Home
last modified time | relevance | path

Searched refs:label (Results 1 – 25 of 38) sorted by relevance

12

/security/apparmor/
A Dlabel.c67 rcu_assign_pointer(new->label, aa_get_label(label)); in aa_alloc_proxy()
339 if (rcu_dereference_protected(label->proxy->label, true) == label) in aa_label_destroy()
340 rcu_assign_pointer(label->proxy->label, NULL); in aa_label_destroy()
769 return __vec_find(label->vec, label->size); in __label_find()
1064 AA_BUG(!new->vec[k]->label.proxy->label); in label_merge_insert()
1081 label = aa_get_label(&new->vec[0]->label); in label_merge_insert()
1444 if (label->hname || labels_ns(label) != ns) in aa_update_label_name()
1920 label = aa_get_label(&vec[0]->label); in aa_label_strn_parse()
1999 vec_is_stale(label->vec, label->size)) && in labelset_next_stale()
2049 AA_BUG(!new->vec[i]->label.proxy->label); in __label_update()
[all …]
A Dsecid.c57 if (!label) in apparmor_label_to_secctx()
84 return apparmor_label_to_secctx(label, cp); in apparmor_secid_to_secctx()
89 struct aa_label *label; in apparmor_lsmprop_to_secctx() local
91 label = prop->apparmor.label; in apparmor_lsmprop_to_secctx()
98 struct aa_label *label; in apparmor_secctx_to_secid() local
100 label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, in apparmor_secctx_to_secid()
102 if (IS_ERR(label)) in apparmor_secctx_to_secid()
103 return PTR_ERR(label); in apparmor_secctx_to_secid()
104 *secid = label->secid; in apparmor_secctx_to_secid()
132 ret = __xa_alloc(&aa_secids, &label->secid, label, in aa_alloc_secid()
[all …]
A Dlsm.c509 rcu_assign_pointer(ctx->label, aa_get_label(label)); in apparmor_file_alloc_security()
813 if (label) { in apparmor_getselfattr()
846 if (label) in apparmor_getprocattr()
997 prop->apparmor.label = label; in apparmor_current_getlsmprop_subj()
1006 prop->apparmor.label = label; in apparmor_task_getlsmprop_obj()
1084 rcu_assign_pointer(ctx->label, aa_get_label(label)); in apparmor_sk_alloc_security()
1315 rcu_assign_pointer(ctx->label, aa_get_label(label)); in apparmor_socket_post_create()
1331 if (rcu_access_pointer(a_ctx->label) != label) { in apparmor_socket_socketpair()
1334 rcu_assign_pointer(a_ctx->label, aa_get_label(label)); in apparmor_socket_socketpair()
1336 if (rcu_access_pointer(b_ctx->label) != label) { in apparmor_socket_socketpair()
[all …]
A Daf_unix.c36 AA_BUG(!label); in unix_fs_perm()
39 if (unconfined(label) || !label_mediates(label, AA_CLASS_FILE)) in unix_fs_perm()
181 ad->peer = &peer->label; in match_label()
241 &profile->label, in profile_sk_perm()
464 struct aa_label *label; in aa_unix_sock_perm() local
491 struct aa_label *label; in aa_unix_bind_perm() local
530 struct aa_label *label; in aa_unix_listen_perm() local
633 AA_BUG(!label); in aa_unix_peer_perm()
657 !__aa_subj_label_is_cached(label, rcu_dereference(ctx->label)); in update_sk_ctx()
722 AA_BUG(!label); in aa_unix_file_perm()
[all …]
A Ddomain.c545 label = aa_label_parse(&profile->label, lookup, GFP_KERNEL, in x_table_lookup()
549 return label; in x_table_lookup()
878 AA_BUG(!label); in handle_onexec()
1031 aa_put_label(label); in apparmor_bprm_creds_for_exec()
1098 return &hat->label; in build_change_hat()
1116 AA_BUG(!label); in change_hat()
1126 label_for_each_in_ns(it, labels_ns(label), label, profile) { in change_hat()
1162 label_for_each_in_ns(it, labels_ns(label), label, profile) { in change_hat()
1173 label_for_each_in_ns(it, labels_ns(label), label, profile) { in change_hat()
1254 label_for_each_in_ns(i, labels_ns(label), label, profile) { in aa_change_hat()
[all …]
A Daudit.c119 if (label_isprofile(label)) { in audit_pre()
206 struct aa_label *label; member
214 if (!IS_ERR(rule->label)) in aa_audit_rule_free()
215 aa_put_label(rule->label); in aa_audit_rule_free()
239 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, in aa_audit_rule_init()
241 if (IS_ERR(rule->label)) { in aa_audit_rule_init()
242 int err = PTR_ERR(rule->label); in aa_audit_rule_init()
270 struct aa_label *label; in aa_audit_rule_match() local
273 label = prop->apparmor.label; in aa_audit_rule_match()
275 if (!label) in aa_audit_rule_match()
[all …]
A Dtask.c52 AA_BUG(!label); in aa_replace_current_label()
54 if (old == label) in aa_replace_current_label()
70 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
83 aa_get_label(label); in aa_replace_current_label()
85 set_cred_label(new, label); in aa_replace_current_label()
101 aa_get_label(label); in aa_set_current_onexec()
103 ctx->onexec = label; in aa_set_current_onexec()
125 AA_BUG(!label); in aa_set_current_hat()
266 if (&tracer->label == tracee) in profile_tracer_perm()
269 ad->subj_label = &tracer->label; in profile_tracer_perm()
[all …]
A Dfile.c149 struct aa_label *label, in path_name() argument
276 struct aa_label *label, in aa_path_perm() argument
479 struct aa_label *label, in __file_path_perm() argument
518 if (label == flabel) in __file_path_perm()
540 struct aa_label *label, in __file_sock_perm() argument
588 label); in __unix_needs_revalidation()
613 AA_BUG(!label); in aa_file_perm()
685 struct aa_label *label; member
705 .label = label, in aa_inherit_files()
710 revalidate_tty(cred, label); in aa_inherit_files()
[all …]
A Dnet.c284 struct aa_label *label, in aa_label_sk_perm() argument
291 AA_BUG(!label); in aa_label_sk_perm()
294 if (rcu_access_pointer(ctx->label) != kernel_t && !unconfined(label)) { in aa_label_sk_perm()
308 struct aa_label *label; in aa_sk_perm() local
328 AA_BUG(!label); in aa_sock_file_perm()
340 struct aa_label *label; in apparmor_secmark_init() local
347 label = aa_label_strn_parse(&root_ns->unconfined->label, in apparmor_secmark_init()
348 secmark->label, strlen(secmark->label), in apparmor_secmark_init()
351 if (IS_ERR(label)) in apparmor_secmark_init()
352 return PTR_ERR(label); in apparmor_secmark_init()
[all …]
A Dpolicy.c159 AA_BUG(l != &profile->label); in __add_profile()
200 aa_label_remove(&profile->label); in __remove_profile()
349 if (!profile->label.rules[0]) in aa_alloc_profile()
360 profile->label.proxy = proxy; in aa_alloc_profile()
364 profile->label.vec[0] = profile; in aa_alloc_profile()
667 profile->label.mediates = parent->label.mediates; in aa_alloc_null()
822 struct aa_label *label, in policy_ns_capable() argument
882 struct aa_label *label; in aa_current_policy_view_capable() local
894 struct aa_label *label; in aa_current_policy_admin_capable() local
1006 aa_label_replace(&old->label, &new->label); in __replace_profile()
[all …]
A Dmount.c403 AA_BUG(!label); in aa_remount()
411 error = fn_for_each_confined(label, profile, in aa_remount()
429 AA_BUG(!label); in aa_bind_mount()
447 error = fn_for_each_confined(label, profile, in aa_bind_mount()
466 AA_BUG(!label); in aa_mount_change_type()
476 error = fn_for_each_confined(label, profile, in aa_mount_change_type()
493 AA_BUG(!label); in aa_move_mount()
546 AA_BUG(!label); in aa_new_mount()
643 AA_BUG(!label); in aa_umount()
725 AA_BUG(!label); in aa_pivotroot()
[all …]
A Dapparmorfs.c698 if (IS_ERR(label)) in query_data()
734 aa_put_label(label); in query_data()
794 if (IS_ERR(label)) in query_label()
799 label_for_each_in_ns(i, labels_ns(label), label, profile) { in query_label()
807 aa_put_label(label); in query_label()
1081 struct aa_label *label = aa_get_label_rcu(&proxy->label); in seq_profile_name_show() local
1084 aa_put_label(label); in seq_profile_name_show()
1092 struct aa_label *label = aa_get_label_rcu(&proxy->label); in seq_profile_mode_show() local
1103 struct aa_label *label = aa_get_label_rcu(&proxy->label); in seq_profile_attach_show() local
1119 struct aa_label *label = aa_get_label_rcu(&proxy->label); in seq_profile_hash_show() local
[all …]
A Dresource.c92 struct aa_ruleset *rules = profile->label.rules[0]; in profile_setrlimit()
114 int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, in aa_task_setrlimit() argument
133 if (label != peer && in aa_task_setrlimit()
134 aa_capable(subj_cred, label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0) in aa_task_setrlimit()
135 error = fn_for_each(label, profile, in aa_task_setrlimit()
140 error = fn_for_each_confined(label, profile, in aa_task_setrlimit()
167 struct aa_ruleset *rules = old->label.rules[0]; in __aa_transition_rlimits()
185 struct aa_ruleset *rules = new->label.rules[0]; in __aa_transition_rlimits()
A Dprocattr.c31 int aa_getprocattr(struct aa_label *label, char **string, bool newline) in aa_getprocattr() argument
33 struct aa_ns *ns = labels_ns(label); in aa_getprocattr()
42 len = aa_label_snxprint(NULL, 0, current_ns, label, in aa_getprocattr()
53 len = aa_label_snxprint(*string, len + 2, current_ns, label, in aa_getprocattr()
A Dcapability.c72 struct aa_ruleset *rules = profile->label.rules[0]; in audit_caps()
124 struct aa_ruleset *rules = profile->label.rules[0]; in profile_capable()
179 int aa_capable(const struct cred *subj_cred, struct aa_label *label, in aa_capable() argument
188 error = fn_for_each_confined(label, profile, in aa_capable()
196 struct aa_ruleset *rules = profile->label.rules[0]; in aa_profile_capget()
/security/apparmor/include/
A Dcred.h31 struct aa_label *label) in set_cred_label() argument
36 *blob = label; in set_cred_label()
51 AA_BUG(!label); in aa_cred_raw_label()
52 return label; in aa_cred_raw_label()
128 aa_put_label(label); in __end_current_label_crit_section()
142 aa_put_label(label); in end_current_label_crit_section()
168 return label; in __begin_current_label_crit_section()
190 label = aa_get_newest_label(label); in begin_current_label_crit_section()
193 aa_put_label(label); in begin_current_label_crit_section()
196 return label; in begin_current_label_crit_section()
[all …]
A Dmount.h29 struct aa_label *label, const struct path *path,
33 struct aa_label *label, const struct path *path,
38 struct aa_label *label, const struct path *path,
42 struct aa_label *label, const struct path *path,
45 struct aa_label *label, const struct path *from_path,
49 struct aa_label *label, const char *dev_name,
54 struct aa_label *label, struct vfsmount *mnt, int flags);
57 struct aa_label *label, const struct path *old_path,
A Dpolicy.h257 struct aa_label label; member
301 return labels_profile(aa_get_newest_label(&p->label)); in aa_get_newest_profile()
339 return label_mediates(&profile->label, class); in profile_mediates()
345 return label_mediates_safe(&profile->label, class); in profile_mediates_safe()
358 kref_get(&(p->label.count)); in aa_get_profile()
372 if (p && kref_get_unless_zero(&p->label.count)) in aa_get_profile_not0()
392 } while (c && !kref_get_unless_zero(&c->label.count)); in aa_get_profile_rcu()
405 kref_put(&p->label.count, aa_label_kref); in aa_put_profile()
417 struct aa_label *label, struct aa_ns *ns);
419 struct aa_label *label, struct aa_ns *ns);
[all …]
A Dlabel.h106 struct aa_label __rcu *label; member
265 void aa_label_destroy(struct aa_label *label);
266 void aa_label_free(struct aa_label *label);
276 bool aa_label_remove(struct aa_label *label);
298 struct aa_label *label, int flags);
302 struct aa_label *label, int flags, gfp_t gfp);
304 struct aa_label *label, int flags, gfp_t gfp);
306 struct aa_label *label, int flags, gfp_t gfp);
309 void aa_label_printk(struct aa_label *label, gfp_t gfp);
412 AA_BUG(!l->proxy->label); in aa_get_newest_label()
[all …]
A Dperms.h87 u32 label; /* label string index, if present */ member
125 if (!accum->label) in aa_perms_accum_raw()
126 accum->label = addend->label; in aa_perms_accum_raw()
152 if (!accum->label) in aa_perms_accum()
153 accum->label = addend->label; in aa_perms_accum()
214 struct aa_ruleset *rules, struct aa_label *label,
A Dnet.h50 struct aa_label __rcu *label; member
82 char *label; member
99 int aa_af_perm(const struct cred *subj_cred, struct aa_label *label,
112 int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
116 int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
A Dfile.h44 struct aa_label __rcu *label; member
92 struct aa_label *label, const struct path *path,
95 int aa_path_link(const struct cred *subj_cred, struct aa_label *label,
100 struct aa_label *label, struct file *file,
A Dtask.h32 int aa_replace_current_label(struct aa_label *label);
33 void aa_set_current_onexec(struct aa_label *label, bool stack);
34 int aa_set_current_hat(struct aa_label *label, u64 token);
A Daf_unix.h36 struct aa_label *label, const char *op, u32 request,
40 int aa_unix_create_perm(struct aa_label *label, int family, int type,
52 int aa_unix_file_perm(const struct cred *subj_cred, struct aa_label *label,
/security/lockdown/
A Dlockdown.c106 const char *label = lockdown_reasons[level]; in lockdown_read() local
109 offset += sprintf(temp+offset, "[%s] ", label); in lockdown_read()
111 offset += sprintf(temp+offset, "%s ", label); in lockdown_read()
140 const char *label = lockdown_reasons[level]; in lockdown_write() local
142 if (label && !strcmp(state, label)) in lockdown_write()

Completed in 45 milliseconds

12