Home
last modified time | relevance | path

Searched refs:request (Results 1 – 25 of 25) sorted by relevance

/security/apparmor/
A Dfile.c105 ad.request = request; in aa_audit_file()
121 ad.request &= mask; in aa_audit_file()
123 if (likely(!ad.request)) in aa_audit_file()
128 ad.request = ad.request & ~perms->allow; in aa_audit_file()
129 AA_BUG(!ad.request); in aa_audit_file()
140 if (!ad.request) in aa_audit_file()
256 request); in profile_path_perm()
392 request |= MAY_EXEC; in profile_path_link()
458 u32 request) in update_file_ctx() argument
571 u32 request) in __unix_needs_revalidation() argument
[all …]
A Dnet.c133 if (ad->request & NET_PERMS_MASK) { in audit_net_cb()
135 aa_audit_perm_mask(ab, ad->request, NULL, 0, in audit_net_cb()
151 if (ad->request & NET_PEER_MASK) { in audit_net_cb()
166 aa_state_t state, u32 request, in aa_do_perms() argument
179 return aa_check_perms(profile, &perms, request, ad, in aa_do_perms()
189 aa_state_t state, u32 request) in early_match() argument
194 if (((p->allow & request) != request) && (p->allow & AA_CONT_MATCH)) in early_match()
225 u32 request, u16 af, int type, int protocol, in aa_match_to_prot() argument
236 *p = early_match(policy, state, request); in aa_match_to_prot()
285 const char *op, u32 request, in aa_label_sk_perm() argument
[all …]
A Dtask.c210 if (ad->request & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
212 audit_ptrace_mask(ad->request)); in audit_ptrace_cb()
228 struct aa_label *peer, u32 request, in profile_ptrace_perm() argument
244 struct aa_label *tracer, u32 request, in profile_tracee_perm() argument
271 ad->request = 0; in profile_tracer_perm()
290 u32 request) in aa_may_ptrace() argument
293 u32 xrequest = request << PTRACE_PERM_SHIFT; in aa_may_ptrace()
298 request, &sa), in aa_may_ptrace()
308 if (ad->request & AA_USERNS_CREATE) in audit_ns_cb()
317 u32 request) in aa_profile_ns_perm() argument
[all …]
A Daf_unix.c85 aa_state_t state, u32 request, in match_to_local() argument
123 aa_state_t state, u32 request, in match_to_sk() argument
139 u32 request, struct unix_sock *u, in match_to_cmd() argument
156 u32 request, struct unix_sock *u, in match_to_peer() argument
174 u32 request, struct aa_profile *peer, in match_label() argument
368 return unix_fs_perm(ad->op, request, in profile_opt_perm()
420 match_label(profile, rules, state, request, in profile_peer_perm()
455 profile_sk_perm(profile, &ad, request, sk, in aa_unix_label_sk_perm()
469 request, sock->sk, in aa_unix_sock_perm()
717 u32 sk_req = request & ~NET_PEER_MASK; in aa_unix_file_perm()
[all …]
A Dipc.c57 if (ad->request & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
59 audit_signal_mask(ad->request)); in audit_signal_cb()
80 struct aa_label *peer, u32 request, in profile_signal_perm() argument
97 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
99 return aa_check_perms(profile, &perms, request, ad, audit_signal_cb); in profile_signal_perm()
A Dlib.c389 int type, u32 request, struct aa_perms *perms) in aa_profile_match_label() argument
397 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
419 u32 request, struct apparmor_audit_data *ad, in aa_check_perms() argument
423 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms()
427 request &= perms->audit; in aa_check_perms()
428 if (!request || !ad) in aa_check_perms()
453 ad->request = request; in aa_check_perms()
A Ddomain.c164 if ((perms->allow & request) != request) in label_compound_match()
232 if ((perms->allow & request) != request) in label_components_match()
262 request, perms); in label_match()
268 request, perms); in label_match()
290 u32 request, aa_state_t start, in change_profile_perms() argument
1354 u32 request, struct aa_perms *perms) in change_profile_perms_wrapper() argument
1400 u32 request; in aa_change_profile() local
1421 request = AA_MAY_ONEXEC; in aa_change_profile()
1427 request = AA_MAY_CHANGE_PROFILE; in aa_change_profile()
1448 perms.audit = request; in aa_change_profile()
[all …]
A Dcapability.c131 u32 request; in profile_capable() local
135 request = 1 << (cap & 0x1f); in profile_capable()
140 if (perms.complain & request) in profile_capable()
145 return aa_check_perms(profile, &perms, request, ad, in profile_capable()
A Dmount.c138 unsigned long flags, const void *data, u32 request, in audit_mount() argument
151 request &= mask; in audit_mount()
153 if (likely(!request)) in audit_mount()
158 request = request & ~perms->allow; in audit_mount()
160 if (request & perms->kill) in audit_mount()
164 if ((request & perms->quiet) && in audit_mount()
167 request &= ~perms->quiet; in audit_mount()
169 if (!request) in audit_mount()
A Dlsm.c611 if (ad->request & AA_URING_PERM_MASK) { in audit_uring_cb()
613 audit_uring_mask(ad->request)); in audit_uring_cb()
627 static int profile_uring(struct aa_profile *profile, u32 request, in profile_uring() argument
644 false, request, &perms); in profile_uring()
649 error = aa_check_perms(profile, &perms, request, ad, in profile_uring()
1430 return aa_sk_perm(op, request, sock->sk); in aa_sock_msg_perm()
1446 static int aa_sock_perm(const char *op, u32 request, struct socket *sock) in aa_sock_perm() argument
1453 return aa_unix_sock_perm(op, request, sock); in aa_sock_perm()
1454 return aa_sk_perm(op, request, sock->sk); in aa_sock_perm()
1476 return aa_unix_opt_perm(op, request, sock, level, optname); in aa_sock_opt_perm()
[all …]
A Dlabel.c1290 aa_state_t state, bool subns, u32 request, in label_compound_match() argument
1321 if ((perms->allow & request) != request) in label_compound_match()
1350 bool subns, u32 request, in label_components_match() argument
1386 if ((perms->allow & request) != request) in label_components_match()
1410 u32 request, struct aa_perms *perms) in aa_label_match() argument
1413 request, perms); in aa_label_match()
1419 request, perms); in aa_label_match()
/security/landlock/
A Daudit.c360 if (WARN_ON_ONCE(!(!!request->layer_plus_one ^ !!request->access))) in is_valid_request()
363 if (request->access) { in is_valid_request()
368 if (WARN_ON_ONCE(request->layer_masks || in is_valid_request()
373 if (WARN_ON_ONCE(!!request->layer_masks ^ !!request->layer_masks_size)) in is_valid_request()
376 if (request->deny_masks) { in is_valid_request()
402 if (!is_valid_request(request)) in landlock_log_denial()
405 missing = request->access; in landlock_log_denial()
408 if (request->layer_masks) { in landlock_log_denial()
411 request->layer_masks_size); in landlock_log_denial()
415 request->deny_masks); in landlock_log_denial()
[all …]
A Daudit.h59 const struct landlock_request *const request);
70 const struct landlock_request *const request) in landlock_log_denial() argument
A Dfs.c961 struct landlock_request request = {}; in current_check_access_path() local
970 &layer_masks, &request, NULL, 0, NULL, in current_check_access_path()
974 landlock_log_denial(subject, &request); in current_check_access_path()
1623 struct landlock_request request = {}; in hook_file_open() local
1650 &layer_masks, &request, NULL, 0, NULL, NULL, NULL)) { in hook_file_open()
1686 request.access = open_access_request; in hook_file_open()
1687 landlock_log_denial(subject, &request); in hook_file_open()
/security/apparmor/include/
A Dnet.h89 aa_state_t state, u32 request, struct aa_perms *p,
93 u32 request, u16 af, int type, int protocol,
98 u32 request, u16 family, int type, int protocol);
100 const char *op, u32 request, u16 family,
104 u32 request, in aa_profile_af_sk_perm() argument
107 return aa_profile_af_perm(profile, ad, request, sk->sk_family, in aa_profile_af_sk_perm()
110 int aa_sk_perm(const char *op, u32 request, struct sock *sk);
113 const char *op, u32 request,
116 int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
A Daf_unix.h36 struct aa_label *label, const char *op, u32 request,
39 int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock);
48 int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock,
50 int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level,
53 const char *op, u32 request, struct file *file);
A Dfile.h76 const char *op, u32 request, const char *name,
89 u32 request, struct path_cond *cond, int flags,
93 int flags, u32 request, struct path_cond *cond);
101 u32 request, bool in_atomic);
A Dtask.h96 u32 request);
103 struct apparmor_audit_data *ad, u32 request);
A Dperms.h215 int type, u32 request, struct aa_perms *perms);
217 u32 request, struct apparmor_audit_data *ad,
A Daudit.h120 u32 request; member
A Dlabel.h347 u32 request, struct aa_perms *perms);
/security/smack/
A Dsmack_access.c118 int request, struct smk_audit_info *a) in smk_access() argument
155 if ((request & MAY_ANYREAD) == request || in smk_access()
156 (request & MAY_LOCK) == request) { in smk_access()
174 if (may <= 0 || (request & may) != request) { in smk_access()
202 request, rc, a); in smk_access()
330 if (sad->request[0] == '\0') in smack_log_callback()
333 audit_log_format(ab, " requested=%s", sad->request); in smack_log_callback()
347 void smack_log(char *subject_label, char *object_label, int request, in smack_log() argument
370 smack_str_from_perm(request_buffer, request); in smack_log()
388 sad->request = request_buffer; in smack_log()
[all …]
A Dsmack.h263 char *request; member
436 int request,
A Dsmack_lsm.c4503 int request = 0; in smack_key_permission() local
4513 request |= MAY_READ; in smack_key_permission()
4518 request |= MAY_WRITE; in smack_key_permission()
4555 rc = smk_access(tkp, skp, request, &ad); in smack_key_permission()
4556 rc = smk_bu_note("key access", tkp, skp, request, rc); in smack_key_permission()
/security/keys/
A DKconfig34 wants to request a key that is likely the same as the one requested
38 filesystem in which each method needs to request an authentication

Completed in 49 milliseconds