| /security/landlock/ |
| D | ruleset.c | 38 new_ruleset->root = RB_ROOT; in create_ruleset()
158 walker_node = &(ruleset->root.rb_node); in insert_rule()
201 rb_replace_node(&this->node, &new_rule->node, &ruleset->root); in insert_rule()
214 rb_insert_color(&new_rule->node, &ruleset->root); in insert_rule()
287 rbtree_postorder_for_each_entry_safe(walker_rule, next_rule, &src->root, in merge_ruleset()
330 &parent->root, node) { in inherit_ruleset()
364 rbtree_postorder_for_each_entry_safe(freeme, next, &ruleset->root, node) in free_ruleset()
462 node = ruleset->root.rb_node; in landlock_find_rule()
|
| D | ruleset.h | 101 struct rb_root root; member
|
| /security/apparmor/ |
| D | path.c | 120 struct path root; in d_namespace_path() local
121 get_fs_root(current->fs, &root); in d_namespace_path()
122 res = __d_path(path, &root, buf, buflen); in d_namespace_path()
123 path_put(&root); in d_namespace_path()
|
| D | policy_ns.c | 162 struct aa_ns *aa_findn_ns(struct aa_ns *root, const char *name, size_t n) in aa_findn_ns() argument
167 ns = aa_get_ns(__aa_findn_ns(&root->sub_ns, name, n)); in aa_findn_ns()
183 struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name) in aa_find_ns() argument
185 return aa_findn_ns(root, name, strlen(name)); in aa_find_ns()
|
| D | apparmorfs.c | 2064 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) in __next_ns() argument
2068 AA_BUG(!root); in __next_ns()
2070 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock)); in __next_ns()
2081 while (ns != root) { in __next_ns()
2103 static struct aa_profile *__first_profile(struct aa_ns *root, in __first_profile() argument
2106 AA_BUG(!root); in __first_profile()
2109 for (; ns; ns = __next_ns(root, ns)) { in __first_profile()
2165 static struct aa_profile *next_profile(struct aa_ns *root, in next_profile() argument
2173 return __first_profile(root, __next_ns(root, profile->ns)); in next_profile()
2188 struct aa_ns *root = aa_get_current_ns(); in p_start() local
[all …]
|
| D | domain.c | 991 struct aa_profile *root, *hat = NULL; in build_change_hat() local
996 root = aa_get_profile_rcu(&profile->parent); in build_change_hat()
998 root = aa_get_profile(profile); in build_change_hat()
1005 hat = aa_find_child(root, name); in build_change_hat()
1017 aa_put_profile(root); in build_change_hat()
1039 struct aa_profile *profile, *root, *hat = NULL; in change_hat() local
1058 root = aa_get_profile_rcu(&profile->parent); in change_hat()
1060 root = aa_get_profile(profile); in change_hat()
1066 hat = aa_find_child(root, name); in change_hat()
1067 aa_put_profile(root); in change_hat()
|
| D | label.c | 606 rb_erase(&label->node, &ls->root); in __label_remove()
641 rb_replace_node(&old->node, &new->node, &ls->root); in __label_replace()
675 new = &ls->root.rb_node; in __label_insert()
702 rb_insert_color(&label->node, &ls->root); in __label_insert()
728 node = vec_labelset(vec, n)->root.rb_node; in __vec_find()
1153 node = ls->root.rb_node; in __label_find_merge()
1989 for (node = rb_first(&ls->root); node; node = rb_first(&ls->root)) { in aa_labelset_destroy()
2009 ls->root = RB_ROOT; in aa_labelset_init()
|
| /security/apparmor/include/ |
| D | policy_ns.h | 90 struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name);
91 struct aa_ns *aa_findn_ns(struct aa_ns *root, const char *name, size_t n);
96 struct aa_ns *aa_prepare_ns(struct aa_ns *root, const char *name);
|
| D | label.h | 74 struct rb_root root; member
78 for ((N) = rb_first(&(LS)->root); (N); (N) = rb_next(N))
|
| /security/ |
| D | commoncap.c | 385 uid_t root, mappedroot; in cap_inode_getsecurity() local
412 root = 0; in cap_inode_getsecurity()
415 root = le32_to_cpu(nscap->rootid); in cap_inode_getsecurity()
421 kroot = make_kuid(fs_ns, root); in cap_inode_getsecurity()
861 kuid_t root, bool has_fcap) in nonroot_raised_pE() argument
867 (__is_eff(root, new) || __is_real(root, new)) && in nonroot_raised_pE()
870 __is_suid(root, new) && in nonroot_raised_pE()
|
| D | Kconfig | 102 correctly. This level of protection requires a root of trust outside
|
| /security/loadpin/ |
| D | Kconfig | 11 have a root filesystem backed by a read-only device such as
|
| /security/integrity/evm/ |
| D | Kconfig | 54 When this option is enabled, root can add additional xattrs to the
|
| /security/selinux/ |
| D | hooks.c | 500 struct dentry *root = sb->s_root; in sb_check_xattr_support() local
501 struct inode *root_inode = d_backing_inode(root); in sb_check_xattr_support()
518 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0); in sb_check_xattr_support()
549 struct dentry *root = sb->s_root; in sb_finish_set_opts() local
550 struct inode *root_inode = d_backing_inode(root); in sb_finish_set_opts()
572 rc = inode_doinit_with_dentry(root_inode, root); in sb_finish_set_opts()
640 struct dentry *root = sb->s_root; in selinux_set_mnt_opts() local
683 root_isec = backing_inode_security_novalidate(root); in selinux_set_mnt_opts()
1138 struct dentry *root = sb->s_root; in selinux_sb_show_options() local
1139 struct inode_security_struct *isec = backing_inode_security(root); in selinux_sb_show_options()
|
| /security/integrity/ima/ |
| D | Kconfig | 141 This option allows the root user to see the current policy rules.
|
| /security/keys/ |
| D | keyring.c | 732 ptr = READ_ONCE(keyring->keys.root); in search_nested_keyrings()
|
| /security/smack/ |
| D | smack_lsm.c | 756 struct dentry *root = sb->s_root; in smack_set_mnt_opts() local
757 struct inode *inode = d_backing_inode(root); in smack_set_mnt_opts()
|