459 xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG) { in ima_appraise_measurement()
571 if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) in ima_inode_setxattr()
574 xvalue->type == EVM_IMA_XATTR_DIGSIG); in ima_inode_setxattr()
|
| /security/selinux/ss/ |
| D | context.h | 30 u32 type; member
156 dst->type = src->type; in context_cpy()
176 c->user = c->role = c->type = 0; in context_destroy()
191 (c1->type == c2->type) && in context_cmp()
|
| D | services.c | 309 val1 = scontext->type; in constraint_expr_eval()
310 val2 = tcontext->type; in constraint_expr_eval()
417 val1 = c->type; in constraint_expr_eval()
553 source = policydb->type_val_to_struct[scontext->type - 1]; in type_attribute_bounds_av()
559 target = policydb->type_val_to_struct[tcontext->type - 1]; in type_attribute_bounds_av()
565 lo_scontext.type = source->bounds; in type_attribute_bounds_av()
569 lo_tcontext.type = target->bounds; in type_attribute_bounds_av()
659 sattr = &policydb->type_attr_map_array[scontext->type - 1]; in context_struct_compute_av()
660 tattr = &policydb->type_attr_map_array[tcontext->type - 1]; in context_struct_compute_av()
874 struct type_datum *type; in security_bounded_transition() local
[all …]
|