| /kernel/linux/linux-6.6/security/selinux/include/ |
| D | avc.h | 53 u32 denied; member
69 u32 denied, audited; in avc_audit_required() local
70 denied = requested & ~avd->allowed; in avc_audit_required()
71 if (unlikely(denied)) { in avc_audit_required()
72 audited = denied & avd->auditdeny; in avc_audit_required()
78 * actual permissions that were denied. As an example lets in avc_audit_required()
81 * denied == READ in avc_audit_required()
85 * We will NOT audit the denial even though the denied in avc_audit_required()
92 audited = denied = requested; in avc_audit_required()
95 *deniedp = denied; in avc_audit_required()
[all …]
|
| /kernel/linux/linux-5.10/security/selinux/include/ |
| D | avc.h | 53 u32 denied; member
70 u32 denied, audited; in avc_audit_required() local
71 denied = requested & ~avd->allowed; in avc_audit_required()
72 if (unlikely(denied)) { in avc_audit_required()
73 audited = denied & avd->auditdeny; in avc_audit_required()
79 * actual permissions that were denied. As an example lets in avc_audit_required()
82 * denied == READ in avc_audit_required()
86 * We will NOT audit the denial even though the denied in avc_audit_required()
93 audited = denied = requested; in avc_audit_required()
96 *deniedp = denied; in avc_audit_required()
[all …]
|
| /kernel/linux/linux-6.6/include/trace/events/ |
| D | avc.h | 26 __field(u32, denied)
36 __entry->denied = sad->denied;
44 TP_printk("requested=0x%x denied=0x%x audited=0x%x result=%d scontext=%s tcontext=%s tclass=%s",
45 __entry->requested, __entry->denied, __entry->audited, __entry->result,
|
| /kernel/linux/linux-5.10/include/trace/events/ |
| D | avc.h | 26 __field(u32, denied)
36 __entry->denied = sad->denied;
44 TP_printk("requested=0x%x denied=0x%x audited=0x%x result=%d scontext=%s tcontext=%s tclass=%s",
45 __entry->requested, __entry->denied, __entry->audited, __entry->result,
|
| /kernel/linux/linux-6.6/security/apparmor/ |
| D | lib.c | 294 if (ad->denied) { in aa_audit_perms_cb()
296 aa_audit_perm_mask(ab, ad->denied, aa_file_perm_chrs, in aa_audit_perms_cb()
393 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms() local
395 if (likely(!denied)) { in aa_check_perms()
406 if (denied & perms->kill) in aa_check_perms()
408 else if (denied == (denied & perms->complain)) in aa_check_perms()
413 if (denied == (denied & perms->hide)) in aa_check_perms()
416 denied &= ~perms->quiet; in aa_check_perms()
417 if (!ad || !denied) in aa_check_perms()
424 ad->denied = denied; in aa_check_perms()
|
| D | file.c | 56 if (ad->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
58 map_mask_to_chr_mask(ad->denied)); in file_audit_cb()
126 /* only report permissions that were denied */ in aa_audit_file()
143 ad.denied = ad.request & ~perms->allow; in aa_audit_file()
280 * Returns: %0 else error if access denied or other error
487 u32 request, u32 denied, bool in_atomic) in __file_path_perm() argument
501 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
515 if (denied && !error) { in __file_path_perm()
548 u32 request, u32 denied) in __file_sock_perm() argument
556 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| D | ipc.c | 60 if (ad->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
62 audit_signal_mask(ad->denied)); in audit_signal_cb()
|
| D | task.c | 217 if (ad->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
219 audit_ptrace_mask(ad->denied)); in audit_ptrace_cb()
288 * Returns: %0 else error code if permission denied or error
|
| /kernel/linux/linux-6.6/security/selinux/ |
| D | avc.c | 392 u32 denied, audited; in avc_xperms_audit_required() local
394 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
395 if (unlikely(denied)) { in avc_xperms_audit_required()
396 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
402 audited = denied = requested; in avc_xperms_audit_required()
411 *deniedp = denied; in avc_xperms_audit_required()
421 u32 audited, denied; in avc_xperms_audit() local
424 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
428 audited, denied, result, ad); in avc_xperms_audit()
661 audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /kernel/linux/linux-5.10/security/apparmor/ |
| D | lib.c | 272 if (aad(sa)->denied) { in aa_audit_perms_cb()
274 aa_audit_perm_mask(ab, aad(sa)->denied, aa_file_perm_chrs, in aa_audit_perms_cb()
434 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms() local
436 if (likely(!denied)) { in aa_check_perms()
447 if (denied & perms->kill) in aa_check_perms()
449 else if (denied == (denied & perms->complain)) in aa_check_perms()
454 if (denied == (denied & perms->hide)) in aa_check_perms()
457 denied &= ~perms->quiet; in aa_check_perms()
458 if (!sa || !denied) in aa_check_perms()
465 aad(sa)->denied = denied; in aa_check_perms()
|
| D | file.c | 53 if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
55 map_mask_to_chr_mask(aad(sa)->denied)); in file_audit_cb()
121 /* only report permissions that were denied */ in aa_audit_file()
138 aad(&sa)->denied = aad(&sa)->request & ~perms->allow; in aa_audit_file()
311 * Returns: %0 else error if access denied or other error
507 u32 request, u32 denied, bool in_atomic) in __file_path_perm() argument
519 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
532 if (denied && !error) { in __file_path_perm()
562 u32 request, u32 denied) in __file_sock_perm() argument
570 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| D | ipc.c | 51 if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
53 audit_ptrace_mask(aad(sa)->denied)); in audit_ptrace_cb()
116 * Returns: %0 else error code if permission denied or error
169 if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
171 audit_signal_mask(aad(sa)->denied)); in audit_signal_cb()
|
| /kernel/linux/linux-5.10/security/selinux/ |
| D | avc.c | 394 u32 denied, audited; in avc_xperms_audit_required() local
396 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
397 if (unlikely(denied)) { in avc_xperms_audit_required()
398 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
404 audited = denied = requested; in avc_xperms_audit_required()
413 *deniedp = denied; in avc_xperms_audit_required()
424 u32 audited, denied; in avc_xperms_audit() local
427 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
431 audited, denied, result, ad); in avc_xperms_audit()
672 audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /kernel/linux/linux-5.10/Documentation/ABI/stable/ |
| D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
56 Might return "<denied>" in case of special security settings
105 Might return "<denied>" in case of special security settings
|
| /kernel/linux/linux-6.6/security/apparmor/include/ |
| D | capability.h | 23 * @denied: caps that are explicitly denied
31 kernel_cap_t denied; member
|
| D | audit.h | 27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
117 u32 denied; member
|
| /kernel/linux/linux-5.10/security/apparmor/include/ |
| D | capability.h | 23 * @denied: caps that are explicitly denied
31 kernel_cap_t denied; member
|
| D | audit.h | 27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
115 u32 denied; member
|
| /kernel/linux/linux-5.10/Documentation/userspace-api/ioctl/ |
| D | hdio.rst | 185 - EACCES Access denied: requires CAP_SYS_ADMIN
235 - EACCES Access denied: requires CAP_SYS_ADMIN
359 - EACCES Access denied: requires CAP_SYS_ADMIN
487 - EACCES Access denied: requires CAP_SYS_ADMIN
596 - EACCES Access denied: requires CAP_SYS_ADMIN
622 - EACCES Access denied: requires CAP_SYS_RAWIO
658 - EACCES Access denied: requires CAP_SYS_ADMIN
947 - EACCES Access denied: requires CAP_SYS_RAWIO
1016 - EACCES Access denied: requires CAP_SYS_RAWIO
1059 - EACCES Access denied: requires CAP_SYS_ADMIN
[all …]
|
| /kernel/linux/linux-6.6/Documentation/admin-guide/cgroup-v1/ |
| D | devices.rst | 19 never receive a device access which is denied by its parent.
77 If a device is denied in group A::
84 group whitelist entries denied devices
97 group whitelist entries denied devices
107 group whitelist entries denied devices
|
| /kernel/linux/linux-5.10/Documentation/admin-guide/cgroup-v1/ |
| D | devices.rst | 19 never receive a device access which is denied by its parent.
77 If a device is denied in group A::
84 group whitelist entries denied devices
97 group whitelist entries denied devices
107 group whitelist entries denied devices
|
| /kernel/linux/linux-6.6/Documentation/ABI/stable/ |
| D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
56 Might return "<denied>" in case of special security settings
105 Might return "<denied>" in case of special security settings
|
| /kernel/linux/linux-6.6/security/landlock/ |
| D | ptrace.c | 83 * the same rules. Else denied.
86 * granted, -errno if denied.
101 * or more rules. Else denied.
104 * process, returning 0 if permission is granted, -errno if denied.
|
| /kernel/linux/linux-6.6/tools/testing/selftests/kvm/aarch64/ |
| D | smccc_filter.c | 10 * - Test that the filter actions (DENIED, FWD_TO_USER) work as intended.
70 * Enable in-kernel emulation of PSCI to ensure that calls are denied in setup_vm()
187 /* Denied SMCCC calls have a return code of SMCCC_RET_NOT_SUPPORTED */
|
| /kernel/linux/linux-5.10/arch/um/os-Linux/ |
| D | execvp.c | 92 /* Record the we got a `Permission denied' error. If we end in execvp_noalloc()
94 that we did find one but were denied access. */ in execvp_noalloc()
|