Searched refs:allow (Results 1 – 19 of 19) sorted by relevance
| /security/apparmor/ |
| D | lib.c | 24 struct aa_perms allperms = { .allow = ALL_PERMS_MASK,
329 .allow = dfa_user_allow(dfa, state), in aa_compute_perms()
337 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms()
351 accum->allow &= addend->allow & ~addend->deny; in aa_perms_accum_raw()
352 accum->audit |= addend->audit & addend->allow; in aa_perms_accum_raw()
353 accum->quiet &= addend->quiet & ~addend->allow; in aa_perms_accum_raw()
354 accum->kill |= addend->kill & ~addend->allow; in aa_perms_accum_raw()
355 accum->stop |= addend->stop & ~addend->allow; in aa_perms_accum_raw()
356 accum->complain |= addend->complain & ~addend->allow & ~addend->deny; in aa_perms_accum_raw()
357 accum->cond |= addend->cond & ~addend->allow & ~addend->deny; in aa_perms_accum_raw()
[all …]
|
| D | file.c | 124 aad(&sa)->request = aad(&sa)->request & ~perms->allow; in aa_audit_file()
140 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file()
226 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms()
231 perms.allow = map_old_perms(dfa_other_allow(dfa, state)); in aa_compute_fperms()
236 perms.allow |= AA_MAY_GETATTR; in aa_compute_fperms()
240 perms.allow |= AA_MAY_CHANGE_PROFILE; in aa_compute_fperms()
242 perms.allow |= AA_MAY_ONEXEC; in aa_compute_fperms()
277 if (request & ~perms->allow) in __aa_path_perm()
386 if (!(lperms.allow & AA_MAY_LINK)) in profile_path_link()
400 if (!(perms.allow & AA_MAY_LINK)) { in profile_path_link()
[all …]
|
| D | mount.c | 153 request = request & ~perms->allow; in audit_mount()
217 .allow = dfa_user_allow(dfa, state), in compute_mnt_perms()
271 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt()
275 if (data && !binary && (perms->allow & AA_MNT_CONT_MATCH)) { in do_match_mnt()
284 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt()
606 if (AA_MAY_UMOUNT & ~perms.allow) in profile_umount()
678 if (AA_MAY_PIVOTROOT & perms.allow) in build_pivotroot()
|
| D | domain.c | 168 if ((perms->allow & request) != request) in label_compound_match()
233 if ((perms->allow & request) != request) in label_components_match()
294 perms->allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC; in change_profile_perms()
666 if (perms.allow & MAY_EXEC) { in profile_transition()
677 perms.allow &= ~MAY_EXEC; in profile_transition()
761 if (!(perms.allow & AA_MAY_ONEXEC)) { in profile_onexec()
773 perms.allow &= ~AA_MAY_ONEXEC; in profile_onexec()
1434 perms.allow = 0; in aa_change_profile()
|
| D | capability.c | 119 if (cap_raised(profile->caps.allow, cap) && in profile_capable()
|
| D | net.c | 234 perms.allow = ALL_PERMS_MASK; in aa_secmark_perm()
|
| D | lsm.c | 169 profile->caps.allow); in apparmor_capget()
171 profile->caps.allow); in apparmor_capget()
422 fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP; in apparmor_file_open()
438 fctx->allow = aa_map_file_to_perms(file); in apparmor_file_open()
|
| D | policy_unpack.c | 782 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
794 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
|
| D | label.c | 1334 if ((perms->allow & request) != request) in label_compound_match()
1397 if ((perms->allow & request) != request) in label_components_match()
|
| D | apparmorfs.c | 798 perms.allow, perms.deny, perms.audit, perms.quiet); in query_label()
|
| /security/lockdown/ |
| D | Kconfig | 36 The kernel runs in integrity mode by default. Features that allow
43 allow the kernel to be modified at runtime or that permit userland
|
| /security/apparmor/include/ |
| D | capability.h | 29 kernel_cap_t allow; member
|
| D | file.h | 44 u32 allow; member
109 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
|
| D | perms.h | 67 u32 allow; member
|
| /security/integrity/ima/ |
| D | Kconfig | 242 The modsig keyword can be used in the IMA policy to allow a hook
317 bool "Disable htable to allow measurement of duplicate records"
320 This option disables htable to allow measurement of duplicate records.
|
| /security/integrity/ |
| D | Kconfig | 28 Different keyrings improves search performance, but also allow
|
| /security/tomoyo/ |
| D | Kconfig | 51 immediately after loading the fixed part of policy which will allow
|
| /security/selinux/ss/ |
| D | services.c | 1043 goto allow; in security_compute_xperms_decision()
1066 goto allow; in security_compute_xperms_decision()
1097 allow: in security_compute_xperms_decision()
1132 goto allow; in security_compute_av()
1158 goto allow; in security_compute_av()
1168 allow: in security_compute_av()
1188 goto allow; in security_compute_av_user()
1213 goto allow; in security_compute_av_user()
1222 allow: in security_compute_av_user()
|
| /security/selinux/ |
| D | Kconfig | 20 command line. The purpose of this option is to allow a single
|