| /kernel/linux/linux-6.6/security/apparmor/ |
| H A D | resource.c | 92 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_setrlimit() local
93 typeof(*rules), list); in profile_setrlimit()
96 if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
97 rules->rlimits.limits[resource].rlim_max) in profile_setrlimit()
128 * profiles. AppArmor rules currently have the implicit assumption in aa_task_setrlimit()
168 struct aa_ruleset *rules = list_first_entry(&old->rules, in __aa_transition_rlimits() local
169 typeof(*rules), in __aa_transition_rlimits()
171 if (rules in __aa_transition_rlimits()
188 struct aa_ruleset *rules = list_first_entry(&new->rules, __aa_transition_rlimits() local
[all...] |
| H A D | policy_unpack.c | 565 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules) in unpack_secmark() argument
575 rules->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
577 if (!rules->secmark) in unpack_secmark()
580 rules->secmark_count = size; in unpack_secmark()
583 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
585 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
587 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
599 if (rules->secmark) { in unpack_secmark()
601 kfree(rules->secmark[i].label); in unpack_secmark()
602 kfree(rules in unpack_secmark()
611 unpack_rlimits(struct aa_ext *e, struct aa_ruleset *rules) unpack_rlimits() argument
804 struct aa_ruleset *rules; unpack_profile() local
1244 struct aa_ruleset *rules = list_first_entry(&profile->rules, verify_profile() local
[all...] |
| H A D | net.c | 113 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_af_perm() local
114 typeof(*rules), list); in aa_profile_af_perm()
124 state = RULE_MEDIATES(rules, AA_CLASS_NET); in aa_profile_af_perm()
130 state = aa_dfa_match_len(rules->policy.dfa, state, (char *) &buffer, in aa_profile_af_perm()
132 perms = *aa_lookup_perms(&rules->policy, state); in aa_profile_af_perm()
226 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_secmark_perm() local
227 typeof(*rules), list); in aa_secmark_perm()
229 if (rules in aa_secmark_perm()
[all...] |
| H A D | capability.c | 67 struct aa_ruleset *rules = list_first_entry(&profile->rules, in audit_caps() local
68 typeof(*rules), list); in audit_caps()
77 !cap_raised(rules->caps.audit, cap))) in audit_caps()
81 cap_raised(rules->caps.kill, cap)) { in audit_caps()
83 } else if (cap_raised(rules->caps.quiet, cap) && in audit_caps()
119 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_capable() local
120 typeof(*rules), list); in profile_capable()
123 if (cap_raised(rules in profile_capable()
[all...] |
| H A D | mount.c | 312 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt_path_str() local
313 typeof(*rules), list); in match_mnt_path_str()
320 if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT)) in match_mnt_path_str()
335 pos = do_match_mnt(&rules->policy, in match_mnt_path_str()
336 rules->policy.start[AA_CLASS_MOUNT], in match_mnt_path_str()
372 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt() local
373 typeof(*rules), list); in match_mnt()
379 if (!RULE_MEDIATES(rules, AA_CLASS_MOUN in match_mnt()
605 struct aa_ruleset *rules = list_first_entry(&profile->rules, profile_umount() local
669 struct aa_ruleset *rules = list_first_entry(&profile->rules, build_pivotroot() local
[all...] |
| H A D | domain.c | 91 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_component() local
92 typeof(*rules), list); in match_component()
96 state = aa_dfa_match(rules->file.dfa, state, "&"); in match_component()
98 return aa_dfa_match(rules->file.dfa, state, tp->base.hname); in match_component()
102 state = aa_dfa_match_len(rules->file.dfa, state, ":", 1); in match_component()
103 state = aa_dfa_match(rules->file.dfa, state, ns_name); in match_component()
104 state = aa_dfa_match_len(rules->file.dfa, state, ":", 1); in match_component()
105 return aa_dfa_match(rules->file.dfa, state, tp->base.hname); in match_component()
129 struct aa_ruleset *rules in label_compound_match() local
191 struct aa_ruleset *rules = list_first_entry(&profile->rules, label_components_match() local
515 struct aa_ruleset *rules = list_first_entry(&profile->rules, x_table_lookup() local
566 struct aa_ruleset *rules = list_first_entry(&profile->rules, x_to_label() local
635 struct aa_ruleset *rules = list_first_entry(&profile->rules, profile_transition() local
737 struct aa_ruleset *rules = list_first_entry(&profile->rules, profile_onexec() local
1294 struct aa_ruleset *rules = list_first_entry(&profile->rules, change_profile_perms_wrapper() local
[all...] |
| H A D | ipc.c | 83 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_signal_perm() local
84 typeof(*rules), list); in profile_signal_perm()
89 !ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL)) in profile_signal_perm()
95 state = aa_dfa_next(rules->policy.dfa, in profile_signal_perm()
96 rules->policy.start[AA_CLASS_SIGNAL], in profile_signal_perm()
98 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
|
| H A D | policy.c | 10 * AppArmor policy is based around profiles, which contain the rules a
13 * visible set of profiles or by following a profiles attachment rules.
206 static void free_ruleset(struct aa_ruleset *rules) in free_ruleset() argument
210 aa_destroy_policydb(&rules->file); in free_ruleset()
211 aa_destroy_policydb(&rules->policy); in free_ruleset()
212 aa_free_cap_rules(&rules->caps); in free_ruleset()
213 aa_free_rlimit_rules(&rules->rlimits); in free_ruleset()
215 for (i = 0; i < rules->secmark_count; i++) in free_ruleset()
216 kfree_sensitive(rules->secmark[i].label); in free_ruleset()
217 kfree_sensitive(rules in free_ruleset()
223 struct aa_ruleset *rules; aa_alloc_ruleset() local
298 struct aa_ruleset *rules; aa_alloc_profile() local
584 struct aa_ruleset *rules; aa_alloc_null() local
[all...] |
| H A D | lib.c | 338 struct aa_ruleset *rules, in aa_profile_match_label()
345 state = aa_dfa_next(rules->policy.dfa, in aa_profile_match_label()
346 rules->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
348 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
357 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_label_perm() local
358 typeof(*rules), list); in aa_profile_label_perm()
364 aa_profile_match_label(profile, rules, &target->label, type, request, in aa_profile_label_perm()
337 aa_profile_match_label(struct aa_profile *profile, struct aa_ruleset *rules, struct aa_label *label, int type, u32 request, struct aa_perms *perms) aa_profile_match_label() argument
|
| /foundation/communication/netmanager_ext/services/netfirewallmanager/src/ |
| H A D | netfirewall_rule_native_helper.cpp | 56 * Clear firewall rules by type
68 * Set firewall rules to bpf maps
75 std::vector<sptr<NetFirewallBaseRule>> rules; in SetFirewallIpRules() local
76 rules.assign(ruleList.begin(), ruleList.end()); in SetFirewallIpRules()
77 return SetFirewallRulesInner(NetFirewallRuleType::RULE_IP, rules, FIREWALL_IPC_IP_RULE_PAGE_SIZE); in SetFirewallIpRules()
81 * Set the Firewall DNS rules
83 * @param ruleList firewall rules
88 std::vector<sptr<NetFirewallBaseRule>> rules; in SetFirewallDnsRules() local
89 rules.assign(ruleList.begin(), ruleList.end()); in SetFirewallDnsRules()
90 return SetFirewallRulesInner(NetFirewallRuleType::RULE_DNS, rules, FIREWALL_RULE_SIZE_MA in SetFirewallDnsRules()
101 std::vector<sptr<NetFirewallBaseRule>> rules; SetFirewallDomainRules() local
[all...] |
| H A D | netfirewall_rule_manager.cpp | 85 std::vector<sptr<NetFirewallRule>> rules; in AddDefaultNetFirewallRule() local
86 NetFirewallDefaultRuleParser::GetDefaultRules(rules); in AddDefaultNetFirewallRule()
87 if (rules.empty()) { in AddDefaultNetFirewallRule()
90 maxDefaultRuleSize_ = static_cast<int64_t>(rules.size()); in AddDefaultNetFirewallRule()
94 for (const auto &rule : rules) { in AddDefaultNetFirewallRule()
184 std::vector<NetFirewallRule> rules; in DeleteNetFirewallRuleByAppId() local
185 NetFirewallDbHelper::GetInstance().QueryEnabledFirewallRules(GetCurrentAccountId(), appUid, rules); in DeleteNetFirewallRuleByAppId() local
186 if (rules.empty()) { in DeleteNetFirewallRuleByAppId()
200 for (const auto &rule : rules) { in DeleteNetFirewallRuleByAppId()
401 bool NetFirewallRuleManager::ExtractIpRules(const std::vector<NetFirewallRule> &rules, in ExtractIpRules() argument
430 ExtractDomainRules(const std::vector<NetFirewallRule> &rules, std::vector<sptr<NetFirewallDomainRule>> &domainRules) ExtractDomainRules() argument
454 ExtractDnsRules(const std::vector<NetFirewallRule> &rules, std::vector<sptr<NetFirewallDnsRule>> &dnsRules) ExtractDnsRules() argument
478 HandleIpTypeForDistributeRules(std::vector<NetFirewallRule> &rules) HandleIpTypeForDistributeRules() argument
489 HandleDnsTypeForDistributeRules(std::vector<NetFirewallRule> &rules) HandleDnsTypeForDistributeRules() argument
500 HandleDomainTypeForDistributeRules(std::vector<NetFirewallRule> &rules) HandleDomainTypeForDistributeRules() argument
570 std::vector<NetFirewallRule> rules; SetRulesToNativeByType() local
[all...] |
| H A D | netfirewall_db_helper.cpp | 231 std::vector<NetFirewallRule> rules;
in CheckIfNeedUpdateEx() local
232 GetResultRightRecordEx(resultSet, rules);
in CheckIfNeedUpdateEx()
233 isUpdate = rowCount > 0 && !rules.empty();
in CheckIfNeedUpdateEx()
234 if (!rules.empty()) {
in CheckIfNeedUpdateEx()
235 oldRule.ruleId = rules[0].ruleId;
in CheckIfNeedUpdateEx()
236 oldRule.userId = rules[0].userId;
in CheckIfNeedUpdateEx()
237 oldRule.ruleType = rules[0].ruleType;
in CheckIfNeedUpdateEx()
238 oldRule.isEnabled = rules[0].isEnabled;
in CheckIfNeedUpdateEx()
467 std::vector<NetFirewallRule> &rules)
in GetResultRightRecordEx()
486 rules in GetResultRightRecordEx()
466 GetResultRightRecordEx(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet, std::vector<NetFirewallRule> &rules) GetResultRightRecordEx() argument
495 GetResultRightRecordEx(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet, std::vector<InterceptRecord> &rules) GetResultRightRecordEx() argument
545 QueryAndGetResult(const NativeRdb::RdbPredicates &rdbPredicates, const std::vector<std::string> &columns, std::vector<T> &rules) QueryAndGetResult() argument
556 QueryAllFirewallRuleRecord(std::vector<NetFirewallRule> &rules) QueryAllFirewallRuleRecord() argument
565 QueryAllUserEnabledFirewallRules(std::vector<NetFirewallRule> &rules, NetFirewallRuleType type) QueryAllUserEnabledFirewallRules() argument
580 QueryEnabledFirewallRules(int32_t userId, int32_t appUid, std::vector<NetFirewallRule> &rules) QueryEnabledFirewallRules() argument
597 QueryFirewallRuleRecord(int32_t ruleId, int32_t userId, std::vector<NetFirewallRule> &rules) QueryFirewallRuleRecord() argument
613 QueryFirewallRuleRecord(const NativeRdb::RdbPredicates &rdbPredicates, const std::vector<std::string> &columns, std::vector<NetFirewallRule> &rules) QueryFirewallRuleRecord() argument
[all...] |
| /foundation/communication/netmanager_base/services/netmanagernative/src/netsys/dnsresolv/ |
| H A D | dns_param_cache.cpp | 362 std::vector<sptr<NetFirewallDnsRule>> rules = it->second; in GetDnsServersByAppUid() local
363 for (const auto &rule : rules) { in GetDnsServersByAppUid()
381 NETNATIVE_LOGE("SetFirewallRules: rules is empty"); in SetFirewallRules()
416 std::vector<sptr<NetFirewallDnsRule>> rules; in SetFirewallDnsRules() local
419 rules = it->second; in SetFirewallDnsRules()
421 rules.emplace_back(std::move(rule)); in SetFirewallDnsRules()
422 netFirewallDnsRuleMap_.emplace(rule->appUid, std::move(rules)); in SetFirewallDnsRules()
428 const std::vector<sptr<NetFirewallDomainRule>> &rules) in GetFirewallRuleAction()
431 for (const auto &rule : rules) { in GetFirewallRuleAction()
465 std::vector<sptr<NetFirewallDomainRule>> rules; in IsInterceptDomain() local
427 GetFirewallRuleAction(int32_t appUid, const std::vector<sptr<NetFirewallDomainRule>> &rules) GetFirewallRuleAction() argument
507 std::vector<sptr<NetFirewallDomainRule>> rules; BuildFirewallDomainLsmTrie() local
538 std::vector<sptr<NetFirewallDomainRule>> rules; BuildFirewallDomainMap() local
[all...] |
| /kernel/linux/linux-6.6/drivers/net/dsa/qca/ |
| H A D | qca8k-leds.c | 53 * 3 control rules for phy0-3 that applies to all their leds in qca8k_get_control_led_reg()
54 * 3 control rules for phy4 in qca8k_get_control_led_reg()
65 qca8k_parse_netdev(unsigned long rules, u32 *offload_trigger) in qca8k_parse_netdev() argument
68 if (test_bit(TRIGGER_NETDEV_TX, &rules)) in qca8k_parse_netdev()
70 if (test_bit(TRIGGER_NETDEV_RX, &rules)) in qca8k_parse_netdev()
72 if (test_bit(TRIGGER_NETDEV_LINK_10, &rules)) in qca8k_parse_netdev()
74 if (test_bit(TRIGGER_NETDEV_LINK_100, &rules)) in qca8k_parse_netdev()
76 if (test_bit(TRIGGER_NETDEV_LINK_1000, &rules)) in qca8k_parse_netdev()
78 if (test_bit(TRIGGER_NETDEV_HALF_DUPLEX, &rules)) in qca8k_parse_netdev()
80 if (test_bit(TRIGGER_NETDEV_FULL_DUPLEX, &rules)) in qca8k_parse_netdev()
278 qca8k_cled_hw_control_is_supported(struct led_classdev *ldev, unsigned long rules) qca8k_cled_hw_control_is_supported() argument
286 qca8k_cled_hw_control_set(struct led_classdev *ldev, unsigned long rules) qca8k_cled_hw_control_set() argument
310 qca8k_cled_hw_control_get(struct led_classdev *ldev, unsigned long *rules) qca8k_cled_hw_control_get() argument
[all...] |
| /kernel/linux/linux-5.10/net/netfilter/ |
| H A D | nf_tables_core.c | 173 struct nft_rule *const *rules; member
206 struct nft_rule *const *rules; in nft_do_chain() local
220 rules = rcu_dereference(chain->rules_gen_1); in nft_do_chain()
222 rules = rcu_dereference(chain->rules_gen_0); in nft_do_chain()
225 rule = *rules; in nft_do_chain()
227 for (; *rules ; rules++) { in nft_do_chain()
228 rule = *rules; in nft_do_chain()
271 jumpstack[stackptr].rules = rules in nft_do_chain()
[all...] |
| H A D | nft_set_pipapo.h | 52 /* Each n-bit range maps to up to n * 2 rules */
92 * @n: Number of rules (in next field) this rule maps to
114 * @rules: Number of inserted rules
123 unsigned long rules; member
187 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
245 * of rules (composing netmasks) the entries expand to. We compute the worst
262 unsigned long rules; in pipapo_estimate_size() local
268 * field can expand to up to n * 2 rules in each bucket, and in pipapo_estimate_size()
271 rules in pipapo_estimate_size()
[all...] |
| /foundation/distributeddatamgr/datamgr_service/services/distributeddataservice/service/config/src/model/ |
| H A D | backup_config.cpp | 21 SetValue(node[GET_NAME(rules)], rules); in Marshal()
31 GetValue(node, GET_NAME(rules), rules); in Unmarshal()
|
| /foundation/communication/netmanager_ext/services/netfirewallmanager/include/ |
| H A D | netfirewall_rule_manager.h | 33 * Add firewall rules
35 * @param rule Firewall rules
42 * Modify firewall rules
44 * @param rule Firewall rules
50 * Delete firewall rules
59 * Get all firewall rules
73 * @param rule Return to firewall rules
108 bool ExtractIpRules(const std::vector<NetFirewallRule> &rules, std::vector<sptr<NetFirewallIpRule>> &ipRules);
110 bool ExtractDomainRules(const std::vector<NetFirewallRule> &rules,
113 bool ExtractDnsRules(const std::vector<NetFirewallRule> &rules, st
[all...] |
| H A D | netfirewall_db_helper.h | 118 * @param rules List of rules obtained from query
121 int32_t QueryAllUserEnabledFirewallRules(std::vector<NetFirewallRule> &rules,
129 * @param rules List of rules obtained from query
132 int32_t QueryEnabledFirewallRules(int32_t userId, int32_t appUid, std::vector<NetFirewallRule> &rules);
135 * Query all rules
137 * @param rules List of rules obtained from query
140 int32_t QueryAllFirewallRuleRecord(std::vector<NetFirewallRule> &rules);
[all...] |
| /kernel/linux/linux-5.10/tools/perf/util/ |
| H A D | strfilter.h | 23 * @rules: Filter rule, which is a combination of glob expressions.
24 * @err: Pointer which points an error detected on @rules
26 * Parse @rules and return new strfilter. Return NULL if an error detected.
30 struct strfilter *strfilter__new(const char *rules, const char **err);
35 * @rules: Filter rule to be appended at left of the root of
37 * @err: Pointer which points an error detected on @rules
39 * Parse @rules and join it to the @filter by using logical-or.
43 const char *rules, const char **err);
48 * @rules: Filter rule to be appended at left of the root of
50 * @err: Pointer which points an error detected on @rules
[all...] |
| H A D | strfilter.c | 160 struct strfilter *strfilter__new(const char *rules, const char **err) in strfilter__new() argument
166 filter->root = strfilter_node__new(rules, &ep); in strfilter__new()
179 const char *rules, const char **err) in strfilter__append()
184 if (!filter || !rules) in strfilter__append()
187 right = strfilter_node__new(rules, &ep); in strfilter__append()
207 int strfilter__or(struct strfilter *filter, const char *rules, const char **err) in strfilter__or() argument
209 return strfilter__append(filter, true, rules, err); in strfilter__or()
212 int strfilter__and(struct strfilter *filter, const char *rules, in strfilter__and() argument
215 return strfilter__append(filter, false, rules, err); in strfilter__and()
238 /* Return true if STR matches the filter rules */
178 strfilter__append(struct strfilter *filter, bool _or, const char *rules, const char **err) strfilter__append() argument
[all...] |
| /kernel/linux/linux-6.6/tools/perf/util/ |
| H A D | strfilter.h | 23 * @rules: Filter rule, which is a combination of glob expressions.
24 * @err: Pointer which points an error detected on @rules
26 * Parse @rules and return new strfilter. Return NULL if an error detected.
30 struct strfilter *strfilter__new(const char *rules, const char **err);
35 * @rules: Filter rule to be appended at left of the root of
37 * @err: Pointer which points an error detected on @rules
39 * Parse @rules and join it to the @filter by using logical-or.
43 const char *rules, const char **err);
48 * @rules: Filter rule to be appended at left of the root of
50 * @err: Pointer which points an error detected on @rules
[all...] |
| H A D | strfilter.c | 160 struct strfilter *strfilter__new(const char *rules, const char **err) in strfilter__new() argument
166 filter->root = strfilter_node__new(rules, &ep); in strfilter__new()
179 const char *rules, const char **err) in strfilter__append()
184 if (!filter || !rules) in strfilter__append()
187 right = strfilter_node__new(rules, &ep); in strfilter__append()
207 int strfilter__or(struct strfilter *filter, const char *rules, const char **err) in strfilter__or() argument
209 return strfilter__append(filter, true, rules, err); in strfilter__or()
212 int strfilter__and(struct strfilter *filter, const char *rules, in strfilter__and() argument
215 return strfilter__append(filter, false, rules, err); in strfilter__and()
238 /* Return true if STR matches the filter rules */
178 strfilter__append(struct strfilter *filter, bool _or, const char *rules, const char **err) strfilter__append() argument
[all...] |
| /kernel/linux/linux-6.6/net/netfilter/ |
| H A D | nft_set_pipapo.h | 52 /* Each n-bit range maps to up to n * 2 rules */
92 * @n: Number of rules (in next field) this rule maps to
114 * @rules: Number of inserted rules
123 unsigned long rules; member
187 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
243 * of rules (composing netmasks) the entries expand to. We compute the worst
260 unsigned long rules; in pipapo_estimate_size() local
266 * field can expand to up to n * 2 rules in each bucket, and in pipapo_estimate_size()
269 rules in pipapo_estimate_size()
[all...] |
| /kernel/linux/linux-6.6/drivers/media/i2c/ccs/ |
| H A D | ccs-data.c | 435 struct ccs_rule *rules_base = NULL, *rules = NULL, *next_rule = NULL; in ccs_data_parse_rules() local
442 bin_alloc(bin, sizeof(*rules) * *__num_rules); in ccs_data_parse_rules()
495 rules = next_rule; in ccs_data_parse_rules()
513 rules->if_rules = if_rule; in ccs_data_parse_rules()
514 rules->num_if_rules = __num_if_rules; in ccs_data_parse_rules()
517 /* Check there was an if rule before any other rules */ in ccs_data_parse_rules()
518 if (bin->base && !rules) in ccs_data_parse_rules()
524 rules ? in ccs_data_parse_rules()
525 &rules->read_only_regs : NULL, in ccs_data_parse_rules()
526 rules in ccs_data_parse_rules()
[all...] |