ruleset.c - OpenGrok cross reference for /linux/security/landlock/ruleset.c

Lines Matching full:access
25 #include "access.h"
200  * access rights.
204  * access rights.
249 			 * Extends access rights when the request comes from  in insert_rule()
256 			this->layers[0].access |= (*layers)[0].access;  in insert_rule()
264 		 * Intersects access rights when it is a merge between a  in insert_rule()
293 		.access = ~0,  in build_check_layer()
297 	 * Checks that .level and .access are large enough to contain their expected  in build_check_layer()
301 	BUILD_BUG_ON(layer.access < LANDLOCK_MASK_ACCESS_FS);  in build_check_layer()
307 			 const access_mask_t access)  in landlock_insert_rule()  argument
310 		.access = access,  in landlock_insert_rule()
352 		layers[0].access = walker_rule->layers[0].access;  in merge_tree()
587  * The returned access has the same lifetime as @ruleset.
616  * landlock_unmask_layers - Remove the access rights in @masks
619  * Updates the set of (per-layer) unfulfilled access rights @masks
620  * so that all the access rights granted in @rule are removed from it
623  * @rule: A rule that grants a set of access rights for each layer
624  * @masks: A matrix of unfulfilled access rights for each layer
626  * Returns true if the request is allowed (i.e. the access rights granted all
627  * remaining unfulfilled access rights and masks has no leftover set bits).
638 	 * An access is granted if, for each policy layer, at least one rule  in landlock_unmask_layers()
639 	 * encountered on the pathwalk grants the requested access,  in landlock_unmask_layers()
650 		/* Clear the bits where the layer in the rule grants access. */  in landlock_unmask_layers()
651 		masks->access[layer->level - 1] &= ~layer->access;  in landlock_unmask_layers()
654 	for (size_t i = 0; i < ARRAY_SIZE(masks->access); i++) {  in landlock_unmask_layers()
655 		if (masks->access[i])  in landlock_unmask_layers()
666  * landlock_init_layer_masks - Initialize layer masks from an access request
668  * Populates @masks such that for each access right in @access_request,
669  * the bits for all the layers are set where this access right is handled.
672  * @access_request: The requested access rights to check.
673  * @masks: Layer access masks to populate.
674  * @key_type: The key type to switch between access masks of different types.
676  * Returns: An access mask where each access right bit is set which is handled
704 	/* An empty access request can happen because of O_WRONLY | O_RDWR. */  in landlock_init_layer_masks()
711 		masks->access[i] = access_request & handled;  in landlock_init_layer_masks()
712 		handled_accesses |= masks->access[i];  in landlock_init_layer_masks()
714 	for (size_t i = domain->num_layers; i < ARRAY_SIZE(masks->access); i++)  in landlock_init_layer_masks()
715 		masks->access[i] = 0;  in landlock_init_layer_masks()