| /security/apparmor/ |
| A D | policy_compat.c | 56 #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) argument
166 for (state = 0; state < state_count; state++) { in compute_fperms()
167 table[state * 2] = compute_fperms_user(dfa, state); in compute_fperms()
168 table[state * 2 + 1] = compute_fperms_other(dfa, state); in compute_fperms()
178 int state; in compute_xmatch_perms() local
191 for (state = 1; state < state_count; state++) in compute_xmatch_perms()
192 perms[state].allow = dfa_user_allow(xmatch, state); in compute_xmatch_perms()
266 for (state = 1; state < state_count; state++) in compute_perms()
267 table[state] = compute_perms_entry(dfa, state, version); in compute_perms()
289 for (state = 0; state < state_count; state++) { in remap_dfa_accept()
[all …]
|
| A D | match.c | 425 (state) = (def)[(state)]; \
475 return state; in aa_dfa_match_len()
599 state = def[state]; in aa_dfa_match_until()
610 state = def[state]; in aa_dfa_match_until()
661 state = def[state]; in aa_dfa_matchn_until()
672 state = def[state]; in aa_dfa_matchn_until()
745 state = def[state]; in leftmatch_fb()
747 state = aa_dfa_match(dfa, state, str); in leftmatch_fb()
764 state = def[state]; in leftmatch_fb()
766 state = aa_dfa_match(dfa, state, str); in leftmatch_fb()
[all …]
|
| A D | af_unix.c | 74 state = aa_dfa_match_len(dfa, state, addr->sun_path, in match_addr()
77 state = aa_dfa_match_len(dfa, state, ANONYMOUS_ADDR, 1); in match_addr()
79 state = aa_dfa_null_transition(dfa, state); in match_addr()
93 if (state) { in match_to_local()
94 state = match_addr(policy->dfa, state, addr, addrlen); in match_to_local()
97 state = aa_dfa_null_transition(policy->dfa, state); in match_to_local()
145 state = match_to_sk(policy, state, request, u, p, info); in match_to_cmd()
147 state = aa_dfa_match_len(policy->dfa, state, &cmd, 1); in match_to_cmd()
184 state = aa_dfa_match(rule->policy->dfa, state, in match_label()
309 state = aa_dfa_match_len(rules->policy->dfa, state, in profile_listen_perm()
[all …]
|
| A D | net.c | 175 if (state || !p) in aa_do_perms()
228 state = aa_dfa_match_be16(policy->dfa, state, (u16)af); in aa_match_to_prot()
229 if (!state) { in aa_match_to_prot()
231 return state; in aa_match_to_prot()
233 state = aa_dfa_match_be16(policy->dfa, state, (u16)type); in aa_match_to_prot()
234 if (state) { in aa_match_to_prot()
238 state = aa_dfa_match_be16(policy->dfa, state, (u16)protocol); in aa_match_to_prot()
239 if (!state) in aa_match_to_prot()
246 return state; in aa_match_to_prot()
256 aa_state_t state; in aa_profile_af_perm() local
[all …]
|
| A D | mount.c | 206 state = aa_dfa_next(dfa, state, i + 1); in match_mnt_flags()
239 state = aa_dfa_null_transition(policy->dfa, state); in do_match_mnt()
240 if (!state) in do_match_mnt()
244 state = aa_dfa_match(policy->dfa, state, devname); in do_match_mnt()
245 state = aa_dfa_null_transition(policy->dfa, state); in do_match_mnt()
246 if (!state) in do_match_mnt()
250 state = aa_dfa_match(policy->dfa, state, type); in do_match_mnt()
251 state = aa_dfa_null_transition(policy->dfa, state); in do_match_mnt()
255 state = match_mnt_flags(policy->dfa, state, flags); in do_match_mnt()
264 state = aa_dfa_null_transition(policy->dfa, state); in do_match_mnt()
[all …]
|
| A D | domain.c | 100 state = aa_dfa_match(rules->file->dfa, state, "&"); in match_component()
106 state = aa_dfa_match_len(rules->file->dfa, state, ":", 1); in match_component()
107 state = aa_dfa_match(rules->file->dfa, state, ns_name); in match_component()
108 state = aa_dfa_match_len(rules->file->dfa, state, ":", 1); in match_component()
142 state = match_component(profile, tp, stack, state); in label_compound_match()
143 if (!state) in label_compound_match()
156 state = aa_dfa_match(rules->file->dfa, state, "//&"); in label_compound_match()
157 state = match_component(profile, tp, false, state); in label_compound_match()
158 if (!state) in label_compound_match()
207 if (!state) in label_components_match()
[all …]
|
| A D | capability.c | 125 aa_state_t state; in profile_capable() local
128 state = RULE_MEDIATES(rules, ad->class); in profile_capable()
129 if (state) { in profile_capable()
134 state = aa_dfa_next(rules->policy->dfa, state, cap >> 5); in profile_capable()
136 perms = *aa_lookup_perms(rules->policy, state); in profile_capable()
197 aa_state_t state; in aa_profile_capget() local
199 state = RULE_MEDIATES(rules, AA_CLASS_CAP); in aa_profile_capget()
200 if (state) { in aa_profile_capget()
209 tmp = aa_dfa_next(rules->policy->dfa, state, i); in aa_profile_capget()
|
| A D | ipc.c | 85 aa_state_t state; in profile_signal_perm() local
93 state = RULE_MEDIATES(rules, AA_CLASS_SIGNAL); in profile_signal_perm()
94 if (!state) in profile_signal_perm()
96 state = aa_dfa_next(rules->policy->dfa, state, ad->signal); in profile_signal_perm()
97 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
|
| A D | label.c | 1265 state = aa_dfa_match_len(rules->policy->dfa, state, ":", 1); in match_component()
1266 state = aa_dfa_match(rules->policy->dfa, state, ns_name); in match_component()
1267 state = aa_dfa_match_len(rules->policy->dfa, state, ":", 1); in match_component()
1300 state = match_component(profile, rules, tp, state); in label_compound_match()
1301 if (!state) in label_compound_match()
1314 state = aa_dfa_match(rules->policy->dfa, state, "//&"); in label_compound_match()
1315 state = match_component(profile, rules, tp, state); in label_compound_match()
1316 if (!state) in label_compound_match()
1328 return state; in label_compound_match()
1363 if (!state) in label_components_match()
[all …]
|
| A D | file.c | 183 aa_state_t state, struct path_cond *cond) in aa_lookup_condperms() argument
185 unsigned int index = ACCEPT_TABLE(rules->dfa)[state]; in aa_lookup_condperms()
190 if ((ACCEPT_TABLE2(rules->dfa)[state] & ACCEPT_FLAG_OWNER)) { in aa_lookup_condperms()
213 aa_state_t state; in aa_str_perms() local
214 state = aa_dfa_match(file_rules->dfa, start, name); in aa_str_perms()
215 *perms = *(aa_lookup_condperms(current_fsuid(), file_rules, state, in aa_str_perms()
218 return state; in aa_str_perms()
330 aa_state_t state; in profile_path_link() local
348 state = aa_str_perms(rules->file, in profile_path_link()
356 state = aa_dfa_null_transition(rules->file->dfa, state); in profile_path_link()
[all …]
|
| A D | task.c | 327 aa_state_t state; in aa_profile_ns_perm() local
329 state = RULE_MEDIATES(rules, ad->class); in aa_profile_ns_perm()
330 if (!state) in aa_profile_ns_perm()
333 perms = *aa_lookup_perms(rules->policy, state); in aa_profile_ns_perm()
|
| A D | lib.c | 392 aa_state_t state; in aa_profile_match_label() local
394 state = aa_dfa_next(rules->policy->dfa, in aa_profile_match_label()
397 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
|
| /security/lockdown/ |
| A D | lockdown.c | 125 char *state; in lockdown_write() local
128 state = memdup_user_nul(buf, n); in lockdown_write()
129 if (IS_ERR(state)) in lockdown_write()
130 return PTR_ERR(state); in lockdown_write()
132 len = strlen(state); in lockdown_write()
133 if (len && state[len-1] == '\n') { in lockdown_write()
134 state[len-1] = '\0'; in lockdown_write()
142 if (label && !strcmp(state, label)) in lockdown_write()
146 kfree(state); in lockdown_write()
|
| /security/apparmor/include/ |
| A D | policy.h | 134 aa_state_t state) in aa_lookup_perms() argument
136 unsigned int index = ACCEPT_TABLE(policy->dfa)[state]; in aa_lookup_perms()
325 aa_state_t state = RULE_MEDIATES(rules, AA_CLASS_NETV9); in RULE_MEDIATES_NET() local
328 if (!state) in RULE_MEDIATES_NET()
329 state = RULE_MEDIATES(rules, AA_CLASS_NET); in RULE_MEDIATES_NET()
331 return state; in RULE_MEDIATES_NET()
|
| A D | label.h | 320 aa_state_t state; in aa_label_strn_split() local
322 state = aa_dfa_matchn_until(stacksplitdfa, DFA_START, str, n, &pos); in aa_label_strn_split()
323 if (!ACCEPT_TABLE(stacksplitdfa)[state]) in aa_label_strn_split()
332 aa_state_t state; in aa_label_str_split() local
334 state = aa_dfa_match_until(stacksplitdfa, DFA_START, str, &pos); in aa_label_str_split()
335 if (!ACCEPT_TABLE(stacksplitdfa)[state]) in aa_label_str_split()
346 struct aa_label *label, aa_state_t state, bool subns,
|
| A D | net.h | 89 aa_state_t state, u32 request, struct aa_perms *p,
92 aa_state_t aa_match_to_prot(struct aa_policydb *policy, aa_state_t state,
|
| A D | match.h | 131 aa_state_t aa_dfa_next(struct aa_dfa *dfa, aa_state_t state, const char c);
132 aa_state_t aa_dfa_outofband_transition(struct aa_dfa *dfa, aa_state_t state);
|
| A D | af_unix.h | 31 #define is_unix_connected(S) ((S)->state == SS_CONNECTED)
|
| A D | file.h | 82 aa_state_t state, struct path_cond *cond);
|
| /security/keys/ |
| A D | gc.c | 140 short state = key->state; in key_gc_unused_keys() local
153 if (state == KEY_IS_POSITIVE && key->type->destroy) in key_gc_unused_keys()
159 if (state != KEY_IS_UNINSTANTIATED) in key_gc_unused_keys()
|
| A D | proc.c | 161 short state; in proc_keys_show() local
220 state = key_read_state(key); in proc_keys_show()
228 state != KEY_IS_UNINSTANTIATED ? 'I' : '-', in proc_keys_show()
233 state < 0 ? 'N' : '-', in proc_keys_show()
|
| A D | keyring.c | 579 short state = READ_ONCE(key->state); in keyring_search_iterator() local
625 if (state < 0) { in keyring_search_iterator()
626 ctx->result = ERR_PTR(state); in keyring_search_iterator()
|
| /security/selinux/ss/ |
| A D | services.c | 2217 struct selinux_state *state = &selinux_state; in selinux_policy_cancel() local
2221 lockdep_is_held(&state->policy_mutex)); in selinux_policy_cancel()
2241 struct selinux_state *state = &selinux_state; in selinux_policy_commit() local
2247 lockdep_is_held(&state->policy_mutex)); in selinux_policy_commit()
2349 lockdep_is_held(&state->policy_mutex)); in security_load_policy()
3109 lockdep_is_held(&state->policy_mutex)); in security_set_bools()
3210 booldatum->state = bvalues[i]; in security_preserve_bools()
3631 policy = rcu_dereference(state->policy); in selinux_audit_rule_init()
3728 policy = rcu_dereference(state->policy); in selinux_audit_rule_match()
4036 state->policy, lockdep_is_held(&state->policy_mutex)); in security_read_policy()
[all …]
|
| A D | conditional.c | 40 s[sp] = p->bool_val_to_struct[node->boolean - 1]->state; in cond_evaluate_expr()
204 if (!(b->state == 0 || b->state == 1)) in bool_isvalid()
226 booldatum->state = le32_to_cpu(buf[1]); in cond_read_bool()
457 buf[1] = cpu_to_le32(booldatum->state); in cond_write_bool()
|
| /security/smack/ |
| A D | smack_netfilter.c | 23 const struct nf_hook_state *state) in smack_ip_output() argument
|