| /security/tomoyo/ |
| A D | file.c | 201 r->param.mkdev.mode, r->param.mkdev.major, in tomoyo_audit_mkdev_log()
202 r->param.mkdev.minor); in tomoyo_audit_mkdev_log()
579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()
616 r->ee->transition = r->matched_acl && r->matched_acl->cond ? in tomoyo_execute_permission()
725 r.obj = &obj; in tomoyo_path_number_perm()
775 r.obj = &obj; in tomoyo_check_open_permission()
824 r.obj = &obj; in tomoyo_path_perm()
876 r.obj = &obj; in tomoyo_mkdev_perm()
881 r.param.mkdev.mode = mode; in tomoyo_mkdev_perm()
[all …]
|
| A D | mount.c | 33 r->param.mount.dev->name, in tomoyo_audit_mount_log()
34 r->param.mount.dir->name, in tomoyo_audit_mount_log()
35 r->param.mount.type->name, in tomoyo_audit_mount_log()
36 r->param.mount.flags); in tomoyo_audit_mount_log()
59 (!r->param.mount.need_dev || in tomoyo_check_mount_acl()
94 r->obj = &obj; in tomoyo_mount_acl()
160 r->param.mount.dev = &rdev; in tomoyo_mount_acl()
161 r->param.mount.dir = &rdir; in tomoyo_mount_acl()
162 r->param.mount.type = &rtype; in tomoyo_mount_acl()
163 r->param.mount.flags = flags; in tomoyo_mount_acl()
[all …]
|
| A D | network.c | 385 if (r->param.inet_network.is_ipv6) in tomoyo_audit_inet_log()
392 r->param.inet_network.port); in tomoyo_audit_inet_log()
393 return tomoyo_audit_net_log(r, "inet", r->param.inet_network.protocol, in tomoyo_audit_inet_log()
406 return tomoyo_audit_net_log(r, "unix", r->param.unix_network.protocol, in tomoyo_audit_unix_log()
432 (r->param.inet_network.is_ipv6, in tomoyo_check_inet_acl()
437 memcmp(r->param.inet_network.address, in tomoyo_check_inet_acl()
470 struct tomoyo_request_info r; in tomoyo_inet_entry() local
476 r.param_type = TOMOYO_TYPE_INET_ACL; in tomoyo_inet_entry()
484 error = tomoyo_audit_inet_log(&r); in tomoyo_inet_entry()
547 struct tomoyo_request_info r; in tomoyo_unix_entry() local
[all …]
|
| A D | common.c | 233 head->r.w_pos--; in tomoyo_flush()
235 head->r.w[len] = head->r.w[len + 1]; in tomoyo_flush()
254 head->r.w[head->r.w_pos++] = string; in tomoyo_set_string()
1015 memset(&head->r, 0, sizeof(head->r)); in tomoyo_select_domain()
1701 if (head->r.w_pos || head->r.eof) in tomoyo_read_pid()
1927 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY in tomoyo_read_exception()
2179 if (r->mode) in tomoyo_supervisor()
2239 r->retry++; in tomoyo_supervisor()
2350 head->r.w[head->r.w_pos++] = buf; in tomoyo_read_query()
2655 memset(&head->r, 0, sizeof(head->r)); in tomoyo_set_namespace_cursor()
[all …]
|
| A D | audit.c | 154 struct tomoyo_obj_info *obj = r->obj; in tomoyo_print_header()
168 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], in tomoyo_print_header()
255 header = tomoyo_print_header(r); in tomoyo_init_log()
260 if (r->ee) { in tomoyo_init_log()
264 bprm_info = tomoyo_print_bprm(r->ee->bprm, &r->ee->dump); in tomoyo_init_log()
269 } else if (r->obj && r->obj->symlink_target) { in tomoyo_init_log()
373 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()
374 r->matched_acl, r->granted)) in tomoyo_write_log2()
429 tomoyo_write_log2(r, len, fmt, args); in tomoyo_write_log()
444 if (head->r.w_pos) in tomoyo_read_log()
[all …]
|
| A D | environ.c | 18 static bool tomoyo_check_env_acl(struct tomoyo_request_info *r, in tomoyo_check_env_acl() argument
24 return tomoyo_path_matches_pattern(r->param.environ.name, acl->env); in tomoyo_check_env_acl()
34 static int tomoyo_audit_env_log(struct tomoyo_request_info *r) in tomoyo_audit_env_log() argument
36 return tomoyo_supervisor(r, "misc env %s\n", in tomoyo_audit_env_log()
37 r->param.environ.name->name); in tomoyo_audit_env_log()
50 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env) in tomoyo_env_perm() argument
59 r->param_type = TOMOYO_TYPE_ENV_ACL; in tomoyo_env_perm()
60 r->param.environ.name = &environ; in tomoyo_env_perm()
62 tomoyo_check_acl(r, tomoyo_check_env_acl); in tomoyo_env_perm()
63 error = tomoyo_audit_env_log(r); in tomoyo_env_perm()
|
| A D | domain.c | 175 if (!check_entry(r, ptr)) in tomoyo_check_acl()
179 r->matched_acl = ptr; in tomoyo_check_acl()
180 r->granted = true; in tomoyo_check_acl()
189 r->granted = false; in tomoyo_check_acl()
593 r.granted = false; in tomoyo_assign_domain()
615 struct tomoyo_request_info *r = &ee->r; in tomoyo_environ() local
628 ee->r.profile = r->domain->profile; in tomoyo_environ()
629 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
721 ee->r.ee = ee; in tomoyo_find_next_domain()
723 ee->r.obj = &ee->obj; in tomoyo_find_next_domain()
[all …]
|
| A D | securityfs_if.c | 19 static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, in tomoyo_check_task_acl() argument
25 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); in tomoyo_check_task_acl()
56 struct tomoyo_request_info r; in tomoyo_write_self() local
61 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); in tomoyo_write_self()
62 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; in tomoyo_write_self()
63 r.param.task.domainname = &name; in tomoyo_write_self()
64 tomoyo_check_acl(&r, tomoyo_check_task_acl); in tomoyo_write_self()
65 if (!r.granted) in tomoyo_write_self()
|
| A D | util.c | 1019 int tomoyo_init_request_info(struct tomoyo_request_info *r, in tomoyo_init_request_info() argument
1024 memset(r, 0, sizeof(*r)); in tomoyo_init_request_info()
1027 r->domain = domain; in tomoyo_init_request_info()
1029 r->profile = profile; in tomoyo_init_request_info()
1030 r->type = index; in tomoyo_init_request_info()
1031 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1032 return r->mode; in tomoyo_init_request_info()
1044 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) in tomoyo_domain_quota_is_ok() argument
1047 struct tomoyo_domain_info *domain = r->domain; in tomoyo_domain_quota_is_ok()
1050 if (r->mode != TOMOYO_CONFIG_LEARNING) in tomoyo_domain_quota_is_ok()
[all …]
|
| A D | common.h | 622 struct tomoyo_request_info r; member
820 } r; member
931 bool tomoyo_condition(struct tomoyo_request_info *r,
937 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
956 char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
972 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
973 int tomoyo_execute_permission(struct tomoyo_request_info *r,
978 int tomoyo_init_request_info(struct tomoyo_request_info *r,
1002 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1044 void tomoyo_check_acl(struct tomoyo_request_info *r,
[all …]
|
| A D | condition.c | 765 bool tomoyo_condition(struct tomoyo_request_info *r, in tomoyo_condition() argument
787 obj = r->obj; in tomoyo_condition()
788 if (r->ee) in tomoyo_condition()
789 bprm = r->ee->bprm; in tomoyo_condition()
825 ee = r->ee; in tomoyo_condition()
1119 if (r->ee && (argc || envc)) in tomoyo_condition()
1120 return tomoyo_scan_bprm(r->ee, argc, argv, envc, envp); in tomoyo_condition()
|
| A D | gc.c | 50 if (head->r.domain == element || head->r.group == element || in tomoyo_struct_used_by_io_buffer()
51 head->r.acl == element || &head->w.domain->list == element) in tomoyo_struct_used_by_io_buffer()
85 const char *w = head->r.w[i]; in tomoyo_name_used_by_io_buffer()
|
| /security/ipe/ |
| A D | policy_parser.c | 220 if (IS_ERR_OR_NULL(r)) in free_rule()
229 kfree(r); in free_rule()
367 struct ipe_rule *r = NULL; in parse_rule() local
376 r = kzalloc(sizeof(*r), GFP_KERNEL); in parse_rule()
377 if (!r) in parse_rule()
380 INIT_LIST_HEAD(&r->next); in parse_rule()
381 INIT_LIST_HEAD(&r->props); in parse_rule()
426 r->op = op; in parse_rule()
427 r->action = action; in parse_rule()
437 free_rule(r); in parse_rule()
[all …]
|
| A D | audit.c | 93 static void audit_rule(struct audit_buffer *ab, const struct ipe_rule *r) in audit_rule() argument
97 audit_log_format(ab, " rule=\"op=%s ", audit_op_names[r->op]); in audit_rule()
99 list_for_each_entry(ptr, &r->props, next) { in audit_rule()
115 audit_log_format(ab, "action=%s\"", ACTSTR(r->action)); in audit_rule()
129 enum ipe_action_type act, const struct ipe_rule *const r) in ipe_audit_match() argument
164 audit_rule(ab, r); in ipe_audit_match()
|
| A D | policy.c | 32 u64 r; in ver_to_u64() local
34 r = (((u64)p->parsed->version.major) << 32) in ver_to_u64()
38 return r; in ver_to_u64()
|
| A D | audit.h | 13 enum ipe_action_type act, const struct ipe_rule *const r);
|
| /security/selinux/ss/ |
| A D | mls.h | 31 int mls_range_isvalid(struct policydb *p, struct mls_range *r);
88 static inline u32 mls_range_hash(const struct mls_range *r, u32 hash) in mls_range_hash() argument
90 hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash); in mls_range_hash()
91 hash = ebitmap_hash(&r->level[0].cat, hash); in mls_range_hash()
92 hash = ebitmap_hash(&r->level[1].cat, hash); in mls_range_hash()
|
| A D | mls.c | 178 int mls_range_isvalid(struct policydb *p, struct mls_range *r) in mls_range_isvalid() argument
180 return (mls_level_isvalid(p, &r->level[0]) && in mls_range_isvalid()
181 mls_level_isvalid(p, &r->level[1]) && in mls_range_isvalid()
182 mls_level_dom(&r->level[1], &r->level[0])); in mls_range_isvalid()
485 struct mls_range *r; in mls_compute_sid() local
498 r = policydb_rangetr_search(p, &rtr); in mls_compute_sid()
499 if (r) in mls_compute_sid()
500 return mls_range_set(newcontext, r); in mls_compute_sid()
|
| A D | policydb.c | 1032 r->level[1].sens = r->level[0].sens; in mls_read_range_helper()
1046 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); in mls_read_range_helper()
1847 struct mls_range *r = NULL; in range_read() local
1892 r = kzalloc(sizeof(*r), GFP_KERNEL); in range_read()
1893 if (!r) in range_read()
1901 if (!mls_range_isvalid(p, r)) { in range_read()
1911 r = NULL; in range_read()
1917 kfree(r); in range_read()
2797 eq = mls_level_eq(&r->level[1], &r->level[0]); in mls_write_range_helper()
2926 for (ra = r; ra; ra = ra->next) in role_allow_write()
[all …]
|
| /security/apparmor/ |
| A D | policy_unpack.c | 101 bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r) in aa_rawdata_eq() argument
103 if (l->size != r->size) in aa_rawdata_eq()
105 if (l->compressed_size != r->compressed_size) in aa_rawdata_eq()
107 if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0) in aa_rawdata_eq()
109 return memcmp(l->data, r->data, r->compressed_size ?: r->size) == 0; in aa_rawdata_eq()
|
| /security/apparmor/include/ |
| A D | policy_unpack.h | 159 bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r);
|
| /security/keys/ |
| A D | proc.c | 268 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) in key_user_first() argument
270 struct rb_node *n = rb_first(r); in key_user_first()
|
| /security/selinux/ |
| A D | selinuxfs.c | 948 char *r, *w; in sel_write_create() local
951 r = w = namebuf; in sel_write_create()
953 c1 = *r++; in sel_write_create()
957 c1 = hex_to_bin(*r++); in sel_write_create()
960 c2 = hex_to_bin(*r++); in sel_write_create()
|