| /security/tomoyo/ |
| A D | mount.c | 36 r->param.mount.flags); in tomoyo_audit_mount_log()
54 &acl->flags) && in tomoyo_check_mount_acl()
80 unsigned long flags) in tomoyo_mount_acl() argument
163 r->param.mount.flags = flags; in tomoyo_mount_acl()
203 flags &= ~MS_MGC_MSK; in tomoyo_mount_permission()
206 flags &= ~MS_REMOUNT; in tomoyo_mount_permission()
209 flags &= ~MS_BIND; in tomoyo_mount_permission()
214 flags &= ~MS_SHARED; in tomoyo_mount_permission()
219 flags &= ~MS_PRIVATE; in tomoyo_mount_permission()
224 flags &= ~MS_SLAVE; in tomoyo_mount_permission()
[all …]
|
| /security/apparmor/ |
| A D | mount.c | 29 if (flags & MS_RDONLY) in audit_mnt_flags()
33 if (flags & MS_NOSUID) in audit_mnt_flags()
35 if (flags & MS_NODEV) in audit_mnt_flags()
37 if (flags & MS_NOEXEC) in audit_mnt_flags()
41 if (flags & MS_REMOUNT) in audit_mnt_flags()
53 if (flags & MS_BIND) in audit_mnt_flags()
55 if (flags & MS_MOVE) in audit_mnt_flags()
57 if (flags & MS_SILENT) in audit_mnt_flags()
67 if (flags & MS_SLAVE) in audit_mnt_flags()
105 if (ad->mnt.flags) { in audit_cb()
[all …]
|
| A D | label.c | 219 new->flags |= u; in accum_label_info()
783 unsigned long flags; in aa_label_remove() local
805 unsigned long flags; in aa_label_replace() local
848 unsigned long flags; in vec_find() local
868 unsigned long flags; in vec_create_and_insert_label() local
922 unsigned long flags; in aa_label_insert() local
1048 unsigned long flags; in label_merge_insert() local
1176 unsigned long flags; in aa_label_find_merge() local
1467 int flags) in use_label_hname() argument
1544 int flags) in label_modename() argument
[all …]
|
| A D | secid.c | 54 int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT; in apparmor_label_to_secctx() local
61 flags |= FLAG_SHOW_MODE; in apparmor_label_to_secctx()
65 flags, GFP_ATOMIC); in apparmor_label_to_secctx()
67 len = aa_label_snxprint(NULL, 0, root_ns, label, flags); in apparmor_label_to_secctx()
128 unsigned long flags; in aa_alloc_secid() local
131 xa_lock_irqsave(&aa_secids, flags); in aa_alloc_secid()
134 xa_unlock_irqrestore(&aa_secids, flags); in aa_alloc_secid()
150 unsigned long flags; in aa_free_secid() local
152 xa_lock_irqsave(&aa_secids, flags); in aa_free_secid()
154 xa_unlock_irqrestore(&aa_secids, flags); in aa_free_secid()
|
| A D | path.c | 49 int flags, const char *disconnected) in disconnect() argument
53 if (!(flags & PATH_CONNECT_PATH) && in disconnect()
54 !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && in disconnect()
89 int flags, const char *disconnected) in d_namespace_path() argument
94 int isdir = (flags & PATH_IS_DIR) ? 1 : 0; in d_namespace_path()
113 error = disconnect(path, buf, name, flags, in d_namespace_path()
119 if (flags & PATH_CHROOT_REL) { in d_namespace_path()
152 error = disconnect(path, buf, name, flags, disconnected); in d_namespace_path()
161 !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) { in d_namespace_path()
197 int aa_path_name(const struct path *path, int flags, char *buffer, in aa_path_name() argument
[all …]
|
| A D | file.c | 157 error = aa_path_name(path, flags, buffer, name, &info, in path_name()
223 u32 request, struct path_cond *cond, int flags, in __aa_path_perm() argument
245 struct path_cond *cond, int flags, in profile_path_perm() argument
255 flags | profile->path_flags, buffer, &name, cond, in profile_path_perm()
260 flags, perms); in profile_path_perm()
277 const struct path *path, int flags, u32 request, in aa_path_perm() argument
292 request, cond, flags, &perms)); in aa_path_perm()
492 int flags, error; in __file_path_perm() local
508 request, &cond, flags, &perms)); in __file_path_perm()
522 buffer, request, &cond, flags, in __file_path_perm()
[all …]
|
| A D | match.c | 115 if (ACCEPT1_FLAGS(flags)) { in verify_table_headers()
121 if (ACCEPT2_FLAGS(flags)) { in verify_table_headers()
171 if (!(dfa->flags & YYTH_FLAG_DIFF_ENCODE)) { in verify_dfa()
181 if (!(dfa->flags & YYTH_FLAG_OOB_TRANS)) { in verify_dfa()
298 struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags) in aa_dfa_unpack() argument
323 dfa->flags = ntohs(*(__be16 *) (data + 12)); in aa_dfa_unpack()
324 if (dfa->flags & ~(YYTH_FLAGS)) in aa_dfa_unpack()
351 if (!(table->td_flags & ACCEPT1_FLAGS(flags))) in aa_dfa_unpack()
355 if (!(table->td_flags & ACCEPT2_FLAGS(flags))) in aa_dfa_unpack()
402 error = verify_table_headers(dfa->tables, flags); in aa_dfa_unpack()
[all …]
|
| /security/integrity/ima/ |
| A D | ima_policy.c | 101 unsigned int flags; member
159 .flags = IMA_FSMAGIC},
161 .flags = IMA_FSMAGIC},
168 .flags = IMA_FUNC | IMA_MASK},
170 .flags = IMA_FUNC | IMA_MASK},
215 .flags = IMA_FOWNER},
609 if (rule->flags & IMA_EUID) { in ima_match_rules()
620 if (rule->flags & IMA_EGID) { in ima_match_rules()
748 int action = 0, actmask = flags | (flags << 1); in ima_match_policy()
1861 entry->flags |= IMA_PCR; in ima_parse_rule()
[all …]
|
| A D | ima_appraise.c | 294 if (iint->flags & IMA_DIGSIG_REQUIRED) { in xattr_verify()
295 if (iint->flags & IMA_VERITY_REQUIRED) in xattr_verify()
328 if ((iint->flags & mask) == mask) { in xattr_verify()
366 if (iint->flags & IMA_DIGSIG_REQUIRED) { in xattr_verify()
455 if (!(iint->flags & IMA_CHECK_BLACKLIST)) in ima_check_blacklist()
525 if (iint->flags & IMA_DIGSIG_REQUIRED) { in ima_appraise_measurement()
526 if (iint->flags & IMA_VERITY_REQUIRED) in ima_appraise_measurement()
536 iint->flags |= IMA_NEW_FILE; in ima_appraise_measurement()
537 if ((iint->flags & IMA_NEW_FILE) && in ima_appraise_measurement()
638 !(iint->flags & IMA_HASH)) in ima_update_xattr()
[all …]
|
| A D | ima_api.c | 195 int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; in ima_get_action() local
197 flags &= ima_policy_flag; in ima_get_action()
200 flags, pcr, template_desc, func_data, in ima_get_action()
266 if (iint->flags & IMA_COLLECTED) in ima_collect_measurement()
285 if (iint->flags & IMA_VERITY_REQUIRED) { in ima_collect_measurement()
316 iint->flags |= IMA_COLLECTED; in ima_collect_measurement()
385 iint->flags |= IMA_MEASURED; in ima_store_measurement()
400 if (iint->flags & IMA_AUDITED) in ima_audit_measurement()
423 iint->flags |= IMA_AUDITED; in ima_audit_measurement()
|
| A D | ima_main.c | 200 if ((iint->flags & IMA_NEW_FILE) || in ima_check_last_writer()
319 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
333 iint->flags &= ~IMA_DONE_MASK; in process_measurement()
343 iint->flags &= ~(IMA_APPRAISED | in process_measurement()
351 iint->flags |= action; in process_measurement()
367 iint->flags |= IMA_HASHED; in process_measurement()
394 if (iint->flags & IMA_MODSIG_ALLOWED) { in process_measurement()
398 iint->flags & IMA_MEASURED) in process_measurement()
446 !(iint->flags & IMA_NEW_FILE)) in process_measurement()
477 unsigned long prot, unsigned long flags) in ima_file_mmap() argument
[all …]
|
| /security/keys/ |
| A D | key.c | 304 if (flags & KEY_ALLOC_BUILT_IN) in key_alloc()
306 if (flags & KEY_ALLOC_UID_KEYRING) in key_alloc()
308 if (flags & KEY_ALLOC_SET_KEEP) in key_alloc()
309 key->flags |= 1 << KEY_FLAG_KEEP; in key_alloc()
385 unsigned long flags; in key_payload_reserve() local
653 unsigned long flags; in key_put() local
812 unsigned long flags, in __key_create_or_update() argument
983 flags, false); in __key_create_or_update()
1019 unsigned long flags) in key_create_or_update() argument
1022 plen, perm, flags, true); in key_create_or_update()
[all …]
|
| A D | request_key.c | 29 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | in check_cached_key()
42 if (!(t->flags & PF_KTHREAD)) { in cache_requested_key()
291 &authkey->flags)) in construct_get_dest_keyring()
371 unsigned long flags, in construct_alloc_key() argument
397 perm, flags, NULL); in construct_alloc_key()
401 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); in construct_alloc_key()
494 unsigned long flags) in construct_key_and_link() argument
581 unsigned long flags) in request_key_and_link() argument
592 .flags = (KEYRING_SEARCH_DO_STATE_CHECK | in request_key_and_link()
654 aux, dest_keyring, flags); in request_key_and_link()
[all …]
|
| A D | permission.c | 104 unsigned long flags = READ_ONCE(key->flags); in key_validate() local
107 if (flags & (1 << KEY_FLAG_INVALIDATED)) in key_validate()
111 if (flags & ((1 << KEY_FLAG_REVOKED) | in key_validate()
|
| A D | proc.c | 157 unsigned long flags; in proc_keys_show() local
171 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | in proc_keys_show()
225 flags = READ_ONCE(key->flags); in proc_keys_show()
229 showflag(flags, 'R', KEY_FLAG_REVOKED), in proc_keys_show()
230 showflag(flags, 'D', KEY_FLAG_DEAD), in proc_keys_show()
231 showflag(flags, 'Q', KEY_FLAG_IN_QUOTA), in proc_keys_show()
232 showflag(flags, 'U', KEY_FLAG_USER_CONSTRUCT), in proc_keys_show()
234 showflag(flags, 'i', KEY_FLAG_INVALIDATED), in proc_keys_show()
|
| A D | keyring.c | 222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key()
519 unsigned long flags, in keyring_alloc() argument
578 unsigned long kflags = READ_ONCE(key->flags); in keyring_search_iterator()
684 BUG_ON((ctx->flags & STATE_CHECKS) == 0 || in search_nested_keyrings()
729 if (!(ctx->flags & KEYRING_SEARCH_RECURSE)) in search_nested_keyrings()
953 .flags = KEYRING_SEARCH_DO_STATE_CHECK, in keyring_search()
959 ctx.flags |= KEYRING_SEARCH_RECURSE; in keyring_search()
1123 if (key->flags & ((1 << KEY_FLAG_INVALIDATED) | in find_key_to_update()
1169 &keyring->flags)) in find_keyring_by_name()
1223 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | in keyring_detect_cycle()
[all …]
|
| /security/ |
| A D | lsm_syscalls.c | 56 ctx, u32, size, u32, flags) in SYSCALL_DEFINE4() argument
58 return security_setselfattr(attr, ctx, size, flags); in SYSCALL_DEFINE4()
78 ctx, u32 __user *, size, u32, flags) in SYSCALL_DEFINE4() argument
80 return security_getselfattr(attr, ctx, size, flags); in SYSCALL_DEFINE4()
97 u32, flags) in SYSCALL_DEFINE3() argument
103 if (flags) in SYSCALL_DEFINE3()
|
| A D | security.c | 906 nctx->flags = flags; in lsm_fill_user_ctx()
2019 unsigned int flags) in security_path_rename() argument
2254 unsigned int flags) in security_inode_rename() argument
2423 flags); in security_inode_setxattr()
2737 flags); in security_inode_setsecurity()
3013 flags); in security_mmap_file()
3458 int flags) in security_task_fix_setuid() argument
3478 int flags) in security_task_fix_setgid() argument
3624 unsigned int flags) in security_task_prlimit() argument
4154 if (flags) { in security_getselfattr()
[all …]
|
| /security/selinux/ss/ |
| A D | sidtab.c | 270 unsigned long flags; in sidtab_context_to_sid() local
281 spin_lock_irqsave(&s->lock, flags); in sidtab_context_to_sid()
359 spin_unlock_irqrestore(&s->lock, flags); in sidtab_context_to_sid()
428 unsigned long flags; in sidtab_convert() local
432 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
469 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
478 spin_lock_irqsave(&s->lock, flags); in sidtab_convert()
487 unsigned long flags; in sidtab_cancel_convert() local
490 spin_lock_irqsave(&s->lock, flags); in sidtab_cancel_convert()
498 spin_lock_irqsave(&s->lock, *flags); in sidtab_freeze_begin()
[all …]
|
| /security/apparmor/include/ |
| A D | mount.h | 30 unsigned long flags, void *data);
34 const char *old_name, unsigned long flags);
39 unsigned long flags);
50 const struct path *path, const char *type, unsigned long flags,
54 struct aa_label *label, struct vfsmount *mnt, int flags);
|
| A D | file.h | 89 u32 request, struct path_cond *cond, int flags,
93 int flags, u32 request, struct path_cond *cond);
114 int flags = file->f_flags; in aa_map_file_to_perms() local
122 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms()
125 if (flags & O_TRUNC) in aa_map_file_to_perms()
127 if (flags & O_CREAT) in aa_map_file_to_perms()
|
| A D | label.h | 59 int aa_vec_unique(struct aa_profile **vec, int n, int flags);
133 long flags; member
157 #define label_isprofile(X) ((X)->flags & FLAG_PROFILE)
158 #define label_unconfined(X) ((X)->flags & FLAG_UNCONFINED)
160 #define label_is_stale(X) ((X)->flags & FLAG_STALE)
161 #define __label_make_stale(X) ((X)->flags |= FLAG_STALE)
298 struct aa_label *label, int flags);
300 int flags, gfp_t gfp);
302 struct aa_label *label, int flags, gfp_t gfp);
304 struct aa_label *label, int flags, gfp_t gfp);
[all …]
|
| A D | domain.h | 30 int aa_change_hat(const char *hats[], int count, u64 token, int flags);
31 int aa_change_profile(const char *fqname, int flags);
|
| /security/landlock/ |
| A D | syscalls.c | 197 const size_t, size, const __u32, flags) in SYSCALL_DEFINE3() argument
209 if (flags) { in SYSCALL_DEFINE3()
213 if (flags == LANDLOCK_CREATE_RULESET_VERSION) in SYSCALL_DEFINE3()
216 if (flags == LANDLOCK_CREATE_RULESET_ERRATA) in SYSCALL_DEFINE3()
420 const void __user *const, rule_attr, const __u32, flags) in SYSCALL_DEFINE4() argument
428 if (flags) in SYSCALL_DEFINE4()
479 flags) in SYSCALL_DEFINE2() argument
499 if ((flags | LANDLOCK_MASK_RESTRICT_SELF) != in SYSCALL_DEFINE2()
504 log_same_exec = !(flags & LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF); in SYSCALL_DEFINE2()
506 log_new_exec = !!(flags & LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON); in SYSCALL_DEFINE2()
[all …]
|
| /security/selinux/ |
| A D | ibpkey.c | 134 unsigned long flags; in sel_ib_pkey_sid_slow() local
136 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
140 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
163 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_sid_slow()
207 unsigned long flags; in sel_ib_pkey_flush() local
209 spin_lock_irqsave(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
218 spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); in sel_ib_pkey_flush()
|