/security/keys/ |
H A D | persistent.c | 22 static int key_create_persistent_register(struct user_namespace *ns) argument 33 ns->persistent_keyring_register = reg; 42 static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid, argument 48 if (!ns->persistent_keyring_register) { 49 long err = key_create_persistent_register(ns); 53 reg_ref = make_key_ref(ns->persistent_keyring_register, true); 64 ns->persistent_keyring_register); 75 static long key_get_persistent(struct user_namespace *ns, kuid_t uid, argument 87 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid)); 89 if (ns 131 struct user_namespace *ns = current_user_ns(); local [all...] |
/security/apparmor/ |
H A D | procattr.c | 42 struct aa_namespace *ns = profile->ns; local 43 struct aa_namespace *current_ns = __aa_current_profile()->ns; 46 if (!aa_ns_visible(current_ns, ns)) 49 ns_name = aa_ns_name(current_ns, ns);
|
H A D | domain.c | 88 * @ns: the namespace being switched to (NOT NULL) 96 struct aa_namespace *ns, 110 } else if ((ns == profile->ns)) { 118 state = aa_dfa_match(profile->file.dfa, start, ns->base.name); 167 * @ns: the current namespace (NOT NULL) 173 static struct aa_profile *find_attach(struct aa_namespace *ns, argument 242 struct aa_namespace *ns = profile->ns; local 270 new_ns = aa_find_namespace(ns, ns_nam 95 change_profile_perms(struct aa_profile *profile, struct aa_namespace *ns, const char *name, u32 request, unsigned int start) argument 304 struct aa_namespace *ns = profile->ns; local 341 struct aa_namespace *ns; local 752 struct aa_namespace *ns = NULL; local [all...] |
H A D | apparmorfs.c | 421 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id); 428 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++); 477 void __aa_fs_namespace_rmdir(struct aa_namespace *ns) argument 483 if (!ns) 486 list_for_each_entry(child, &ns->base.profiles, base.list) 489 list_for_each_entry(sub, &ns->sub_ns, base.list) { 496 securityfs_remove(ns->dents[i]); 497 ns->dents[i] = NULL; 501 int __aa_fs_namespace_mkdir(struct aa_namespace *ns, struct dentry *parent, argument 510 name = ns 569 __next_namespace(struct aa_namespace *root, struct aa_namespace *ns) argument 605 __first_profile(struct aa_namespace *root, struct aa_namespace *ns) argument 628 struct aa_namespace *ns = p->ns; local 714 struct aa_namespace *ns = f->private; local 730 struct aa_namespace *root = f->private, *ns; local [all...] |
H A D | policy.c | 68 * eg. :ns:/bin/bash//bin/ls 243 * aa_na_name - Find the ns name to display for @view from @curr 256 /* at this point if a ns is visible it is in a view ns 257 * thus the curr ns.hname is a prefix of its name. 277 struct aa_namespace *ns; local 279 ns = kzalloc(sizeof(*ns), GFP_KERNEL); 280 AA_DEBUG("%s(%p)\n", __func__, ns); 281 if (!ns) 319 free_namespace(struct aa_namespace *ns) argument 360 struct aa_namespace *ns = NULL; local 377 struct aa_namespace *ns, *root; local 488 destroy_namespace(struct aa_namespace *ns) argument 512 __remove_namespace(struct aa_namespace *ns) argument 528 struct aa_namespace *ns, *tmp; local 555 struct aa_namespace *ns = root_ns; local 789 __lookup_parent(struct aa_namespace *ns, const char *hname) argument 852 aa_lookup_profile(struct aa_namespace *ns, const char *hname) argument 1040 __lookup_replace(struct aa_namespace *ns, const char *hname, bool noreplace, struct aa_profile **p, const char **info) argument 1071 struct aa_namespace *ns = NULL; local 1242 struct aa_namespace *root, *ns = NULL; local [all...] |
H A D | policy_unpack.c | 636 * @ns: Returns - namespace if one is specified else NULL (NOT NULL) 640 static int verify_header(struct aa_ext *e, int required, const char **ns) argument 644 *ns = NULL; 665 if (*ns && strcmp(*ns, name)) 666 audit_iface(NULL, NULL, "invalid ns change", e, error); 667 else if (!*ns) 668 *ns = name; 741 * @ns: Returns namespace profile is in if specified else NULL (NOT NULL) 749 int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns) argument [all...] |
H A D | lsm.c | 139 static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, argument 144 int error = cap_capable(cred, ns, cap, audit);
|
/security/selinux/ |
H A D | netif.c | 48 * @ns: the network namespace 56 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) argument 58 return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1)); 63 * @ns: the network namespace 71 static inline struct sel_netif *sel_netif_find(const struct net *ns, argument 74 int idx = sel_netif_hashfn(ns, ifindex); 78 if (net_eq(netif->nsec.ns, ns) && 101 idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex); 125 * @ns 136 sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) argument 203 sel_netif_sid(struct net *ns, int ifindex, u32 *sid) argument 229 sel_netif_kill(const struct net *ns, int ifindex) argument [all...] |
H A D | hooks.c | 2055 static int selinux_capable(const struct cred *cred, struct user_namespace *ns, argument 2060 rc = cap_capable(cred, ns, cap, audit); 4398 static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex, argument 4406 err = sel_netif_sid(ns, ifindex, &if_sid);
|
/security/selinux/include/ |
H A D | objsec.h | 82 struct net *ns; /* network namespace */ member in struct:netif_security_struct
|
/security/tomoyo/ |
H A D | audit.c | 314 * @ns: Pointer to "struct tomoyo_policy_namespace". 321 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, argument 332 p = tomoyo_profile(ns, profile); 364 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type,
|
H A D | gc.c | 514 struct tomoyo_policy_namespace *ns; local 527 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { 529 tomoyo_collect_member(id, &ns->policy_list[id]); 531 tomoyo_collect_acl(&ns->acl_group[i]); 544 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { 546 struct list_head *list = &ns->group_list[i];
|
H A D | domain.c | 179 list = &domain->ns->acl_group[domain->group]; 265 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; 319 * @ns: Pointer to "struct tomoyo_policy_namespace". 332 (const struct tomoyo_policy_namespace *ns, 340 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; 402 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; 425 struct tomoyo_policy_namespace *ns; local 426 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { 427 if (strncmp(name, ns->name, len) || 430 return ns; 331 tomoyo_transition_type(const struct tomoyo_policy_namespace *ns, const struct tomoyo_path_info *domainname, const struct tomoyo_path_info *program) argument [all...] |
H A D | util.c | 966 * @ns: Pointer to "struct tomoyo_policy_namespace". 972 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, argument 980 p = tomoyo_profile(ns, profile); 1010 r->mode = tomoyo_get_mode(domain->ns, profile, index); 1073 if (count < tomoyo_profile(domain->ns, domain->profile)->
|
H A D | common.c | 339 * @ns: Pointer to "struct tomoyo_policy_namespace". 343 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) argument 347 INIT_LIST_HEAD(&ns->acl_group[idx]); 349 INIT_LIST_HEAD(&ns->group_list[idx]); 351 INIT_LIST_HEAD(&ns->policy_list[idx]); 352 ns->profile_version = 20110903; 354 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); 369 container_of(head->r.ns, 479 * @ns: Pointer to "struct tomoyo_policy_namespace". 485 (struct tomoyo_policy_namespace *ns, cons 484 tomoyo_assign_profile(struct tomoyo_policy_namespace *ns, const unsigned int profile) argument 527 tomoyo_profile(const struct tomoyo_policy_namespace *ns, const u8 profile) argument 731 struct tomoyo_policy_namespace *ns = local 1100 tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, struct list_head *list, char *data, const bool is_delete) argument 1149 struct tomoyo_policy_namespace *ns; local 1744 struct tomoyo_policy_namespace *ns = local 1800 struct tomoyo_policy_namespace *ns = local 1857 struct tomoyo_policy_namespace *ns = local 2472 struct list_head *ns; local 2706 const struct tomoyo_policy_namespace *ns = domain->ns; local [all...] |
H A D | common.h | 682 struct tomoyo_policy_namespace *ns; member in struct:tomoyo_domain_info 778 struct tomoyo_policy_namespace *ns; member in struct:tomoyo_acl_param 797 struct list_head *ns; member in struct:tomoyo_io_buffer::__anon43 817 struct tomoyo_policy_namespace *ns; member in struct:tomoyo_io_buffer::__anon44 966 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, 1027 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, 1043 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); 1273 return tomoyo_domain()->ns;
|
/security/apparmor/include/ |
H A D | policy.h | 165 * @ns: namespace the profile is in 204 struct aa_namespace *ns; member in struct:aa_profile 248 struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *name); 249 struct aa_profile *aa_match_profile(struct aa_namespace *ns, const char *name); 263 mutex_is_locked(&p->ns->lock)); 365 mutex_is_locked(&orig->ns->lock)); 372 * aa_get_namespace - increment references count on @ns 373 * @ns: namespace to increment reference count of (MAYBE NULL) 375 * Returns: pointer to @ns, if @ns i 378 aa_get_namespace(struct aa_namespace *ns) argument 392 aa_put_namespace(struct aa_namespace *ns) argument [all...] |
/security/ |
H A D | commoncap.c | 68 * @ns: The user namespace in which we need the capability 83 struct user_namespace *ns = targ_ns; local 98 if (ns == cred->user_ns) 102 if (ns == &init_user_ns) 109 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) 113 * If you have a capability in a parent user ns, then you have 116 ns = ns->parent;
|
H A D | security.c | 197 int security_capable(const struct cred *cred, struct user_namespace *ns, argument 200 return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); 203 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, argument 206 return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
|