Home
last modified time | relevance | path

Searched refs:secmark (Results 1 – 12 of 12) sorted by relevance

/linux/net/netfilter/
H A Dxt_CONNSECMARK.c34 if (skb->secmark) { in secmark_save()
39 if (ct && !ct->secmark) { in secmark_save()
40 ct->secmark = skb->secmark; in secmark_save()
52 if (!skb->secmark) { in secmark_restore()
57 if (ct && ct->secmark) in secmark_restore()
58 skb->secmark = ct->secmark; in secmark_restore()
H A Dxt_SECMARK.c29 u32 secmark = 0; in secmark_tg() local
33 secmark = info->secid; in secmark_tg()
39 skb->secmark = secmark; in secmark_tg()
H A Dnf_conntrack_netlink.c363 ret = security_secid_to_secctx(ct->secmark, &ctx); in ctnetlink_dump_secctx()
685 ret = security_secid_to_secctx(ct->secmark, NULL); in ctnetlink_secctx_size()
836 if ((events & (1 << IPCT_SECMARK) || ct->secmark) in ctnetlink_conntrack_event()
2718 if (ct->secmark && ctnetlink_dump_secctx(skb, ct) < 0) in __ctnetlink_glue_build()
H A Dnfnetlink_queue.c609 if (skb->secmark) in nfqnl_get_sk_secctx()
610 seclen = security_secid_to_secctx(skb->secmark, ctx); in nfqnl_get_sk_secctx()
/linux/security/apparmor/
H A Dnet.c342 static int apparmor_secmark_init(struct aa_secmark *secmark) in apparmor_secmark_init()
346 if (secmark->label[0] == '*') { in apparmor_secmark_init()
347 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init()
352 secmark->label, strlen(secmark->label), in apparmor_secmark_init()
358 secmark->secid = label->secid; in apparmor_secmark_init()
375 if (!rules->secmark[i].secid) { in aa_secmark_perm()
376 ret = apparmor_secmark_init(&rules->secmark[i]); in aa_secmark_perm()
381 if (rules->secmark[i].secid == secid || in aa_secmark_perm()
382 rules->secmark[ in aa_secmark_perm()
340 apparmor_secmark_init(struct aa_secmark * secmark) apparmor_secmark_init() argument
[all...]
H A Dpolicy_unpack.c626 if (aa_unpack_nameX(e, AA_STRUCT, "secmark")) { in unpack_secmark()
630 rules->secmark = kzalloc_objs(struct aa_secmark, size); in unpack_secmark()
631 if (!rules->secmark) in unpack_secmark()
637 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
639 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
641 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
653 if (rules->secmark) { in unpack_secmark()
655 kfree_sensitive(rules->secmark[i].label); in unpack_secmark()
656 kfree_sensitive(rules->secmark); in unpack_secmark()
658 rules->secmark in unpack_secmark()
[all...]
H A Dlsm.c1518 if (!skb->secmark) in apparmor_socket_sock_rcv_skb()
1530 AA_MAY_RECEIVE, skb->secmark, sk); in sk_peer_get_label()
1643 if (!skb->secmark)
1648 AA_MAY_CONNECT, skb->secmark, sk);
2381 if (!skb->secmark) in apparmor_ip_postroute()
2391 AA_MAY_SEND, skb->secmark, sk);
H A Dpolicy.c300 kfree_sensitive(rules->secmark[i].label); in aa_alloc_ruleset()
301 kfree_sensitive(rules->secmark); in aa_alloc_ruleset()
/linux/security/smack/
H A Dsmack_netfilter.c32 skb->secmark = skp->smk_secid; in smack_ip_output()
H A Dsmack_lsm.c4184 * smack_from_skb - Smack data from the secmark in an skb in smk_skb_to_addr_ipv6()
4187 * Returns smack_known of the secmark or NULL if that won't work.
4192 if (skb == NULL || skb->secmark == 0)
4195 return smack_from_secid(skb->secmark);
4266 * If there is a secmark use it rather than the CIPSO label. in smack_socket_sock_rcv_skb()
4267 * If there is no secmark fall back to CIPSO. in smack_socket_sock_rcv_skb()
4268 * The secmark is assumed to reflect policy better. in smack_socket_sock_rcv_skb()
4471 * If there is a secmark use it rather than the CIPSO label. in smack_inet_conn_request()
4472 * If there is no secmark fall back to CIPSO. in smack_inet_conn_request()
4473 * The secmark i in smack_inet_conn_request()
[all...]
/linux/security/apparmor/include/
H A Dpolicy.h202 struct aa_secmark *secmark; member
/linux/security/selinux/
H A Dhooks.c5391 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_sock_rcv_skb_compat()
5460 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_socket_sock_rcv_skb()
5996 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_forward()
6073 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
6195 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_postroute()