| /linux/security/selinux/include/ |
| H A D | avc.h | 54 u32 denied; member
67 u32 denied, audited; in avc_audit_required() local
72 denied = requested & ~avd->allowed; in avc_audit_required()
73 if (unlikely(denied)) { in avc_audit_required()
74 audited = denied & avd->auditdeny; in avc_audit_required()
80 * actual permissions that were denied. As an example lets in avc_audit_required()
83 * denied == READ in avc_audit_required()
87 * We will NOT audit the denial even though the denied in avc_audit_required()
94 audited = denied = requested; in avc_audit_required()
97 *deniedp = denied; in avc_audit_required()
[all …]
|
| /linux/include/trace/events/ |
| H A D | avc.h | 26 __field(u32, denied)
36 __entry->denied = sad->denied;
44 TP_printk("requested=0x%x denied=0x%x audited=0x%x result=%d scontext=%s tcontext=%s tclass=%s",
45 __entry->requested, __entry->denied, __entry->audited, __entry->result,
|
| /linux/security/selinux/ |
| H A D | avc.c | 389 u32 denied, audited; in avc_xperms_audit_required() local
391 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
392 if (unlikely(denied)) { in avc_xperms_audit_required()
393 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
399 audited = denied = requested; in avc_xperms_audit_required()
408 *deniedp = denied; in avc_xperms_audit_required()
418 u32 audited, denied; in avc_xperms_audit() local
421 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
425 audited, denied, result, ad); in avc_xperms_audit()
658 audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /linux/security/apparmor/ |
| H A D | lib.c | 423 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms() local
425 if (likely(!denied)) { in aa_check_perms()
436 if (denied & perms->kill) in aa_check_perms()
438 else if (denied == (denied & perms->complain)) in aa_check_perms()
443 if (denied == (denied & perms->hide)) in aa_check_perms()
446 denied &= ~perms->quiet; in aa_check_perms()
447 if (!ad || !denied) in aa_check_perms()
454 ad->denied = denied; in aa_check_perms()
|
| H A D | file.c | 57 if (ad->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
59 map_mask_to_chr_mask(ad->denied)); in file_audit_cb()
127 /* only report permissions that were denied */ in aa_audit_file()
144 ad.denied = ad.request & ~perms->allow; in aa_audit_file()
273 * Returns: %0 else error if access denied or other error
481 u32 request, u32 denied, bool in_atomic) in __file_path_perm() argument
495 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
509 if (denied && !error) { in __file_path_perm()
542 u32 request, u32 denied) in __file_sock_perm() argument
547 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| H A D | task.c | 214 if (ad->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
216 audit_ptrace_mask(ad->denied)); in audit_ptrace_cb()
286 * Returns: %0 else error code if permission denied or error
311 if (ad->denied & AA_USERNS_CREATE) in audit_ns_cb()
312 audit_log_format(ab, " denied=\"userns_create\""); in audit_ns_cb()
|
| H A D | ipc.c | 60 if (ad->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
62 audit_signal_mask(ad->denied)); in audit_signal_cb()
|
| /linux/Documentation/admin-guide/cgroup-v1/ |
| H A D | devices.rst | 19 never receive a device access which is denied by its parent.
77 If a device is denied in group A::
84 group whitelist entries denied devices
97 group whitelist entries denied devices
107 group whitelist entries denied devices
|
| /linux/Documentation/ABI/stable/ |
| H A D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
56 Might return "<denied>" in case of special security settings
105 Might return "<denied>" in case of special security settings
|
| /linux/security/apparmor/include/ |
| H A D | capability.h | 23 * @denied: caps that are explicitly denied
31 kernel_cap_t denied; member
|
| H A D | audit.h | 27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
121 u32 denied; member
|
| /linux/include/uapi/linux/ |
| H A D | landlock.h | 21 * different object types, which should be denied by default when the ruleset is
23 * not going to be denied by this ruleset when it is enacted.
25 * For historical reasons, the %LANDLOCK_ACCESS_FS_REFER right is always denied
77 * By default, denied accesses originating from programs that sandbox themselves
80 * logging, access requests denied by a domain not created by the originating
92 * Disables logging of denied accesses originating from the thread creating
102 * Enables logging of denied accesses after an :manpage:`execve(2)` call,
110 * Disables logging of denied accesses originating from nested Landlock
251 * This is the only access right which is denied by default by any ruleset,
|
| /linux/security/landlock/ |
| H A D | access.h | 21 * All access rights that are denied by default whether they are handled or not
70 * Tracks domains responsible of a denied access. This is required to avoid in landlock_upgrade_handled_access_masks()
86 /* Upgrades with all initially denied by default access rights. */
91 * All access rights that are denied by default whether they are
|
| H A D | task.c | 80 * the same rules. Else denied.
83 * granted, -errno if denied.
130 * or more rules. Else denied. in domain_is_scoped()
133 * process, returning 0 if permission is granted, -errno if denied. in domain_is_scoped()
|
| /linux/tools/testing/selftests/exec/ |
| H A D | check-exec-tests.sh | 155 # Direct execution of non-executable script is alwayse denied by the kernel.
165 # With only denied interactive commands: check or monitor script content (e.g. with LSM).
175 # Direct execution of non-executable script is alwayse denied by the kernel.
185 # With both file restriction and denied interactive commands: only allow executable scripts.
195 # Direct execution of non-executable script is alwayse denied by the kernel.
|
| /linux/include/linux/bus/ |
| H A D | stm32_firewall_device.h | 64 * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
93 * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
|
| /linux/arch/um/os-Linux/ |
| H A D | execvp.c | 92 /* Record the we got a `Permission denied' error. If we end in execvp_noalloc()
94 that we did find one but were denied access. */ in execvp_noalloc()
|
| /linux/security/ |
| H A D | commoncap.c | 140 * information, returning 0 if permission granted, -ve if denied.
159 * Else denied.
162 * granted, -ve if denied.
196 * Else denied.
199 * process, returning 0 if permission is granted, -ve if denied.
1010 * permission is granted, -ve if denied.
1045 * permission is granted, -ve if denied.
1219 * Return: 0 if permission is granted, -ve if denied.
1234 * Return: 0 if permission is granted, -ve if denied.
1249 * Return: 0 if permission is granted, -ve if denied
[all...] |
| /linux/tools/testing/selftests/landlock/ |
| H A D | fs_test.c | 541 /* Tests with denied-by-default access right. */ in TEST_F_FORK()
1287 * denied. in TEST_F_FORK()
1326 /* Checks read access is now denied with layer 7. */ in TEST_F_FORK()
1428 * now denied because the new rule mask the rule previously inherited in TEST_F_FORK()
1464 /* Readdir access is denied for dir_s1d2. */ in TEST_F_FORK()
1479 /* Readdir access is still denied for dir_s1d2. */ in TEST_F_FORK()
1632 /* Checks denied access (on a directory). */ in TEST_F_FORK()
1652 /* Checks denied access (on a directory). */ in TEST_F_FORK()
1871 /* Checks that access to the new mount point is denied. */ in TEST_F_FORK()
2101 /* Checks before file1_s1d1 being denied. */ in TEST_F_FORK()
[all …]
|
| /linux/Documentation/userspace-api/ |
| H A D | landlock.rst | 54 actions and other TCP actions will be denied.
59 to be explicit about the denied-by-default access rights.
147 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
480 However, :manpage:`chroot(2)` calls are not denied.
558 File truncation could not be denied before the third Landlock ABI, so it is
575 IOCTL operations could not be denied before the fifth Landlock ABI, so
|
| /linux/samples/check-exec/ |
| H A D | inc.c | 161 * Other kind of interactive interpretations should be denied in main()
169 "ERROR: Interactive interpretation denied.\n"); in main()
|
| /linux/drivers/hid/amd-sfh-hid/hid_descriptor/ |
| H A D | amd_sfh_hid_report_desc.h | 72 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
127 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
239 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
294 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
400 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
467 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
573 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
619 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
727 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
753 0x0A, 0x05, 0x08, /* HID usage sensor state access denied sel */
|
| /linux/drivers/nvme/host/ |
| H A D | constants.c | 87 [NVME_SC_OP_DENIED] = "Operation Denied",
163 [NVME_SC_ACCESS_DENIED] = "Access Denied",
|
| /linux/Documentation/admin-guide/LSM/ |
| H A D | Smack.rst | 482 1. Any access requested by a task labeled "*" is denied.
492 7. Any other access is denied.
621 be denied otherwise. CAP_MAC_ADMIN allows a process to change
832 By default, all denied events will be audited. You can change this behavior by
836 1 : log denied (default)
838 3 : log denied & accepted
|
| /linux/samples/landlock/ |
| H A D | sandboxer.c | 325 "* " ENV_SCOPED_NAME ": actions denied on the outside of the landlock domain\n"
329 "A sandboxer should not log denied access requests to avoid spamming logs, "
533 "shared libraries may be denied.\n"); in main()
|