Home
last modified time | relevance | path

Searched refs:flags (Results 1 – 25 of 77) sorted by relevance

1234

/security/tomoyo/
Dmount.c36 r->param.mount.flags); in tomoyo_audit_mount_log()
53 return tomoyo_compare_number_union(r->param.mount.flags, in tomoyo_check_mount_acl()
54 &acl->flags) && in tomoyo_check_mount_acl()
80 unsigned long flags) in tomoyo_mount_acl() argument
163 r->param.mount.flags = flags; in tomoyo_mount_acl()
192 const char *type, unsigned long flags, in tomoyo_mount_permission() argument
202 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) in tomoyo_mount_permission()
203 flags &= ~MS_MGC_MSK; in tomoyo_mount_permission()
204 if (flags & MS_REMOUNT) { in tomoyo_mount_permission()
206 flags &= ~MS_REMOUNT; in tomoyo_mount_permission()
[all …]
/security/apparmor/
Dmount.c27 static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags) in audit_mnt_flags() argument
29 if (flags & MS_RDONLY) in audit_mnt_flags()
33 if (flags & MS_NOSUID) in audit_mnt_flags()
35 if (flags & MS_NODEV) in audit_mnt_flags()
37 if (flags & MS_NOEXEC) in audit_mnt_flags()
39 if (flags & MS_SYNCHRONOUS) in audit_mnt_flags()
41 if (flags & MS_REMOUNT) in audit_mnt_flags()
43 if (flags & MS_MANDLOCK) in audit_mnt_flags()
45 if (flags & MS_DIRSYNC) in audit_mnt_flags()
47 if (flags & MS_NOATIME) in audit_mnt_flags()
[all …]
Dlabel.c84 orig->flags |= FLAG_STALE; in __aa_proxy_redirect()
262 int aa_vec_unique(struct aa_profile **vec, int n, int flags) in aa_vec_unique() argument
305 if (flags & VEC_FLAG_TERMINATE) in aa_vec_unique()
350 if (label->flags & FLAG_NS_COUNT) in label_free_switch()
362 if (label->flags & FLAG_IN_TREE) in label_free_rcu()
605 if (label->flags & FLAG_IN_TREE) { in __label_remove()
607 label->flags &= ~FLAG_IN_TREE; in __label_remove()
635 AA_BUG(new->flags & FLAG_IN_TREE); in __label_replace()
640 if (old->flags & FLAG_IN_TREE) { in __label_replace()
642 old->flags &= ~FLAG_IN_TREE; in __label_replace()
[all …]
Dpath.c49 int flags, const char *disconnected) in disconnect() argument
53 if (!(flags & PATH_CONNECT_PATH) && in disconnect()
54 !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && in disconnect()
89 int flags, const char *disconnected) in d_namespace_path() argument
94 int isdir = (flags & PATH_IS_DIR) ? 1 : 0; in d_namespace_path()
113 error = disconnect(path, buf, name, flags, in d_namespace_path()
119 if (flags & PATH_CHROOT_REL) { in d_namespace_path()
152 error = disconnect(path, buf, name, flags, disconnected); in d_namespace_path()
161 !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) { in d_namespace_path()
197 int aa_path_name(const struct path *path, int flags, char *buffer, in aa_path_name() argument
[all …]
Dsecid.c48 unsigned long flags; in aa_secid_update() local
50 spin_lock_irqsave(&secid_lock, flags); in aa_secid_update()
52 spin_unlock_irqrestore(&secid_lock, flags); in aa_secid_update()
126 unsigned long flags; in aa_alloc_secid() local
130 spin_lock_irqsave(&secid_lock, flags); in aa_alloc_secid()
132 spin_unlock_irqrestore(&secid_lock, flags); in aa_alloc_secid()
151 unsigned long flags; in aa_free_secid() local
153 spin_lock_irqsave(&secid_lock, flags); in aa_free_secid()
155 spin_unlock_irqrestore(&secid_lock, flags); in aa_free_secid()
Dfile.c158 const struct path *path, int flags, char *buffer, in path_name() argument
165 error = aa_path_name(path, flags, buffer, name, &info, in path_name()
269 u32 request, struct path_cond *cond, int flags, in __aa_path_perm() argument
286 struct path_cond *cond, int flags, in profile_path_perm() argument
296 flags | profile->path_flags, buffer, &name, cond, in profile_path_perm()
300 return __aa_path_perm(op, profile, name, request, cond, flags, in profile_path_perm()
316 const struct path *path, int flags, u32 request, in aa_path_perm() argument
324 flags |= PATH_DELEGATE_DELETED | (S_ISDIR(cond->mode) ? PATH_IS_DIR : in aa_path_perm()
331 cond, flags, &perms)); in aa_path_perm()
518 int flags, error; in __file_path_perm() local
[all …]
Dlsm.c503 unsigned long flags, bool in_atomic) in common_mmap() argument
516 if ((prot & PROT_WRITE) && !(flags & MAP_PRIVATE)) in common_mmap()
525 unsigned long prot, unsigned long flags) in apparmor_mmap_file() argument
527 return common_mmap(OP_FMMAP, file, prot, flags, GFP_ATOMIC); in apparmor_mmap_file()
539 const char *type, unsigned long flags, void *data) in apparmor_sb_mount() argument
545 if ((flags & MS_MGC_MSK) == MS_MGC_VAL) in apparmor_sb_mount()
546 flags &= ~MS_MGC_MSK; in apparmor_sb_mount()
548 flags &= ~AA_MS_IGNORE_MASK; in apparmor_sb_mount()
552 if (flags & MS_REMOUNT) in apparmor_sb_mount()
553 error = aa_remount(label, path, flags, data); in apparmor_sb_mount()
[all …]
Dmatch.c147 static int verify_table_headers(struct table_header **tables, int flags) in verify_table_headers() argument
159 if (ACCEPT1_FLAGS(flags)) { in verify_table_headers()
165 if (ACCEPT2_FLAGS(flags)) { in verify_table_headers()
215 if (!(dfa->flags & YYTH_FLAG_DIFF_ENCODE)) { in verify_dfa()
225 if (!(dfa->flags & YYTH_FLAG_OOB_TRANS)) { in verify_dfa()
306 struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags) in aa_dfa_unpack() argument
331 dfa->flags = ntohs(*(__be16 *) (data + 12)); in aa_dfa_unpack()
332 if (dfa->flags & ~(YYTH_FLAGS)) in aa_dfa_unpack()
359 if (!(table->td_flags & ACCEPT1_FLAGS(flags))) in aa_dfa_unpack()
363 if (!(table->td_flags & ACCEPT2_FLAGS(flags))) in aa_dfa_unpack()
[all …]
/security/integrity/ima/
Dima_policy.c75 unsigned int flags; member
117 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
118 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
119 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
120 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
121 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
122 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
123 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
124 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
125 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
[all …]
Dima_appraise.c156 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
159 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
162 iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
166 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
170 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED); in ima_cache_flags()
248 if (iint->flags & IMA_DIGSIG_REQUIRED) { in xattr_verify()
352 if (!(iint->flags & IMA_CHECK_BLACKLIST)) in ima_check_blacklist()
355 if (iint->flags & IMA_MODSIG_ALLOWED && modsig) { in ima_check_blacklist()
359 if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) in ima_check_blacklist()
388 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; in ima_appraise_measurement()
[all …]
Dima_main.c171 (iint->flags & IMA_NEW_FILE)) { in ima_check_last_writer()
172 iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); in ima_check_last_writer()
265 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | in process_measurement()
278 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
285 (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { in process_measurement()
290 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
299 iint->flags |= action; in process_measurement()
301 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); in process_measurement()
314 iint->flags |= IMA_HASHED; in process_measurement()
340 if (iint->flags & IMA_MODSIG_ALLOWED) { in process_measurement()
[all …]
Dima_api.c194 int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; in ima_get_action() local
196 flags &= ima_policy_flag; in ima_get_action()
199 flags, pcr, template_desc, func_data, in ima_get_action()
238 if (iint->flags & IMA_COLLECTED) in ima_collect_measurement()
277 iint->flags |= IMA_COLLECTED; in ima_collect_measurement()
342 iint->flags |= IMA_MEASURED; in ima_store_measurement()
357 if (iint->flags & IMA_AUDITED) in ima_audit_measurement()
380 iint->flags |= IMA_AUDITED; in ima_audit_measurement()
/security/apparmor/include/
Dmount.h29 unsigned long flags, void *data);
32 const char *old_name, unsigned long flags);
36 unsigned long flags);
42 const struct path *path, const char *type, unsigned long flags,
45 int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags);
Dfile.h191 int flags, struct aa_perms *perms);
193 const struct path *path, int flags, u32 request,
218 int flags = file->f_flags; in aa_map_file_to_perms() local
226 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms()
229 if (flags & O_TRUNC) in aa_map_file_to_perms()
231 if (flags & O_CREAT) in aa_map_file_to_perms()
Dlabel.h58 int aa_vec_unique(struct aa_profile **vec, int n, int flags);
131 long flags; member
144 #define label_isprofile(X) ((X)->flags & FLAG_PROFILE)
145 #define label_unconfined(X) ((X)->flags & FLAG_UNCONFINED)
147 #define label_is_stale(X) ((X)->flags & FLAG_STALE)
148 #define __label_make_stale(X) ((X)->flags |= FLAG_STALE)
313 struct aa_label *label, int flags);
315 int flags, gfp_t gfp);
317 struct aa_label *label, int flags, gfp_t gfp);
319 struct aa_label *label, int flags, gfp_t gfp);
[all …]
Ddomain.h36 int aa_change_hat(const char *hats[], int count, u64 token, int flags);
37 int aa_change_profile(const char *fqname, int flags);
/security/selinux/ss/
Dsidtab.c267 unsigned long flags; in sidtab_context_to_sid() local
278 spin_lock_irqsave(&s->lock, flags); in sidtab_context_to_sid()
353 spin_unlock_irqrestore(&s->lock, flags); in sidtab_context_to_sid()
420 unsigned long flags; in sidtab_convert() local
424 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
428 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
440 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
451 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
461 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
463 spin_unlock_irqrestore(&s->lock, flags); in sidtab_convert()
[all …]
/security/keys/
Dkey.c227 key_perm_t perm, unsigned long flags, in key_alloc() argument
257 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { in key_alloc()
264 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) { in key_alloc()
301 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) in key_alloc()
302 key->flags |= 1 << KEY_FLAG_IN_QUOTA; in key_alloc()
303 if (flags & KEY_ALLOC_BUILT_IN) in key_alloc()
304 key->flags |= 1 << KEY_FLAG_BUILTIN; in key_alloc()
305 if (flags & KEY_ALLOC_UID_KEYRING) in key_alloc()
306 key->flags |= 1 << KEY_FLAG_UID_KEYRING; in key_alloc()
307 if (flags & KEY_ALLOC_SET_KEEP) in key_alloc()
[all …]
Drequest_key.c29 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | in check_cached_key()
42 if (!(t->flags & PF_KTHREAD)) { in cache_requested_key()
201 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || in call_sbin_request_key()
252 !test_bit(KEY_FLAG_INVALIDATED, &authkey->flags)); in construct_key()
291 &authkey->flags)) in construct_get_dest_keyring()
371 unsigned long flags, in construct_alloc_key() argument
397 perm, flags, NULL); in construct_alloc_key()
401 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); in construct_alloc_key()
494 unsigned long flags) in construct_key_and_link() argument
515 ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key); in construct_key_and_link()
[all …]
Dpermission.c104 unsigned long flags = READ_ONCE(key->flags); in key_validate() local
107 if (flags & (1 << KEY_FLAG_INVALIDATED)) in key_validate()
111 if (flags & ((1 << KEY_FLAG_REVOKED) | in key_validate()
Dproc.c157 unsigned long flags; in proc_keys_show() local
171 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | in proc_keys_show()
225 flags = READ_ONCE(key->flags); in proc_keys_show()
229 showflag(flags, 'R', KEY_FLAG_REVOKED), in proc_keys_show()
230 showflag(flags, 'D', KEY_FLAG_DEAD), in proc_keys_show()
231 showflag(flags, 'Q', KEY_FLAG_IN_QUOTA), in proc_keys_show()
232 showflag(flags, 'U', KEY_FLAG_USER_CONSTRUCT), in proc_keys_show()
234 showflag(flags, 'i', KEY_FLAG_INVALIDATED), in proc_keys_show()
Dkeyring.c222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key()
519 unsigned long flags, in keyring_alloc() argument
527 uid, gid, cred, perm, flags, restrict_link); in keyring_alloc()
578 unsigned long kflags = READ_ONCE(key->flags); in keyring_search_iterator()
590 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator()
601 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) in keyring_search_iterator()
615 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && in keyring_search_iterator()
623 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator()
684 BUG_ON((ctx->flags & STATE_CHECKS) == 0 || in search_nested_keyrings()
685 (ctx->flags & STATE_CHECKS) == STATE_CHECKS); in search_nested_keyrings()
[all …]
/security/selinux/
Dibpkey.c134 unsigned long flags; in sel_ib_pkey_sid_slow() local
136 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
140 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
164 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
208 unsigned long flags; in sel_ib_pkey_flush() local
210 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
219 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
/security/landlock/
Dsyscalls.c159 const size_t, size, const __u32, flags) in SYSCALL_DEFINE3() argument
171 if (flags) { in SYSCALL_DEFINE3()
172 if ((flags == LANDLOCK_CREATE_RULESET_VERSION) && !attr && in SYSCALL_DEFINE3()
307 const void __user *const, rule_attr, const __u32, flags) in SYSCALL_DEFINE4() argument
318 if (flags) in SYSCALL_DEFINE4()
398 flags) in SYSCALL_DEFINE2() argument
417 if (flags) in SYSCALL_DEFINE2()
/security/
Dsecurity.c174 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { in lsm_allowed()
223 if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { in prepare_lsm()
268 if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && in ordered_lsm_parse()
976 const char *type, unsigned long flags, void *data) in security_sb_mount() argument
978 return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); in security_sb_mount()
981 int security_sb_umount(struct vfsmount *mnt, int flags) in security_sb_umount() argument
983 return call_int_hook(sb_umount, 0, mnt, flags); in security_sb_umount()
1193 unsigned int flags) in security_path_rename() argument
1199 if (flags & RENAME_EXCHANGE) { in security_path_rename()
1293 unsigned int flags) in security_inode_rename() argument
[all …]

1234