Home
last modified time | relevance | path

Searched refs:perms (Results 1 – 21 of 21) sorted by relevance

/security/apparmor/
Dfile.c92 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, in aa_audit_file() argument
111 u32 mask = perms->audit; in aa_audit_file()
124 aad(&sa)->request = aad(&sa)->request & ~perms->allow; in aa_audit_file()
127 if (aad(&sa)->request & perms->kill) in aa_audit_file()
131 if ((aad(&sa)->request & perms->quiet) && in aa_audit_file()
134 aad(&sa)->request &= ~perms->quiet; in aa_audit_file()
140 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file()
223 struct aa_perms perms = { }; in aa_compute_fperms() local
226 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms()
227 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in aa_compute_fperms()
[all …]
Dlib.c290 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument
294 perms->audit = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
297 perms->quiet = 0; in aa_apply_modes_to_perms()
300 perms->audit = 0; in aa_apply_modes_to_perms()
303 perms->quiet = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
308 perms->kill = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
310 perms->complain = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
332 struct aa_perms *perms) in aa_compute_perms() argument
344 *perms = (struct aa_perms) { in aa_compute_perms()
355 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms()
[all …]
Ddomain.c136 struct aa_perms *perms) in label_compound_match() argument
153 *perms = allperms; in label_compound_match()
165 *perms = aa_compute_fperms(profile->file.dfa, state, &cond); in label_compound_match()
166 aa_apply_modes_to_perms(profile, perms); in label_compound_match()
167 if ((perms->allow & request) != request) in label_compound_match()
173 *perms = nullperms; in label_compound_match()
196 struct aa_perms *perms) in label_components_match() argument
220 aa_perms_accum(perms, &tmp); in label_components_match()
229 aa_perms_accum(perms, &tmp); in label_components_match()
232 if ((perms->allow & request) != request) in label_components_match()
[all …]
Dmount.c134 struct aa_perms *perms, const char *info, int error) in audit_mount() argument
140 u32 mask = perms->audit; in audit_mount()
153 request = request & ~perms->allow; in audit_mount()
155 if (request & perms->kill) in audit_mount()
159 if ((request & perms->quiet) && in audit_mount()
162 request &= ~perms->quiet; in audit_mount()
173 if (data && (perms->audit & AA_AUDIT_DATA)) in audit_mount()
216 struct aa_perms perms = { in compute_mnt_perms() local
222 return perms; in compute_mnt_perms()
242 void *data, bool binary, struct aa_perms *perms) in do_match_mnt() argument
[all …]
Dnet.c111 struct aa_perms perms = { }; in aa_profile_af_perm() local
128 aa_compute_perms(profile->policy.dfa, state, &perms); in aa_profile_af_perm()
129 aa_apply_modes_to_perms(profile, &perms); in aa_profile_af_perm()
131 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); in aa_profile_af_perm()
218 struct aa_perms perms = { }; in aa_secmark_perm() local
233 perms.deny = ALL_PERMS_MASK; in aa_secmark_perm()
235 perms.allow = ALL_PERMS_MASK; in aa_secmark_perm()
238 perms.audit = ALL_PERMS_MASK; in aa_secmark_perm()
242 aa_apply_modes_to_perms(profile, &perms); in aa_secmark_perm()
244 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); in aa_secmark_perm()
Dipc.c81 struct aa_perms perms; in profile_signal_perm() local
93 aa_label_match(profile, peer, state, false, request, &perms); in profile_signal_perm()
94 aa_apply_modes_to_perms(profile, &perms); in profile_signal_perm()
95 return aa_check_perms(profile, &perms, request, sa, audit_signal_cb); in profile_signal_perm()
Dtask.c232 struct aa_perms perms = { }; in profile_ptrace_perm() local
236 &perms); in profile_ptrace_perm()
237 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
238 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); in profile_ptrace_perm()
Dlabel.c1305 struct aa_perms *perms) in label_compound_match() argument
1321 *perms = allperms; in label_compound_match()
1333 aa_compute_perms(profile->policy.dfa, state, perms); in label_compound_match()
1334 aa_apply_modes_to_perms(profile, perms); in label_compound_match()
1335 if ((perms->allow & request) != request) in label_compound_match()
1341 *perms = nullperms; in label_compound_match()
1363 struct aa_perms *perms) in label_components_match() argument
1386 aa_perms_accum(perms, &tmp); in label_components_match()
1395 aa_perms_accum(perms, &tmp); in label_components_match()
1398 if ((perms->allow & request) != request) in label_components_match()
[all …]
Dapparmorfs.c611 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, in profile_query_cb() argument
639 aa_perms_accum_raw(perms, &tmp); in profile_query_cb()
761 struct aa_perms perms; in query_label() local
787 perms = allperms; in query_label()
790 profile_query_cb(profile, &perms, match_str, match_len); in query_label()
794 profile_query_cb(profile, &perms, match_str, match_len); in query_label()
801 perms.allow, perms.deny, perms.audit, perms.quiet); in query_label()
/security/apparmor/include/
Dfile.h162 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
190 struct aa_perms *perms);
194 int flags, struct aa_perms *perms);
222 u32 perms = 0; in aa_map_file_to_perms() local
225 perms |= MAY_WRITE; in aa_map_file_to_perms()
227 perms |= MAY_READ; in aa_map_file_to_perms()
229 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms()
230 perms = (perms & ~MAY_WRITE) | MAY_APPEND; in aa_map_file_to_perms()
233 perms |= MAY_WRITE; in aa_map_file_to_perms()
235 perms |= AA_MAY_CREATE; in aa_map_file_to_perms()
[all …]
Dperms.h143 struct aa_perms *perms);
145 struct aa_perms *perms);
149 int type, u32 request, struct aa_perms *perms);
153 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
Dlabel.h362 struct aa_perms *perms);
/security/selinux/include/
Dsecurity.h284 #define security_xperm_set(perms, x) ((perms)[(x) >> 5] |= 1 << ((x) & 0x1f)) argument
285 #define security_xperm_test(perms, x) (1 & ((perms)[(x) >> 5] >> ((x) & 0x1f))) argument
400 char *class, char ***perms, int *nperms);
Davc_ss.h18 const char *perms[sizeof(u32) * 8 + 1]; member
/security/selinux/
Davc.c679 const char *const *perms; in avc_audit_pre_callback() local
689 perms = secclass_map[sad->tclass-1].perms; in avc_audit_pre_callback()
695 if ((perm & av) && perms[i]) { in avc_audit_pre_callback()
696 audit_log_format(ab, " %s", perms[i]); in avc_audit_pre_callback()
856 u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, in avc_update_node() argument
913 node->ae.avd.allowed |= perms; in avc_update_node()
919 node->ae.avd.allowed &= ~perms; in avc_update_node()
922 node->ae.avd.auditallow |= perms; in avc_update_node()
925 node->ae.avd.auditallow &= ~perms; in avc_update_node()
928 node->ae.avd.auditdeny |= perms; in avc_update_node()
[all …]
Dhooks.c1618 u32 perms, in inode_has_perm() argument
1633 sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1914 u32 perms, in superblock_has_perm() argument
1922 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
3070 u32 perms, u32 audited, u32 denied, in audit_inode_permission() argument
3080 current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3087 u32 perms; in selinux_inode_permission() local
3108 perms = file_mask_to_av(inode->i_mode, mask); in selinux_inode_permission()
3116 sid, isec->sid, isec->sclass, perms, 0, in selinux_inode_permission()
3118 audited = avc_audit_required(perms, &avd, rc, in selinux_inode_permission()
[all …]
Dselinuxfs.c1877 char **perms; in sel_make_perm_files() local
1879 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); in sel_make_perm_files()
1888 dentry = d_alloc_name(dir, perms[i]); in sel_make_perm_files()
1907 kfree(perms[i]); in sel_make_perm_files()
1908 kfree(perms); in sel_make_perm_files()
/security/selinux/ss/
Davtab.c411 __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; in avtab_read_item()
538 rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p)); in avtab_read_item()
543 for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) in avtab_read_item()
544 xperms.perms.p[i] = le32_to_cpu(buf32[i]); in avtab_read_item()
615 __le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)]; in avtab_write_item()
634 for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++) in avtab_write_item()
635 buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]); in avtab_write_item()
637 ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp); in avtab_write_item()
Dservices.c147 while (p_in->perms[k]) { in selinux_set_mapping()
149 if (!*p_in->perms[k]) { in selinux_set_mapping()
153 p_out->perms[k] = string_to_av_perm(pol, p_out->value, in selinux_set_mapping()
154 p_in->perms[k]); in selinux_set_mapping()
155 if (!p_out->perms[k]) { in selinux_set_mapping()
157 p_in->perms[k], p_in->name); in selinux_set_mapping()
217 if (avd->allowed & mapping->perms[i]) in map_decision()
219 if (allow_unknown && !mapping->perms[i]) in map_decision()
225 if (avd->auditallow & mapping->perms[i]) in map_decision()
230 if (avd->auditdeny & mapping->perms[i]) in map_decision()
[all …]
Dservices.h16 u32 perms[sizeof(u32) * 8]; /* policy values for permissions */ member
Davtab.h67 struct extended_perms_data perms; member