Home
last modified time | relevance | path

Searched refs:a (Results 1 – 25 of 37) sorted by relevance

12

/security/
A Dlsm_audit.c187 switch (a->type) { in audit_log_lsm_data()
258 inode = a->u.inode; in audit_log_lsm_data()
286 if (a->u.net->sk) { in audit_log_lsm_data()
341 a->u.net->sport, in audit_log_lsm_data()
344 a->u.net->dport, in audit_log_lsm_data()
349 a->u.net->sport, in audit_log_lsm_data()
352 a->u.net->dport, in audit_log_lsm_data()
394 a->u.ibendport->port); in audit_log_lsm_data()
439 if (a == NULL) in common_lsm_audit()
449 pre_audit(ab, a); in common_lsm_audit()
[all …]
A DKconfig106 If enabled, a security module can use these hooks to
115 If enabled, a security module can use these hooks to
124 If enabled, a security module can use these hooks to
137 If enabled, a security module can use these hooks to
147 Intel(R) Trusted Execution Technology to perform a measured launch
153 create a robust initial kernel measurement and verification, which
167 Intel TXT support in a kernel boot.
182 a value of 65536 is reasonable and should cause no problems.
189 bool "Force all usermode helper calls through a single binary"
194 either in the kernel code itself, or as a kernel configuration
[all …]
A DKconfig.hardening31 on the function calling complexity of a given workload's
36 initialized before use in a function.
52 with a specific debug value. This is intended to eliminate
72 with a zero value. This is intended to eliminate all
80 suitable as a production security mitigation than pattern
122 This option will cause a warning to be printed each time the
123 stackleak plugin finds a function it thinks needs to be
207 image. This has a less than 1% performance impact on most
259 bool "Trigger a BUG when data corruption is detected"
311 structures as much as possible, which may have both a
[all …]
/security/smack/
A Dsmack.h273 struct common_audit_data a; member
456 memset(&a->sad, 0, sizeof(a->sad)); in smk_ad_init()
457 a->a.type = type; in smk_ad_init()
458 a->a.smack_audit_data = &a->sad; in smk_ad_init()
459 a->a.smack_audit_data->function = func; in smk_ad_init()
467 a->a.u.net = net; in smk_ad_init_net()
473 a->a.u.tsk = t; in smk_ad_setfield_u_tsk()
478 a->a.u.dentry = d; in smk_ad_setfield_u_fs_path_dentry()
483 a->a.u.inode = i; in smk_ad_setfield_u_fs_inode()
488 a->a.u.path = p; in smk_ad_setfield_u_fs_path()
[all …]
A DKconfig12 Smack is useful for sensitivity, integrity, and a variety
22 When access is granted by a rule with the "b" mode a
24 intention is that a process can be granted a wide set
30 This is a superior mechanism to the oft abused
50 Sending a signal has been treated as a write operation to the
53 to differentiate between delivering a network packet and
54 delivering a signal in the Smack rules.
A Dsmack_access.c118 int request, struct smk_audit_info *a) in smk_access() argument
200 if (a) in smk_access()
202 request, rc, a); in smk_access()
221 u32 mode, struct smk_audit_info *a) in smk_tskacc() argument
254 if (a) in smk_tskacc()
256 mode, rc, a); in smk_tskacc()
273 u32 mode, struct smk_audit_info *a) in smk_curacc() argument
277 return smk_tskacc(tsp, obj_known, mode, a); in smk_curacc()
321 struct common_audit_data *ad = a; in smack_log_callback()
356 struct common_audit_data *a = &ad->a; in smack_log() local
[all …]
/security/apparmor/
A Dlabel.c111 AA_BUG(!a); in ns_cmp()
116 if (a == b) in ns_cmp()
139 AA_BUG(!a); in profile_cmp()
146 if (a == b || a->base.hname == b->base.hname) in profile_cmp()
170 AA_BUG(!a); in vec_cmp()
171 AA_BUG(!*a); in vec_cmp()
476 if (a == b) in label_cmp()
479 return vec_cmp(a->vec, a->size, b->vec, b->size); in label_cmp()
957 AA_BUG(!a); in aa_label_next_in_merge()
1182 a = ar = aa_get_newest_label(a); in aa_label_find_merge()
[all …]
A DKconfig35 points. If the assert is triggered it will trigger a WARN
67 filesystem. This option provides a light weight means of
78 loaded policy provide system administrators a quick way to
101 This options allows controlling whether apparmor does a full
116 running KUnit test harness and are not for inclusion into a
/security/ipe/
A DKconfig18 allowing users to define a policy to enforce a trust-based access
19 control. A key feature of IPE is a customizable policy to allow
28 This option specifies a filepath to an IPE policy that is compiled
29 into the kernel. This policy will be enforced until a policy update
61 policies. The property evaluates to TRUE when a file from a dm-verity
70 policies. The property evaluates to TRUE when a file from a dm-verity
71 volume, which has been mounted with a valid signed root hash,
81 policies. The property evaluates to TRUE when a file is fsverity
92 policies. The property evaluates to TRUE when a file is fsverity
93 enabled and it has a valid builtin signature whose signing cert
[all …]
/security/tomoyo/
A Dgroup.c21 static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a, in tomoyo_same_path_group() argument
24 return container_of(a, struct tomoyo_path_group, head)->member_name == in tomoyo_same_path_group()
36 static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a, in tomoyo_same_number_group() argument
39 return !memcmp(&container_of(a, struct tomoyo_number_group, head) in tomoyo_same_number_group()
43 sizeof(container_of(a, struct tomoyo_number_group, head) in tomoyo_same_number_group()
55 static bool tomoyo_same_address_group(const struct tomoyo_acl_head *a, in tomoyo_same_address_group() argument
58 const struct tomoyo_address_group *p1 = container_of(a, typeof(*p1), in tomoyo_same_address_group()
A Dcommon.h1162 static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, in tomoyo_pathcmp() argument
1165 return a->hash != b->hash || strcmp(a->name, b->name); in tomoyo_pathcmp()
1231 (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b) in tomoyo_same_name_union() argument
1233 return a->filename == b->filename && a->group == b->group; in tomoyo_same_name_union()
1245 (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b) in tomoyo_same_number_union() argument
1247 return a->values[0] == b->values[0] && a->values[1] == b->values[1] && in tomoyo_same_number_union()
1248 a->group == b->group && a->value_type[0] == b->value_type[0] && in tomoyo_same_number_union()
1249 a->value_type[1] == b->value_type[1]; in tomoyo_same_number_union()
1261 (const struct tomoyo_ipaddr_union *a, const struct tomoyo_ipaddr_union *b) in tomoyo_same_ipaddr_union() argument
1263 return !memcmp(a->ip, b->ip, sizeof(a->ip)) && a->group == b->group && in tomoyo_same_ipaddr_union()
[all …]
A Dfile.c341 static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a, in tomoyo_same_path_acl() argument
359 static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a, in tomoyo_merge_path_acl() argument
363 u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head) in tomoyo_merge_path_acl()
413 static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a, in tomoyo_same_mkdev_acl() argument
434 static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a, in tomoyo_merge_mkdev_acl() argument
438 u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl, in tomoyo_merge_mkdev_acl()
495 static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a, in tomoyo_same_path2_acl() argument
514 static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a, in tomoyo_merge_path2_acl() argument
518 u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head) in tomoyo_merge_path2_acl()
652 static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a, in tomoyo_merge_path_number_acl() argument
[all …]
A Dcondition.c357 static inline bool tomoyo_same_condition(const struct tomoyo_condition *a, in tomoyo_same_condition() argument
360 return a->size == b->size && a->condc == b->condc && in tomoyo_same_condition()
361 a->numbers_count == b->numbers_count && in tomoyo_same_condition()
362 a->names_count == b->names_count && in tomoyo_same_condition()
363 a->argc == b->argc && a->envc == b->envc && in tomoyo_same_condition()
364 a->grant_log == b->grant_log && a->transit == b->transit && in tomoyo_same_condition()
365 !memcmp(a + 1, b + 1, a->size - sizeof(*a)); in tomoyo_same_condition()
A Dnetwork.c192 static bool tomoyo_same_inet_acl(const struct tomoyo_acl_info *a, in tomoyo_same_inet_acl() argument
195 const struct tomoyo_inet_acl *p1 = container_of(a, typeof(*p1), head); in tomoyo_same_inet_acl()
211 static bool tomoyo_same_unix_acl(const struct tomoyo_acl_info *a, in tomoyo_same_unix_acl() argument
214 const struct tomoyo_unix_acl *p1 = container_of(a, typeof(*p1), head); in tomoyo_same_unix_acl()
230 static bool tomoyo_merge_inet_acl(struct tomoyo_acl_info *a, in tomoyo_merge_inet_acl() argument
235 &container_of(a, struct tomoyo_inet_acl, head)->perm; in tomoyo_merge_inet_acl()
256 static bool tomoyo_merge_unix_acl(struct tomoyo_acl_info *a, in tomoyo_merge_unix_acl() argument
261 &container_of(a, struct tomoyo_unix_acl, head)->perm; in tomoyo_merge_unix_acl()
A Denviron.c76 static bool tomoyo_same_env_acl(const struct tomoyo_acl_info *a, in tomoyo_same_env_acl() argument
79 const struct tomoyo_env_acl *p1 = container_of(a, typeof(*p1), head); in tomoyo_same_env_acl()
/security/keys/
A DKconfig14 associated with a process so that network filesystems, encryption
17 Furthermore, a special type of key is available that acts as keyring:
18 a searchable sequence of keys. Each process is equipped with access
34 wants to request a key that is likely the same as the one requested
37 An example of such a process is a pathwalk through a network
46 This option provides a register of persistent per-UID keyrings,
52 it is or by a process with administrative privileges. The active
57 removed if they expire (a default timeout is set upon creation).
77 generated and sealed by a trust source selected at kernel boot-time.
99 encrypted/decrypted with a 'master' symmetric key. The 'master'
[all …]
/security/loadpin/
A DKconfig11 have a root filesystem backed by a read-only device such as
12 dm-verity or a CDROM.
30 that use dm-verity. LoadPin maintains a list of verity root
37 expects a file descriptor of a file with verity digests as
/security/landlock/
A DKconfig9 Landlock is a sandboxing mechanism that enables processes to restrict
11 tailored access control policies. A Landlock security policy is a
12 set of access rights (e.g. open a file in read-only, make a
13 directory, etc.) tied to a file hierarchy. Such policy can be
/security/integrity/ima/
A DKconfig19 Measurement Architecture(IMA) maintains a list of hash
25 If your system has a TPM chip, then IMA also maintains
27 TPM hardware, so that the TPM can prove to a third party
41 a TPM's quote after a soft boot, the IMA measurement list of the
69 The original 'ima' measurement list template contains a
70 hash, defined as 20 bytes, and a null terminated pathname,
175 policy rules persist after loading a custom policy.
198 be signed and verified by a public key on the trusted IMA
211 and verified by a public key on the trusted IMA keyring.
223 and verified by a key on the trusted IMA keyring.
[all …]
/security/selinux/ss/
A Davtab.h109 int avtab_read_item(struct avtab *a, struct policy_file *fp, struct policydb *pol,
110 int (*insert)(struct avtab *a, const struct avtab_key *k,
114 int avtab_read(struct avtab *a, struct policy_file *fp, struct policydb *pol);
117 int avtab_write(struct policydb *p, struct avtab *a, struct policy_file *fp);
A Davtab.c340 int (*insertf)(struct avtab *a, const struct avtab_key *k, in avtab_read_item() argument
414 rc = insertf(a, &key, &datum, p); in avtab_read_item()
501 return insertf(a, &key, &datum, p); in avtab_read_item()
504 static int avtab_insertf(struct avtab *a, const struct avtab_key *k, in avtab_insertf() argument
507 return avtab_insert(a, k, d); in avtab_insertf()
528 rc = avtab_alloc(a, nel); in avtab_read()
533 rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL, false); in avtab_read()
549 avtab_destroy(a); in avtab_read()
596 buf[0] = cpu_to_le32(a->nel); in avtab_write()
601 for (i = 0; i < a->nslot; i++) { in avtab_write()
[all …]
/security/safesetid/
A DKconfig9 restrict UID/GID transitions from a given UID/GID to only those
10 approved by a system-wide whitelist. These restrictions also prohibit
12 with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
/security/selinux/
A DKconfig9 You will also need a policy configuration and a labeled filesystem.
17 This option adds a kernel parameter 'selinux', which allows SELinux
20 command line. The purpose of this option is to allow a single
58 chain lengths are high (e.g. > 20) then selecting a higher value here
/security/selinux/include/
A Davc.h102 u32 denied, int result, struct common_audit_data *a);
125 struct common_audit_data *a) in avc_audit() argument
132 result, a); in avc_audit()
/security/integrity/
A DKconfig9 of a number of different components including the Integrity
52 .evm keyrings be signed by a key on the system trusted
60 Provide a separate, distinct keyring for platform trusted keys, which
66 bool "Provide a keyring to which Machine Owner Keys may be added"
72 If set, provide a keyring to which Machine Owner Keys (MOK) may
124 option adds a kernel parameter 'integrity_audit', which

Completed in 47 milliseconds

12