| /security/selinux/ss/ |
| A D | context.h | 47 dst->range.level[0].sens = src->range.level[0].sens; in mls_context_cpy()
52 dst->range.level[1].sens = src->range.level[1].sens; in mls_context_cpy()
68 dst->range.level[0].sens = src->range.level[0].sens; in mls_context_cpy_low()
73 dst->range.level[1].sens = src->range.level[0].sens; in mls_context_cpy_low()
89 dst->range.level[0].sens = src->range.level[1].sens; in mls_context_cpy_high()
94 dst->range.level[1].sens = src->range.level[1].sens; in mls_context_cpy_high()
110 if (r1->level[1].sens < r2->level[0].sens || in mls_context_glblub()
111 r2->level[1].sens < r1->level[0].sens) in mls_context_glblub()
116 dr->level[0].sens = max(r1->level[0].sens, r2->level[0].sens); in mls_context_glblub()
119 dr->level[1].sens = min(r1->level[1].sens, r2->level[1].sens); in mls_context_glblub()
[all …]
|
| A D | mls.c | 50 e = &context->range.level[l].cat; in mls_compute_context_len()
71 &context->range.level[1])) in mls_compute_context_len()
148 &context->range.level[1])) in mls_sid_to_context()
182 mls_level_dom(&r->level[1], &r->level[0])); in mls_range_isvalid()
292 context->range.level[l].sens = levdatum->level.sens; in mls_context_to_sid()
339 context->range.level[1].sens = context->range.level[0].sens; in mls_context_to_sid()
385 context->range.level[l].sens = range->level[l].sens; in mls_range_set()
387 &range->level[l].cat); in mls_range_set()
459 newc->range.level[l].sens = levdatum->level.sens; in mls_convert_context()
581 context->range.level[1].sens = context->range.level[0].sens; in mls_import_netlbl_lvl()
[all …]
|
| A D | sidtab.c | 154 u32 level = 0; in sidtab_level_from_count() local
158 ++level; in sidtab_level_from_count()
160 return level; in sidtab_level_from_count()
202 --level; in sidtab_do_lookup()
385 if (level != 0) { in sidtab_convert_tree()
466 &s->roots[level], &pos, count, level, params); in sidtab_convert()
520 if (level != 0) { in sidtab_destroy_tree()
543 u32 i, level; in sidtab_destroy() local
550 while (level && !s->roots[level].ptr_inner) in sidtab_destroy()
551 --level; in sidtab_destroy()
[all …]
|
| A D | mls_types.h | 26 struct mls_level level[2]; /* low == level[0], high == level[1] */ member
49 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
50 mls_level_dom(&(r1).level[1], &(r2).level[1]))
|
| A D | mls.h | 90 hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash); in mls_range_hash()
91 hash = ebitmap_hash(&r->level[0].cat, hash); in mls_range_hash()
92 hash = ebitmap_hash(&r->level[1].cat, hash); in mls_range_hash()
|
| A D | services.c | 332 l1 = &(scontext->range.level[0]); in constraint_expr_eval()
3714 struct mls_level *level; in selinux_audit_rule_match() local
3785 &ctxt->range.level[0] : &ctxt->range.level[1]); in selinux_audit_rule_match()
3789 level); in selinux_audit_rule_match()
3793 level); in selinux_audit_rule_match()
3797 level) && in selinux_audit_rule_match()
3799 level)); in selinux_audit_rule_match()
3803 level); in selinux_audit_rule_match()
3806 match = (mls_level_dom(level, in selinux_audit_rule_match()
3808 !mls_level_eq(level, in selinux_audit_rule_match()
[all …]
|
| A D | policydb.c | 309 ebitmap_destroy(&levdatum->level.cat); in sens_destroy()
357 ebitmap_destroy(&rt->level[0].cat); in range_tr_destroy()
358 ebitmap_destroy(&rt->level[1].cat); in range_tr_destroy()
642 if (!levdatum->level.sens || in sens_index()
1028 r->level[0].sens = le32_to_cpu(buf[0]); in mls_read_range_helper()
1030 r->level[1].sens = le32_to_cpu(buf[1]); in mls_read_range_helper()
1032 r->level[1].sens = r->level[0].sens; in mls_read_range_helper()
1034 rc = ebitmap_read(&r->level[0].cat, fp); in mls_read_range_helper()
1046 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); in mls_read_range_helper()
1055 ebitmap_destroy(&r->level[0].cat); in mls_read_range_helper()
[all …]
|
| A D | policydb.h | 129 struct mls_level level; /* sensitivity and associated categories */ member
|
| /security/lockdown/ |
| A D | lockdown.c | 29 if (kernel_locked_down >= level) in lock_kernel_down()
32 kernel_locked_down = level; in lock_kernel_down()
38 static int __init lockdown_param(char *level) in lockdown_param() argument
40 if (!level) in lockdown_param()
43 if (strcmp(level, "integrity") == 0) in lockdown_param()
45 else if (strcmp(level, "confidentiality") == 0) in lockdown_param()
105 if (lockdown_reasons[level]) { in lockdown_read()
106 const char *label = lockdown_reasons[level]; in lockdown_read()
108 if (kernel_locked_down == level) in lockdown_read()
140 const char *label = lockdown_reasons[level]; in lockdown_write()
[all …]
|
| /security/landlock/ |
| A D | ruleset.c | 244 if ((*layers)[0].level == 0) { in insert_rule()
251 if (WARN_ON_ONCE(this->layers[0].level != 0)) in insert_rule()
257 if (WARN_ON_ONCE(this->layers[0].level == 0)) in insert_rule()
289 .level = ~0, in build_check_layer()
293 BUILD_BUG_ON(layer.level < LANDLOCK_MAX_NUM_LAYERS); in build_check_layer()
305 .level = 0, in landlock_insert_rule()
332 .level = dst->num_layers, in merge_tree()
342 if (WARN_ON_ONCE(walker_rule->layers[0].level != 0)) in merge_tree()
641 const layer_mask_t layer_bit = BIT_ULL(layer->level - 1); in landlock_unmask_layers()
|
| A D | ruleset.h | 32 u16 level; member
|
| /security/apparmor/ |
| A D | policy_ns.c | 229 ns->level = parent->level + 1; in __aa_create_ns()
230 mutex_lock_nested(&ns->lock, ns->level); in __aa_create_ns()
286 mutex_lock_nested(&parent->lock, parent->level); in aa_prepare_ns()
309 mutex_lock_nested(&ns->lock, ns->level); in destroy_ns()
|
| A D | apparmorfs.c | 543 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_read()
553 mutex_lock_nested(&rev->ns->lock, rev->ns->level); in ns_revision_read()
1197 seq_printf(seq, "%d\n", labels_ns(label)->level); in seq_ns_level_show()
1226 SEQ_NS_FOPS(level);
1829 mutex_lock_nested(&parent->lock, parent->level); in ns_mkdir_op()
1879 mutex_lock_nested(&parent->lock, parent->level); in ns_rmdir_op()
1934 mutex_lock_nested(&sub->lock, sub->level); in __aafs_ns_rmdir()
2064 mutex_lock_nested(&sub->lock, sub->level); in __aafs_ns_mkdir()
2105 mutex_lock_nested(&next->lock, next->level); in __next_ns()
2115 mutex_lock_nested(&next->lock, next->level); in __next_ns()
[all …]
|
| A D | policy.c | 733 mutex_lock_nested(&profile->ns->lock, profile->ns->level); in aa_new_learning_profile()
860 user_ns->level == view_ns->level))) in aa_policy_view_capable()
1145 mutex_lock_nested(&ns->lock, ns->level); in aa_replace_profiles()
1383 mutex_lock_nested(&ns->parent->lock, ns->parent->level); in aa_remove_profiles()
1389 mutex_lock_nested(&ns->lock, ns->level); in aa_remove_profiles()
|
| A D | lsm.c | 1469 int level, int optname) in aa_sock_opt_perm() argument
1476 return aa_unix_opt_perm(op, request, sock, level, optname); in aa_sock_opt_perm()
1480 static int apparmor_socket_getsockopt(struct socket *sock, int level, in apparmor_socket_getsockopt() argument
1484 level, optname); in apparmor_socket_getsockopt()
1487 static int apparmor_socket_setsockopt(struct socket *sock, int level, in apparmor_socket_setsockopt() argument
1491 level, optname); in apparmor_socket_setsockopt()
|
| A D | label.c | 119 res = a->level - b->level; in ns_cmp()
2132 mutex_lock_nested(&child->lock, child->level); in __aa_labelset_update_subtree()
|
| /security/keys/ |
| A D | keyring.c | 275 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE; in keyring_get_key_chunk()
276 switch (level) { in keyring_get_key_chunk()
286 level -= 4; in keyring_get_key_chunk()
291 d += level * sizeof(long); in keyring_get_key_chunk()
331 int level, i; in keyring_diff_objects() local
333 level = 0; in keyring_diff_objects()
348 level += sizeof(unsigned long); in keyring_diff_objects()
355 level += sizeof(unsigned long); in keyring_diff_objects()
361 level += sizeof(unsigned long); in keyring_diff_objects()
378 level += i; in keyring_diff_objects()
[all …]
|
| A D | Kconfig | 53 LSMs gets to rule on which admin-level processes get to access the
|
| /security/selinux/ |
| A D | netlabel.c | 490 static inline int selinux_netlbl_option(int level, int optname) in selinux_netlbl_option() argument
492 return (level == IPPROTO_IP && optname == IP_OPTIONS) || in selinux_netlbl_option()
493 (level == IPPROTO_IPV6 && optname == IPV6_HOPOPTS); in selinux_netlbl_option()
510 int level, in selinux_netlbl_socket_setsockopt() argument
518 if (selinux_netlbl_option(level, optname) && in selinux_netlbl_socket_setsockopt()
|
| /security/selinux/include/ |
| A D | netlabel.h | 47 int selinux_netlbl_socket_setsockopt(struct socket *sock, int level,
121 int level, int optname) in selinux_netlbl_socket_setsockopt() argument
|
| /security/apparmor/include/ |
| A D | af_unix.h | 50 int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level,
|
| A D | policy_ns.h | 67 int level; member
|
| /security/smack/ |
| A D | smack_access.c | 492 int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, in smk_netlbl_mls() argument
502 sap->attr.mls.lvl = level; in smk_netlbl_mls()
|
| /security/integrity/ |
| A D | Kconfig | 125 controls the level of integrity auditing messages.
|
| /security/ |
| A D | commoncap.c | 88 if (ns->level <= cred_ns->level) in cap_capable_helper()
|