/security/tomoyo/ |
D | mount.c | 36 r->param.mount.flags); in tomoyo_audit_mount_log() 53 return tomoyo_compare_number_union(r->param.mount.flags, in tomoyo_check_mount_acl() 54 &acl->flags) && in tomoyo_check_mount_acl() 80 unsigned long flags) in tomoyo_mount_acl() argument 163 r->param.mount.flags = flags; in tomoyo_mount_acl() 192 const char *type, unsigned long flags, in tomoyo_mount_permission() argument 202 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) in tomoyo_mount_permission() 203 flags &= ~MS_MGC_MSK; in tomoyo_mount_permission() 204 if (flags & MS_REMOUNT) { in tomoyo_mount_permission() 206 flags &= ~MS_REMOUNT; in tomoyo_mount_permission() [all …]
|
/security/apparmor/ |
D | mount.c | 27 static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags) in audit_mnt_flags() argument 29 if (flags & MS_RDONLY) in audit_mnt_flags() 33 if (flags & MS_NOSUID) in audit_mnt_flags() 35 if (flags & MS_NODEV) in audit_mnt_flags() 37 if (flags & MS_NOEXEC) in audit_mnt_flags() 39 if (flags & MS_SYNCHRONOUS) in audit_mnt_flags() 41 if (flags & MS_REMOUNT) in audit_mnt_flags() 43 if (flags & MS_MANDLOCK) in audit_mnt_flags() 45 if (flags & MS_DIRSYNC) in audit_mnt_flags() 47 if (flags & MS_NOATIME) in audit_mnt_flags() [all …]
|
D | label.c | 84 orig->flags |= FLAG_STALE; in __aa_proxy_redirect() 262 int aa_vec_unique(struct aa_profile **vec, int n, int flags) in aa_vec_unique() argument 305 if (flags & VEC_FLAG_TERMINATE) in aa_vec_unique() 350 if (label->flags & FLAG_NS_COUNT) in label_free_switch() 362 if (label->flags & FLAG_IN_TREE) in label_free_rcu() 605 if (label->flags & FLAG_IN_TREE) { in __label_remove() 607 label->flags &= ~FLAG_IN_TREE; in __label_remove() 635 AA_BUG(new->flags & FLAG_IN_TREE); in __label_replace() 640 if (old->flags & FLAG_IN_TREE) { in __label_replace() 642 old->flags &= ~FLAG_IN_TREE; in __label_replace() [all …]
|
D | path.c | 49 int flags, const char *disconnected) in disconnect() argument 53 if (!(flags & PATH_CONNECT_PATH) && in disconnect() 54 !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && in disconnect() 89 int flags, const char *disconnected) in d_namespace_path() argument 94 int isdir = (flags & PATH_IS_DIR) ? 1 : 0; in d_namespace_path() 113 error = disconnect(path, buf, name, flags, in d_namespace_path() 119 if (flags & PATH_CHROOT_REL) { in d_namespace_path() 152 error = disconnect(path, buf, name, flags, disconnected); in d_namespace_path() 161 !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) { in d_namespace_path() 197 int aa_path_name(const struct path *path, int flags, char *buffer, in aa_path_name() argument [all …]
|
D | secid.c | 48 unsigned long flags; in aa_secid_update() local 50 spin_lock_irqsave(&secid_lock, flags); in aa_secid_update() 52 spin_unlock_irqrestore(&secid_lock, flags); in aa_secid_update() 126 unsigned long flags; in aa_alloc_secid() local 130 spin_lock_irqsave(&secid_lock, flags); in aa_alloc_secid() 132 spin_unlock_irqrestore(&secid_lock, flags); in aa_alloc_secid() 151 unsigned long flags; in aa_free_secid() local 153 spin_lock_irqsave(&secid_lock, flags); in aa_free_secid() 155 spin_unlock_irqrestore(&secid_lock, flags); in aa_free_secid()
|
D | file.c | 158 const struct path *path, int flags, char *buffer, in path_name() argument 165 error = aa_path_name(path, flags, buffer, name, &info, in path_name() 269 u32 request, struct path_cond *cond, int flags, in __aa_path_perm() argument 286 struct path_cond *cond, int flags, in profile_path_perm() argument 296 flags | profile->path_flags, buffer, &name, cond, in profile_path_perm() 300 return __aa_path_perm(op, profile, name, request, cond, flags, in profile_path_perm() 316 const struct path *path, int flags, u32 request, in aa_path_perm() argument 324 flags |= PATH_DELEGATE_DELETED | (S_ISDIR(cond->mode) ? PATH_IS_DIR : in aa_path_perm() 331 cond, flags, &perms)); in aa_path_perm() 518 int flags, error; in __file_path_perm() local [all …]
|
D | lsm.c | 503 unsigned long flags, bool in_atomic) in common_mmap() argument 516 if ((prot & PROT_WRITE) && !(flags & MAP_PRIVATE)) in common_mmap() 525 unsigned long prot, unsigned long flags) in apparmor_mmap_file() argument 527 return common_mmap(OP_FMMAP, file, prot, flags, GFP_ATOMIC); in apparmor_mmap_file() 539 const char *type, unsigned long flags, void *data) in apparmor_sb_mount() argument 545 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) in apparmor_sb_mount() 546 flags &= ~MS_MGC_MSK; in apparmor_sb_mount() 548 flags &= ~AA_MS_IGNORE_MASK; in apparmor_sb_mount() 552 if (flags & MS_REMOUNT) in apparmor_sb_mount() 553 error = aa_remount(label, path, flags, data); in apparmor_sb_mount() [all …]
|
D | match.c | 147 static int verify_table_headers(struct table_header **tables, int flags) in verify_table_headers() argument 159 if (ACCEPT1_FLAGS(flags)) { in verify_table_headers() 165 if (ACCEPT2_FLAGS(flags)) { in verify_table_headers() 215 if (!(dfa->flags & YYTH_FLAG_DIFF_ENCODE)) { in verify_dfa() 225 if (!(dfa->flags & YYTH_FLAG_OOB_TRANS)) { in verify_dfa() 306 struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags) in aa_dfa_unpack() argument 331 dfa->flags = ntohs(*(__be16 *) (data + 12)); in aa_dfa_unpack() 332 if (dfa->flags & ~(YYTH_FLAGS)) in aa_dfa_unpack() 359 if (!(table->td_flags & ACCEPT1_FLAGS(flags))) in aa_dfa_unpack() 363 if (!(table->td_flags & ACCEPT2_FLAGS(flags))) in aa_dfa_unpack() [all …]
|
/security/integrity/ima/ |
D | ima_policy.c | 75 unsigned int flags; member 117 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 118 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, 119 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC}, 120 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC}, 121 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 122 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, 123 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, 124 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 125 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC}, [all …]
|
D | ima_appraise.c | 156 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); in ima_cache_flags() 159 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); in ima_cache_flags() 162 iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED); in ima_cache_flags() 166 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); in ima_cache_flags() 170 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED); in ima_cache_flags() 248 if (iint->flags & IMA_DIGSIG_REQUIRED) { in xattr_verify() 352 if (!(iint->flags & IMA_CHECK_BLACKLIST)) in ima_check_blacklist() 355 if (iint->flags & IMA_MODSIG_ALLOWED && modsig) { in ima_check_blacklist() 359 if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) in ima_check_blacklist() 388 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; in ima_appraise_measurement() [all …]
|
D | ima_main.c | 171 (iint->flags & IMA_NEW_FILE)) { in ima_check_last_writer() 172 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); in ima_check_last_writer() 265 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | in process_measurement() 278 iint->flags &= ~IMA_DONE_MASK; in process_measurement() 285 (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { in process_measurement() 290 iint->flags &= ~IMA_DONE_MASK; in process_measurement() 299 iint->flags |= action; in process_measurement() 301 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); in process_measurement() 314 iint->flags |= IMA_HASHED; in process_measurement() 340 if (iint->flags & IMA_MODSIG_ALLOWED) { in process_measurement() [all …]
|
D | ima_api.c | 194 int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; in ima_get_action() local 196 flags &= ima_policy_flag; in ima_get_action() 199 flags, pcr, template_desc, func_data, in ima_get_action() 238 if (iint->flags & IMA_COLLECTED) in ima_collect_measurement() 277 iint->flags |= IMA_COLLECTED; in ima_collect_measurement() 342 iint->flags |= IMA_MEASURED; in ima_store_measurement() 357 if (iint->flags & IMA_AUDITED) in ima_audit_measurement() 380 iint->flags |= IMA_AUDITED; in ima_audit_measurement()
|
/security/apparmor/include/ |
D | mount.h | 29 unsigned long flags, void *data); 32 const char *old_name, unsigned long flags); 36 unsigned long flags); 42 const struct path *path, const char *type, unsigned long flags, 45 int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags);
|
D | file.h | 191 int flags, struct aa_perms *perms); 193 const struct path *path, int flags, u32 request, 218 int flags = file->f_flags; in aa_map_file_to_perms() local 226 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms() 229 if (flags & O_TRUNC) in aa_map_file_to_perms() 231 if (flags & O_CREAT) in aa_map_file_to_perms()
|
D | label.h | 58 int aa_vec_unique(struct aa_profile **vec, int n, int flags); 131 long flags; member 144 #define label_isprofile(X) ((X)->flags & FLAG_PROFILE) 145 #define label_unconfined(X) ((X)->flags & FLAG_UNCONFINED) 147 #define label_is_stale(X) ((X)->flags & FLAG_STALE) 148 #define __label_make_stale(X) ((X)->flags |= FLAG_STALE) 313 struct aa_label *label, int flags); 315 int flags, gfp_t gfp); 317 struct aa_label *label, int flags, gfp_t gfp); 319 struct aa_label *label, int flags, gfp_t gfp); [all …]
|
D | domain.h | 36 int aa_change_hat(const char *hats[], int count, u64 token, int flags); 37 int aa_change_profile(const char *fqname, int flags);
|
/security/selinux/ss/ |
D | sidtab.c | 267 unsigned long flags; in sidtab_context_to_sid() local 278 spin_lock_irqsave(&s->lock, flags); in sidtab_context_to_sid() 353 spin_unlock_irqrestore(&s->lock, flags); in sidtab_context_to_sid() 420 unsigned long flags; in sidtab_convert() local 424 spin_lock_irqsave(&s->lock, flags); in sidtab_convert() 428 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert() 440 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert() 451 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert() 461 spin_lock_irqsave(&s->lock, flags); in sidtab_convert() 463 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert() [all …]
|
/security/keys/ |
D | key.c | 227 key_perm_t perm, unsigned long flags, in key_alloc() argument 257 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { in key_alloc() 264 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) { in key_alloc() 301 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) in key_alloc() 302 key->flags |= 1 << KEY_FLAG_IN_QUOTA; in key_alloc() 303 if (flags & KEY_ALLOC_BUILT_IN) in key_alloc() 304 key->flags |= 1 << KEY_FLAG_BUILTIN; in key_alloc() 305 if (flags & KEY_ALLOC_UID_KEYRING) in key_alloc() 306 key->flags |= 1 << KEY_FLAG_UID_KEYRING; in key_alloc() 307 if (flags & KEY_ALLOC_SET_KEEP) in key_alloc() [all …]
|
D | request_key.c | 29 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | in check_cached_key() 42 if (!(t->flags & PF_KTHREAD)) { in cache_requested_key() 201 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || in call_sbin_request_key() 252 !test_bit(KEY_FLAG_INVALIDATED, &authkey->flags)); in construct_key() 291 &authkey->flags)) in construct_get_dest_keyring() 371 unsigned long flags, in construct_alloc_key() argument 397 perm, flags, NULL); in construct_alloc_key() 401 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); in construct_alloc_key() 494 unsigned long flags) in construct_key_and_link() argument 515 ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key); in construct_key_and_link() [all …]
|
D | permission.c | 104 unsigned long flags = READ_ONCE(key->flags); in key_validate() local 107 if (flags & (1 << KEY_FLAG_INVALIDATED)) in key_validate() 111 if (flags & ((1 << KEY_FLAG_REVOKED) | in key_validate()
|
D | proc.c | 157 unsigned long flags; in proc_keys_show() local 171 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | in proc_keys_show() 225 flags = READ_ONCE(key->flags); in proc_keys_show() 229 showflag(flags, 'R', KEY_FLAG_REVOKED), in proc_keys_show() 230 showflag(flags, 'D', KEY_FLAG_DEAD), in proc_keys_show() 231 showflag(flags, 'Q', KEY_FLAG_IN_QUOTA), in proc_keys_show() 232 showflag(flags, 'U', KEY_FLAG_USER_CONSTRUCT), in proc_keys_show() 234 showflag(flags, 'i', KEY_FLAG_INVALIDATED), in proc_keys_show()
|
D | keyring.c | 222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key() 519 unsigned long flags, in keyring_alloc() argument 527 uid, gid, cred, perm, flags, restrict_link); in keyring_alloc() 578 unsigned long kflags = READ_ONCE(key->flags); in keyring_search_iterator() 590 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator() 601 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) in keyring_search_iterator() 615 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && in keyring_search_iterator() 623 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator() 684 BUG_ON((ctx->flags & STATE_CHECKS) == 0 || in search_nested_keyrings() 685 (ctx->flags & STATE_CHECKS) == STATE_CHECKS); in search_nested_keyrings() [all …]
|
/security/selinux/ |
D | ibpkey.c | 134 unsigned long flags; in sel_ib_pkey_sid_slow() local 136 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow() 140 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow() 164 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow() 208 unsigned long flags; in sel_ib_pkey_flush() local 210 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush() 219 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
|
/security/landlock/ |
D | syscalls.c | 159 const size_t, size, const __u32, flags) in SYSCALL_DEFINE3() argument 171 if (flags) { in SYSCALL_DEFINE3() 172 if ((flags == LANDLOCK_CREATE_RULESET_VERSION) && !attr && in SYSCALL_DEFINE3() 307 const void __user *const, rule_attr, const __u32, flags) in SYSCALL_DEFINE4() argument 318 if (flags) in SYSCALL_DEFINE4() 398 flags) in SYSCALL_DEFINE2() argument 417 if (flags) in SYSCALL_DEFINE2()
|
/security/ |
D | security.c | 174 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { in lsm_allowed() 223 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { in prepare_lsm() 268 if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && in ordered_lsm_parse() 976 const char *type, unsigned long flags, void *data) in security_sb_mount() argument 978 return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); in security_sb_mount() 981 int security_sb_umount(struct vfsmount *mnt, int flags) in security_sb_umount() argument 983 return call_int_hook(sb_umount, 0, mnt, flags); in security_sb_umount() 1193 unsigned int flags) in security_path_rename() argument 1199 if (flags & RENAME_EXCHANGE) { in security_path_rename() 1293 unsigned int flags) in security_inode_rename() argument [all …]
|