| /linux/security/selinux/include/ |
| H A D | avc.h | 54 u32 denied; member
67 u32 denied, audited; in avc_audit_required() local
68 denied = requested & ~avd->allowed; in avc_audit_required()
69 if (unlikely(denied)) { in avc_audit_required()
70 audited = denied & avd->auditdeny; in avc_audit_required()
76 * actual permissions that were denied. As an example lets in avc_audit_required()
79 * denied == READ in avc_audit_required()
83 * We will NOT audit the denial even though the denied in avc_audit_required()
90 audited = denied = requested; in avc_audit_required()
93 *deniedp = denied; in avc_audit_required()
[all …]
|
| /linux/include/trace/events/ |
| H A D | avc.h | 26 __field(u32, denied)
36 __entry->denied = sad->denied;
44 TP_printk("requested=0x%x denied=0x%x audited=0x%x result=%d scontext=%s tcontext=%s tclass=%s",
45 __entry->requested, __entry->denied, __entry->audited, __entry->result,
|
| /linux/security/apparmor/ |
| H A D | lib.c | 309 u32 denied = request & (~perms->allow | perms->deny);
311 if (likely(!denied)) {
322 if (denied & perms->kill) in aa_apply_modes_to_perms()
324 else if (denied == (denied & perms->complain)) in aa_apply_modes_to_perms()
329 if (denied == (denied & perms->hide)) in aa_apply_modes_to_perms()
332 denied &= ~perms->quiet; in aa_apply_modes_to_perms()
333 if (!ad || !denied) in aa_apply_modes_to_perms()
340 ad->denied in aa_profile_match_label()
393 u32 denied = request & (~perms->allow | perms->deny); aa_check_perms() local
[all...] |
| H A D | file.c | 56 if (ad->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
58 map_mask_to_chr_mask(ad->denied)); in file_audit_cb()
126 /* only report permissions that were denied */ in aa_audit_file()
143 ad.denied = ad.request & ~perms->allow; in aa_audit_file()
267 * Returns: %0 else error if access denied or other error
474 u32 request, u32 denied, bool in_atomic) in __file_path_perm() argument
488 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
502 if (denied && !error) { in __file_path_perm()
535 u32 request, u32 denied) in __file_sock_perm() argument
543 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| H A D | task.c | 214 if (ad->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
216 audit_ptrace_mask(ad->denied)); in audit_ptrace_cb()
287 * Returns: %0 else error code if permission denied or error
312 if (ad->denied & AA_USERNS_CREATE) in audit_ns_cb()
313 audit_log_format(ab, " denied=\"userns_create\""); in audit_ns_cb()
|
| H A D | ipc.c | 60 if (ad->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
62 audit_signal_mask(ad->denied)); in audit_signal_cb()
|
| H A D | net.c | 95 if (ad->denied & NET_PERMS_MASK) { in audit_net_cb()
97 aa_audit_perm_mask(ab, ad->denied, NULL, 0, in audit_net_cb()
|
| /linux/security/selinux/ |
| H A D | avc.c | 390 u32 denied, audited; in avc_xperms_audit_required() local
392 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
393 if (unlikely(denied)) { in avc_xperms_audit_required()
394 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
400 audited = denied = requested; in avc_xperms_audit_required()
409 *deniedp = denied; in avc_xperms_audit_required()
419 u32 audited, denied; in avc_xperms_audit() local
422 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
426 audited, denied, result, ad); in avc_xperms_audit()
659 audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /linux/Documentation/admin-guide/cgroup-v1/ |
| H A D | devices.rst | 19 never receive a device access which is denied by its parent.
77 If a device is denied in group A::
84 group whitelist entries denied devices
97 group whitelist entries denied devices
107 group whitelist entries denied devices
|
| /linux/Documentation/ABI/stable/ |
| H A D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
56 Might return "<denied>" in case of special security settings
105 Might return "<denied>" in case of special security settings
|
| /linux/security/apparmor/include/ |
| H A D | capability.h | 23 * @denied: caps that are explicitly denied
31 kernel_cap_t denied; member
|
| H A D | audit.h | 27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
121 u32 denied; member
|
| /linux/security/landlock/ |
| H A D | task.c | 86 * the same rules. Else denied.
89 * granted, -errno if denied.
104 * or more rules. Else denied.
107 * process, returning 0 if permission is granted, -errno if denied.
|
| /linux/tools/testing/selftests/kvm/aarch64/ |
| H A D | smccc_filter.c | 10 * - Test that the filter actions (DENIED, FWD_TO_USER) work as intended.
70 * Enable in-kernel emulation of PSCI to ensure that calls are denied in setup_vm()
187 /* Denied SMCCC calls have a return code of SMCCC_RET_NOT_SUPPORTED */
|
| /linux/include/uapi/linux/ |
| H A D | landlock.h | 20 * different object types, which should be denied by default when the ruleset is
22 * not going to be denied by this ruleset when it is enacted.
24 * For historical reasons, the %LANDLOCK_ACCESS_FS_REFER right is always denied
189 * This is the only access right which is denied by default by any ruleset,
|
| /linux/include/linux/bus/ |
| H A D | stm32_firewall_device.h | 64 * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
93 * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
|
| /linux/arch/um/os-Linux/ |
| H A D | execvp.c | 92 /* Record the we got a `Permission denied' error. If we end in execvp_noalloc()
94 that we did find one but were denied access. */ in execvp_noalloc()
|
| /linux/security/ |
| H A D | commoncap.c | 111 * information, returning 0 if permission granted, -ve if denied.
130 * Else denied.
133 * granted, -ve if denied.
167 * Else denied.
170 * process, returning 0 if permission is granted, -ve if denied.
985 * permission is granted, -ve if denied.
1020 * permission is granted, -ve if denied.
1194 * Return: 0 if permission is granted, -ve if denied.
1209 * Return: 0 if permission is granted, -ve if denied.
1224 * Return: 0 if permission is granted, -ve if denied.
|
| /linux/Documentation/userspace-api/ |
| H A D | landlock.rst | 54 actions and other TCP actions will be denied.
59 to be explicit about the denied-by-default access rights.
147 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
481 However, :manpage:`chroot(2)` calls are not denied.
559 File truncation could not be denied before the third Landlock ABI, so it is
576 IOCTL operations could not be denied before the fifth Landlock ABI, so
|
| /linux/tools/testing/selftests/landlock/ |
| H A D | fs_test.c | 522 /* Tests with denied-by-default access right. */ in TEST_F_FORK()
1268 * denied. in TEST_F_FORK()
1307 /* Checks read access is now denied with layer 7. */ in TEST_F_FORK()
1409 * now denied because the new rule mask the rule previously inherited in TEST_F_FORK()
1445 /* Readdir access is denied for dir_s1d2. */ in TEST_F_FORK()
1460 /* Readdir access is still denied for dir_s1d2. */ in TEST_F_FORK()
1613 /* Checks denied access (on a directory). */ in TEST_F_FORK()
1633 /* Checks denied access (on a directory). */ in TEST_F_FORK()
2334 * renames and links are denied, thus making the layer handling in refer_denied_by_default()
2369 * Tests precedence over renames: denied by default for different parent
[all …]
|
| /linux/drivers/hid/amd-sfh-hid/hid_descriptor/ |
| H A D | amd_sfh_hid_report_desc.h | 72 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
127 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
239 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
294 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
400 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
467 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
573 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
619 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
727 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
753 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
|
| /linux/drivers/nvme/host/ |
| H A D | constants.c | 87 [NVME_SC_OP_DENIED] = "Operation Denied",
163 [NVME_SC_ACCESS_DENIED] = "Access Denied",
|
| /linux/tools/testing/selftests/damon/ |
| H A D | _chk_dependency.sh | 49 echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"
|
| /linux/Documentation/admin-guide/LSM/ |
| H A D | Smack.rst | 482 1. Any access requested by a task labeled "*" is denied.
492 7. Any other access is denied.
621 be denied otherwise. CAP_MAC_ADMIN allows a process to change
832 By default, all denied events will be audited. You can change this behavior by
836 1 : log denied (default)
838 3 : log denied & accepted
|
| /linux/Documentation/ABI/testing/ |
| H A D | sysfs-class-power-wilco | 26 be denied by Wilco EC when Long Life mode is enabled.
|