| /security/ipe/ |
| A D | policy_fs.c | 227 inode_lock(root); in setactive()
238 inode_unlock(root); in setactive()
318 inode_lock(root); in update_policy()
320 inode_unlock(root); in update_policy()
367 inode_lock(root); in delete_policy()
370 inode_unlock(root); in delete_policy()
379 inode_unlock(root); in delete_policy()
385 inode_unlock(root); in delete_policy()
481 inode_lock(root); in ipe_new_policyfs_node()
483 root->i_private = p; in ipe_new_policyfs_node()
[all …]
|
| A D | fs.c | 15 static struct dentry *root __ro_after_init;
205 root = securityfs_create_dir("ipe", NULL); in ipe_init_securityfs()
206 if (IS_ERR(root)) in ipe_init_securityfs()
207 return PTR_ERR(root); in ipe_init_securityfs()
209 dentry = securityfs_create_file("success_audit", 0600, root, in ipe_init_securityfs()
216 dentry = securityfs_create_file("enforce", 0600, root, NULL, in ipe_init_securityfs()
223 policy_root = securityfs_create_dir("policies", root); in ipe_init_securityfs()
236 dentry = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops); in ipe_init_securityfs()
244 securityfs_remove(root); in ipe_init_securityfs()
|
| A D | policy.c | 93 int ipe_update_policy(struct inode *root, const char *text, size_t textlen, in ipe_update_policy() argument
99 old = (struct ipe_policy *)root->i_private; in ipe_update_policy()
117 root->i_private = new; in ipe_update_policy()
|
| A D | Kconfig | 57 bool "Enable support for dm-verity based on root hash"
62 volume is evaluated, and the volume's root hash matches the value
66 bool "Enable support for dm-verity based on root hash signature"
71 volume, which has been mounted with a valid signed root hash,
|
| A D | policy.h | 93 int ipe_update_policy(struct inode *root, const char *text, size_t textlen,
|
| A D | hooks.c | 194 ipe_sb(current->fs->root.mnt->mnt_sb)->initramfs = true; in ipe_unpack_initramfs()
|
| /security/landlock/ |
| A D | ruleset.c | 211 struct rb_root *root; in insert_rule() local
221 root = get_root(ruleset, id.type); in insert_rule()
222 if (IS_ERR(root)) in insert_rule()
223 return PTR_ERR(root); in insert_rule()
225 walker_node = &root->rb_node; in insert_rule()
268 rb_replace_node(&this->node, &new_rule->node, root); in insert_rule()
281 rb_insert_color(&new_rule->node, root); in insert_rule()
586 const struct rb_root *root; in landlock_find_rule() local
589 root = get_root((struct landlock_ruleset *)ruleset, id.type); in landlock_find_rule()
590 if (IS_ERR(root)) in landlock_find_rule()
[all …]
|
| /security/apparmor/ |
| A D | path.c | 120 struct path root; in d_namespace_path() local
121 get_fs_root(current->fs, &root); in d_namespace_path()
122 res = __d_path(path, &root, buf, buflen); in d_namespace_path()
123 path_put(&root); in d_namespace_path()
|
| A D | apparmorfs.c | 2098 AA_BUG(!root); in __next_ns()
2111 while (ns != root) { in __next_ns()
2136 AA_BUG(!root); in __first_profile()
2203 return __first_profile(root, __next_ns(root, profile->ns)); in next_profile()
2220 f->private = root; in p_start()
2223 mutex_lock_nested(&root->lock, root->level); in p_start()
2224 profile = __first_profile(root, root); in p_start()
2262 struct aa_ns *root = f->private, *ns; in p_stop() local
2268 mutex_unlock(&root->lock); in p_stop()
2269 aa_put_ns(root); in p_stop()
[all …]
|
| A D | domain.c | 1059 struct aa_profile *root, *hat = NULL; in build_change_hat() local
1064 root = aa_get_profile_rcu(&profile->parent); in build_change_hat()
1066 root = aa_get_profile(profile); in build_change_hat()
1073 hat = aa_find_child(root, name); in build_change_hat()
1085 aa_put_profile(root); in build_change_hat()
1109 struct aa_profile *profile, *root, *hat = NULL; in change_hat() local
1128 root = aa_get_profile_rcu(&profile->parent); in change_hat()
1130 root = aa_get_profile(profile); in change_hat()
1136 hat = aa_find_child(root, name); in change_hat()
1137 aa_put_profile(root); in change_hat()
|
| A D | label.c | 614 rb_erase(&label->node, &ls->root); in __label_remove()
649 rb_replace_node(&old->node, &new->node, &ls->root); in __label_replace()
684 new = &ls->root.rb_node; in __label_insert()
711 rb_insert_color(&label->node, &ls->root); in __label_insert()
738 node = vec_labelset(vec, n)->root.rb_node; in __vec_find()
1144 node = ls->root.rb_node; in __label_find_merge()
1963 for (node = rb_first(&ls->root); node; node = rb_first(&ls->root)) { in aa_labelset_destroy()
1983 ls->root = RB_ROOT; in aa_labelset_init()
|
| /security/loadpin/ |
| A D | Kconfig | 11 have a root filesystem backed by a read-only device such as
30 that use dm-verity. LoadPin maintains a list of verity root
32 considered trusted if its root digest is found in the list
38 parameter. The file must be located on the pinned root and
|
| /security/ |
| A D | commoncap.c | 418 uid_t root, mappedroot; in cap_inode_getsecurity() local
441 root = 0; in cap_inode_getsecurity()
444 root = le32_to_cpu(nscap->rootid); in cap_inode_getsecurity()
450 kroot = make_kuid(fs_ns, root); in cap_inode_getsecurity()
877 kuid_t root, bool has_fcap) in nonroot_raised_pE() argument
883 (__is_eff(root, new) || __is_real(root, new)) && in nonroot_raised_pE()
886 __is_suid(root, new) && in nonroot_raised_pE()
|
| A D | Kconfig | 155 correctly. This level of protection requires a root of trust outside
|
| /security/apparmor/include/ |
| A D | policy_ns.h | 94 struct aa_ns *aa_prepare_ns(struct aa_ns *root, const char *name);
|
| A D | label.h | 75 struct rb_root root; member
79 for ((N) = rb_first(&(LS)->root); (N); (N) = rb_next(N))
|
| /security/integrity/evm/ |
| A D | Kconfig | 55 When this option is enabled, root can add additional xattrs to the
|
| /security/selinux/ |
| A D | hooks.c | 513 struct dentry *root = sb->s_root; in sb_check_xattr_support() local
514 struct inode *root_inode = d_backing_inode(root); in sb_check_xattr_support()
531 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0); in sb_check_xattr_support()
562 struct dentry *root = sb->s_root; in sb_finish_set_opts() local
563 struct inode *root_inode = d_backing_inode(root); in sb_finish_set_opts()
585 rc = inode_doinit_with_dentry(root_inode, root); in sb_finish_set_opts()
642 struct dentry *root = sb->s_root; in selinux_set_mnt_opts() local
690 root_isec = backing_inode_security_novalidate(root); in selinux_set_mnt_opts()
1118 struct dentry *root = sb->s_root; in selinux_sb_show_options() local
1119 struct inode_security_struct *isec = backing_inode_security(root); in selinux_sb_show_options()
|
| /security/integrity/ima/ |
| A D | Kconfig | 142 This option allows the root user to see the current policy rules.
|
| /security/keys/ |
| A D | keyring.c | 732 ptr = READ_ONCE(keyring->keys.root); in search_nested_keyrings()
|
| /security/smack/ |
| A D | smack_lsm.c | 785 struct dentry *root = sb->s_root; in smack_set_mnt_opts() local
786 struct inode *inode = d_backing_inode(root); in smack_set_mnt_opts()
|