| /security/keys/ |
| A D | permission.c | 30 key_perm_t kperm, mask; in key_task_permission() local
43 case KEY_NEED_VIEW: mask = KEY_OTH_VIEW; break; in key_task_permission()
44 case KEY_NEED_READ: mask = KEY_OTH_READ; break; in key_task_permission()
45 case KEY_NEED_WRITE: mask = KEY_OTH_WRITE; break; in key_task_permission()
46 case KEY_NEED_SEARCH: mask = KEY_OTH_SEARCH; break; in key_task_permission()
47 case KEY_NEED_LINK: mask = KEY_OTH_LINK; break; in key_task_permission()
48 case KEY_NEED_SETATTR: mask = KEY_OTH_SETATTR; break; in key_task_permission()
85 if ((kperm & mask) != mask) in key_task_permission()
|
| /security/apparmor/ |
| A D | resource.c | 95 if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
155 unsigned int mask = 0; in __aa_transition_rlimits() local
168 if (rules->rlimits.mask) { in __aa_transition_rlimits()
171 for (j = 0, mask = 1; j < RLIM_NLIMITS; j++, in __aa_transition_rlimits()
172 mask <<= 1) { in __aa_transition_rlimits()
173 if (rules->rlimits.mask & mask) { in __aa_transition_rlimits()
188 if (!rules->rlimits.mask) in __aa_transition_rlimits()
190 for (j = 0, mask = 1; j < RLIM_NLIMITS; j++, mask <<= 1) { in __aa_transition_rlimits()
191 if (!(rules->rlimits.mask & mask)) in __aa_transition_rlimits()
|
| A D | lib.c | 92 const struct val_table_ent *table, u32 mask) in val_mask_to_str() argument
98 if (ent->value && (ent->value & mask) == ent->value) { in val_mask_to_str()
104 mask &= ~ent->value; in val_mask_to_str()
306 if (mask & perm) { in aa_perm_mask_to_str()
319 u32 mask) in aa_audit_perm_names() argument
326 if (mask & perm) { in aa_audit_perm_names()
342 if ((mask & chrsmask) && chrs) { in aa_audit_perm_mask()
344 mask &= ~chrsmask; in aa_audit_perm_mask()
346 if (mask & namesmask) in aa_audit_perm_mask()
349 if ((mask & namesmask) && names) in aa_audit_perm_mask()
[all …]
|
| A D | ipc.c | 38 static const char *audit_signal_mask(u32 mask) in audit_signal_mask() argument
40 if (mask & MAY_READ) in audit_signal_mask()
42 if (mask & MAY_WRITE) in audit_signal_mask()
|
| A D | policy_compat.c | 24 static u32 dfa_map_xindex(u16 mask) in dfa_map_xindex() argument
26 u16 old_index = (mask >> 10) & 0xf; in dfa_map_xindex()
29 if (mask & 0x100) in dfa_map_xindex()
31 if (mask & 0x200) in dfa_map_xindex()
33 if (mask & 0x80) in dfa_map_xindex()
|
| A D | lsm.c | 254 return common_perm(op, path, mask, &cond); in common_perm_cond()
268 struct dentry *dentry, u32 mask, in common_perm_dir_dentry() argument
286 struct dentry *dentry, u32 mask) in common_perm_rm() argument
553 u32 mask = AA_MAY_LOCK; in apparmor_file_lock() local
556 mask |= MAY_WRITE; in apparmor_file_lock()
564 int mask = 0; in common_mmap() local
570 mask |= MAY_READ; in common_mmap()
576 mask |= MAY_WRITE; in common_mmap()
578 mask |= AA_EXEC_MMAP; in common_mmap()
600 if (mask & AA_MAY_CREATE_SQPOLL) in audit_uring_mask()
[all …]
|
| A D | file.c | 28 static u32 map_mask_to_chr_mask(u32 mask) in map_mask_to_chr_mask() argument
30 u32 m = mask & PERMS_CHRS_MASK; in map_mask_to_chr_mask()
32 if (mask & AA_MAY_GETATTR) in map_mask_to_chr_mask()
34 if (mask & (AA_MAY_SETATTR | AA_MAY_CHMOD | AA_MAY_CHOWN)) in map_mask_to_chr_mask()
115 u32 mask = perms->audit; in aa_audit_file() local
118 mask = 0xffff; in aa_audit_file()
121 ad.request &= mask; in aa_audit_file()
|
| A D | policy.c | 914 struct aa_ns *ns, u32 mask) in aa_may_manage_policy() argument
918 if (mask & AA_MAY_REMOVE_POLICY) in aa_may_manage_policy()
920 else if (mask & AA_MAY_REPLACE_POLICY) in aa_may_manage_policy()
1090 u32 mask, struct aa_loaddata *udata) in aa_replace_profiles() argument
1100 op = mask & AA_MAY_REPLACE_POLICY ? OP_PROF_REPL : OP_PROF_LOAD; in aa_replace_profiles()
1170 !(mask & AA_MAY_REPLACE_POLICY), in aa_replace_profiles()
1177 !(mask & AA_MAY_REPLACE_POLICY), in aa_replace_profiles()
|
| A D | task.c | 189 static const char *audit_ptrace_mask(u32 mask) in audit_ptrace_mask() argument
191 switch (mask) { in audit_ptrace_mask()
|
| /security/landlock/ |
| A D | syscalls.c | 320 access_mask_t mask; in add_rule_path_beneath() local
336 mask = ruleset->access_masks[0].fs; in add_rule_path_beneath()
337 if ((path_beneath_attr.allowed_access | mask) != mask) in add_rule_path_beneath()
357 access_mask_t mask; in add_rule_net_port() local
372 mask = landlock_get_net_access_mask(ruleset, 0); in add_rule_net_port()
373 if ((net_port_attr.allowed_access | mask) != mask) in add_rule_net_port()
|
| A D | ruleset.h | 274 access_mask_t mask = scope_mask & LANDLOCK_MASK_SCOPE; in landlock_add_scope_mask() local
277 WARN_ON_ONCE(scope_mask != mask); in landlock_add_scope_mask()
278 ruleset->access_masks[layer_level].scope |= mask; in landlock_add_scope_mask()
|
| A D | domain.c | 203 const layer_mask_t mask = (*layer_masks)[access_bit]; in landlock_get_deny_masks() local
205 if (!mask) in landlock_get_deny_masks()
210 access_bit, __fls(mask)); in landlock_get_deny_masks()
|
| A D | audit.c | 194 const access_mask_t mask = (*layer_masks)[access_bit]; in get_denied_layer() local
197 if (!mask) in get_denied_layer()
201 layer = __fls(mask); in get_denied_layer()
|
| /security/selinux/ss/ |
| A D | avtab.c | 30 static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask) in avtab_hash() argument
64 return hash & mask; in avtab_hash()
130 hvalue = avtab_hash(key, h->mask); in avtab_insert()
163 hvalue = avtab_hash(key, h->mask); in avtab_insert_nonunique()
187 hvalue = avtab_hash(key, h->mask); in avtab_search_node()
242 h->mask = 0; in avtab_destroy()
250 h->mask = 0; in avtab_init()
263 h->mask = nslot - 1; in avtab_alloc_common()
|
| A D | policydb.h | 181 u32 mask; member
185 u32 mask[4]; member
|
| A D | avtab.h | 88 u32 mask; /* mask to compute hash func */ member
|
| /security/integrity/ima/ |
| A D | ima_policy.c | 103 int mask; member
593 (rule->mask != mask && func != POST_SETATTR)) in ima_match_rules()
596 (!(rule->mask & mask) && func != POST_SETATTR)) in ima_match_rules()
1546 if (entry->mask) in ima_parse_rule()
1554 entry->mask = MAY_EXEC; in ima_parse_rule()
1556 entry->mask = MAY_WRITE; in ima_parse_rule()
1558 entry->mask = MAY_READ; in ima_parse_rule()
1560 entry->mask = MAY_APPEND; in ima_parse_rule()
2113 if (entry->mask & MAY_EXEC) in ima_policy_show()
2115 if (entry->mask & MAY_WRITE) in ima_policy_show()
[all …]
|
| A D | ima.h | 383 const struct cred *cred, struct lsm_prop *prop, int mask,
387 int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
415 enum ima_hooks func, int mask, int flags, int *pcr,
446 int mask, enum ima_hooks func);
475 struct inode *inode, int mask, in ima_must_appraise() argument
|
| A D | ima_appraise.c | 75 int mask, enum ima_hooks func) in ima_must_appraise() argument
84 func, mask, IMA_APPRAISE | IMA_HASH, NULL, in ima_must_appraise()
285 int mask; in xattr_verify() local
327 mask = IMA_DIGSIG_REQUIRED | IMA_VERITY_REQUIRED; in xattr_verify()
328 if ((iint->flags & mask) == mask) { in xattr_verify()
|
| A D | ima_main.c | 238 int mask, enum ima_hooks func) in process_measurement() argument
264 mask, func, &pcr, &template_desc, NULL, in process_measurement()
445 if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) && in process_measurement()
628 static int ima_file_check(struct file *file, int mask) in ima_file_check() argument
634 mask & (MAY_READ | MAY_WRITE | MAY_EXEC | in ima_file_check()
|
| A D | ima_api.c | 190 const struct cred *cred, struct lsm_prop *prop, int mask, in ima_get_action() argument
199 return ima_match_policy(idmap, inode, cred, prop, func, mask, in ima_get_action()
|
| /security/apparmor/include/ |
| A D | perms.h | 204 u32 mask);
206 u32 mask);
207 void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs,
|
| A D | resource.h | 29 unsigned int mask; member
|
| A D | policy.h | 284 u32 mask, struct aa_loaddata *udata);
422 u32 mask);
|
| /security/smack/ |
| A D | smackfs.c | 1142 struct in_addr mask; in smk_write_net4addr() local
1213 mask.s_addr = cpu_to_be32(temp_mask); in smk_write_net4addr()
1215 newname.sin_addr.s_addr &= mask.s_addr; in smk_write_net4addr()
1240 snp->smk_mask.s_addr = mask.s_addr; in smk_write_net4addr()
1406 unsigned int mask = 128; in smk_write_net6addr() local
1435 &mask, smack); in smk_write_net6addr()
1446 if (mask > 128) { in smk_write_net6addr()
1477 for (i = 0, m = mask; i < 8; i++) { in smk_write_net6addr()
1498 if (mask != snp->smk_masks) in smk_write_net6addr()
1517 snp->smk_masks = mask; in smk_write_net6addr()
|