/security/apparmor/include/ |
H A D | capability.h | 26 * @audit: caps that are to be audited 33 kernel_cap_t audit; member in struct:aa_caps 41 int aa_capable(struct aa_profile *profile, int cap, int audit);
|
H A D | audit.h | 18 #include <linux/audit.h> 34 AUDIT_NOQUIET, /* do not quiet audit messages */ 35 AUDIT_ALL /* audit all accesses */
|
H A D | file.h | 80 * @audit: mask of permissions to force an audit message for 81 * @quiet: mask of permissions to quiet audit messages for 85 * The @audit and @queit mask should be mutually exclusive. 89 u32 audit; member in struct:file_perms 97 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
|
H A D | policy.h | 26 #include "audit.h" 171 * @audit: the auditing mode of the profile 211 enum audit_mode audit; member in struct:aa_profile 403 return profile->audit;
|
/security/integrity/ |
H A D | integrity_audit.c | 15 #include <linux/audit.h> 23 unsigned long audit; local 25 if (!kstrtoul(str, 0, &audit)) 26 integrity_audit_info = audit ? 1 : 0;
|
/security/apparmor/ |
H A D | capability.c | 23 #include "include/audit.h" 43 * audit_cb - call back for capability components of audit struct 44 * @ab - audit buffer (NOT NULL) 45 * @va - audit struct to audit data from (NOT NULL) 55 * audit_caps - audit a capability 60 * Do auditing of capability and handle, audit/complain/kill modes switching 80 !cap_raised(profile->caps.audit, cap))) 126 * @audit: whether an audit recor 132 aa_capable(struct aa_profile *profile, int cap, int audit) argument [all...] |
H A D | domain.c | 23 #include "include/audit.h" 106 perms.audit = perms.quiet = perms.kill = 0; 376 goto audit; 405 goto audit; 417 goto audit; 440 /* remove MAY_EXEC to audit as failure */ 470 goto audit; 481 goto audit; 515 audit: 636 goto audit; [all...] |
H A D | file.c | 16 #include "include/audit.h" 61 * file_audit_cb - call back for file specific audit fields 63 * @va: audit struct to audit values of (NOT NULL) 124 u32 mask = perms->audit; 208 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); 213 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); 268 * aa_path_perm - do permissions check & audit for @path 370 goto audit; 376 goto audit; [all...] |
H A D | Makefile | 5 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
|
H A D | audit.c | 15 #include <linux/audit.h> 19 #include "include/audit.h" 96 * Currently AppArmor auditing is fed straight into the audit framework. 101 * system control of whether user audit messages go to system log 106 * @ab: audit buffer to fill (NOT NULL) 107 * @ca: audit structure containing data to audit (NOT NULL) 109 * Record common AppArmor audit data from @sa 149 * aa_audit_msg - Log a message to the audit subsystem 150 * @sa: audit even [all...] |
H A D | resource.c | 15 #include <linux/audit.h> 17 #include "include/audit.h" 32 /* audit callback for resource specific fields */ 42 * audit_resource - audit setting resource limit
|
H A D | lsm.c | 24 #include <linux/audit.h> 30 #include "include/audit.h" 140 int cap, int audit) 144 int error = cap_capable(cred, ns, cap, audit); 148 error = aa_capable(profile, cap, audit); 714 module_param_call(audit, param_set_audit, param_get_audit, 717 /* Determines if audit header is included in audited messages. This 718 * provides more context if the audit daemon is not running 139 apparmor_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) argument
|
H A D | policy_unpack.c | 25 #include "include/audit.h" 69 /* audit callback for unpack fields */ 83 * audit_iface - do audit message for policy unpacking/load/replace/remove 473 * NOTE: unpack profile sets audit struct if there is a failure 513 /* per profile debug flags (complain, audit) */ 531 profile->audit = AUDIT_ALL; 545 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) 556 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
|
/security/selinux/include/ |
H A D | avc.h | 15 #include <linux/audit.h> 50 * We only need this data after we have decided to send an audit message. 90 * We will NOT audit the denial even though the denied 117 * @a: auxiliary audit data
|
/security/tomoyo/ |
H A D | Makefile | 1 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
|
/security/selinux/ |
H A D | nlmsgtab.c | 19 #include <linux/audit.h>
|
H A D | hooks.c | 77 #include <linux/audit.h> 95 #include "audit.h" 1547 int cap, int audit) 1574 if (audit == SECURITY_CAP_AUDIT) { 1593 The 'adp' parameter is optional and allows other audit 1614 /* Same as inode_has_perm, but pass explicit audit data containing 1629 /* Same as inode_has_perm, but pass explicit audit data containing 2056 int cap, int audit) 2060 rc = cap_capable(cred, ns, cap, audit); 2064 return cred_has_capability(cred, cap, audit); 1546 cred_has_capability(const struct cred *cred, int cap, int audit) argument 2055 selinux_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) argument [all...] |
H A D | avc.c | 30 #include <linux/audit.h> 716 * will be called by generic audit code 717 * @ab: the audit buffer 732 * will be called by generic audit code 733 * @ab: the audit buffer 749 /* This is the slow part of avc audit with big stack footprint */ 764 * When in a RCU walk do the audit on the RCU retry. This is because 765 * the collection of the dname in an inode audit message is not RCU 1147 * @auditdata: auxiliary audit data
|
H A D | selinuxfs.c | 29 #include <linux/audit.h>
|
/security/integrity/ima/ |
H A D | ima.h | 25 #include <linux/audit.h> 226 /* LSM based policy rules require audit */
|
/security/ |
H A D | commoncap.c | 11 #include <linux/audit.h> 70 * @audit: Whether to write an audit message or not 81 int cap, int audit) 571 * We do not bother to audit if 3 things are true: 578 * that is interesting information to audit. 80 cap_capable(const struct cred *cred, struct user_namespace *targ_ns, int cap, int audit) argument
|
H A D | lsm_audit.c | 23 #include <linux/audit.h> 37 * @ad : the audit data to fill 106 * @ad : the audit data to fill 207 * dump_common_audit_data - helper to dump common audit data 208 * @a : common audit data 402 * @a: auxiliary audit data 403 * @pre_audit: lsm-specific pre-audit callback 404 * @post_audit: lsm-specific post-audit callback 406 * setup the audit buffer for common security information
|
/security/integrity/evm/ |
H A D | evm_main.c | 21 #include <linux/audit.h>
|
/security/smack/ |
H A D | smackfs.c | 28 #include <linux/audit.h>
|
/security/selinux/ss/ |
H A D | services.c | 10 * Support for context based audit filters. 27 * Added support for bounds domain and audit messaged on masked permissions 50 #include <linux/audit.h> 71 #include "audit.h" 248 * should audit that denial 505 /* audit a message */ 613 /* audit masked permissions */ 745 * permission and notice it to userspace via audit.
|