| /security/apparmor/ |
| A D | audit.c | 101 if (ad->op) in audit_pre()
104 if (ad->class) in audit_pre()
110 if (ad->info) { in audit_pre()
112 if (ad->error) in audit_pre()
116 if (ad->subj_label) { in audit_pre()
136 if (ad->name) { in audit_pre()
151 ad->type = type; in aa_audit_msg()
173 if (likely(!ad->error)) { in aa_audit()
185 return ad->error; in aa_audit()
197 ad->common.u.tsk ? ad->common.u.tsk : current); in aa_audit()
[all …]
|
| A D | ipc.c | 59 audit_signal_mask(ad->request)); in audit_signal_cb()
65 if (ad->signal == SIGUNKNOWN) in audit_signal_cb()
67 ad->unmappedsig); in audit_signal_cb()
72 ad->signal - SIGRT_BASE); in audit_signal_cb()
74 aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, in audit_signal_cb()
90 ad->subj_cred = cred; in profile_signal_perm()
91 ad->peer = peer; in profile_signal_perm()
109 ad.signal = map_signal_num(sig); in aa_may_signal()
110 ad.unmappedsig = sig; in aa_may_signal()
113 MAY_WRITE, &ad), in aa_may_signal()
[all …]
|
| A D | task.c | 212 audit_ptrace_mask(ad->request)); in audit_ptrace_cb()
220 aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, in audit_ptrace_cb()
234 ad->subj_cred = cred; in profile_ptrace_perm()
235 ad->peer = peer; in profile_ptrace_perm()
269 ad->subj_label = &tracer->label; in profile_tracer_perm()
270 ad->peer = tracee; in profile_tracer_perm()
271 ad->request = 0; in profile_tracer_perm()
308 if (ad->request & AA_USERNS_CREATE) in audit_ns_cb()
311 if (ad->denied & AA_USERNS_CREATE) in audit_ns_cb()
322 ad->subj_label = &profile->label; in aa_profile_ns_perm()
[all …]
|
| A D | af_unix.c | 240 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_sk_perm()
248 ad); in profile_sk_perm()
263 AA_BUG(!ad); in profile_bind_perm()
268 if (is_unix_addr_fs(ad->net.addr, ad->net.addrlen)) in profile_bind_perm()
294 AA_BUG(!ad); in profile_listen_perm()
331 AA_BUG(!ad); in profile_accept_perm()
361 AA_BUG(!ad); in profile_opt_perm()
381 ad); in profile_opt_perm()
403 AA_BUG(!ad); in profile_peer_perm()
410 return unix_fs_perm(ad->op, request, ad->subj_cred, in profile_peer_perm()
[all …]
|
| A D | net.c | 124 ad->common.u.net->family); in audit_net_cb()
130 ad->net.type); in audit_net_cb()
145 if (ad->net.addr || !ad->common.u.net->sk) in audit_net_cb()
147 unix_addr(ad->net.addr), in audit_net_cb()
148 ad->net.addrlen); in audit_net_cb()
154 ad->net.peer.addrlen); in audit_net_cb()
157 if (ad->peer) { in audit_net_cb()
159 aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, in audit_net_cb()
268 protocol, &p, &ad->info); in aa_profile_af_perm()
298 ad.subj_cred = subj_cred; in aa_label_sk_perm()
[all …]
|
| A D | capability.c | 76 ad->error = error; in audit_caps()
104 ent->ad_subj_cred = get_cred(ad->subj_cred); in audit_caps()
109 return aa_audit(type, profile, ad, audit_cb); in audit_caps()
128 state = RULE_MEDIATES(rules, ad->class); in profile_capable()
141 ad->info = "optional: no audit"; in profile_capable()
143 ad = NULL; in profile_capable()
162 ad->info = "optional: no audit"; in profile_capable()
165 return audit_caps(ad, profile, cap, error); in profile_capable()
186 ad.subj_cred = subj_cred; in aa_capable()
187 ad.common.u.cap = cap; in aa_capable()
[all …]
|
| A D | resource.c | 33 struct apparmor_audit_data *ad = aad(sa); in audit_cb() local
36 rlim_names[ad->rlim.rlim], ad->rlim.max); in audit_cb()
37 if (ad->peer) { in audit_cb()
39 aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, in audit_cb()
61 DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_RLIMITS, in audit_resource()
64 ad.subj_cred = subj_cred; in audit_resource()
65 ad.rlim.rlim = resource; in audit_resource()
66 ad.rlim.max = value; in audit_resource()
67 ad.peer = peer; in audit_resource()
68 ad.info = info; in audit_resource()
[all …]
|
| A D | file.c | 49 kuid_t fsuid = ad->subj_cred ? ad->subj_cred->fsuid : current_fsuid(); in file_audit_cb()
69 if (ad->peer) { in file_audit_cb()
71 aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, in file_audit_cb()
106 ad.name = name; in aa_audit_file()
108 ad.peer = tlabel; in aa_audit_file()
109 ad.fs.ouid = ouid; in aa_audit_file()
110 ad.info = info; in aa_audit_file()
111 ad.error = error; in aa_audit_file()
128 ad.request = ad.request & ~perms->allow; in aa_audit_file()
140 if (!ad.request) in aa_audit_file()
[all …]
|
| A D | mount.c | 93 if (ad->mnt.type) { in audit_cb()
101 if (ad->mnt.trans) { in audit_cb()
105 if (ad->mnt.flags) { in audit_cb()
110 if (ad->mnt.data) { in audit_cb()
174 ad.name = name; in audit_mount()
176 ad.mnt.type = type; in audit_mount()
177 ad.mnt.trans = trans; in audit_mount()
178 ad.mnt.flags = flags; in audit_mount()
180 ad.mnt.data = data; in audit_mount()
181 ad.info = info; in audit_mount()
[all …]
|
| A D | lib.c | 226 ad.info = str; in aa_info_message()
227 aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, NULL); in aa_info_message()
419 u32 request, struct apparmor_audit_data *ad, in aa_check_perms() argument
428 if (!request || !ad) in aa_check_perms()
447 if (!ad || !denied) in aa_check_perms()
451 if (ad) { in aa_check_perms()
452 ad->subj_label = &profile->label; in aa_check_perms()
453 ad->request = request; in aa_check_perms()
454 ad->denied = denied; in aa_check_perms()
455 ad->error = error; in aa_check_perms()
[all …]
|
| A D | lsm.c | 613 audit_uring_mask(ad->request)); in audit_uring_cb()
616 audit_uring_mask(ad->denied)); in audit_uring_cb()
619 if (ad->uring.target) { in audit_uring_cb()
622 ad->uring.target, in audit_uring_cb()
629 struct apparmor_audit_data *ad) in profile_uring() argument
672 ad.uring.target = cred_label(new); in apparmor_uring_override_creds()
922 ad.info = "current"; in do_setattr()
924 ad.info = "exec"; in do_setattr()
926 ad.info = "invalid"; in do_setattr()
927 ad.error = error = -EINVAL; in do_setattr()
[all …]
|
| A D | policy_unpack.c | 38 struct apparmor_audit_data *ad = aad(sa); in audit_cb() local
40 if (ad->iface.ns) { in audit_cb()
44 if (ad->name) { in audit_cb()
46 audit_log_untrustedstring(ab, ad->name); in audit_cb()
48 if (ad->iface.pos) in audit_cb()
70 ad.iface.pos = e->pos - e->start; in audit_iface()
71 ad.iface.ns = ns_name; in audit_iface()
73 ad.name = new->base.hname; in audit_iface()
75 ad.name = name; in audit_iface()
76 ad.info = info; in audit_iface()
[all …]
|
| A D | policy.c | 782 struct apparmor_audit_data *ad = aad(sa); in audit_cb() local
784 if (ad->iface.ns) { in audit_cb()
786 audit_log_untrustedstring(ab, ad->iface.ns); in audit_cb()
805 DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, op); in audit_policy()
807 ad.iface.ns = ns_name; in audit_policy()
808 ad.name = name; in audit_policy()
809 ad.info = info; in audit_policy()
810 ad.error = error; in audit_policy()
811 ad.subj_label = subj_label; in audit_policy()
813 aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb); in audit_policy()
|
| /security/smack/ |
| A D | smack_lsm.c | 425 saip = &ad; in smk_ptrace_rule_check()
881 struct smk_audit_info ad; in smack_sb_statfs() local
1059 struct smk_audit_info ad; in smack_inode_link() local
1090 struct smk_audit_info ad; in smack_inode_unlink() local
1123 struct smk_audit_info ad; in smack_inode_rmdir() local
1166 struct smk_audit_info ad; in smack_inode_rename() local
1196 struct smk_audit_info ad; in smack_inode_permission() local
1233 struct smk_audit_info ad; in smack_inode_setattr() local
1257 struct smk_audit_info ad; in smack_inode_getattr() local
1312 struct smk_audit_info ad; in smack_inode_setxattr() local
[all …]
|
| A D | smack_access.c | 321 struct common_audit_data *ad = a; in smack_log_callback() local
322 struct smack_audit_data *sad = ad->smack_audit_data; in smack_log_callback()
324 ad->smack_audit_data->function, in smack_log_callback()
348 int result, struct smk_audit_info *ad) in smack_log() argument
356 struct common_audit_data *a = &ad->a; in smack_log()
395 int result, struct smk_audit_info *ad) in smack_log() argument
|
| /security/selinux/ |
| A D | hooks.c | 237 ad->u.net = net; in __ad_net_init()
1763 &ad); in file_has_perm()
1833 &ad); in may_create()
2087 &ad); in selinux_binder_transfer_file()
2103 &ad); in selinux_binder_transfer_file()
3021 &ad); in selinux_inode_init_security_anon()
3404 &ad); in selinux_inode_setxattr()
3827 &ad); in ioctl_has_perm()
4790 &ad); in sock_has_perm()
5214 &ad); in selinux_socket_unix_may_send()
[all …]
|
| A D | xfrm.c | 400 struct common_audit_data *ad) in selinux_xfrm_sock_rcv_skb() argument
422 SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad); in selinux_xfrm_sock_rcv_skb()
433 struct common_audit_data *ad, u8 proto) in selinux_xfrm_postroute_last() argument
465 SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad); in selinux_xfrm_postroute_last()
|
| A D | avc.c | 417 struct common_audit_data *ad) in avc_xperms_audit() argument
426 audited, denied, result, ad); in avc_xperms_audit()
653 struct common_audit_data *ad = a; in avc_audit_pre_callback() local
654 struct selinux_audit_data *sad = ad->selinux_audit_data; in avc_audit_pre_callback()
694 struct common_audit_data *ad = a; in avc_audit_post_callback() local
695 struct selinux_audit_data *sad = ad->selinux_audit_data; in avc_audit_post_callback()
1021 struct common_audit_data *ad) in avc_has_extended_perms() argument
1091 &avd, xpd, xperm, rc, ad); in avc_has_extended_perms()
|
| /security/ |
| A D | lsm_audit.c | 59 ad->u.net->sport = th->source; in ipv4_skb_to_auditdata()
60 ad->u.net->dport = th->dest; in ipv4_skb_to_auditdata()
66 ad->u.net->sport = uh->source; in ipv4_skb_to_auditdata()
67 ad->u.net->dport = uh->dest; in ipv4_skb_to_auditdata()
73 ad->u.net->sport = sh->source; in ipv4_skb_to_auditdata()
74 ad->u.net->dport = sh->dest; in ipv4_skb_to_auditdata()
120 ad->u.net->sport = th->source; in ipv6_skb_to_auditdata()
121 ad->u.net->dport = th->dest; in ipv6_skb_to_auditdata()
131 ad->u.net->sport = uh->source; in ipv6_skb_to_auditdata()
132 ad->u.net->dport = uh->dest; in ipv6_skb_to_auditdata()
[all …]
|
| /security/selinux/include/ |
| A D | xfrm.h | 42 struct common_audit_data *ad);
44 struct common_audit_data *ad, u8 proto);
64 struct common_audit_data *ad) in selinux_xfrm_sock_rcv_skb() argument
70 struct common_audit_data *ad, in selinux_xfrm_postroute_last() argument
|
| A D | netlabel.h | 46 struct common_audit_data *ad);
116 struct common_audit_data *ad) in selinux_netlbl_sock_rcv_skb() argument
|
| A D | avc.h | 147 struct common_audit_data *ad);
|
| /security/apparmor/include/ |
| A D | net.h | 90 struct apparmor_audit_data *ad);
97 struct apparmor_audit_data *ad,
103 struct apparmor_audit_data *ad, in aa_profile_af_sk_perm() argument
107 return aa_profile_af_perm(profile, ad, request, sk->sk_family, in aa_profile_af_sk_perm()
|
| A D | audit.h | 184 void aa_audit_msg(int type, struct apparmor_audit_data *ad,
187 struct apparmor_audit_data *ad,
|
| A D | task.h | 103 struct apparmor_audit_data *ad, u32 request);
|