xref: /kernel/linux/linux-6.6/security/selinux/ss/services.c

644 	 * If a specific type enforcement rule was defined for
1674 	 * like /dev or /var/run.  This bitmap will quickly skip rule searches
1812 	/* Look for a type transition/member/change rule. */
1819 	/* If no permanent rule, also check for enabled conditional rules */
1831 		/* Use the type from the type transition/member/change rule. */
1842 		/* Look for a role transition rule. */
3492 	struct selinux_audit_rule *rule = vrule;
3494 	if (rule) {
3495 		context_destroy(&rule->au_ctxt);
3496 		kfree(rule);
3509 	struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule;
3512 	*rule = NULL;
3590 	*rule = tmprule;
3596 	*rule = NULL;
3600 /* Check to see if the rule contains any selinux fields */
3601 int selinux_audit_rule_known(struct audit_krule *rule)
3605 	for (i = 0; i < rule->field_count; i++) {
3606 		struct audit_field *f = &rule->fields[i];
3631 	struct selinux_audit_rule *rule = vrule;
3634 	if (unlikely(!rule)) {
3635 		WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
3646 	if (rule->au_seqno < policy->latest_granting) {
3666 			match = (ctxt->user == rule->au_ctxt.user);
3669 			match = (ctxt->user != rule->au_ctxt.user);
3677 			match = (ctxt->role == rule->au_ctxt.role);
3680 			match = (ctxt->role != rule->au_ctxt.role);
3688 			match = (ctxt->type == rule->au_ctxt.type);
3691 			match = (ctxt->type != rule->au_ctxt.type);
3704 			match = mls_level_eq(&rule->au_ctxt.range.level[0],
3708 			match = !mls_level_eq(&rule->au_ctxt.range.level[0],
3712 			match = (mls_level_dom(&rule->au_ctxt.range.level[0],
3714 				 !mls_level_eq(&rule->au_ctxt.range.level[0],
3718 			match = mls_level_dom(&rule->au_ctxt.range.level[0],
3723 					      &rule->au_ctxt.range.level[0]) &&
3725 					       &rule->au_ctxt.range.level[0]));
3729 					      &rule->au_ctxt.range.level[0]);

Indexes created Thu Nov 07 10:32:03 CST 2024