Home
last modified time | relevance | path

Searched refs:perms (Results 1 – 25 of 48) sorted by relevance

12

/linux/security/apparmor/
H A Dpolicy_compat.c100 static void compute_fperms_allow(struct aa_perms *perms, struct aa_dfa *dfa, in compute_fperms_allow() argument
103 perms->allow |= AA_MAY_GETATTR; in compute_fperms_allow()
107 perms->allow |= AA_MAY_CHANGE_PROFILE; in compute_fperms_allow()
109 perms->allow |= AA_MAY_ONEXEC; in compute_fperms_allow()
115 struct aa_perms perms = { }; in compute_fperms_user() local
117 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in compute_fperms_user()
118 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in compute_fperms_user()
119 perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); in compute_fperms_user()
120 perms.xindex = dfa_user_xindex(dfa, state); in compute_fperms_user()
122 compute_fperms_allow(&perms, dfa, state); in compute_fperms_user()
[all …]
H A Dfile.c96 struct aa_profile *profile, struct aa_perms *perms, in aa_audit_file() argument
115 u32 mask = perms->audit; in aa_audit_file()
128 ad.request = ad.request & ~perms->allow; in aa_audit_file()
131 if (ad.request & perms->kill) in aa_audit_file()
135 if ((ad.request & perms->quiet) && in aa_audit_file()
138 ad.request &= ~perms->quiet; in aa_audit_file()
144 ad.denied = ad.request & ~perms->allow; in aa_audit_file()
187 if (!(rules->perms)) in aa_lookup_condperms()
192 return &(rules->perms[index]); in aa_lookup_condperms()
193 return &(rules->perms[index + 1]); in aa_lookup_condperms()
[all …]
H A Ddomain.c131 struct aa_perms *perms) in label_compound_match() argument
149 *perms = allperms; in label_compound_match()
161 *perms = *(aa_lookup_condperms(current_fsuid(), rules->file, state, in label_compound_match()
163 aa_apply_modes_to_perms(profile, perms); in label_compound_match()
164 if ((perms->allow & request) != request) in label_compound_match()
170 *perms = nullperms; in label_compound_match()
193 struct aa_perms *perms) in label_components_match() argument
219 aa_perms_accum(perms, &tmp); in label_components_match()
229 aa_perms_accum(perms, &tmp); in label_components_match()
232 if ((perms->allow & request) != request) in label_components_match()
[all …]
H A Dlib.c361 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument
365 perms->audit = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
368 perms->quiet = 0; in aa_apply_modes_to_perms()
371 perms->audit = 0; in aa_apply_modes_to_perms()
374 perms->quiet = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
379 perms->kill = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
381 perms->complain = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
383 perms->prompt = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
389 int type, u32 request, struct aa_perms *perms) in aa_profile_match_label() argument
397 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
[all …]
H A Dcapability.c130 struct aa_perms perms = { }; in profile_capable() local
136 perms = *aa_lookup_perms(rules->policy, state); in profile_capable()
137 aa_apply_modes_to_perms(profile, &perms); in profile_capable()
140 if (perms.complain & request) in profile_capable()
145 return aa_check_perms(profile, &perms, request, ad, in profile_capable()
206 struct aa_perms perms = { }; in aa_profile_capget() local
210 perms = *aa_lookup_perms(rules->policy, tmp); in aa_profile_capget()
211 aa_apply_modes_to_perms(profile, &perms); in aa_profile_capget()
212 caps.val |= ((u64)(perms.allow)) << (i * 5); in aa_profile_capget()
213 caps.val |= ((u64)(perms.complain)) << (i * 5); in aa_profile_capget()
H A Dmount.c139 struct aa_perms *perms, const char *info, int error) in audit_mount() argument
145 u32 mask = perms->audit; in audit_mount()
158 request = request & ~perms->allow; in audit_mount()
160 if (request & perms->kill) in audit_mount()
164 if ((request & perms->quiet) && in audit_mount()
167 request &= ~perms->quiet; in audit_mount()
179 if (data && (perms->audit & AA_AUDIT_DATA)) in audit_mount()
229 void *data, bool binary, struct aa_perms *perms) in do_match_mnt() argument
235 AA_BUG(!policy->perms); in do_match_mnt()
236 AA_BUG(!perms); in do_match_mnt()
[all …]
H A Dtask.c232 struct aa_perms perms = { }; in profile_ptrace_perm() local
237 &perms); in profile_ptrace_perm()
238 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
239 return aa_check_perms(profile, &perms, request, ad, audit_ptrace_cb); in profile_ptrace_perm()
319 struct aa_perms perms = { }; in aa_profile_ns_perm() local
333 perms = *aa_lookup_perms(rules->policy, state); in aa_profile_ns_perm()
334 aa_apply_modes_to_perms(profile, &perms); in aa_profile_ns_perm()
335 error = aa_check_perms(profile, &perms, request, ad, in aa_profile_ns_perm()
H A Dnet.c169 struct aa_perms perms; in aa_do_perms() local
177 perms = *p; in aa_do_perms()
178 aa_apply_modes_to_perms(profile, &perms); in aa_do_perms()
179 return aa_check_perms(profile, &perms, request, ad, in aa_do_perms()
363 struct aa_perms perms = { }; in aa_secmark_perm() local
379 perms.deny = ALL_PERMS_MASK; in aa_secmark_perm()
381 perms.allow = ALL_PERMS_MASK; in aa_secmark_perm()
384 perms.audit = ALL_PERMS_MASK; in aa_secmark_perm()
388 aa_apply_modes_to_perms(profile, &perms); in aa_secmark_perm()
390 return aa_check_perms(profile, &perms, request, ad, audit_net_cb); in aa_secmark_perm()
H A Dipc.c84 struct aa_perms perms; in profile_signal_perm() local
97 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
98 aa_apply_modes_to_perms(profile, &perms); in profile_signal_perm()
99 return aa_check_perms(profile, &perms, request, ad, audit_signal_cb); in profile_signal_perm()
H A Dpolicy_unpack.c671 static ssize_t unpack_perms_table(struct aa_ext *e, struct aa_perms **perms) in unpack_perms_table() argument
676 AA_BUG(!perms); in unpack_perms_table()
689 *perms = kcalloc(size, sizeof(struct aa_perms), GFP_KERNEL); in unpack_perms_table()
690 if (!*perms) in unpack_perms_table()
693 if (!unpack_perm(e, version, &(*perms)[i])) in unpack_perms_table()
701 *perms = NULL; in unpack_perms_table()
706 kfree(*perms); in unpack_perms_table()
726 size = unpack_perms_table(e, &pdb->perms); in unpack_pdb()
729 pdb->perms = NULL; in unpack_pdb()
735 if (pdb->perms) { in unpack_pdb()
[all …]
H A Dlabel.c1291 struct aa_perms *perms) in label_compound_match() argument
1307 *perms = allperms; in label_compound_match()
1319 *perms = *aa_lookup_perms(rules->policy, state); in label_compound_match()
1320 aa_apply_modes_to_perms(profile, perms); in label_compound_match()
1321 if ((perms->allow & request) != request) in label_compound_match()
1327 *perms = nullperms; in label_compound_match()
1351 struct aa_perms *perms) in label_components_match() argument
1374 aa_perms_accum(perms, &tmp); in label_components_match()
1383 aa_perms_accum(perms, &tmp); in label_components_match()
1386 if ((perms->allow & request) != request) in label_components_match()
[all …]
/linux/security/apparmor/include/
H A Dfile.h75 struct aa_profile *profile, struct aa_perms *perms,
85 struct aa_perms *perms);
90 struct aa_perms *perms);
115 u32 perms = 0; in aa_map_file_to_perms() local
118 perms |= MAY_WRITE; in aa_map_file_to_perms()
120 perms |= MAY_READ; in aa_map_file_to_perms()
122 if ((flags & O_APPEND) && (perms & MAY_WRITE)) in aa_map_file_to_perms()
123 perms = (perms & ~MAY_WRITE) | MAY_APPEND; in aa_map_file_to_perms()
126 perms |= MAY_WRITE; in aa_map_file_to_perms()
128 perms |= AA_MAY_CREATE; in aa_map_file_to_perms()
[all …]
H A Dpolicy.h93 struct aa_perms *perms; member
138 if (!(policy->perms)) in aa_lookup_perms()
141 return &(policy->perms[index]); in aa_lookup_perms()
H A Dperms.h210 struct aa_perms *perms);
215 int type, u32 request, struct aa_perms *perms);
216 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
/linux/include/linux/
H A Dkernel.h395 #define VERIFY_OCTAL_PERMISSIONS(perms) \ argument
396 (BUILD_BUG_ON_ZERO((perms) < 0) + \
397 BUILD_BUG_ON_ZERO((perms) > 0777) + \
399 BUILD_BUG_ON_ZERO((((perms) >> 6) & 4) < (((perms) >> 3) & 4)) + \
400 BUILD_BUG_ON_ZERO((((perms) >> 3) & 4) < ((perms) & 4)) + \
402 BUILD_BUG_ON_ZERO((((perms) >> 6) & 2) < (((perms) >> 3) & 2)) + \
404 BUILD_BUG_ON_ZERO((perms) & 2) + \
405 (perms))
/linux/drivers/infiniband/sw/siw/
H A Dsiw_mem.c74 mem->perms = rights & IWARP_ACCESS_MASK; in siw_mr_add_mem()
137 enum ib_access_flags perms, int len) in siw_check_mem() argument
150 if ((mem->perms & perms) < perms) { in siw_check_mem()
152 mem->perms, perms); in siw_check_mem()
191 enum ib_access_flags perms, u32 off, int len) in siw_check_sge() argument
216 rv = siw_check_mem(pd, *mem, sge->laddr + off, perms, len); in siw_check_sge()
H A Dsiw_mem.h17 enum ib_access_flags perms, int len);
19 struct siw_mem *mem[], enum ib_access_flags perms,
/linux/fs/orangefs/
H A Dorangefs-utils.c106 if (attrs->perms & ORANGEFS_O_EXECUTE) in orangefs_inode_perms()
108 if (attrs->perms & ORANGEFS_O_WRITE) in orangefs_inode_perms()
110 if (attrs->perms & ORANGEFS_O_READ) in orangefs_inode_perms()
113 if (attrs->perms & ORANGEFS_G_EXECUTE) in orangefs_inode_perms()
115 if (attrs->perms & ORANGEFS_G_WRITE) in orangefs_inode_perms()
117 if (attrs->perms & ORANGEFS_G_READ) in orangefs_inode_perms()
120 if (attrs->perms & ORANGEFS_U_EXECUTE) in orangefs_inode_perms()
122 if (attrs->perms & ORANGEFS_U_WRITE) in orangefs_inode_perms()
124 if (attrs->perms & ORANGEFS_U_READ) in orangefs_inode_perms()
127 if (attrs->perms & ORANGEFS_G_SGID) in orangefs_inode_perms()
[all …]
/linux/fs/hfsplus/
H A Dcatalog.c81 void hfsplus_cat_set_perms(struct inode *inode, struct hfsplus_perm *perms) in hfsplus_cat_set_perms() argument
84 perms->rootflags |= HFSPLUS_FLG_IMMUTABLE; in hfsplus_cat_set_perms()
86 perms->rootflags &= ~HFSPLUS_FLG_IMMUTABLE; in hfsplus_cat_set_perms()
88 perms->rootflags |= HFSPLUS_FLG_APPEND; in hfsplus_cat_set_perms()
90 perms->rootflags &= ~HFSPLUS_FLG_APPEND; in hfsplus_cat_set_perms()
92 perms->userflags = HFSPLUS_I(inode)->userflags; in hfsplus_cat_set_perms()
93 perms->mode = cpu_to_be16(inode->i_mode); in hfsplus_cat_set_perms()
94 perms->owner = cpu_to_be32(i_uid_read(inode)); in hfsplus_cat_set_perms()
95 perms->group = cpu_to_be32(i_gid_read(inode)); in hfsplus_cat_set_perms()
98 perms->dev = cpu_to_be32(inode->i_nlink); in hfsplus_cat_set_perms()
[all …]
/linux/security/selinux/include/
H A Dsecurity.h246 #define security_xperm_set(perms, x) ((perms)[(x) >> 5] |= 1 << ((x)&0x1f)) argument
247 #define security_xperm_test(perms, x) (1 & ((perms)[(x) >> 5] >> ((x)&0x1f))) argument
337 char ***perms, u32 *nperms);
/linux/security/selinux/ss/
H A Davtab.c317 __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; in avtab_read_item()
447 sizeof(u32) * ARRAY_SIZE(xperms.perms.p)); in avtab_read_item()
452 for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) in avtab_read_item()
453 xperms.perms.p[i] = le32_to_cpu(buf32[i]); in avtab_read_item()
523 __le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)]; in avtab_write_item()
543 for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++) in avtab_write_item()
544 buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]); in avtab_write_item()
546 ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp); in avtab_write_item()
H A Dservices.c140 while (p_in->perms[k]) { in selinux_set_mapping()
142 if (!*p_in->perms[k]) { in selinux_set_mapping()
146 p_out->perms[k] = string_to_av_perm(pol, p_out->value, in selinux_set_mapping()
147 p_in->perms[k]); in selinux_set_mapping()
148 if (!p_out->perms[k]) { in selinux_set_mapping()
150 p_in->perms[k], p_in->name); in selinux_set_mapping()
210 if (avd->allowed & mapping->perms[i]) in map_decision()
212 if (allow_unknown && !mapping->perms[i]) in map_decision()
218 if (avd->auditallow & mapping->perms[i]) in map_decision()
223 if (avd->auditdeny & mapping->perms[i]) in map_decision()
[all …]
/linux/tools/testing/selftests/mm/
H A Dmlock2.h24 char perms[5]; in seek_to_smaps_entry() local
36 &start, &end, perms, &offset, dev, &inode, path) < 6) in seek_to_smaps_entry()
/linux/security/selinux/
H A Davc.c656 const char *const *perms; in avc_audit_pre_callback() local
666 perms = secclass_map[sad->tclass-1].perms; in avc_audit_pre_callback()
672 if ((perm & av) && perms[i]) { in avc_audit_pre_callback()
673 audit_log_format(ab, " %s", perms[i]); in avc_audit_pre_callback()
830 static int avc_update_node(u32 event, u32 perms, u8 driver, u8 base_perm, in avc_update_node() argument
887 node->ae.avd.allowed |= perms; in avc_update_node()
893 node->ae.avd.allowed &= ~perms; in avc_update_node()
896 node->ae.avd.auditallow |= perms; in avc_update_node()
899 node->ae.avd.auditallow &= ~perms; in avc_update_node()
902 node->ae.avd.auditdeny |= perms; in avc_update_node()
[all …]
/linux/tools/testing/selftests/mqueue/
H A Dmq_open_tests.c203 int perms = DEFFILEMODE; in test_queue() local
205 if ((queue = mq_open(queue_path, flags, perms, attr)) == -1) in test_queue()
225 int perms = DEFFILEMODE; in test_queue_fail() local
227 if ((queue = mq_open(queue_path, flags, perms, attr)) == -1) in test_queue_fail()

12