| /security/apparmor/include/ |
| H A D | capability.h | 26 * @audit: caps that are to be audited
33 kernel_cap_t audit; member in struct:aa_caps
41 int aa_capable(struct aa_profile *profile, int cap, int audit);
|
| H A D | audit.h | 18 #include <linux/audit.h>
34 AUDIT_NOQUIET, /* do not quiet audit messages */
35 AUDIT_ALL /* audit all accesses */
|
| H A D | file.h | 80 * @audit: mask of permissions to force an audit message for
81 * @quiet: mask of permissions to quiet audit messages for
85 * The @audit and @queit mask should be mutually exclusive.
89 u32 audit; member in struct:file_perms
97 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
|
| H A D | policy.h | 26 #include "audit.h"
171 * @audit: the auditing mode of the profile
211 enum audit_mode audit; member in struct:aa_profile
403 return profile->audit;
|
| /security/integrity/ |
| H A D | integrity_audit.c | 15 #include <linux/audit.h>
23 unsigned long audit; local
25 if (!kstrtoul(str, 0, &audit))
26 integrity_audit_info = audit ? 1 : 0;
|
| /security/apparmor/ |
| H A D | capability.c | 23 #include "include/audit.h"
43 * audit_cb - call back for capability components of audit struct
44 * @ab - audit buffer (NOT NULL)
45 * @va - audit struct to audit data from (NOT NULL)
55 * audit_caps - audit a capability
60 * Do auditing of capability and handle, audit/complain/kill modes switching
80 !cap_raised(profile->caps.audit, cap)))
126 * @audit: whether an audit recor
132 aa_capable(struct aa_profile *profile, int cap, int audit) argument
[all...] |
| H A D | domain.c | 23 #include "include/audit.h"
106 perms.audit = perms.quiet = perms.kill = 0;
376 goto audit;
405 goto audit;
417 goto audit;
440 /* remove MAY_EXEC to audit as failure */
470 goto audit;
481 goto audit;
515 audit:
636 goto audit;
[all...] |
| H A D | file.c | 16 #include "include/audit.h"
61 * file_audit_cb - call back for file specific audit fields
63 * @va: audit struct to audit values of (NOT NULL)
124 u32 mask = perms->audit;
208 perms.audit = map_old_perms(dfa_user_audit(dfa, state));
213 perms.audit = map_old_perms(dfa_other_audit(dfa, state));
268 * aa_path_perm - do permissions check & audit for @path
370 goto audit;
376 goto audit;
[all...] |
| H A D | Makefile | 5 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
|
| H A D | audit.c | 15 #include <linux/audit.h>
19 #include "include/audit.h"
96 * Currently AppArmor auditing is fed straight into the audit framework.
101 * system control of whether user audit messages go to system log
106 * @ab: audit buffer to fill (NOT NULL)
107 * @ca: audit structure containing data to audit (NOT NULL)
109 * Record common AppArmor audit data from @sa
149 * aa_audit_msg - Log a message to the audit subsystem
150 * @sa: audit even
[all...] |
| H A D | resource.c | 15 #include <linux/audit.h>
17 #include "include/audit.h"
32 /* audit callback for resource specific fields */
42 * audit_resource - audit setting resource limit
|
| H A D | lsm.c | 24 #include <linux/audit.h>
30 #include "include/audit.h"
140 int cap, int audit)
144 int error = cap_capable(cred, ns, cap, audit);
148 error = aa_capable(profile, cap, audit);
714 module_param_call(audit, param_set_audit, param_get_audit,
717 /* Determines if audit header is included in audited messages. This
718 * provides more context if the audit daemon is not running
139 apparmor_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) argument
|
| H A D | policy_unpack.c | 25 #include "include/audit.h"
69 /* audit callback for unpack fields */
83 * audit_iface - do audit message for policy unpacking/load/replace/remove
473 * NOTE: unpack profile sets audit struct if there is a failure
513 /* per profile debug flags (complain, audit) */
531 profile->audit = AUDIT_ALL;
545 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL))
556 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
|
| /security/selinux/include/ |
| H A D | avc.h | 15 #include <linux/audit.h>
50 * We only need this data after we have decided to send an audit message.
90 * We will NOT audit the denial even though the denied
117 * @a: auxiliary audit data
|
| /security/tomoyo/ |
| H A D | Makefile | 1 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
|
| /security/selinux/ |
| H A D | nlmsgtab.c | 19 #include <linux/audit.h>
|
| H A D | hooks.c | 77 #include <linux/audit.h>
95 #include "audit.h"
1547 int cap, int audit)
1574 if (audit == SECURITY_CAP_AUDIT) {
1593 The 'adp' parameter is optional and allows other audit
1614 /* Same as inode_has_perm, but pass explicit audit data containing
1629 /* Same as inode_has_perm, but pass explicit audit data containing
2056 int cap, int audit)
2060 rc = cap_capable(cred, ns, cap, audit);
2064 return cred_has_capability(cred, cap, audit);
1546 cred_has_capability(const struct cred *cred, int cap, int audit) argument
2055 selinux_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) argument
[all...] |
| H A D | avc.c | 30 #include <linux/audit.h>
716 * will be called by generic audit code
717 * @ab: the audit buffer
732 * will be called by generic audit code
733 * @ab: the audit buffer
749 /* This is the slow part of avc audit with big stack footprint */
764 * When in a RCU walk do the audit on the RCU retry. This is because
765 * the collection of the dname in an inode audit message is not RCU
1147 * @auditdata: auxiliary audit data
|
| H A D | selinuxfs.c | 29 #include <linux/audit.h>
|
| /security/integrity/ima/ |
| H A D | ima.h | 25 #include <linux/audit.h>
226 /* LSM based policy rules require audit */
|
| /security/ |
| H A D | commoncap.c | 11 #include <linux/audit.h>
70 * @audit: Whether to write an audit message or not
81 int cap, int audit)
571 * We do not bother to audit if 3 things are true:
578 * that is interesting information to audit.
80 cap_capable(const struct cred *cred, struct user_namespace *targ_ns, int cap, int audit) argument
|
| H A D | lsm_audit.c | 23 #include <linux/audit.h>
37 * @ad : the audit data to fill
106 * @ad : the audit data to fill
207 * dump_common_audit_data - helper to dump common audit data
208 * @a : common audit data
402 * @a: auxiliary audit data
403 * @pre_audit: lsm-specific pre-audit callback
404 * @post_audit: lsm-specific post-audit callback
406 * setup the audit buffer for common security information
|
| /security/integrity/evm/ |
| H A D | evm_main.c | 21 #include <linux/audit.h>
|
| /security/smack/ |
| H A D | smackfs.c | 28 #include <linux/audit.h>
|
| /security/selinux/ss/ |
| H A D | services.c | 10 * Support for context based audit filters.
27 * Added support for bounds domain and audit messaged on masked permissions
50 #include <linux/audit.h>
71 #include "audit.h"
248 * should audit that denial
505 /* audit a message */
613 /* audit masked permissions */
745 * permission and notice it to userspace via audit.
|