| /security/keys/ |
| D | sysctl.c | 17 .mode = 0644,
26 .mode = 0644,
35 .mode = 0644,
44 .mode = 0644,
53 .mode = 0644,
63 .mode = 0644,
|
| /security/tomoyo/ |
| D | audit.c | 118 static inline const char *tomoyo_filetype(const umode_t mode) in tomoyo_filetype() argument
120 switch (mode & S_IFMT) { in tomoyo_filetype()
168 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], in tomoyo_print_header()
188 umode_t mode; in tomoyo_print_header() local
194 mode = stat->mode; in tomoyo_print_header()
203 stat->mode & S_IALLUGO); in tomoyo_print_header()
213 mode & S_IALLUGO, tomoyo_filetype(mode)); in tomoyo_print_header()
214 if (S_ISCHR(mode) || S_ISBLK(mode)) { in tomoyo_print_header()
333 u8 mode; in tomoyo_get_audit() local
346 mode = p->config[index]; in tomoyo_get_audit()
[all …]
|
| D | file.c | 201 r->param.mkdev.mode, r->param.mkdev.major, in tomoyo_audit_mkdev_log()
323 tomoyo_compare_number_union(r->param.mkdev.mode, in tomoyo_check_mkdev_acl()
324 &acl->mode) && in tomoyo_check_mkdev_acl()
420 tomoyo_same_number_union(&p1->mode, &p2->mode) && in tomoyo_same_mkdev_acl()
472 !tomoyo_parse_number_union(param, &e.mode) || in tomoyo_update_mkdev_acl()
481 tomoyo_put_number_union(&e.mode); in tomoyo_update_mkdev_acl()
579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
580 if (r->mode == TOMOYO_CONFIG_DISABLED) in tomoyo_path_permission()
611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
618 if (r->mode != TOMOYO_CONFIG_DISABLED) in tomoyo_execute_permission()
[all …]
|
| D | tomoyo.c | 162 umode_t mode) in tomoyo_path_mkdir() argument
167 mode & S_IALLUGO); in tomoyo_path_mkdir()
213 umode_t mode, unsigned int dev) in tomoyo_path_mknod() argument
217 const unsigned int perm = mode & S_IALLUGO; in tomoyo_path_mknod()
219 switch (mode & S_IFMT) { in tomoyo_path_mknod()
231 switch (mode & S_IFMT) { in tomoyo_path_mknod()
347 static int tomoyo_path_chmod(const struct path *path, umode_t mode) in tomoyo_path_chmod() argument
350 mode & S_IALLUGO); in tomoyo_path_chmod()
|
| D | util.c | 995 u8 mode; in tomoyo_get_mode() local
1001 mode = p->config[index]; in tomoyo_get_mode()
1002 if (mode == TOMOYO_CONFIG_USE_DEFAULT) in tomoyo_get_mode()
1003 mode = p->config[tomoyo_index2category[index] in tomoyo_get_mode()
1005 if (mode == TOMOYO_CONFIG_USE_DEFAULT) in tomoyo_get_mode()
1006 mode = p->default_config; in tomoyo_get_mode()
1007 return mode & 3; in tomoyo_get_mode()
1031 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1032 return r->mode; in tomoyo_init_request_info()
1050 if (r->mode != TOMOYO_CONFIG_LEARNING) in tomoyo_domain_quota_is_ok()
|
| D | Kconfig | 19 int "Default maximal count for learning mode"
25 that are automatically appended into policy at "learning mode".
27 such programs in "learning mode" dulls the system response
55 enforcing mode from the beginning, you can reduce the possibility of
|
| D | securityfs_if.c | 224 static void __init tomoyo_create_entry(const char *name, const umode_t mode, in tomoyo_create_entry() argument
227 securityfs_create_file(name, mode, parent, (void *) (uintptr_t) key, in tomoyo_create_entry()
|
| D | common.h | 449 unsigned int mode; member
499 u8 mode; /* One of tomoyo_mode_index . */ member
571 umode_t mode; member
732 struct tomoyo_number_union mode; member
982 const unsigned int mode, unsigned int dev);
|
| /security/integrity/ima/ |
| D | ima_efi.c | 16 enum efi_secureboot_mode mode; in get_sb_mode() local
23 mode = efi_get_secureboot_mode(efi.get_variable); in get_sb_mode()
24 if (mode == efi_secureboot_mode_disabled) in get_sb_mode()
26 else if (mode == efi_secureboot_mode_unknown) in get_sb_mode()
30 return mode; in get_sb_mode()
|
| D | ima_template_lib.c | 671 u16 mode; in ima_eventinodemode_init() local
677 mode = inode->i_mode; in ima_eventinodemode_init()
679 mode = (__force u16)cpu_to_le16(mode); in ima_eventinodemode_init()
681 return ima_write_template_field_data((char *)&mode, sizeof(mode), in ima_eventinodemode_init()
|
| /security/ |
| D | inode.c | 107 static struct dentry *securityfs_create_dentry(const char *name, umode_t mode, in securityfs_create_dentry() argument
116 if (!(mode & S_IFMT)) in securityfs_create_dentry()
117 mode = (mode & S_IALLUGO) | S_IFREG; in securityfs_create_dentry()
147 inode->i_mode = mode; in securityfs_create_dentry()
150 if (S_ISDIR(mode)) { in securityfs_create_dentry()
155 } else if (S_ISLNK(mode)) { in securityfs_create_dentry()
200 struct dentry *securityfs_create_file(const char *name, umode_t mode, in securityfs_create_file() argument
204 return securityfs_create_dentry(name, mode, parent, data, fops, NULL); in securityfs_create_file()
|
| D | security.c | 776 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) in security_ptrace_access_check() argument
778 return call_int_hook(ptrace_access_check, 0, child, mode); in security_ptrace_access_check()
1076 int security_dentry_init_security(struct dentry *dentry, int mode, in security_dentry_init_security() argument
1088 rc = hp->hook.dentry_init_security(dentry, mode, name, in security_dentry_init_security()
1097 int security_dentry_create_files_as(struct dentry *dentry, int mode, in security_dentry_create_files_as() argument
1101 return call_int_hook(dentry_create_files_as, 0, dentry, mode, in security_dentry_create_files_as()
1161 int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, in security_path_mknod() argument
1166 return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); in security_path_mknod()
1170 int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) in security_path_mkdir() argument
1174 return call_int_hook(path_mkdir, 0, dir, dentry, mode); in security_path_mkdir()
[all …]
|
| /security/apparmor/include/ |
| D | apparmorfs.h | 29 umode_t mode; member
43 { .name = (_name), .mode = 0444, \
47 { .name = (_name), .mode = 0444, \
51 { .name = (_name), .mode = 0444, \
56 .mode = (_mode), .file_ops = (_fops) }
|
| D | policy.h | 43 ((_profile)->mode == (_mode)))
144 long mode; member
205 #define profile_unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
|
| /security/smack/ |
| D | Kconfig | 21 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule with the "b" mode a
25 of access initially with the bringup mode set on the
31 "permissive" mode of other systems.
|
| D | smack_access.c | 219 u32 mode, struct smk_audit_info *a) in smk_tskacc() argument
228 rc = smk_access(sbj_known, obj_known, mode, NULL); in smk_tskacc()
239 if ((mode & may) == mode) in smk_tskacc()
254 mode, rc, a); in smk_tskacc()
271 u32 mode, struct smk_audit_info *a) in smk_curacc() argument
275 return smk_tskacc(tsp, obj_known, mode, a); in smk_curacc()
|
| D | smack_lsm.c | 97 static void smk_bu_mode(int mode, char *s) in smk_bu_mode() argument
101 if (mode & MAY_READ) in smk_bu_mode()
103 if (mode & MAY_WRITE) in smk_bu_mode()
105 if (mode & MAY_EXEC) in smk_bu_mode()
107 if (mode & MAY_APPEND) in smk_bu_mode()
109 if (mode & MAY_TRANSMUTE) in smk_bu_mode()
111 if (mode & MAY_LOCK) in smk_bu_mode()
121 struct smack_known *oskp, int mode, int rc) in smk_bu_note() argument
130 smk_bu_mode(mode, acc); in smk_bu_note()
136 #define smk_bu_note(note, sskp, oskp, mode, RC) (RC) argument
[all …]
|
| /security/lockdown/ |
| D | Kconfig | 20 prompt "Kernel default lockdown mode"
36 The kernel runs in integrity mode by default. Features that allow
42 The kernel runs in confidentiality mode by default. Features that
|
| /security/yama/ |
| D | yama_lsm.c | 355 unsigned int mode) in yama_ptrace_access_check() argument
360 if (mode & PTRACE_MODE_ATTACH) { in yama_ptrace_access_check()
388 if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) in yama_ptrace_access_check()
461 .mode = 0644,
|
| /security/apparmor/ |
| D | lsm.c | 116 unsigned int mode) in apparmor_ptrace_access_check() argument
124 (mode & PTRACE_MODE_READ) ? AA_PTRACE_READ in apparmor_ptrace_access_check()
278 cond.mode = inode->i_mode; in common_perm_rm()
294 struct dentry *dentry, u32 mask, umode_t mode) in common_perm_create() argument
296 struct path_cond cond = { current_fsuid(), mode }; in common_perm_create()
310 umode_t mode) in apparmor_path_mkdir() argument
322 umode_t mode, unsigned int dev) in apparmor_path_mknod() argument
324 return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); in apparmor_path_mknod()
412 static int apparmor_path_chmod(const struct path *path, umode_t mode) in apparmor_path_chmod() argument
1348 module_param_call(mode, param_set_mode, param_get_mode,
[all …]
|
| D | apparmorfs.c | 215 umode_t mode, void *data, char *link, in __aafs_setup_d_inode() argument
228 inode->i_mode = mode; in __aafs_setup_d_inode()
231 if (S_ISDIR(mode)) { in __aafs_setup_d_inode()
236 } else if (S_ISLNK(mode)) { in __aafs_setup_d_inode()
264 static struct dentry *aafs_create(const char *name, umode_t mode, in aafs_create() argument
276 if (!(mode & S_IFMT)) in aafs_create()
277 mode = (mode & S_IALLUGO) | S_IFREG; in aafs_create()
297 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); in aafs_create()
325 static struct dentry *aafs_create_file(const char *name, umode_t mode, in aafs_create_file() argument
329 return aafs_create(name, mode, parent, data, NULL, fops, NULL); in aafs_create_file()
[all …]
|
| D | label.c | 1539 const char *modestr = aa_profile_mode_names[profile->mode]; in aa_profile_snxprint()
1559 int mode = -1, count = 0; in label_modename() local
1570 if (mode == -1) in label_modename()
1571 mode = profile->mode; in label_modename()
1572 else if (mode != profile->mode) in label_modename()
1579 if (mode == -1) in label_modename()
1581 mode = APPARMOR_UNCONFINED; in label_modename()
1583 return aa_profile_mode_names[mode]; in label_modename()
|
| /security/landlock/ |
| D | fs.c | 667 static inline access_mask_t get_mode_access(const umode_t mode) in get_mode_access() argument
669 switch (mode & S_IFMT) { in get_mode_access()
1109 struct dentry *const dentry, const umode_t mode) in hook_path_mkdir() argument
1115 struct dentry *const dentry, const umode_t mode, in hook_path_mknod() argument
1123 return check_access_path(dom, dir, get_mode_access(mode)); in hook_path_mknod()
|
| D | ptrace.c | 89 const unsigned int mode) in hook_ptrace_access_check() argument
|
| /security/selinux/ |
| D | Kconfig | 58 kernel will start in permissive mode (log everything, deny nothing)
60 can interactively toggle the kernel between enforcing mode and
61 permissive mode (if permitted by the policy) via
|