Home
last modified time | relevance | path

Searched refs:level (Results 1 – 25 of 30) sorted by relevance

12

/security/selinux/ss/
Dcontext.h45 dst->range.level[0].sens = src->range.level[0].sens; in mls_context_cpy()
46 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); in mls_context_cpy()
50 dst->range.level[1].sens = src->range.level[1].sens; in mls_context_cpy()
51 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[1].cat); in mls_context_cpy()
53 ebitmap_destroy(&dst->range.level[0].cat); in mls_context_cpy()
65 dst->range.level[0].sens = src->range.level[0].sens; in mls_context_cpy_low()
66 rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); in mls_context_cpy_low()
70 dst->range.level[1].sens = src->range.level[0].sens; in mls_context_cpy_low()
71 rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat); in mls_context_cpy_low()
73 ebitmap_destroy(&dst->range.level[0].cat); in mls_context_cpy_low()
[all …]
Dmls.c48 int index_sens = context->range.level[l].sens; in mls_compute_context_len()
54 e = &context->range.level[l].cat; in mls_compute_context_len()
73 if (mls_level_eq(&context->range.level[0], in mls_compute_context_len()
74 &context->range.level[1])) in mls_compute_context_len()
108 context->range.level[l].sens - 1)); in mls_sid_to_context()
114 e = &context->range.level[l].cat; in mls_sid_to_context()
150 if (mls_level_eq(&context->range.level[0], in mls_sid_to_context()
151 &context->range.level[1])) in mls_sid_to_context()
178 return ebitmap_contains(&levdatum->level->cat, &l->cat, in mls_level_isvalid()
184 return (mls_level_isvalid(p, &r->level[0]) && in mls_range_isvalid()
[all …]
Dsidtab.c150 u32 level = 0; in sidtab_level_from_count() local
154 ++level; in sidtab_level_from_count()
156 return level; in sidtab_level_from_count()
159 static int sidtab_alloc_roots(struct sidtab *s, u32 level) in sidtab_alloc_roots() argument
169 for (l = 1; l <= level; ++l) in sidtab_alloc_roots()
184 u32 level, capacity_shift, leaf_index = index / SIDTAB_LEAF_ENTRIES; in sidtab_do_lookup() local
187 level = sidtab_level_from_count(index + 1); in sidtab_do_lookup()
188 capacity_shift = level * SIDTAB_INNER_SHIFT; in sidtab_do_lookup()
191 if (alloc && sidtab_alloc_roots(s, level) != 0) in sidtab_do_lookup()
195 entry = &s->roots[level]; in sidtab_do_lookup()
[all …]
Dmls_types.h27 struct mls_level level[2]; /* low == level[0], high == level[1] */ member
49 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
50 mls_level_dom(&(r1).level[1], &(r2).level[1]))
Dmls.h109 hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash); in mls_range_hash()
110 hash = ebitmap_hash(&r->level[0].cat, hash); in mls_range_hash()
111 hash = ebitmap_hash(&r->level[1].cat, hash); in mls_range_hash()
Dservices.c339 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
340 l2 = &(tcontext->range.level[0]); in constraint_expr_eval()
343 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
344 l2 = &(tcontext->range.level[1]); in constraint_expr_eval()
347 l1 = &(scontext->range.level[1]); in constraint_expr_eval()
348 l2 = &(tcontext->range.level[0]); in constraint_expr_eval()
351 l1 = &(scontext->range.level[1]); in constraint_expr_eval()
352 l2 = &(tcontext->range.level[1]); in constraint_expr_eval()
355 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
356 l2 = &(scontext->range.level[1]); in constraint_expr_eval()
[all …]
Dpolicydb.c289 ebitmap_destroy(&usrdatum->range.level[0].cat); in user_destroy()
290 ebitmap_destroy(&usrdatum->range.level[1].cat); in user_destroy()
304 if (levdatum->level) in sens_destroy()
305 ebitmap_destroy(&levdatum->level->cat); in sens_destroy()
306 kfree(levdatum->level); in sens_destroy()
353 ebitmap_destroy(&rt->level[0].cat); in range_tr_destroy()
354 ebitmap_destroy(&rt->level[1].cat); in range_tr_destroy()
647 if (!levdatum->level->sens || in sens_index()
648 levdatum->level->sens > p->p_levels.nprim) in sens_index()
651 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; in sens_index()
[all …]
Dpolicydb.h132 struct mls_level *level; /* sensitivity and associated categories */ member
/security/lockdown/
Dlockdown.c26 static int lock_kernel_down(const char *where, enum lockdown_reason level) in lock_kernel_down() argument
28 if (kernel_locked_down >= level) in lock_kernel_down()
31 kernel_locked_down = level; in lock_kernel_down()
37 static int __init lockdown_param(char *level) in lockdown_param() argument
39 if (!level) in lockdown_param()
42 if (strcmp(level, "integrity") == 0) in lockdown_param()
44 else if (strcmp(level, "confidentiality") == 0) in lockdown_param()
97 enum lockdown_reason level = lockdown_levels[i]; in lockdown_read() local
99 if (lockdown_reasons[level]) { in lockdown_read()
100 const char *label = lockdown_reasons[level]; in lockdown_read()
[all …]
/security/landlock/
Druleset.c177 if ((*layers)[0].level == 0) { in insert_rule()
184 if (WARN_ON_ONCE(this->layers[0].level != 0)) in insert_rule()
190 if (WARN_ON_ONCE(this->layers[0].level == 0)) in insert_rule()
222 .level = ~0, in build_check_layer()
226 BUILD_BUG_ON(layer.level < LANDLOCK_MAX_NUM_LAYERS); in build_check_layer()
238 .level = 0, in landlock_insert_rule()
290 .level = dst->num_layers, in merge_ruleset()
297 if (WARN_ON_ONCE(walker_rule->layers[0].level != 0)) { in merge_ruleset()
Druleset.h39 u16 level; member
Dfs.c242 const layer_mask_t layer_bit = BIT_ULL(layer->level - 1); in unmask_layers()
/security/apparmor/
Dpolicy_ns.c255 ns->level = parent->level + 1; in __aa_create_ns()
256 mutex_lock_nested(&ns->lock, ns->level); in __aa_create_ns()
312 mutex_lock_nested(&parent->lock, parent->level); in aa_prepare_ns()
335 mutex_lock_nested(&ns->lock, ns->level); in destroy_ns()
Dpolicy.c551 mutex_lock_nested(&profile->ns->lock, profile->ns->level); in aa_new_null_profile()
656 user_ns->level == view_ns->level))) in policy_view_capable()
913 mutex_lock_nested(&ns->lock, ns->level); in aa_replace_profiles()
1128 mutex_lock_nested(&ns->parent->lock, ns->parent->level); in aa_remove_profiles()
1134 mutex_lock_nested(&ns->lock, ns->level); in aa_remove_profiles()
Dapparmorfs.c539 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_read()
549 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_read()
583 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_poll()
1185 seq_printf(seq, "%d\n", labels_ns(label)->level); in seq_ns_level_show()
1202 SEQ_NS_FOPS(level);
1800 mutex_lock_nested(&parent->lock, parent->level); in ns_mkdir_op()
1849 mutex_lock_nested(&parent->lock, parent->level); in ns_rmdir_op()
1904 mutex_lock_nested(&sub->lock, sub->level); in __aafs_ns_rmdir()
2034 mutex_lock_nested(&sub->lock, sub->level); in __aafs_ns_mkdir()
2075 mutex_lock_nested(&next->lock, next->level); in __next_ns()
[all …]
Dlsm.c1005 int level, int optname) in aa_sock_opt_perm() argument
1012 opt_perm(op, request, sock, level, optname), in aa_sock_opt_perm()
1019 static int apparmor_socket_getsockopt(struct socket *sock, int level, in apparmor_socket_getsockopt() argument
1023 level, optname); in apparmor_socket_getsockopt()
1029 static int apparmor_socket_setsockopt(struct socket *sock, int level, in apparmor_socket_setsockopt() argument
1033 level, optname); in apparmor_socket_setsockopt()
/security/selinux/
Dnetlabel.c482 static inline int selinux_netlbl_option(int level, int optname) in selinux_netlbl_option() argument
484 return (level == IPPROTO_IP && optname == IP_OPTIONS) || in selinux_netlbl_option()
485 (level == IPPROTO_IPV6 && optname == IPV6_HOPOPTS); in selinux_netlbl_option()
502 int level, in selinux_netlbl_socket_setsockopt() argument
510 if (selinux_netlbl_option(level, optname) && in selinux_netlbl_socket_setsockopt()
/security/keys/
Dkeyring.c268 static unsigned long keyring_get_key_chunk(const void *data, int level) in keyring_get_key_chunk() argument
275 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE; in keyring_get_key_chunk()
276 switch (level) { in keyring_get_key_chunk()
286 level -= 4; in keyring_get_key_chunk()
291 d += level * sizeof(long); in keyring_get_key_chunk()
303 static unsigned long keyring_get_object_key_chunk(const void *object, int level) in keyring_get_object_key_chunk() argument
306 return keyring_get_key_chunk(&key->index_key, level); in keyring_get_object_key_chunk()
331 int level, i; in keyring_diff_objects() local
333 level = 0; in keyring_diff_objects()
338 level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8; in keyring_diff_objects()
[all …]
DKconfig53 LSMs gets to rule on which admin-level processes get to access the
/security/selinux/include/
Dnetlabel.h53 int level,
133 int level, in selinux_netlbl_socket_setsockopt() argument
/security/apparmor/include/
Dpolicy_ns.h67 int level; member
/security/smack/
Dsmack_access.c487 int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, in smk_netlbl_mls() argument
497 sap->attr.mls.lvl = level; in smk_netlbl_mls()
/security/integrity/
DKconfig91 controls the level of integrity auditing messages.
/security/
DKconfig.hardening13 such variables, depending on the chosen level of coverage.
51 This chooses the level of coverage over classes of potentially
Dcommoncap.c84 if (ns->level <= cred->user_ns->level) in cap_capable()

12