| /security/keys/ |
| D | key.c | 53 struct key_user *candidate = NULL, *user; in key_user_lookup() local
64 user = rb_entry(parent, struct key_user, node); in key_user_lookup()
66 if (uid_lt(uid, user->uid)) in key_user_lookup()
68 else if (uid_gt(uid, user->uid)) in key_user_lookup()
80 user = NULL; in key_user_lookup()
105 user = candidate; in key_user_lookup()
110 refcount_inc(&user->usage); in key_user_lookup()
114 return user; in key_user_lookup()
120 void key_user_put(struct key_user *user) in key_user_put() argument
122 if (refcount_dec_and_lock(&user->usage, &key_user_lock)) { in key_user_put()
[all …]
|
| D | proc.c | 71 if (kuid_has_mapping(user_ns, key->user->uid)) in key_serial_next()
103 if (kuid_has_mapping(user_ns, minkey->user->uid)) in find_ge_key()
255 struct key_user *user = rb_entry(n, struct key_user, node); in __key_user_next() local
256 if (kuid_has_mapping(user_ns, user->uid)) in __key_user_next()
306 struct key_user *user = rb_entry(_p, struct key_user, node); in proc_key_users_show() local
307 unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ? in proc_key_users_show()
309 unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ? in proc_key_users_show()
313 from_kuid_munged(seq_user_ns(m), user->uid), in proc_key_users_show()
314 refcount_read(&user->usage), in proc_key_users_show()
315 atomic_read(&user->nkeys), in proc_key_users_show()
[all …]
|
| D | gc.c | 160 spin_lock(&key->user->lock); in key_gc_unused_keys()
161 key->user->qnkeys--; in key_gc_unused_keys()
162 key->user->qnbytes -= key->quotalen; in key_gc_unused_keys()
163 spin_unlock(&key->user->lock); in key_gc_unused_keys()
166 atomic_dec(&key->user->nkeys); in key_gc_unused_keys()
168 atomic_dec(&key->user->nikeys); in key_gc_unused_keys()
170 key_user_put(key->user); in key_gc_unused_keys()
|
| D | request_key.c | 372 struct key_user *user, in construct_alloc_key() argument
385 mutex_lock(&user->cons_lock); in construct_alloc_key()
437 mutex_unlock(&user->cons_lock); in construct_alloc_key()
459 mutex_unlock(&user->cons_lock); in construct_alloc_key()
465 mutex_unlock(&user->cons_lock); in construct_alloc_key()
475 mutex_unlock(&user->cons_lock); in construct_alloc_key()
481 mutex_unlock(&user->cons_lock); in construct_alloc_key()
496 struct key_user *user; in construct_key_and_link() local
509 user = key_user_lookup(current_fsuid()); in construct_key_and_link()
510 if (!user) { in construct_key_and_link()
[all …]
|
| D | keyctl.c | 949 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) in keyctl_chown_key() argument
958 uid = make_kuid(current_user_ns(), user); in keyctl_chown_key()
961 if ((user != (uid_t) -1) && !uid_valid(uid)) in keyctl_chown_key()
967 if (user == (uid_t) -1 && group == (gid_t) -1) in keyctl_chown_key()
987 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) in keyctl_chown_key()
1000 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { in keyctl_chown_key()
1024 spin_lock(&key->user->lock); in keyctl_chown_key()
1025 key->user->qnkeys--; in keyctl_chown_key()
1026 key->user->qnbytes -= key->quotalen; in keyctl_chown_key()
1027 spin_unlock(&key->user->lock); in keyctl_chown_key()
[all …]
|
| D | Kconfig | 51 A particular keyring may be accessed by either the user whose keyring
100 key can be either a trusted-key or user-key type. Only encrypted
106 bool "Allow encrypted keys with user decrypted data"
110 user-provided decrypted data. The decrypted data must be hex-ascii
|
| D | process_keys.c | 82 uid_t uid = from_kuid(user_ns, cred->user->uid); in look_up_user_keyrings()
106 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
128 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, in look_up_user_keyrings()
206 cred->user->uid)); in get_user_session_keyring_rcu()
936 new->user = get_uid(old->user); in key_change_session_keyring()
|
| D | internal.h | 71 extern void key_user_put(struct key_user *user);
|
| D | keyring.c | 1155 if (!kuid_has_mapping(ns, keyring->user->uid)) in find_keyring_by_name()
|
| /security/selinux/ss/ |
| D | context.h | 28 u32 user; member
155 dst->user = src->user; in context_cpy()
177 c->user = c->role = c->type = 0; in context_destroy()
190 return ((c1->user == c2->user) && in context_cmp()
|
| D | mls.c | 208 if (!c->user || c->user > p->p_users.nprim) in mls_context_isvalid()
210 usrdatum = p->user_val_to_struct[c->user - 1]; in mls_context_isvalid()
402 struct context *fromcon, struct user_datum *user, in mls_setup_user_range() argument
408 struct mls_level *user_low = &(user->range.level[0]); in mls_setup_user_range()
409 struct mls_level *user_clr = &(user->range.level[1]); in mls_setup_user_range()
410 struct mls_level *user_def = &(user->dfltlevel); in mls_setup_user_range()
|
| D | services.c | 307 val1 = scontext->user; in constraint_expr_eval()
308 val2 = tcontext->user; in constraint_expr_eval()
415 val1 = c->user; in constraint_expr_eval()
758 u16 orig_tclass, bool user) in security_compute_validatetrans() argument
781 if (!user) in security_compute_validatetrans()
821 if (user) in security_compute_validatetrans()
1253 *scontext_len += strlen(sym_name(p, SYM_USERS, context->user - 1)) + 1; in context_struct_to_string()
1271 sym_name(p, SYM_USERS, context->user - 1), in context_struct_to_string()
1471 ctx->user = usrdatum->value; in string_to_context_struct()
1805 newcontext.user = tcontext->user; in security_compute_sid()
[all …]
|
| D | context.c | 29 hash = jhash_3words(c->user, c->role, c->type, hash); in context_compute_hash()
|
| D | mls.h | 64 struct context *fromcon, struct user_datum *user,
|
| D | policydb.c | 933 if (!c->user || c->user > p->p_users.nprim) in policydb_context_isvalid()
951 usrdatum = p->user_val_to_struct[c->user - 1]; in policydb_context_isvalid()
1041 c->user = le32_to_cpu(buf[0]); in context_read_and_validate()
1652 struct user_datum *upper, *user; in user_bounds_sanity_check() local
1656 upper = user = datum; in user_bounds_sanity_check()
1669 ebitmap_for_each_positive_bit(&user->roles, node, bit) { in user_bounds_sanity_check()
1675 sym_name(p, SYM_USERS, user->value - 1), in user_bounds_sanity_check()
2904 buf[0] = cpu_to_le32(c->user); in context_write()
|
| /security/safesetid/ |
| D | Kconfig | 12 with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
|
| /security/integrity/ima/ |
| D | Kconfig | 141 This option allows the root user to see the current policy rules.
292 bool "Require signed user-space initialization"
296 This option requires user-space init to be signed.
|
| /security/ |
| D | Kconfig | 105 Intel TXT also helps solve real end user concerns about having
119 int "Low address space for LSM to protect from user allocation"
125 from userspace allocation. Keeping a user from writing to low pages
|
| /security/selinux/ |
| D | selinuxfs.c | 1132 char *con = NULL, *user = NULL, *ptr; in sel_write_user() local
1152 user = kzalloc(size + 1, GFP_KERNEL); in sel_write_user()
1153 if (!user) in sel_write_user()
1157 if (sscanf(buf, "%s %s", con, user) != 2) in sel_write_user()
1164 length = security_get_user_sids(state, sid, user, &sids, &nsids); in sel_write_user()
1188 kfree(user); in sel_write_user()
|