| /security/integrity/ima/ |
| A D | ima_policy.c | 1412 char *from; in ima_parse_rule() local
1549 from = args[0].from; in ima_parse_rule()
1550 if (*from == '^') in ima_parse_rule()
1551 from++; in ima_parse_rule()
1553 if ((strcmp(from, "MAY_EXEC")) == 0) in ima_parse_rule()
1555 else if (strcmp(from, "MAY_WRITE") == 0) in ima_parse_rule()
1557 else if (strcmp(from, "MAY_READ") == 0) in ima_parse_rule()
1564 entry->flags |= (*args[0].from == '^') in ima_parse_rule()
1653 args[0].from, token); in ima_parse_rule()
1688 args[0].from, token); in ima_parse_rule()
[all …]
|
| A D | Kconfig | 151 the security extended attributes from offline attack, enable
179 to be signed. Unsigned files might prevent the system from
180 booting or applications from working properly.
231 (eg. fix, log) from the boot command line.
284 loading from the kernel onto the '.ima' trusted keyring.
|
| /security/tomoyo/policy/ |
| A D | exception_policy.conf.default | 1 initialize_domain /sbin/modprobe from any
2 initialize_domain /sbin/hotplug from any
|
| /security/keys/trusted-keys/ |
| A D | trusted_tpm1.c | 775 opt->pcrinfo_len = strlen(args[0].from) / 2; in getoptions()
778 res = hex2bin(opt->pcrinfo, args[0].from, in getoptions()
784 res = kstrtoul(args[0].from, 16, &handle); in getoptions()
793 res = hex2bin(opt->keyauth, args[0].from, in getoptions()
804 opt->blobauth_len = strlen(args[0].from); in getoptions()
807 res = hex2bin(opt->blobauth, args[0].from, in getoptions()
817 memcpy(opt->blobauth, args[0].from, in getoptions()
827 if (*args[0].from == '0') in getoptions()
829 else if (*args[0].from != '1') in getoptions()
833 res = kstrtoul(args[0].from, 10, &lock); in getoptions()
[all …]
|
| /security/safesetid/ |
| A D | Kconfig | 9 restrict UID/GID transitions from a given UID/GID to only those
11 the given UIDs/GIDs from obtaining auxiliary privileges associated
|
| /security/loadpin/ |
| A D | Kconfig | 9 enabled, any files that come from other filesystems will be
26 bool "Allow reading files from certain other filesystems that use dm-verity"
29 If selected LoadPin can allow reading files from filesystems
|
| /security/keys/ |
| A D | keyctl.c | 1174 struct iov_iter *from, in keyctl_instantiate_key_common() argument
1180 size_t plen = from ? iov_iter_count(from) : 0; in keyctl_instantiate_key_common()
1187 from = NULL; in keyctl_instantiate_key_common()
1207 if (from) { in keyctl_instantiate_key_common()
1214 if (!copy_from_iter_full(payload, plen, from)) in keyctl_instantiate_key_common()
1256 struct iov_iter from; in keyctl_instantiate_key() local
1260 &from); in keyctl_instantiate_key()
1264 return keyctl_instantiate_key_common(id, &from, ringid); in keyctl_instantiate_key()
1285 struct iov_iter from; in keyctl_instantiate_key_iov() local
1292 ARRAY_SIZE(iovstack), &iov, &from); in keyctl_instantiate_key_iov()
[all …]
|
| A D | keyctl_pkey.c | 53 q = args[0].from; in keyctl_pkey_params_parse()
|
| /security/integrity/evm/ |
| A D | Kconfig | 66 This option enables X509 certificate loading from the kernel
68 verify EVM integrity starting from the 'init' process. The
|
| /security/ |
| A D | Kconfig.hardening | 15 …rivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
89 bool "Poison kernel stack before returning from syscalls"
94 returning from system calls. This has the effect of leaving
113 This plugin was ported from grsecurity/PaX. More information at:
230 copying memory to/from the kernel (via copy_to_user() and
341 This plugin was ported from grsecurity/PaX. More
|
| A D | Kconfig | 65 No specific hardware features from the CPU are needed.
126 derived from IPSec policy. Non-IPSec communications are
172 int "Low address space for LSM to protect from user allocation"
178 from userspace allocation. Keeping a user from writing to low pages
|
| A D | security.c | 214 static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) in append_ordered_lsm() argument
220 if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from)) in append_ordered_lsm()
228 init_debug("%s ordered: %s (%s)\n", from, lsm->name, in append_ordered_lsm()
1009 int security_binder_transaction(const struct cred *from, in security_binder_transaction() argument
1012 return call_int_hook(binder_transaction, from, to); in security_binder_transaction()
1024 int security_binder_transfer_binder(const struct cred *from, in security_binder_transfer_binder() argument
1027 return call_int_hook(binder_transfer_binder, from, to); in security_binder_transfer_binder()
1040 int security_binder_transfer_file(const struct cred *from, in security_binder_transfer_file() argument
1043 return call_int_hook(binder_transfer_file, from, to, file); in security_binder_transfer_file()
|
| /security/ipe/ |
| A D | Kconfig | 61 policies. The property evaluates to TRUE when a file from a dm-verity
70 policies. The property evaluates to TRUE when a file from a dm-verity
|
| /security/integrity/ |
| A D | Kconfig | 31 usually only added from initramfs.
61 the kernel automatically populates during initialization from values
|
| /security/smack/ |
| A D | smack_lsm.c | 726 char *from = options, *to = options; in smack_sb_eat_lsm_opts() local
730 char *next = strchr(from, ','); in smack_sb_eat_lsm_opts()
735 len = next - from; in smack_sb_eat_lsm_opts()
737 len = strlen(from); in smack_sb_eat_lsm_opts()
739 token = match_opt_prefix(from, len, &arg); in smack_sb_eat_lsm_opts()
741 arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); in smack_sb_eat_lsm_opts()
752 from--; in smack_sb_eat_lsm_opts()
755 if (to != from) in smack_sb_eat_lsm_opts()
756 memmove(to, from, len); in smack_sb_eat_lsm_opts()
760 if (!from[len]) in smack_sb_eat_lsm_opts()
[all …]
|
| /security/tomoyo/ |
| A D | Kconfig | 53 enforcing mode from the beginning, you can reduce the possibility of
|
| /security/selinux/ |
| A D | hooks.c | 2046 u32 fromsid = cred_sid(from); in selinux_binder_transaction()
2064 return avc_has_perm(cred_sid(from), cred_sid(to), in selinux_binder_transfer_binder()
2600 char *from = options; in selinux_sb_eat_lsm_opts() local
2606 int len = opt_len(from); in selinux_sb_eat_lsm_opts()
2610 token = match_opt_prefix(from, len, &arg); in selinux_sb_eat_lsm_opts()
2617 for (p = q = arg; p < from + len; p++) { in selinux_sb_eat_lsm_opts()
2636 from--; in selinux_sb_eat_lsm_opts()
2639 if (to != from) in selinux_sb_eat_lsm_opts()
2640 memmove(to, from, len); in selinux_sb_eat_lsm_opts()
2644 if (!from[len]) in selinux_sb_eat_lsm_opts()
[all …]
|
| /security/selinux/ss/ |
| A D | services.c | 956 const struct extended_perms_data *from, in update_xperms_extended_data() argument
968 xp_data->p[i] |= from->p[i]; in update_xperms_extended_data()
|