/security/apparmor/include/ |
H A D | resource.h | 26 * @mask: which hard limits to set 30 * limits specified in @mask will be controlled by apparmor. 33 unsigned int mask; member in struct:aa_rlimit
|
H A D | file.h | 79 * @allow: mask of permissions that are allowed 80 * @audit: mask of permissions to force an audit message for 81 * @quiet: mask of permissions to quiet audit messages for 82 * @kill: mask of permissions that when matched will kill the task 85 * The @audit and @queit mask should be mutually exclusive. 102 static inline u16 dfa_map_xindex(u16 mask) argument 104 u16 old_index = (mask >> 10) & 0xf; 107 if (mask & 0x100) 109 if (mask & 0x200) 111 if (mask [all...] |
/security/apparmor/ |
H A D | resource.c | 28 AA_FS_FILE_STRING("mask", AA_FS_RLIMIT_MASK), 107 (profile->rlimits.mask & (1 << resource) && 123 unsigned int mask = 0; local 130 if (old->rlimits.mask) { 131 for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) { 132 if (old->rlimits.mask & mask) { 142 if (!new->rlimits.mask) 144 for (i = 0, mask [all...] |
H A D | file.c | 26 * audit_file_mask - convert mask to permission string 28 * @mask: permission mask to convert 30 static void audit_file_mask(struct audit_buffer *ab, u32 mask) argument 36 if (mask & AA_EXEC_MMAP) 38 if (mask & (MAY_READ | AA_MAY_META_READ)) 40 if (mask & (MAY_WRITE | AA_MAY_META_WRITE | AA_MAY_CHMOD | 43 else if (mask & MAY_APPEND) 45 if (mask & AA_MAY_CREATE) 47 if (mask 124 u32 mask = perms->audit; local [all...] |
H A D | lsm.c | 157 * @mask: requested permissions mask 162 static int common_perm(int op, struct path *path, u32 mask, argument 170 error = aa_path_perm(op, profile, path, 0, mask, cond); 180 * @mask: requested permissions mask 186 struct dentry *dentry, u32 mask, 191 return common_perm(op, &path, mask, cond); 199 * @mask: requested permissions mask 185 common_perm_dir_dentry(int op, struct path *dir, struct dentry *dentry, u32 mask, struct path_cond *cond) argument 203 common_perm_mnt_dentry(int op, struct vfsmount *mnt, struct dentry *dentry, u32 mask) argument 223 common_perm_rm(int op, struct path *dir, struct dentry *dentry, u32 mask) argument 248 common_perm_create(int op, struct path *dir, struct dentry *dentry, u32 mask, umode_t mode) argument 426 common_file_perm(int op, struct file *file, u32 mask) argument 454 apparmor_file_permission(struct file *file, int mask) argument 461 u32 mask = AA_MAY_LOCK; local 472 int mask = 0; local [all...] |
/security/integrity/ima/ |
H A D | ima_api.c | 159 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) 163 * subj=, obj=, type=, func=, mask=, fsmagic= 166 * mask: contains the permission mask 169 * Returns IMA_MEASURE, IMA_APPRAISE mask. 172 int ima_get_action(struct inode *inode, int mask, int function) argument 179 return ima_match_policy(inode, function, mask, flags);
|
H A D | ima_appraise.c | 40 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) argument 45 return ima_match_policy(inode, func, mask, IMA_APPRAISE);
|
H A D | ima_main.c | 156 static int process_measurement(struct file *file, int mask, int function, argument 176 action = ima_get_action(inode, mask, function); 245 if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG)) 296 * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE 303 int ima_file_check(struct file *file, int mask, int opened) argument 306 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
|
H A D | ima.h | 131 int ima_get_action(struct inode *inode, int mask, int function); 132 int ima_must_measure(struct inode *inode, int mask, int function); 155 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, 175 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 195 static inline int ima_must_appraise(struct inode *inode, int mask, argument
|
H A D | ima_policy.c | 50 int mask; member in struct:ima_rule_entry 64 * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner 82 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 84 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 86 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, .uid = GLOBAL_ROOT_UID, 162 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) 167 struct inode *inode, enum ima_hooks func, int mask) 177 (rule->mask != mask && func != POST_SETATTR)) 259 * @mask 166 ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, enum ima_hooks func, int mask) argument 268 ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, int flags) argument [all...] |
/security/selinux/ss/ |
H A D | avtab.c | 29 static inline int avtab_hash(struct avtab_key *keyp, u16 mask) argument 32 (keyp->source_type << 9)) & mask); 80 hvalue = avtab_hash(key, h->mask); 111 * key/specified mask into the table, as needed by the conditional avtab. 123 hvalue = avtab_hash(key, h->mask); 154 hvalue = avtab_hash(key, h->mask); 189 hvalue = avtab_hash(key, h->mask); 262 h->mask = 0; 274 u16 mask = 0; local 291 mask [all...] |
H A D | avtab.h | 80 u16 mask; /* mask to compute hash func */ member in struct:avtab
|
H A D | policydb.h | 184 u32 mask; member in struct:ocontext::__anon27::__anon29 188 u32 mask[4]; member in struct:ocontext::__anon27::__anon30
|
H A D | services.c | 516 u32 mask = (1 << index); local 518 if ((mask & permissions) == 0) 610 /* mask violated permissions */ 744 * constraint, lazy checks have to mask any violated 2239 static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask) argument 2244 if (addr[i] != (input[i] & mask[i])) { 2281 if (c->u.node.addr == (addr & c->u.node.mask)) 2295 c->u.node6.mask))
|
/security/ |
H A D | device_cgroup.c | 314 * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD) 349 * @access: permission mask (ACC_READ, ACC_WRITE, ACC_MKNOD) 836 int __devcgroup_inode_permission(struct inode *inode, int mask) argument 844 if (mask & MAY_WRITE) 846 if (mask & MAY_READ)
|
H A D | capability.c | 159 umode_t mask) 182 umode_t mask) 215 static int cap_inode_permission(struct inode *inode, int mask) argument 329 static int cap_file_permission(struct file *file, int mask) argument 158 cap_inode_create(struct inode *inode, struct dentry *dentry, umode_t mask) argument 181 cap_inode_mkdir(struct inode *inode, struct dentry *dentry, umode_t mask) argument
|
H A D | security.c | 588 int security_inode_permission(struct inode *inode, int mask) argument 592 return security_ops->inode_permission(inode, mask); 706 int security_file_permission(struct file *file, int mask) argument 710 ret = security_ops->file_permission(file, mask); 714 return fsnotify_perm(file, mask);
|
/security/smack/ |
H A D | smackfs.c | 1169 struct in_addr mask; local 1180 * "<addr/mask, as a.b.c.d/e><space><label>" 1246 mask.s_addr = cpu_to_be32(temp_mask); 1248 newname.sin_addr.s_addr &= mask.s_addr; 1260 snp->smk_mask.s_addr == mask.s_addr) { 1274 snp->smk_mask.s_addr = mask.s_addr;
|
H A D | smack_lsm.c | 967 * @mask: the access requested 973 static int smack_inode_permission(struct inode *inode, int mask) argument 976 int no_block = mask & MAY_NOT_BLOCK; 979 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 983 if (mask == 0) 991 rc = smk_curacc(smk_of_inode(inode), mask, &ad); 992 rc = smk_bu_inode(inode, mask, rc); 1323 * @mask: unused 1334 static int smack_file_permission(struct file *file, int mask) argument 2113 * the list is sorted from longest to shortest mask [all...] |
/security/selinux/ |
H A D | hooks.c | 513 /* make sure we always check enough bits to cover the mask */ 1863 /* Convert a Linux mode and permission mask to an access vector. */ 1864 static inline u32 file_mask_to_av(int mode, int mask) argument 1869 if (mask & MAY_EXEC) 1871 if (mask & MAY_READ) 1874 if (mask & MAY_APPEND) 1876 else if (mask & MAY_WRITE) 1880 if (mask & MAY_EXEC) 1882 if (mask & MAY_WRITE) 1884 if (mask 2835 selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask) argument 2889 selinux_inode_permission(struct inode *inode, int mask) argument 3199 selinux_revalidate_file_permission(struct file *file, int mask) argument 3212 selinux_file_permission(struct file *file, int mask) argument [all...] |