| /kernel/linux/linux-6.6/security/apparmor/ |
| H A D | secid.c | 5 * This file contains AppArmor security identifier (secid) manipulation fns
9 * AppArmor allocates a unique secid for every label used. If a label
10 * is replaced it receives the secid of the label it is replacing.
22 #include "include/secid.h"
37 * TODO: allow policy to reserve a secid range?
38 * TODO: add secid pinning
43 * aa_secid_update - update a secid mapping to a new label
44 * @secid: secid to update
45 * @label: label the secid wil
47 aa_secid_update(u32 secid, struct aa_label *label) aa_secid_update() argument
59 aa_secid_to_label(u32 secid) aa_secid_to_label() argument
64 apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) apparmor_secid_to_secctx() argument
93 apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) apparmor_secctx_to_secid() argument
141 aa_free_secid(u32 secid) aa_free_secid() argument
[all...] |
| H A D | net.c | 17 #include "include/secid.h"
205 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init()
216 secmark->secid = label->secid; in apparmor_secmark_init()
221 static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid, in aa_secmark_perm() argument
233 if (!rules->secmark[i].secid) { in aa_secmark_perm()
239 if (rules->secmark[i].secid == secid || in aa_secmark_perm()
240 rules->secmark[i].secid == AA_SECID_WILDCARD) { in aa_secmark_perm()
257 u32 secid, cons in apparmor_secmark_check()
256 apparmor_secmark_check(struct aa_label *label, char *op, u32 request, u32 secid, const struct sock *sk) apparmor_secmark_check() argument
[all...] |
| /kernel/linux/linux-5.10/security/apparmor/ |
| H A D | secid.c | 5 * This file contains AppArmor security identifier (secid) manipulation fns
9 * AppArmor allocates a unique secid for every label used. If a label
10 * is replaced it receives the secid of the label it is replacing.
22 #include "include/secid.h"
36 * TODO: allow policy to reserve a secid range?
37 * TODO: add secid pinning
42 * aa_secid_update - update a secid mapping to a new label
43 * @secid: secid to update
44 * @label: label the secid wil
46 aa_secid_update(u32 secid, struct aa_label *label) aa_secid_update() argument
59 aa_secid_to_label(u32 secid) aa_secid_to_label() argument
70 apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) apparmor_secid_to_secctx() argument
98 apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) apparmor_secctx_to_secid() argument
149 aa_free_secid(u32 secid) aa_free_secid() argument
[all...] |
| H A D | net.c | 17 #include "include/secid.h"
197 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init()
208 secmark->secid = label->secid; in apparmor_secmark_init()
213 static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid, in aa_secmark_perm() argument
223 if (!profile->secmark[i].secid) { in aa_secmark_perm()
229 if (profile->secmark[i].secid == secid || in aa_secmark_perm()
230 profile->secmark[i].secid == AA_SECID_WILDCARD) { in aa_secmark_perm()
247 u32 secid, struc in apparmor_secmark_check()
246 apparmor_secmark_check(struct aa_label *label, char *op, u32 request, u32 secid, struct sock *sk) apparmor_secmark_check() argument
[all...] |
| /kernel/linux/linux-5.10/net/netfilter/ |
| H A D | xt_SECMARK.c | 33 secmark = info->secid; in secmark_tg()
48 info->secid = 0; in checkentry_lsm()
51 &info->secid); in checkentry_lsm()
59 if (!info->secid) { in checkentry_lsm()
65 err = security_secmark_relabel_packet(info->secid); in checkentry_lsm()
129 info->secid = newinfo.secid; in secmark_tg_check_v0()
139 .secid = info->secid, in secmark_tg_v0()
175 .usersize = offsetof(struct xt_secmark_target_info_v1, secid),
[all...] |
| /kernel/linux/linux-6.6/net/netfilter/ |
| H A D | xt_SECMARK.c | 33 secmark = info->secid; in secmark_tg()
48 info->secid = 0; in checkentry_lsm()
51 &info->secid); in checkentry_lsm()
59 if (!info->secid) { in checkentry_lsm()
65 err = security_secmark_relabel_packet(info->secid); in checkentry_lsm()
129 info->secid = newinfo.secid; in secmark_tg_check_v0()
139 .secid = info->secid, in secmark_tg_v0()
175 .usersize = offsetof(struct xt_secmark_target_info_v1, secid),
[all...] |
| /kernel/linux/linux-5.10/security/integrity/ima/ |
| H A D | ima_main.c | 198 u32 secid, char *buf, loff_t size, int mask, in process_measurement()
222 action = ima_get_action(inode, cred, secid, mask, func, &pcr, in process_measurement()
408 u32 secid; in ima_file_mmap() local
411 security_task_getsecid(current, &secid); in ima_file_mmap()
412 return process_measurement(file, current_cred(), secid, NULL, in ima_file_mmap()
441 u32 secid; in ima_file_mprotect() local
449 security_task_getsecid(current, &secid); in ima_file_mprotect()
451 action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, in ima_file_mprotect()
487 u32 secid; in ima_bprm_check() local
489 security_task_getsecid(current, &secid); in ima_bprm_check()
197 process_measurement(struct file *file, const struct cred *cred, u32 secid, char *buf, loff_t size, int mask, enum ima_hooks func) process_measurement() argument
512 u32 secid; ima_file_check() local
649 u32 secid; ima_read_file() local
699 u32 secid; ima_post_read_file() local
830 u32 secid; process_buffer_measurement() local
[all...] |
| /kernel/linux/linux-5.10/security/apparmor/include/ |
| H A D | secid.h | 5 * This file contains AppArmor security identifier (secid) definitions
18 /* secid value that will not be allocated */
21 /* secid value that matches any other secid */
24 struct aa_label *aa_secid_to_label(u32 secid);
25 int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
26 int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
31 void aa_free_secid(u32 secid);
32 void aa_secid_update(u32 secid, struct aa_label *label);
|
| /kernel/linux/linux-6.6/security/apparmor/include/ |
| H A D | secid.h | 5 * This file contains AppArmor security identifier (secid) definitions
18 /* secid value that will not be allocated */
21 /* secid value that matches any other secid */
24 /* sysctl to enable displaying mode when converting secid to secctx */
27 struct aa_label *aa_secid_to_label(u32 secid);
28 int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
29 int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
34 void aa_free_secid(u32 secid);
35 void aa_secid_update(u32 secid, struc
[all...] |
| /kernel/linux/common_modules/memory_security/src/ |
| H A D | hideaddr.c | 45 u32 secid; in hideaddr_avc_has_perm() local
47 security_cred_getsecid(task->cred, &secid); in hideaddr_avc_has_perm()
49 return avc_has_perm_noaudit(&selinux_state, secid, secid, tclass, requested, in hideaddr_avc_has_perm()
52 return avc_has_perm_noaudit(secid, secid, tclass, requested, in hideaddr_avc_has_perm()
|
| H A D | jit_memory.c | 26 u32 secid; in jit_avc_has_perm() local
27 security_cred_getsecid(task->cred, &secid); in jit_avc_has_perm()
30 return (avc_has_perm_noaudit(&selinux_state, secid, secid, tclass, requested, in jit_avc_has_perm()
33 return (avc_has_perm_noaudit(secid, secid, tclass, requested, in jit_avc_has_perm()
|
| /kernel/linux/linux-6.6/security/integrity/ima/ |
| H A D | ima_main.c | 208 u32 secid, char *buf, loff_t size, int mask, in process_measurement()
233 action = ima_get_action(file_mnt_idmap(file), inode, cred, secid, in process_measurement()
433 u32 secid; in ima_file_mmap() local
439 security_current_getsecid_subj(&secid); in ima_file_mmap()
442 ret = process_measurement(file, current_cred(), secid, NULL, in ima_file_mmap()
449 return process_measurement(file, current_cred(), secid, NULL, in ima_file_mmap()
478 u32 secid; in ima_file_mprotect() local
486 security_current_getsecid_subj(&secid); in ima_file_mprotect()
489 current_cred(), secid, MAY_EXEC, MMAP_CHECK, in ima_file_mprotect()
492 current_cred(), secid, MAY_EXE in ima_file_mprotect()
207 process_measurement(struct file *file, const struct cred *cred, u32 secid, char *buf, loff_t size, int mask, enum ima_hooks func) process_measurement() argument
529 u32 secid; ima_bprm_check() local
554 u32 secid; ima_file_check() local
758 u32 secid; ima_read_file() local
808 u32 secid; ima_post_read_file() local
948 u32 secid; process_buffer_measurement() local
[all...] |
| /kernel/linux/linux-5.10/net/netlabel/ |
| H A D | netlabel_unlabeled.c | 53 * and addresses of unlabeled packets to a user specified secid value for the
69 u32 secid; member
77 u32 secid; member
223 * @secid: LSM secid value for entry
234 u32 secid) in netlbl_unlhsh_add_addr4()
246 entry->secid = secid; in netlbl_unlhsh_add_addr4()
263 * @secid: LSM secid valu
231 netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, u32 secid) netlbl_unlhsh_add_addr4() argument
271 netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, u32 secid) netlbl_unlhsh_add_addr6() argument
364 netlbl_unlhsh_add(struct net *net, const char *dev_name, const void *addr, const void *mask, u32 addr_len, u32 secid, struct netlbl_audit *audit_info) netlbl_unlhsh_add() argument
885 u32 secid; netlbl_unlabel_staticadd() local
936 u32 secid; netlbl_unlabel_staticadddef() local
1075 u32 secid; netlbl_unlabel_staticlist_gen() local
[all...] |
| H A D | netlabel_user.c | 101 if (audit_info->secid != 0 && in netlbl_audit_start_common()
102 security_secid_to_secctx(audit_info->secid, in netlbl_audit_start_common()
|
| /kernel/linux/linux-6.6/net/netlabel/ |
| H A D | netlabel_unlabeled.c | 53 * and addresses of unlabeled packets to a user specified secid value for the
69 u32 secid; member
77 u32 secid; member
223 * @secid: LSM secid value for entry
234 u32 secid) in netlbl_unlhsh_add_addr4()
246 entry->secid = secid; in netlbl_unlhsh_add_addr4()
263 * @secid: LSM secid valu
231 netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface, const struct in_addr *addr, const struct in_addr *mask, u32 secid) netlbl_unlhsh_add_addr4() argument
271 netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface, const struct in6_addr *addr, const struct in6_addr *mask, u32 secid) netlbl_unlhsh_add_addr6() argument
364 netlbl_unlhsh_add(struct net *net, const char *dev_name, const void *addr, const void *mask, u32 addr_len, u32 secid, struct netlbl_audit *audit_info) netlbl_unlhsh_add() argument
883 u32 secid; netlbl_unlabel_staticadd() local
934 u32 secid; netlbl_unlabel_staticadddef() local
1073 u32 secid; netlbl_unlabel_staticlist_gen() local
[all...] |
| H A D | netlabel_user.c | 101 if (audit_info->secid != 0 && in netlbl_audit_start_common()
102 security_secid_to_secctx(audit_info->secid, in netlbl_audit_start_common()
|
| /kernel/linux/linux-5.10/drivers/dio/ |
| H A D | dio.c | 125 u_char prid, secid, i; in dio_find() local
154 secid = DIO_SECID(va); in dio_find()
155 id = DIO_ENCODE_ID(prid, secid); in dio_find()
201 u_char prid, secid = 0; /* primary, secondary ID bytes */ in dio_init() local
243 secid = DIO_SECID(va); in dio_init()
244 dev->id = DIO_ENCODE_ID(prid, secid); in dio_init()
252 printk(":%02X", secid); in dio_init()
|
| /kernel/linux/linux-6.6/drivers/dio/ |
| H A D | dio.c | 124 u_char prid, secid, i; in dio_find() local
153 secid = DIO_SECID(va); in dio_find()
154 id = DIO_ENCODE_ID(prid, secid); in dio_find()
199 u_char prid, secid = 0; /* primary, secondary ID bytes */ in dio_init() local
244 secid = DIO_SECID(va); in dio_init()
245 dev->id = DIO_ENCODE_ID(prid, secid); in dio_init()
253 printk(":%02X", secid); in dio_init()
|
| /kernel/linux/linux-6.6/include/linux/ |
| H A D | security.h | 383 void security_inode_getsecid(struct inode *inode, u32 *secid);
413 void security_cred_getsecid(const struct cred *c, u32 *secid);
414 int security_kernel_act_as(struct cred *new, u32 secid);
433 void security_current_getsecid_subj(u32 *secid);
434 void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
452 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
481 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
482 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
952 static inline void security_inode_getsecid(struct inode *inode, u32 *secid) in security_inode_getsecid() argument
954 *secid in security_inode_getsecid()
1084 security_cred_getsecid(const struct cred *c, u32 *secid) security_cred_getsecid() argument
1089 security_kernel_act_as(struct cred *cred, u32 secid) security_kernel_act_as() argument
1166 security_current_getsecid_subj(u32 *secid) security_current_getsecid_subj() argument
1171 security_task_getsecid_obj(struct task_struct *p, u32 *secid) security_task_getsecid_obj() argument
1249 security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) security_ipc_getsecid() argument
1371 security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) security_secid_to_secctx() argument
1376 security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) security_secctx_to_secid() argument
1599 security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) security_socket_getpeersec_dgram() argument
1647 security_secmark_relabel_packet(u32 secid) security_secmark_relabel_packet() argument
1794 security_xfrm_state_alloc_acquire(struct xfrm_state *x, struct xfrm_sec_ctx *polsec, u32 secid) security_xfrm_state_alloc_acquire() argument
1821 security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) security_xfrm_decode_session() argument
1974 security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) security_audit_rule_match() argument
[all...] |
| /kernel/linux/linux-5.10/include/uapi/linux/netfilter/ |
| H A D | xt_SECMARK.h | 19 __u32 secid; member
26 __u32 secid; member
|
| /kernel/linux/linux-6.6/include/uapi/linux/netfilter/ |
| H A D | xt_SECMARK.h | 19 __u32 secid; member
26 __u32 secid; member
|
| /kernel/linux/linux-5.10/include/linux/ |
| H A D | security.h | 362 void security_inode_getsecid(struct inode *inode, u32 *secid);
391 void security_cred_getsecid(const struct cred *c, u32 *secid);
392 int security_kernel_act_as(struct cred *new, u32 secid);
410 void security_task_getsecid(struct task_struct *p, u32 *secid);
427 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
456 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
457 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
890 static inline void security_inode_getsecid(struct inode *inode, u32 *secid) in security_inode_getsecid() argument
892 *secid = 0; in security_inode_getsecid()
1017 static inline void security_cred_getsecid(const struct cred *c, u32 *secid) in security_cred_getsecid() argument
1022 security_kernel_act_as(struct cred *cred, u32 secid) security_kernel_act_as() argument
1093 security_task_getsecid(struct task_struct *p, u32 *secid) security_task_getsecid() argument
1166 security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) security_ipc_getsecid() argument
1288 security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) security_secid_to_secctx() argument
1293 security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) security_secctx_to_secid() argument
1510 security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) security_socket_getpeersec_dgram() argument
1558 security_secmark_relabel_packet(u32 secid) security_secmark_relabel_packet() argument
1694 security_xfrm_state_alloc_acquire(struct xfrm_state *x, struct xfrm_sec_ctx *polsec, u32 secid) security_xfrm_state_alloc_acquire() argument
1721 security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) security_xfrm_decode_session() argument
1874 security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) security_audit_rule_match() argument
[all...] |
| /kernel/linux/linux-5.10/security/ |
| H A D | security.c | 1421 void security_inode_getsecid(struct inode *inode, u32 *secid) in security_inode_getsecid() argument
1423 call_void_hook(inode_getsecid, inode, secid); in security_inode_getsecid()
1683 void security_cred_getsecid(const struct cred *c, u32 *secid) in security_cred_getsecid() argument
1685 *secid = 0; in security_cred_getsecid()
1686 call_void_hook(cred_getsecid, c, secid); in security_cred_getsecid()
1690 int security_kernel_act_as(struct cred *new, u32 secid) in security_kernel_act_as() argument
1692 return call_int_hook(kernel_act_as, 0, new, secid); in security_kernel_act_as()
1786 void security_task_getsecid(struct task_struct *p, u32 *secid) in security_task_getsecid() argument
1788 *secid = 0; in security_task_getsecid()
1789 call_void_hook(task_getsecid, p, secid); in security_task_getsecid()
1869 security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) security_ipc_getsecid() argument
2049 security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) security_secid_to_secctx() argument
2068 security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) security_secctx_to_secid() argument
2234 security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) security_socket_getpeersec_dgram() argument
2296 security_secmark_relabel_packet(u32 secid) security_secmark_relabel_packet() argument
2434 security_xfrm_state_alloc_acquire(struct xfrm_state *x, struct xfrm_sec_ctx *polsec, u32 secid) security_xfrm_state_alloc_acquire() argument
2480 security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) security_xfrm_decode_session() argument
2540 security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) security_audit_rule_match() argument
[all...] |
| /kernel/linux/linux-6.6/security/ |
| H A D | security.c | 2483 * security_inode_getsecid() - Get an inode's secid
2485 * @secid: secid to return
2487 * Get the secid associated with the node. In case of failure, @secid will be
2490 void security_inode_getsecid(struct inode *inode, u32 *secid) in security_inode_getsecid() argument
2492 call_void_hook(inode_getsecid, inode, secid); in security_inode_getsecid()
2992 * security_cred_getsecid() - Get the secid from a set of credentials
2994 * @secid: secid valu
2999 security_cred_getsecid(const struct cred *c, u32 *secid) security_cred_getsecid() argument
3016 security_kernel_act_as(struct cred *new, u32 secid) security_kernel_act_as() argument
3257 security_current_getsecid_subj(u32 *secid) security_current_getsecid_subj() argument
3272 security_task_getsecid_obj(struct task_struct *p, u32 *secid) security_task_getsecid_obj() argument
3496 security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) security_ipc_getsecid() argument
3915 security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) security_secid_to_secctx() argument
3944 security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) security_secctx_to_secid() argument
4432 security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) security_socket_getpeersec_dgram() argument
4584 security_secmark_relabel_packet(u32 secid) security_secmark_relabel_packet() argument
4941 security_xfrm_state_alloc_acquire(struct xfrm_state *x, struct xfrm_sec_ctx *polsec, u32 secid) security_xfrm_state_alloc_acquire() argument
5032 security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) security_xfrm_decode_session() argument
5169 security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) security_audit_rule_match() argument
[all...] |
| /kernel/linux/linux-5.10/include/net/ |
| H A D | scm.h | 36 u32 secid; /* Passed security ID */ member
49 security_socket_getpeersec_dgram(sock, NULL, &scm->secid); in unix_get_peersec_dgram()
100 err = security_secid_to_secctx(scm->secid, &secdata, &seclen); in scm_passec()
|