| /linux/net/netfilter/ |
| H A D | xt_CONNSECMARK.c | 34 if (skb->secmark) { in secmark_save() 39 if (ct && !ct->secmark) { in secmark_save() 40 ct->secmark = skb->secmark; in secmark_save() 52 if (!skb->secmark) { in secmark_restore() 57 if (ct && ct->secmark) in secmark_restore() 58 skb->secmark = ct->secmark; in secmark_restore()
|
| H A D | xt_SECMARK.c | 29 u32 secmark = 0; in secmark_tg() local 33 secmark = info->secid; in secmark_tg() 39 skb->secmark = secmark; in secmark_tg()
|
| H A D | nf_conntrack_netlink.c | 363 ret = security_secid_to_secctx(ct->secmark, &ctx); in ctnetlink_dump_secctx() 685 ret = security_secid_to_secctx(ct->secmark, NULL); in ctnetlink_secctx_size() 836 if ((events & (1 << IPCT_SECMARK) || ct->secmark) in ctnetlink_conntrack_event() 2718 if (ct->secmark && ctnetlink_dump_secctx(skb, ct) < 0) in __ctnetlink_glue_build()
|
| H A D | nfnetlink_queue.c | 609 if (skb->secmark) in nfqnl_get_sk_secctx() 610 seclen = security_secid_to_secctx(skb->secmark, ctx); in nfqnl_get_sk_secctx()
|
| /linux/security/apparmor/ |
| H A D | net.c | 342 static int apparmor_secmark_init(struct aa_secmark *secmark) in apparmor_secmark_init() 346 if (secmark->label[0] == '*') { in apparmor_secmark_init() 347 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init() 352 secmark->label, strlen(secmark->label), in apparmor_secmark_init() 358 secmark->secid = label->secid; in apparmor_secmark_init() 375 if (!rules->secmark[i].secid) { in aa_secmark_perm() 376 ret = apparmor_secmark_init(&rules->secmark[i]); in aa_secmark_perm() 381 if (rules->secmark[i].secid == secid || in aa_secmark_perm() 382 rules->secmark[ in aa_secmark_perm() 340 apparmor_secmark_init(struct aa_secmark * secmark) apparmor_secmark_init() argument [all...] |
| H A D | policy_unpack.c | 626 if (aa_unpack_nameX(e, AA_STRUCT, "secmark")) { in unpack_secmark() 630 rules->secmark = kzalloc_objs(struct aa_secmark, size); in unpack_secmark() 631 if (!rules->secmark) in unpack_secmark() 637 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark() 639 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark() 641 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark() 653 if (rules->secmark) { in unpack_secmark() 655 kfree_sensitive(rules->secmark[i].label); in unpack_secmark() 656 kfree_sensitive(rules->secmark); in unpack_secmark() 658 rules->secmark in unpack_secmark() [all...] |
| H A D | lsm.c | 1518 if (!skb->secmark) in apparmor_socket_sock_rcv_skb() 1530 AA_MAY_RECEIVE, skb->secmark, sk); in sk_peer_get_label() 1643 if (!skb->secmark) 1648 AA_MAY_CONNECT, skb->secmark, sk); 2381 if (!skb->secmark) in apparmor_ip_postroute() 2391 AA_MAY_SEND, skb->secmark, sk);
|
| H A D | policy.c | 300 kfree_sensitive(rules->secmark[i].label); in aa_alloc_ruleset() 301 kfree_sensitive(rules->secmark); in aa_alloc_ruleset()
|
| /linux/security/smack/ |
| H A D | smack_netfilter.c | 32 skb->secmark = skp->smk_secid; in smack_ip_output()
|
| H A D | smack_lsm.c | 4184 * smack_from_skb - Smack data from the secmark in an skb in smk_skb_to_addr_ipv6() 4187 * Returns smack_known of the secmark or NULL if that won't work. 4192 if (skb == NULL || skb->secmark == 0) 4195 return smack_from_secid(skb->secmark); 4266 * If there is a secmark use it rather than the CIPSO label. in smack_socket_sock_rcv_skb() 4267 * If there is no secmark fall back to CIPSO. in smack_socket_sock_rcv_skb() 4268 * The secmark is assumed to reflect policy better. in smack_socket_sock_rcv_skb() 4471 * If there is a secmark use it rather than the CIPSO label. in smack_inet_conn_request() 4472 * If there is no secmark fall back to CIPSO. in smack_inet_conn_request() 4473 * The secmark i in smack_inet_conn_request() [all...] |
| /linux/security/apparmor/include/ |
| H A D | policy.h | 202 struct aa_secmark *secmark; member
|
| /linux/security/selinux/ |
| H A D | hooks.c | 5391 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_sock_rcv_skb_compat() 5460 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_socket_sock_rcv_skb() 5996 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_forward() 6073 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat() 6195 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_postroute()
|