| /security/apparmor/ |
| A D | policy_compat.c | 115 struct aa_perms perms = { }; in compute_fperms_user() local
124 return perms; in compute_fperms_user()
130 struct aa_perms perms = { }; in compute_fperms_other() local
139 return perms; in compute_fperms_other()
177 struct aa_perms *perms; in compute_xmatch_perms() local
186 if (!perms) in compute_xmatch_perms()
194 return perms; in compute_xmatch_perms()
246 return perms; in compute_perms_entry()
299 if (!policy->perms) in aa_compat_map_xmatch()
310 if (!policy->perms) in aa_compat_map_policy()
[all …]
|
| A D | file.c | 115 u32 mask = perms->audit; in aa_audit_file()
187 if (!(rules->perms)) in aa_lookup_condperms()
211 struct aa_perms *perms) in aa_str_perms() argument
224 struct aa_perms *perms) in __aa_path_perm() argument
233 name, cond, perms); in __aa_path_perm()
260 flags, perms); in profile_path_perm()
280 struct aa_perms perms = {}; in aa_path_perm() local
364 lperms.kill = perms.kill; in profile_path_link()
368 lperms = perms; in profile_path_link()
523 &perms)); in __file_path_perm()
[all …]
|
| A D | domain.c | 149 *perms = allperms; in label_compound_match()
170 *perms = nullperms; in label_compound_match()
238 *perms = nullperms; in label_components_match()
260 *perms = nullperms; in label_match()
262 request, perms); in label_match()
266 *perms = allperms; in label_match()
295 perms->audit = perms->quiet = perms->kill = 0; in change_profile_perms()
843 state, &perms); in profile_onexec()
1363 perms); in change_profile_perms_wrapper()
1453 perms.audit = 0; in aa_change_profile()
[all …]
|
| A D | lib.c | 365 perms->audit = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
368 perms->quiet = 0; in aa_apply_modes_to_perms()
371 perms->audit = 0; in aa_apply_modes_to_perms()
374 perms->quiet = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
379 perms->kill = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
381 perms->complain = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
383 perms->prompt = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
423 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms()
427 request &= perms->audit; in aa_check_perms()
436 if (denied & perms->kill) in aa_check_perms()
[all …]
|
| A D | capability.c | 130 struct aa_perms perms = { }; in profile_capable() local
136 perms = *aa_lookup_perms(rules->policy, state); in profile_capable()
137 aa_apply_modes_to_perms(profile, &perms); in profile_capable()
140 if (perms.complain & request) in profile_capable()
145 return aa_check_perms(profile, &perms, request, ad, in profile_capable()
206 struct aa_perms perms = { }; in aa_profile_capget() local
210 perms = *aa_lookup_perms(rules->policy, tmp); in aa_profile_capget()
211 aa_apply_modes_to_perms(profile, &perms); in aa_profile_capget()
212 caps.val |= ((u64)(perms.allow)) << (i * 5); in aa_profile_capget()
213 caps.val |= ((u64)(perms.complain)) << (i * 5); in aa_profile_capget()
|
| A D | mount.c | 145 u32 mask = perms->audit; in audit_mount()
160 if (request & perms->kill) in audit_mount()
164 if ((request & perms->quiet) && in audit_mount()
167 request &= ~perms->quiet; in audit_mount()
235 AA_BUG(!policy->perms); in do_match_mnt()
236 AA_BUG(!perms); in do_match_mnt()
259 if (perms->allow & AA_MAY_MOUNT) in do_match_mnt()
312 struct aa_perms perms = { }; in match_mnt_path_str() local
606 struct aa_perms perms = { }; in profile_umount() local
671 struct aa_perms perms = { }; in build_pivotroot() local
[all …]
|
| A D | task.c | 232 struct aa_perms perms = { }; in profile_ptrace_perm() local
237 &perms); in profile_ptrace_perm()
238 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
239 return aa_check_perms(profile, &perms, request, ad, audit_ptrace_cb); in profile_ptrace_perm()
319 struct aa_perms perms = { }; in aa_profile_ns_perm() local
333 perms = *aa_lookup_perms(rules->policy, state); in aa_profile_ns_perm()
334 aa_apply_modes_to_perms(profile, &perms); in aa_profile_ns_perm()
335 error = aa_check_perms(profile, &perms, request, ad, in aa_profile_ns_perm()
|
| A D | net.c | 169 struct aa_perms perms; in aa_do_perms() local
177 perms = *p; in aa_do_perms()
178 aa_apply_modes_to_perms(profile, &perms); in aa_do_perms()
179 return aa_check_perms(profile, &perms, request, ad, in aa_do_perms()
363 struct aa_perms perms = { }; in aa_secmark_perm() local
379 perms.deny = ALL_PERMS_MASK; in aa_secmark_perm()
381 perms.allow = ALL_PERMS_MASK; in aa_secmark_perm()
384 perms.audit = ALL_PERMS_MASK; in aa_secmark_perm()
388 aa_apply_modes_to_perms(profile, &perms); in aa_secmark_perm()
390 return aa_check_perms(profile, &perms, request, ad, audit_net_cb); in aa_secmark_perm()
|
| A D | ipc.c | 84 struct aa_perms perms; in profile_signal_perm() local
97 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
98 aa_apply_modes_to_perms(profile, &perms); in profile_signal_perm()
99 return aa_check_perms(profile, &perms, request, ad, audit_signal_cb); in profile_signal_perm()
|
| A D | policy_unpack.c | 676 AA_BUG(!perms); in unpack_perms_table()
690 if (!*perms) in unpack_perms_table()
701 *perms = NULL; in unpack_perms_table()
706 kfree(*perms); in unpack_perms_table()
729 pdb->perms = NULL; in unpack_pdb()
735 if (pdb->perms) { in unpack_pdb()
1044 if (!rules->policy->perms) { in unpack_profile()
1060 if (!rules->file->perms) { in unpack_profile()
1253 if (!verify_perm(&pdb->perms[i])) in verify_perms()
1263 if (pdb->perms[i].tag && pdb->perms[i].tag >= pdb->trans.size) in verify_perms()
[all …]
|
| A D | label.c | 1291 struct aa_perms *perms) in label_compound_match() argument
1307 *perms = allperms; in label_compound_match()
1320 aa_apply_modes_to_perms(profile, perms); in label_compound_match()
1327 *perms = nullperms; in label_compound_match()
1351 struct aa_perms *perms) in label_components_match() argument
1374 aa_perms_accum(perms, &tmp); in label_components_match()
1383 aa_perms_accum(perms, &tmp); in label_components_match()
1392 *perms = nullperms; in label_components_match()
1413 request, perms); in aa_label_match()
1417 *perms = allperms; in aa_label_match()
[all …]
|
| A D | apparmorfs.c | 612 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, in profile_query_cb() argument
649 aa_perms_accum_raw(perms, &tmp); in profile_query_cb()
771 struct aa_perms perms; in query_label() local
797 perms = allperms; in query_label()
800 profile_query_cb(profile, &perms, match_str, match_len); in query_label()
804 profile_query_cb(profile, &perms, match_str, match_len); in query_label()
811 perms.allow, perms.deny, perms.audit, perms.quiet); in query_label()
|
| A D | lsm.c | 640 struct aa_perms perms = { }; in profile_uring() local
644 false, request, &perms); in profile_uring()
646 perms = *aa_lookup_perms(rules->policy, state); in profile_uring()
648 aa_apply_modes_to_perms(profile, &perms); in profile_uring()
649 error = aa_check_perms(profile, &perms, request, ad, in profile_uring()
2459 nullpdb->perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL); in aa_setup_dfa_engine()
2460 if (!nullpdb->perms) in aa_setup_dfa_engine()
|
| /security/apparmor/include/ |
| A D | file.h | 75 struct aa_profile *profile, struct aa_perms *perms,
85 struct aa_perms *perms);
90 struct aa_perms *perms);
115 u32 perms = 0; in aa_map_file_to_perms() local
118 perms |= MAY_WRITE; in aa_map_file_to_perms()
120 perms |= MAY_READ; in aa_map_file_to_perms()
122 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms()
123 perms = (perms & ~MAY_WRITE) | MAY_APPEND; in aa_map_file_to_perms()
126 perms |= MAY_WRITE; in aa_map_file_to_perms()
128 perms |= AA_MAY_CREATE; in aa_map_file_to_perms()
[all …]
|
| A D | perms.h | 210 struct aa_perms *perms);
215 int type, u32 request, struct aa_perms *perms);
216 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
|
| A D | policy.h | 93 struct aa_perms *perms; member
138 if (!(policy->perms)) in aa_lookup_perms()
141 return &(policy->perms[index]); in aa_lookup_perms()
|
| /security/selinux/ |
| A D | genheaders.c | 12 const char *perms[sizeof(unsigned) * 8 + 1]; member
129 for (j = 0; map->perms[j]; j++) { in main()
134 map->name, map->perms[j]); in main()
137 permname = stoupperx(map->perms[j]); in main()
|
| A D | avc.c | 656 const char *const *perms; in avc_audit_pre_callback() local
666 perms = secclass_map[sad->tclass-1].perms; in avc_audit_pre_callback()
672 if ((perm & av) && perms[i]) { in avc_audit_pre_callback()
673 audit_log_format(ab, " %s", perms[i]); in avc_audit_pre_callback()
830 static int avc_update_node(u32 event, u32 perms, u8 driver, u8 base_perm, in avc_update_node() argument
887 node->ae.avd.allowed |= perms; in avc_update_node()
893 node->ae.avd.allowed &= ~perms; in avc_update_node()
896 node->ae.avd.auditallow |= perms; in avc_update_node()
899 node->ae.avd.auditallow &= ~perms; in avc_update_node()
902 node->ae.avd.auditdeny |= perms; in avc_update_node()
[all …]
|
| A D | hooks.c | 1669 u32 perms, in inode_has_perm() argument
1957 u32 perms, in superblock_has_perm() argument
3199 u32 perms; in selinux_inode_permission() local
6175 u32 perms) in ipc_has_perm() argument
6233 u32 perms; in selinux_msg_queue_msgctl() local
6361 u32 perms; in selinux_shm_shmctl() local
6379 perms = SHM__LOCK; in selinux_shm_shmctl()
6394 u32 perms; in selinux_shm_shmat() local
6397 perms = SHM__READ; in selinux_shm_shmat()
6440 u32 perms; in selinux_sem_semctl() local
[all …]
|
| /security/selinux/include/ |
| A D | security.h | 241 #define security_xperm_set(perms, x) ((perms)[(x) >> 5] |= 1 << ((x)&0x1f)) argument
242 #define security_xperm_test(perms, x) (1 & ((perms)[(x) >> 5] >> ((x)&0x1f))) argument
332 char ***perms, u32 *nperms);
|
| A D | avc_ss.h | 18 const char *perms[sizeof(u32) * 8 + 1]; member
|
| /security/selinux/ss/ |
| A D | avtab.c | 350 __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; in avtab_read_item()
480 sizeof(u32) * ARRAY_SIZE(xperms.perms.p)); in avtab_read_item()
485 for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) in avtab_read_item()
486 xperms.perms.p[i] = le32_to_cpu(buf32[i]); in avtab_read_item()
556 __le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)]; in avtab_write_item()
576 for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++) in avtab_write_item()
577 buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]); in avtab_write_item()
579 ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp); in avtab_write_item()
|
| A D | services.c | 140 while (p_in->perms[k]) { in selinux_set_mapping()
142 if (!*p_in->perms[k]) { in selinux_set_mapping()
147 p_in->perms[k]); in selinux_set_mapping()
148 if (!p_out->perms[k]) { in selinux_set_mapping()
3456 char *name = k, **perms = args; in get_permissions_callback() local
3460 if (!perms[value]) in get_permissions_callback()
3486 *perms = kcalloc(*nperms, sizeof(**perms), GFP_ATOMIC); in security_get_permissions()
3487 if (!*perms) in security_get_permissions()
3498 *perms); in security_get_permissions()
3507 kfree((*perms)[i]); in security_get_permissions()
[all …]
|
| A D | services.h | 17 u32 perms[sizeof(u32) * 8]; /* policy values for permissions */ member
|
| A D | avtab.h | 68 struct extended_perms_data perms; member
|