| /linux-6.3-rc2/security/apparmor/ |
| A D | resource.c | 87 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_setrlimit() local
88 typeof(*rules), list); in profile_setrlimit()
92 rules->rlimits.limits[resource].rlim_max) in profile_setrlimit()
160 struct aa_ruleset *rules = list_first_entry(&old->rules, in __aa_transition_rlimits() local
161 typeof(*rules), in __aa_transition_rlimits()
163 if (rules->rlimits.mask) { in __aa_transition_rlimits()
168 if (rules->rlimits.mask & mask) { in __aa_transition_rlimits()
180 struct aa_ruleset *rules = list_first_entry(&new->rules, in __aa_transition_rlimits() local
181 typeof(*rules), in __aa_transition_rlimits()
185 if (!rules->rlimits.mask) in __aa_transition_rlimits()
[all …]
|
| A D | net.c | 111 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_af_perm() local
112 typeof(*rules), list); in aa_profile_af_perm()
122 state = RULE_MEDIATES(rules, AA_CLASS_NET); in aa_profile_af_perm()
221 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_secmark_perm() local
222 typeof(*rules), list); in aa_secmark_perm()
224 if (rules->secmark_count == 0) in aa_secmark_perm()
227 for (i = 0; i < rules->secmark_count; i++) { in aa_secmark_perm()
228 if (!rules->secmark[i].secid) { in aa_secmark_perm()
234 if (rules->secmark[i].secid == secid || in aa_secmark_perm()
236 if (rules->secmark[i].deny) in aa_secmark_perm()
[all …]
|
| A D | capability.c | 67 struct aa_ruleset *rules = list_first_entry(&profile->rules, in audit_caps() local
68 typeof(*rules), list); in audit_caps()
77 !cap_raised(rules->caps.audit, cap))) in audit_caps()
81 cap_raised(rules->caps.kill, cap)) { in audit_caps()
83 } else if (cap_raised(rules->caps.quiet, cap) && in audit_caps()
119 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_capable() local
120 typeof(*rules), list); in profile_capable()
123 if (cap_raised(rules->caps.allow, cap) && in profile_capable()
124 !cap_raised(rules->caps.denied, cap)) in profile_capable()
|
| A D | policy_unpack.c | 574 if (!rules->secmark) in unpack_secmark()
596 if (rules->secmark) { in unpack_secmark()
599 kfree(rules->secmark); in unpack_secmark()
840 rules = list_first_entry(&profile->rules, typeof(*rules), list); in unpack_profile()
978 if (aa_dfa_next(rules->policy.dfa, rules->policy.start[0], in unpack_profile()
1006 rules->file.dfa = aa_get_dfa(rules->policy.dfa); in unpack_profile()
1007 rules->file.start[AA_CLASS_FILE] = rules->policy.start[AA_CLASS_FILE]; in unpack_profile()
1210 struct aa_ruleset *rules = list_first_entry(&profile->rules, in verify_profile() local
1212 if (!rules) in verify_profile()
1215 if ((rules->file.dfa && !verify_dfa_xindex(rules->file.dfa, in verify_profile()
[all …]
|
| A D | domain.c | 84 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_component() local
85 typeof(*rules), list); in match_component()
122 struct aa_ruleset *rules = list_first_entry(&profile->rules, in label_compound_match() local
123 typeof(*rules), list); in label_compound_match()
184 struct aa_ruleset *rules = list_first_entry(&profile->rules, in label_components_match() local
185 typeof(*rules), list); in label_components_match()
508 struct aa_ruleset *rules = list_first_entry(&profile->rules, in x_table_lookup() local
559 struct aa_ruleset *rules = list_first_entry(&profile->rules, in x_to_label() local
627 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_transition() local
727 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_onexec() local
[all …]
|
| A D | mount.c | 306 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt_path_str() local
307 typeof(*rules), list); in match_mnt_path_str()
329 pos = do_match_mnt(&rules->policy, in match_mnt_path_str()
363 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt() local
364 typeof(*rules), list); in match_mnt()
572 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_umount() local
573 typeof(*rules), list); in profile_umount()
590 state = aa_dfa_match(rules->policy.dfa, in profile_umount()
633 struct aa_ruleset *rules = list_first_entry(&profile->rules, in build_pivotroot() local
634 typeof(*rules), list); in build_pivotroot()
[all …]
|
| A D | ipc.c | 81 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_signal_perm() local
82 typeof(*rules), list); in profile_signal_perm()
87 !ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL)) in profile_signal_perm()
92 state = aa_dfa_next(rules->policy.dfa, in profile_signal_perm()
93 rules->policy.start[AA_CLASS_SIGNAL], in profile_signal_perm()
95 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
|
| A D | policy.c | 218 kfree_sensitive(rules); in free_ruleset()
223 struct aa_ruleset *rules; in aa_alloc_ruleset() local
225 rules = kzalloc(sizeof(*rules), gfp); in aa_alloc_ruleset()
226 if (rules) in aa_alloc_ruleset()
227 INIT_LIST_HEAD(&rules->list); in aa_alloc_ruleset()
229 return rules; in aa_alloc_ruleset()
296 struct aa_ruleset *rules; in aa_alloc_profile() local
312 if (!rules) in aa_alloc_profile()
314 list_add(&rules->list, &profile->rules); in aa_alloc_profile()
584 struct aa_ruleset *rules; in aa_alloc_null() local
[all …]
|
| A D | file.c | 215 struct aa_ruleset *rules = list_first_entry(&profile->rules, in __aa_path_perm() local
216 typeof(*rules), list); in __aa_path_perm()
221 aa_str_perms(&(rules->file), rules->file.start[AA_CLASS_FILE], in __aa_path_perm()
309 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_path_link() local
310 typeof(*rules), list); in profile_path_link()
331 state = aa_str_perms(&(rules->file), in profile_path_link()
332 rules->file.start[AA_CLASS_FILE], lname, in profile_path_link()
339 state = aa_dfa_null_transition(rules->file.dfa, state); in profile_path_link()
340 aa_str_perms(&(rules->file), state, tname, cond, &perms); in profile_path_link()
362 aa_str_perms(&(rules->file), rules->file.start[AA_CLASS_FILE], in profile_path_link()
|
| A D | task.c | 232 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_ptrace_perm() local
233 typeof(*rules), list); in profile_ptrace_perm()
237 aa_profile_match_label(profile, rules, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
248 !ANY_RULE_MEDIATES(&tracee->rules, AA_CLASS_PTRACE)) in profile_tracee_perm()
261 if (ANY_RULE_MEDIATES(&tracer->rules, AA_CLASS_PTRACE)) in profile_tracer_perm()
|
| A D | lib.c | 335 struct aa_ruleset *rules, in aa_profile_match_label() argument
342 state = aa_dfa_next(rules->policy.dfa, in aa_profile_match_label()
343 rules->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
345 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
354 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_label_perm() local
355 typeof(*rules), list); in aa_profile_label_perm()
362 aa_profile_match_label(profile, rules, &target->label, type, request, in aa_profile_label_perm()
|
| /linux-6.3-rc2/Documentation/admin-guide/aoe/ |
| A D | udev.txt | 1 # These rules tell udev what device nodes to create for aoe support.
11 # udev_rules="/etc/udev/rules.d/"
12 # bash# ls /etc/udev/rules.d/
13 # 10-wacom.rules 50-udev.rules
15 # /etc/udev/rules.d/60-aoe.rules
|
| A D | examples.rst | 1 Example of udev rules
7 Example of udev install rules script
|
| /linux-6.3-rc2/tools/perf/util/ |
| A D | strfilter.c | 160 struct strfilter *strfilter__new(const char *rules, const char **err) in strfilter__new() argument
166 filter->root = strfilter_node__new(rules, &ep); in strfilter__new()
179 const char *rules, const char **err) in strfilter__append() argument
184 if (!filter || !rules) in strfilter__append()
187 right = strfilter_node__new(rules, &ep); in strfilter__append()
207 int strfilter__or(struct strfilter *filter, const char *rules, const char **err) in strfilter__or() argument
209 return strfilter__append(filter, true, rules, err); in strfilter__or()
212 int strfilter__and(struct strfilter *filter, const char *rules, in strfilter__and() argument
215 return strfilter__append(filter, false, rules, err); in strfilter__and()
|
| A D | strfilter.h | 30 struct strfilter *strfilter__new(const char *rules, const char **err);
43 const char *rules, const char **err);
56 const char *rules, const char **err);
|
| /linux-6.3-rc2/security/apparmor/include/ |
| A D | policy.h | 211 struct list_head rules; member
275 static inline aa_state_t RULE_MEDIATES(struct aa_ruleset *rules, in RULE_MEDIATES() argument
279 return rules->policy.start[class]; in RULE_MEDIATES()
281 return aa_dfa_match_len(rules->policy.dfa, in RULE_MEDIATES()
282 rules->policy.start[0], &class, 1); in RULE_MEDIATES()
285 static inline aa_state_t RULE_MEDIATES_AF(struct aa_ruleset *rules, u16 AF) in RULE_MEDIATES_AF() argument
287 aa_state_t state = RULE_MEDIATES(rules, AA_CLASS_NET); in RULE_MEDIATES_AF()
292 return aa_dfa_match_len(rules->policy.dfa, state, (char *) &be_af, 2); in RULE_MEDIATES_AF()
|
| /linux-6.3-rc2/net/netfilter/ |
| A D | nft_set_pipapo.h | 123 unsigned long rules; member
179 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
252 unsigned long rules; in pipapo_estimate_size() local
261 rules = ilog2(desc->field_len[i] * BITS_PER_BYTE) * 2; in pipapo_estimate_size()
262 entry_size += rules * in pipapo_estimate_size()
265 entry_size += rules * sizeof(union nft_pipapo_map_bucket); in pipapo_estimate_size()
|
| A D | nft_set_pipapo.c | 378 if (unlikely(i >= rules)) { in pipapo_refill()
672 if (rules > old_rules) { in pipapo_resize()
906 ret = pipapo_resize(f, f->rules - 1, f->rules); in pipapo_insert()
1228 rulemap[i].to = f->rules;
1390 for (r = first; r < f->rules; r++) {
1452 for (i = start; i < rules - n; i++)
1520 if (pipapo_resize(f, f->rules, f->rules - rulemap[i].n)) {
1526 f->rules -= rulemap[i].n;
1969 for (r = 0; r < f->rules; r++) {
2099 f->rules = 0;
[all …]
|
| /linux-6.3-rc2/drivers/net/ethernet/microchip/vcap/ |
| A D | Kconfig | 13 A VCAP is essentially a TCAM with rules consisting of
24 The VCAP implementation provides switchcore independent handling of rules
27 - Creating and deleting rules
28 - Updating and getting rules
32 access rules via the API in a platform independent way, with the
|
| /linux-6.3-rc2/tools/testing/selftests/landlock/ |
| A D | fs_test.c | 596 rules[i].path); in create_ruleset()
624 rules); in TEST_F_FORK()
1798 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
1904 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
1986 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2875 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
2912 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
3026 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
3071 create_ruleset(_metadata, rules[0].access, rules); in TEST_F_FORK()
3114 rules); in TEST_F_FORK()
[all …]
|
| /linux-6.3-rc2/drivers/net/ethernet/mellanox/mlx5/core/lib/ |
| A D | fs_ttc.c | 33 struct mlx5_ttc_rule rules[MLX5_NUM_TT]; member
47 if (!IS_ERR_OR_NULL(ttc->rules[i].rule)) { in mlx5_cleanup_ttc_rules()
48 mlx5_del_flow_rules(ttc->rules[i].rule); in mlx5_cleanup_ttc_rules()
49 ttc->rules[i].rule = NULL; in mlx5_cleanup_ttc_rules()
240 struct mlx5_ttc_rule *rules; in mlx5_generate_ttc_table_rules() local
246 rules = ttc->rules; in mlx5_generate_ttc_table_rules()
248 struct mlx5_ttc_rule *rule = &rules[tt]; in mlx5_generate_ttc_table_rules()
400 struct mlx5_ttc_rule *rules; in mlx5_generate_inner_ttc_table_rules() local
406 rules = ttc->rules; in mlx5_generate_inner_ttc_table_rules()
409 struct mlx5_ttc_rule *rule = &rules[tt]; in mlx5_generate_inner_ttc_table_rules()
[all …]
|
| /linux-6.3-rc2/security/smack/ |
| A D | Kconfig | 17 bool "Reporting on access granted by Smack rules"
21 Enable the bring-up ("b") access mode in Smack rules.
26 rules. The developer can use the information to
27 identify which rules are necessary and what accesses
54 delivering a signal in the Smack rules.
|
| /linux-6.3-rc2/drivers/net/ethernet/netronome/nfp/flower/ |
| A D | conntrack.c | 884 rules[i]); in nfp_fl_ct_add_offload()
895 rules[i]); in nfp_fl_ct_add_offload()
898 rules[i], NULL); in nfp_fl_ct_add_offload()
911 rules[i]); in nfp_fl_ct_add_offload()
922 rules[i]); in nfp_fl_ct_add_offload()
933 rules[i]); in nfp_fl_ct_add_offload()
944 rules[i]); in nfp_fl_ct_add_offload()
959 (void *)msk, rules[i]); in nfp_fl_ct_add_offload()
976 (void *)msk, rules[i]); in nfp_fl_ct_add_offload()
1000 (void *)msk, rules[i]); in nfp_fl_ct_add_offload()
[all …]
|
| /linux-6.3-rc2/samples/bpf/ |
| A D | cookie_uid_helper_example.c | 174 char rules[256]; in prog_attach_iptables() local
182 ret = snprintf(rules, sizeof(rules), in prog_attach_iptables()
185 if (ret < 0 || ret >= sizeof(rules)) { in prog_attach_iptables()
189 ret = system(rules); in prog_attach_iptables()
|
| /linux-6.3-rc2/kernel/ |
| A D | audit_watch.c | 43 struct list_head rules; /* anchor for krule->rlist */ member
109 WARN_ON(!list_empty(&watch->rules)); in audit_put_watch()
168 INIT_LIST_HEAD(&watch->rules); in audit_init_watch()
277 list_for_each_entry_safe(r, nextr, &owatch->rules, rlist) { in audit_update_watch()
298 list_add(&nentry->rule.rlist, &nwatch->rules); in audit_update_watch()
330 list_for_each_entry_safe(r, nextr, &w->rules, rlist) { in audit_remove_parent_watches()
395 list_add(&krule->rlist, &watch->rules); in audit_add_to_parent()
454 if (list_empty(&watch->rules)) { in audit_remove_watch_rule()
|