| /security/keys/ |
| H A D | persistent.c | 22 static int key_create_persistent_register(struct user_namespace *ns) argument
33 ns->persistent_keyring_register = reg;
42 static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid, argument
48 if (!ns->persistent_keyring_register) {
49 long err = key_create_persistent_register(ns);
53 reg_ref = make_key_ref(ns->persistent_keyring_register, true);
64 ns->persistent_keyring_register);
75 static long key_get_persistent(struct user_namespace *ns, kuid_t uid, argument
87 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid));
89 if (ns
131 struct user_namespace *ns = current_user_ns(); local
[all...] |
| /security/selinux/include/ |
| H A D | netif.h | 24 int sel_netif_sid(struct net *ns, int ifindex, u32 *sid);
|
| H A D | objsec.h | 82 struct net *ns; /* network namespace */ member in struct:netif_security_struct
|
| /security/apparmor/ |
| H A D | policy.c | 68 * eg. :ns:/bin/bash//bin/ls
243 * aa_na_name - Find the ns name to display for @view from @curr
256 /* at this point if a ns is visible it is in a view ns
257 * thus the curr ns.hname is a prefix of its name.
277 struct aa_namespace *ns; local
279 ns = kzalloc(sizeof(*ns), GFP_KERNEL);
280 AA_DEBUG("%s(%p)\n", __func__, ns);
281 if (!ns)
319 free_namespace(struct aa_namespace *ns) argument
360 struct aa_namespace *ns = NULL; local
377 struct aa_namespace *ns, *root; local
488 destroy_namespace(struct aa_namespace *ns) argument
512 __remove_namespace(struct aa_namespace *ns) argument
528 struct aa_namespace *ns, *tmp; local
555 struct aa_namespace *ns = root_ns; local
789 __lookup_parent(struct aa_namespace *ns, const char *hname) argument
852 aa_lookup_profile(struct aa_namespace *ns, const char *hname) argument
1040 __lookup_replace(struct aa_namespace *ns, const char *hname, bool noreplace, struct aa_profile **p, const char **info) argument
1071 struct aa_namespace *ns = NULL; local
1242 struct aa_namespace *root, *ns = NULL; local
[all...] |
| H A D | apparmorfs.c | 421 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
428 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
477 void __aa_fs_namespace_rmdir(struct aa_namespace *ns) argument
483 if (!ns)
486 list_for_each_entry(child, &ns->base.profiles, base.list)
489 list_for_each_entry(sub, &ns->sub_ns, base.list) {
496 securityfs_remove(ns->dents[i]);
497 ns->dents[i] = NULL;
501 int __aa_fs_namespace_mkdir(struct aa_namespace *ns, struct dentry *parent, argument
510 name = ns
569 __next_namespace(struct aa_namespace *root, struct aa_namespace *ns) argument
605 __first_profile(struct aa_namespace *root, struct aa_namespace *ns) argument
628 struct aa_namespace *ns = p->ns; local
714 struct aa_namespace *ns = f->private; local
730 struct aa_namespace *root = f->private, *ns; local
[all...] |
| H A D | domain.c | 88 * @ns: the namespace being switched to (NOT NULL)
96 struct aa_namespace *ns,
110 } else if ((ns == profile->ns)) {
118 state = aa_dfa_match(profile->file.dfa, start, ns->base.name);
167 * @ns: the current namespace (NOT NULL)
173 static struct aa_profile *find_attach(struct aa_namespace *ns, argument
242 struct aa_namespace *ns = profile->ns; local
270 new_ns = aa_find_namespace(ns, ns_nam
95 change_profile_perms(struct aa_profile *profile, struct aa_namespace *ns, const char *name, u32 request, unsigned int start) argument
304 struct aa_namespace *ns = profile->ns; local
341 struct aa_namespace *ns; local
752 struct aa_namespace *ns = NULL; local
[all...] |
| H A D | procattr.c | 42 struct aa_namespace *ns = profile->ns; local
43 struct aa_namespace *current_ns = __aa_current_profile()->ns;
46 if (!aa_ns_visible(current_ns, ns))
49 ns_name = aa_ns_name(current_ns, ns);
|
| H A D | audit.c | 134 if (profile->ns != root_ns) {
136 audit_log_untrustedstring(ab, profile->ns->base.hname);
|
| H A D | context.c | 108 if (unconfined(profile) || (cxt->profile->ns != profile->ns))
|
| H A D | policy_unpack.c | 636 * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
640 static int verify_header(struct aa_ext *e, int required, const char **ns) argument
644 *ns = NULL;
665 if (*ns && strcmp(*ns, name))
666 audit_iface(NULL, NULL, "invalid ns change", e, error);
667 else if (!*ns)
668 *ns = name;
741 * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
749 int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns) argument
[all...] |
| H A D | lsm.c | 139 static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, argument
144 int error = cap_capable(cred, ns, cap, audit);
|
| /security/selinux/ |
| H A D | netif.c | 48 * @ns: the network namespace
56 static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) argument
58 return (((uintptr_t)ns + ifindex) & (SEL_NETIF_HASH_SIZE - 1));
63 * @ns: the network namespace
71 static inline struct sel_netif *sel_netif_find(const struct net *ns, argument
74 int idx = sel_netif_hashfn(ns, ifindex);
78 if (net_eq(netif->nsec.ns, ns) &&
101 idx = sel_netif_hashfn(netif->nsec.ns, netif->nsec.ifindex);
125 * @ns
136 sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) argument
203 sel_netif_sid(struct net *ns, int ifindex, u32 *sid) argument
229 sel_netif_kill(const struct net *ns, int ifindex) argument
[all...] |
| /security/apparmor/include/ |
| H A D | policy_unpack.h | 37 int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns);
|
| H A D | policy.h | 165 * @ns: namespace the profile is in
204 struct aa_namespace *ns; member in struct:aa_profile
248 struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *name);
249 struct aa_profile *aa_match_profile(struct aa_namespace *ns, const char *name);
263 mutex_is_locked(&p->ns->lock));
365 mutex_is_locked(&orig->ns->lock));
372 * aa_get_namespace - increment references count on @ns
373 * @ns: namespace to increment reference count of (MAYBE NULL)
375 * Returns: pointer to @ns, if @ns i
378 aa_get_namespace(struct aa_namespace *ns) argument
392 aa_put_namespace(struct aa_namespace *ns) argument
[all...] |
| H A D | apparmorfs.h | 100 void __aa_fs_namespace_rmdir(struct aa_namespace *ns);
101 int __aa_fs_namespace_mkdir(struct aa_namespace *ns, struct dentry *parent,
|
| /security/tomoyo/ |
| H A D | common.c | 339 * @ns: Pointer to "struct tomoyo_policy_namespace".
343 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) argument
347 INIT_LIST_HEAD(&ns->acl_group[idx]);
349 INIT_LIST_HEAD(&ns->group_list[idx]);
351 INIT_LIST_HEAD(&ns->policy_list[idx]);
352 ns->profile_version = 20110903;
354 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list);
369 container_of(head->r.ns,
479 * @ns: Pointer to "struct tomoyo_policy_namespace".
485 (struct tomoyo_policy_namespace *ns, cons
484 tomoyo_assign_profile(struct tomoyo_policy_namespace *ns, const unsigned int profile) argument
527 tomoyo_profile(const struct tomoyo_policy_namespace *ns, const u8 profile) argument
731 struct tomoyo_policy_namespace *ns = local
1100 tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, struct list_head *list, char *data, const bool is_delete) argument
1149 struct tomoyo_policy_namespace *ns; local
1744 struct tomoyo_policy_namespace *ns = local
1800 struct tomoyo_policy_namespace *ns = local
1857 struct tomoyo_policy_namespace *ns = local
2472 struct list_head *ns; local
2706 const struct tomoyo_policy_namespace *ns = domain->ns; local
[all...] |
| H A D | domain.c | 179 list = &domain->ns->acl_group[domain->group];
265 param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
319 * @ns: Pointer to "struct tomoyo_policy_namespace".
332 (const struct tomoyo_policy_namespace *ns,
340 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
402 param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR];
425 struct tomoyo_policy_namespace *ns; local
426 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
427 if (strncmp(name, ns->name, len) ||
430 return ns;
331 tomoyo_transition_type(const struct tomoyo_policy_namespace *ns, const struct tomoyo_path_info *domainname, const struct tomoyo_path_info *program) argument
[all...] |
| H A D | gc.c | 514 struct tomoyo_policy_namespace *ns; local
527 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
529 tomoyo_collect_member(id, &ns->policy_list[id]);
531 tomoyo_collect_acl(&ns->acl_group[i]);
544 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
546 struct list_head *list = &ns->group_list[i];
|
| H A D | memory.c | 107 list = ¶m->ns->group_list[idx];
197 tomoyo_kernel_domain.ns = &tomoyo_kernel_namespace;
|
| H A D | common.h | 682 struct tomoyo_policy_namespace *ns; member in struct:tomoyo_domain_info
778 struct tomoyo_policy_namespace *ns; member in struct:tomoyo_acl_param
797 struct list_head *ns; member in struct:tomoyo_io_buffer::__anon43
817 struct tomoyo_policy_namespace *ns; member in struct:tomoyo_io_buffer::__anon44
966 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
1027 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
1043 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
1273 return tomoyo_domain()->ns;
|
| H A D | audit.c | 314 * @ns: Pointer to "struct tomoyo_policy_namespace".
321 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, argument
332 p = tomoyo_profile(ns, profile);
364 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type,
|
| H A D | util.c | 966 * @ns: Pointer to "struct tomoyo_policy_namespace".
972 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, argument
980 p = tomoyo_profile(ns, profile);
1010 r->mode = tomoyo_get_mode(domain->ns, profile, index);
1073 if (count < tomoyo_profile(domain->ns, domain->profile)->
|
| H A D | file.c | 564 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type);
596 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type);
|
| /security/ |
| H A D | commoncap.c | 68 * @ns: The user namespace in which we need the capability
83 struct user_namespace *ns = targ_ns; local
98 if (ns == cred->user_ns)
102 if (ns == &init_user_ns)
109 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid))
113 * If you have a capability in a parent user ns, then you have
116 ns = ns->parent;
|
| H A D | security.c | 197 int security_capable(const struct cred *cred, struct user_namespace *ns, argument
200 return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
203 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, argument
206 return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
|