| /security/landlock/ |
| A D | audit.c | 89 const access_mask_t access) in log_blockers() argument
230 access_mask_t access; in test_get_denied_layer() local
232 access = LANDLOCK_ACCESS_FS_EXECUTE; in test_get_denied_layer()
254 KUNIT_EXPECT_EQ(test, access, in test_get_denied_layer()
268 KUNIT_EXPECT_EQ(test, access, 0); in test_get_denied_layer()
314 access_mask_t access; in test_get_layer_from_deny_masks() local
321 get_layer_from_deny_masks(&access, in test_get_layer_from_deny_masks()
328 get_layer_from_deny_masks(&access, in test_get_layer_from_deny_masks()
348 KUNIT_EXPECT_EQ(test, access, in test_get_layer_from_deny_masks()
363 if (request->access) { in is_valid_request()
[all …]
|
| A D | ruleset.c | 253 this->layers[0].access |= (*layers)[0].access; in insert_rule()
290 .access = ~0, in build_check_layer()
294 BUILD_BUG_ON(layer.access < LANDLOCK_MASK_ACCESS_FS); in build_check_layer()
300 const access_mask_t access) in landlock_insert_rule() argument
303 .access = access, in landlock_insert_rule()
345 layers[0].access = walker_rule->layers[0].access; in merge_tree()
652 if (layer->access & BIT_ULL(access_bit)) in landlock_unmask_layers()
|
| A D | fs.c | 934 log_request_parent1->access = access_masked_parent1; in is_access_to_paths_allowed()
1225 if (request1.access) { in current_check_refer_path()
1229 if (request2.access) { in current_check_refer_path()
1579 access_mask_t access = 0; in get_required_file_open_access() local
1585 access = LANDLOCK_ACCESS_FS_READ_FILE; in get_required_file_open_access()
1588 access |= LANDLOCK_ACCESS_FS_WRITE_FILE; in get_required_file_open_access()
1591 access |= LANDLOCK_ACCESS_FS_EXECUTE; in get_required_file_open_access()
1592 return access; in get_required_file_open_access()
1686 request.access = open_access_request; in hook_file_open()
1713 .access = LANDLOCK_ACCESS_FS_TRUNCATE, in hook_file_truncate()
[all …]
|
| A D | Kconfig | 11 tailored access control policies. A Landlock security policy is a
12 set of access rights (e.g. open a file in read-only, make a
|
| A D | ruleset.h | 37 access_mask_t access; member
205 const access_mask_t access);
|
| A D | audit.h | 43 access_mask_t access; member
|
| A D | net.c | 191 .access = access_request, in current_check_access_socket()
|
| /security/ |
| A D | device_cgroup.c | 38 short access; member
118 walk->access |= ex->access; in dev_exception_add()
146 walk->access &= ~ex->access; in dev_exception_rm()
147 if (!walk->access) { in dev_exception_rm()
254 if (access & DEVCG_ACC_READ) in set_access()
342 if (access & (~ex->access)) in match_exception()
388 if (!(access & ex->access)) in match_exception_partial()
431 refex->access); in verify_new_ex()
446 refex->access); in verify_new_ex()
833 short access) in devcgroup_legacy_check_permission() argument
[all …]
|
| A D | Kconfig | 11 bool "Restrict unprivileged access to the kernel syslog"
23 prompt "Allow /proc/pid/mem access override"
39 permissions if you have ptrace access rights.
42 bool "Require active ptrace() use for access override"
107 implement socket and networking access controls.
116 implement Infiniband access controls.
125 implement per-packet access controls based on labels
133 bool "Security hooks for pathname based access control"
136 This enables the security hooks for pathname based access control.
138 implement pathname based access controls.
|
| A D | Kconfig.hardening | 254 immediate access fault.
|
| /security/smack/ |
| A D | Kconfig | 17 bool "Reporting on access granted by Smack rules"
21 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule with the "b" mode a
23 message about the access requested is generated. The
25 of access initially with the bringup mode set on the
29 access rule set once the behavior is well understood.
|
| A D | smack_access.c | 287 int smack_str_from_perm(char *string, int access) in smack_str_from_perm() argument
291 if (access & MAY_READ) in smack_str_from_perm()
293 if (access & MAY_WRITE) in smack_str_from_perm()
295 if (access & MAY_EXEC) in smack_str_from_perm()
297 if (access & MAY_APPEND) in smack_str_from_perm()
299 if (access & MAY_TRANSMUTE) in smack_str_from_perm()
301 if (access & MAY_LOCK) in smack_str_from_perm()
303 if (access & MAY_BRINGUP) in smack_str_from_perm()
|
| A D | smack_lsm.c | 2189 static int smk_curacc_on_task(struct task_struct *p, int access, in smk_curacc_on_task() argument
2198 rc = smk_curacc(skp, access, &ad); in smk_curacc_on_task()
2199 rc = smk_bu_task(p, access, rc); in smk_curacc_on_task()
3131 static int smk_curacc_shm(struct kern_ipc_perm *isp, int access) in smk_curacc_shm() argument
3141 rc = smk_curacc(ssp, access, &ad); in smk_curacc_shm()
3142 rc = smk_bu_current("shm", ssp, access, rc); in smk_curacc_shm()
3220 static int smk_curacc_sem(struct kern_ipc_perm *isp, int access) in smk_curacc_sem() argument
3230 rc = smk_curacc(ssp, access, &ad); in smk_curacc_sem()
3231 rc = smk_bu_current("sem", ssp, access, rc); in smk_curacc_sem()
3325 rc = smk_curacc(msp, access, &ad); in smk_curacc_msq()
[all …]
|
| A D | smack.h | 287 int smack_str_from_perm(char *string, int access);
|
| /security/yama/ |
| A D | yama_lsm.c | 47 const char *access; member
63 info->access, target_cmd, info->target->pid, agent_cmd, in __report_access()
75 static void report_access(const char *access, struct task_struct *target, in report_access() argument
88 access, target->comm, target->pid, agent->comm, agent->pid); in report_access()
98 info->access = access; in report_access()
|
| A D | Kconfig | 9 access controls. Currently available is ptrace scope restriction.
|
| /security/tomoyo/ |
| A D | Kconfig | 11 This selects TOMOYO Linux, pathname-based access control.
24 Some programs access thousands of objects, so running
45 Say Y here if you want to activate access control as soon as built-in
|
| /security/keys/ |
| A D | Kconfig | 7 bool "Enable access key retention support"
11 access keys in the kernel.
18 a searchable sequence of keys. Each process is equipped with access
53 LSMs gets to rule on which admin-level processes get to access the
|
| /security/ipe/ |
| A D | policy_fs.c | 28 umode_t access; member
473 d = securityfs_create_file(f->name, f->access, policyfs, in ipe_new_policyfs_node()
|
| A D | Kconfig | 18 allowing users to define a policy to enforce a trust-based access
|
| /security/selinux/ |
| A D | Kconfig | 45 This option collects access vector cache statistics to
|