| /kernel/linux/linux-6.6/security/apparmor/ |
| H A D | resource.c | 92 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_setrlimit() local
93 typeof(*rules), list); in profile_setrlimit()
96 if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
97 rules->rlimits.limits[resource].rlim_max) in profile_setrlimit()
128 * profiles. AppArmor rules currently have the implicit assumption in aa_task_setrlimit()
168 struct aa_ruleset *rules = list_first_entry(&old->rules, in __aa_transition_rlimits() local
169 typeof(*rules), in __aa_transition_rlimits()
171 if (rules in __aa_transition_rlimits()
188 struct aa_ruleset *rules = list_first_entry(&new->rules, __aa_transition_rlimits() local
[all...] |
| H A D | policy_unpack.c | 565 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules) in unpack_secmark() argument
575 rules->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
577 if (!rules->secmark) in unpack_secmark()
580 rules->secmark_count = size; in unpack_secmark()
583 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
585 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
587 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
599 if (rules->secmark) { in unpack_secmark()
601 kfree(rules->secmark[i].label); in unpack_secmark()
602 kfree(rules in unpack_secmark()
611 unpack_rlimits(struct aa_ext *e, struct aa_ruleset *rules) unpack_rlimits() argument
804 struct aa_ruleset *rules; unpack_profile() local
1244 struct aa_ruleset *rules = list_first_entry(&profile->rules, verify_profile() local
[all...] |
| H A D | net.c | 113 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_af_perm() local
114 typeof(*rules), list); in aa_profile_af_perm()
124 state = RULE_MEDIATES(rules, AA_CLASS_NET); in aa_profile_af_perm()
130 state = aa_dfa_match_len(rules->policy.dfa, state, (char *) &buffer, in aa_profile_af_perm()
132 perms = *aa_lookup_perms(&rules->policy, state); in aa_profile_af_perm()
226 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_secmark_perm() local
227 typeof(*rules), list); in aa_secmark_perm()
229 if (rules in aa_secmark_perm()
[all...] |
| H A D | capability.c | 67 struct aa_ruleset *rules = list_first_entry(&profile->rules, in audit_caps() local
68 typeof(*rules), list); in audit_caps()
77 !cap_raised(rules->caps.audit, cap))) in audit_caps()
81 cap_raised(rules->caps.kill, cap)) { in audit_caps()
83 } else if (cap_raised(rules->caps.quiet, cap) && in audit_caps()
119 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_capable() local
120 typeof(*rules), list); in profile_capable()
123 if (cap_raised(rules in profile_capable()
[all...] |
| H A D | mount.c | 312 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt_path_str() local
313 typeof(*rules), list); in match_mnt_path_str()
320 if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT)) in match_mnt_path_str()
335 pos = do_match_mnt(&rules->policy, in match_mnt_path_str()
336 rules->policy.start[AA_CLASS_MOUNT], in match_mnt_path_str()
372 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt() local
373 typeof(*rules), list); in match_mnt()
379 if (!RULE_MEDIATES(rules, AA_CLASS_MOUN in match_mnt()
605 struct aa_ruleset *rules = list_first_entry(&profile->rules, profile_umount() local
669 struct aa_ruleset *rules = list_first_entry(&profile->rules, build_pivotroot() local
[all...] |
| H A D | domain.c | 91 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_component() local
92 typeof(*rules), list); in match_component()
96 state = aa_dfa_match(rules->file.dfa, state, "&"); in match_component()
98 return aa_dfa_match(rules->file.dfa, state, tp->base.hname); in match_component()
102 state = aa_dfa_match_len(rules->file.dfa, state, ":", 1); in match_component()
103 state = aa_dfa_match(rules->file.dfa, state, ns_name); in match_component()
104 state = aa_dfa_match_len(rules->file.dfa, state, ":", 1); in match_component()
105 return aa_dfa_match(rules->file.dfa, state, tp->base.hname); in match_component()
129 struct aa_ruleset *rules in label_compound_match() local
191 struct aa_ruleset *rules = list_first_entry(&profile->rules, label_components_match() local
515 struct aa_ruleset *rules = list_first_entry(&profile->rules, x_table_lookup() local
566 struct aa_ruleset *rules = list_first_entry(&profile->rules, x_to_label() local
635 struct aa_ruleset *rules = list_first_entry(&profile->rules, profile_transition() local
737 struct aa_ruleset *rules = list_first_entry(&profile->rules, profile_onexec() local
1294 struct aa_ruleset *rules = list_first_entry(&profile->rules, change_profile_perms_wrapper() local
[all...] |
| H A D | ipc.c | 83 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_signal_perm() local
84 typeof(*rules), list); in profile_signal_perm()
89 !ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL)) in profile_signal_perm()
95 state = aa_dfa_next(rules->policy.dfa, in profile_signal_perm()
96 rules->policy.start[AA_CLASS_SIGNAL], in profile_signal_perm()
98 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
|
| H A D | policy.c | 10 * AppArmor policy is based around profiles, which contain the rules a
13 * visible set of profiles or by following a profiles attachment rules.
206 static void free_ruleset(struct aa_ruleset *rules) in free_ruleset() argument
210 aa_destroy_policydb(&rules->file); in free_ruleset()
211 aa_destroy_policydb(&rules->policy); in free_ruleset()
212 aa_free_cap_rules(&rules->caps); in free_ruleset()
213 aa_free_rlimit_rules(&rules->rlimits); in free_ruleset()
215 for (i = 0; i < rules->secmark_count; i++) in free_ruleset()
216 kfree_sensitive(rules->secmark[i].label); in free_ruleset()
217 kfree_sensitive(rules in free_ruleset()
223 struct aa_ruleset *rules; aa_alloc_ruleset() local
298 struct aa_ruleset *rules; aa_alloc_profile() local
584 struct aa_ruleset *rules; aa_alloc_null() local
[all...] |
| H A D | file.c | 233 struct aa_ruleset *rules = list_first_entry(&profile->rules, in __aa_path_perm() local
234 typeof(*rules), list); in __aa_path_perm()
239 aa_str_perms(&(rules->file), rules->file.start[AA_CLASS_FILE], in __aa_path_perm()
332 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_path_link() local
333 typeof(*rules), list); in profile_path_link()
356 state = aa_str_perms(&(rules->file), in profile_path_link()
357 rules in profile_path_link()
[all...] |
| H A D | lib.c | 338 struct aa_ruleset *rules, in aa_profile_match_label()
345 state = aa_dfa_next(rules->policy.dfa, in aa_profile_match_label()
346 rules->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
348 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
357 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_label_perm() local
358 typeof(*rules), list); in aa_profile_label_perm()
364 aa_profile_match_label(profile, rules, &target->label, type, request, in aa_profile_label_perm()
337 aa_profile_match_label(struct aa_profile *profile, struct aa_ruleset *rules, struct aa_label *label, int type, u32 request, struct aa_perms *perms) aa_profile_match_label() argument
|
| H A D | task.c | 234 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_ptrace_perm() local
235 typeof(*rules), list); in profile_ptrace_perm()
240 aa_profile_match_label(profile, rules, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
252 !ANY_RULE_MEDIATES(&tracee->rules, AA_CLASS_PTRACE)) in profile_tracee_perm()
266 if (ANY_RULE_MEDIATES(&tracer->rules, AA_CLASS_PTRACE)) in profile_tracer_perm()
|
| /kernel/linux/linux-6.6/drivers/net/dsa/qca/ |
| H A D | qca8k-leds.c | 53 * 3 control rules for phy0-3 that applies to all their leds in qca8k_get_control_led_reg()
54 * 3 control rules for phy4 in qca8k_get_control_led_reg()
65 qca8k_parse_netdev(unsigned long rules, u32 *offload_trigger) in qca8k_parse_netdev() argument
68 if (test_bit(TRIGGER_NETDEV_TX, &rules)) in qca8k_parse_netdev()
70 if (test_bit(TRIGGER_NETDEV_RX, &rules)) in qca8k_parse_netdev()
72 if (test_bit(TRIGGER_NETDEV_LINK_10, &rules)) in qca8k_parse_netdev()
74 if (test_bit(TRIGGER_NETDEV_LINK_100, &rules)) in qca8k_parse_netdev()
76 if (test_bit(TRIGGER_NETDEV_LINK_1000, &rules)) in qca8k_parse_netdev()
78 if (test_bit(TRIGGER_NETDEV_HALF_DUPLEX, &rules)) in qca8k_parse_netdev()
80 if (test_bit(TRIGGER_NETDEV_FULL_DUPLEX, &rules)) in qca8k_parse_netdev()
278 qca8k_cled_hw_control_is_supported(struct led_classdev *ldev, unsigned long rules) qca8k_cled_hw_control_is_supported() argument
286 qca8k_cled_hw_control_set(struct led_classdev *ldev, unsigned long rules) qca8k_cled_hw_control_set() argument
310 qca8k_cled_hw_control_get(struct led_classdev *ldev, unsigned long *rules) qca8k_cled_hw_control_get() argument
[all...] |
| /kernel/linux/linux-5.10/net/netfilter/ |
| H A D | nf_tables_core.c | 173 struct nft_rule *const *rules; member
206 struct nft_rule *const *rules; in nft_do_chain() local
220 rules = rcu_dereference(chain->rules_gen_1); in nft_do_chain()
222 rules = rcu_dereference(chain->rules_gen_0); in nft_do_chain()
225 rule = *rules; in nft_do_chain()
227 for (; *rules ; rules++) { in nft_do_chain()
228 rule = *rules; in nft_do_chain()
271 jumpstack[stackptr].rules = rules in nft_do_chain()
[all...] |
| H A D | nft_set_pipapo.h | 52 /* Each n-bit range maps to up to n * 2 rules */
92 * @n: Number of rules (in next field) this rule maps to
114 * @rules: Number of inserted rules
123 unsigned long rules; member
187 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
245 * of rules (composing netmasks) the entries expand to. We compute the worst
262 unsigned long rules; in pipapo_estimate_size() local
268 * field can expand to up to n * 2 rules in each bucket, and in pipapo_estimate_size()
271 rules in pipapo_estimate_size()
[all...] |
| H A D | nft_set_pipapo.c | 56 * represented as one or more rules, depending on the number of composing
62 * item mapping a matched rule to one or more rules. The position of the pair in
65 * next-field rules the current rule maps to.
108 * or multiple rules for ranges. Ranges are expanded to composing netmasks
116 * - insert references to the rules in the lookup table, selecting buckets
144 * rules from the lookup table to rules belonging to the same entry in
147 * Note that as rules map to contiguous ranges of rules, given how netmask
182 * we need to map rules fo
362 pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst, union nft_pipapo_map_bucket *mt, bool match_only) pipapo_refill() argument
621 pipapo_resize(struct nft_pipapo_field *f, int old_rules, int rules) pipapo_resize() argument
1472 pipapo_unmap(union nft_pipapo_map_bucket *mt, int rules, int start, int n, int to_offset, bool is_last) global() argument
[all...] |
| /kernel/linux/linux-6.6/net/netfilter/ |
| H A D | nft_set_pipapo.h | 52 /* Each n-bit range maps to up to n * 2 rules */
92 * @n: Number of rules (in next field) this rule maps to
114 * @rules: Number of inserted rules
123 unsigned long rules; member
187 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
243 * of rules (composing netmasks) the entries expand to. We compute the worst
260 unsigned long rules; in pipapo_estimate_size() local
266 * field can expand to up to n * 2 rules in each bucket, and in pipapo_estimate_size()
269 rules in pipapo_estimate_size()
[all...] |
| H A D | nft_set_pipapo.c | 56 * represented as one or more rules, depending on the number of composing
62 * item mapping a matched rule to one or more rules. The position of the pair in
65 * next-field rules the current rule maps to.
108 * or multiple rules for ranges. Ranges are expanded to composing netmasks
116 * - insert references to the rules in the lookup table, selecting buckets
144 * rules from the lookup table to rules belonging to the same entry in
147 * Note that as rules map to contiguous ranges of rules, given how netmask
182 * we need to map rules fo
362 pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst, union nft_pipapo_map_bucket *mt, bool match_only) pipapo_refill() argument
621 pipapo_resize(struct nft_pipapo_field *f, int old_rules, int rules) pipapo_resize() argument
1471 pipapo_unmap(union nft_pipapo_map_bucket *mt, int rules, int start, int n, int to_offset, bool is_last) global() argument
[all...] |
| /kernel/linux/linux-5.10/tools/perf/util/ |
| H A D | strfilter.h | 23 * @rules: Filter rule, which is a combination of glob expressions.
24 * @err: Pointer which points an error detected on @rules
26 * Parse @rules and return new strfilter. Return NULL if an error detected.
30 struct strfilter *strfilter__new(const char *rules, const char **err);
35 * @rules: Filter rule to be appended at left of the root of
37 * @err: Pointer which points an error detected on @rules
39 * Parse @rules and join it to the @filter by using logical-or.
43 const char *rules, const char **err);
48 * @rules: Filter rule to be appended at left of the root of
50 * @err: Pointer which points an error detected on @rules
[all...] |
| H A D | strfilter.c | 160 struct strfilter *strfilter__new(const char *rules, const char **err) in strfilter__new() argument
166 filter->root = strfilter_node__new(rules, &ep); in strfilter__new()
179 const char *rules, const char **err) in strfilter__append()
184 if (!filter || !rules) in strfilter__append()
187 right = strfilter_node__new(rules, &ep); in strfilter__append()
207 int strfilter__or(struct strfilter *filter, const char *rules, const char **err) in strfilter__or() argument
209 return strfilter__append(filter, true, rules, err); in strfilter__or()
212 int strfilter__and(struct strfilter *filter, const char *rules, in strfilter__and() argument
215 return strfilter__append(filter, false, rules, err); in strfilter__and()
238 /* Return true if STR matches the filter rules */
178 strfilter__append(struct strfilter *filter, bool _or, const char *rules, const char **err) strfilter__append() argument
[all...] |
| /kernel/linux/linux-6.6/tools/perf/util/ |
| H A D | strfilter.h | 23 * @rules: Filter rule, which is a combination of glob expressions.
24 * @err: Pointer which points an error detected on @rules
26 * Parse @rules and return new strfilter. Return NULL if an error detected.
30 struct strfilter *strfilter__new(const char *rules, const char **err);
35 * @rules: Filter rule to be appended at left of the root of
37 * @err: Pointer which points an error detected on @rules
39 * Parse @rules and join it to the @filter by using logical-or.
43 const char *rules, const char **err);
48 * @rules: Filter rule to be appended at left of the root of
50 * @err: Pointer which points an error detected on @rules
[all...] |
| H A D | strfilter.c | 160 struct strfilter *strfilter__new(const char *rules, const char **err) in strfilter__new() argument
166 filter->root = strfilter_node__new(rules, &ep); in strfilter__new()
179 const char *rules, const char **err) in strfilter__append()
184 if (!filter || !rules) in strfilter__append()
187 right = strfilter_node__new(rules, &ep); in strfilter__append()
207 int strfilter__or(struct strfilter *filter, const char *rules, const char **err) in strfilter__or() argument
209 return strfilter__append(filter, true, rules, err); in strfilter__or()
212 int strfilter__and(struct strfilter *filter, const char *rules, in strfilter__and() argument
215 return strfilter__append(filter, false, rules, err); in strfilter__and()
238 /* Return true if STR matches the filter rules */
178 strfilter__append(struct strfilter *filter, bool _or, const char *rules, const char **err) strfilter__append() argument
[all...] |
| /kernel/linux/linux-6.6/drivers/media/i2c/ccs/ |
| H A D | ccs-data.c | 435 struct ccs_rule *rules_base = NULL, *rules = NULL, *next_rule = NULL; in ccs_data_parse_rules() local
442 bin_alloc(bin, sizeof(*rules) * *__num_rules); in ccs_data_parse_rules()
495 rules = next_rule; in ccs_data_parse_rules()
513 rules->if_rules = if_rule; in ccs_data_parse_rules()
514 rules->num_if_rules = __num_if_rules; in ccs_data_parse_rules()
517 /* Check there was an if rule before any other rules */ in ccs_data_parse_rules()
518 if (bin->base && !rules) in ccs_data_parse_rules()
524 rules ? in ccs_data_parse_rules()
525 &rules->read_only_regs : NULL, in ccs_data_parse_rules()
526 rules in ccs_data_parse_rules()
[all...] |
| /kernel/linux/linux-6.6/drivers/net/ethernet/mellanox/mlx5/core/lib/ |
| H A D | fs_ttc.c | 33 struct mlx5_ttc_rule rules[MLX5_NUM_TT]; member
47 if (!IS_ERR_OR_NULL(ttc->rules[i].rule)) { in mlx5_cleanup_ttc_rules()
48 mlx5_del_flow_rules(ttc->rules[i].rule); in mlx5_cleanup_ttc_rules()
49 ttc->rules[i].rule = NULL; in mlx5_cleanup_ttc_rules()
240 struct mlx5_ttc_rule *rules; in mlx5_generate_ttc_table_rules() local
246 rules = ttc->rules; in mlx5_generate_ttc_table_rules()
248 struct mlx5_ttc_rule *rule = &rules[tt]; in mlx5_generate_ttc_table_rules()
400 struct mlx5_ttc_rule *rules; in mlx5_generate_inner_ttc_table_rules() local
406 rules in mlx5_generate_inner_ttc_table_rules()
[all...] |
| /kernel/linux/linux-6.6/security/apparmor/include/ |
| H A D | policy.h | 68 APPARMOR_ENFORCE, /* enforce access rules */
126 /* struct aa_ruleset - data covering mediation rules
129 * @policy: general match rules governing policy
130 * @file: The set of rules governing basic file access and domain transitions
152 /* struct aa_attachment - data and rules for a profiles attachment
179 * @attach: attachment rules for the profile
180 * @rules: rules to be enforced
189 * attachments are determined by profile X transition rules.
211 struct list_head rules; member
275 RULE_MEDIATES(struct aa_ruleset *rules, unsigned char class) RULE_MEDIATES() argument
285 RULE_MEDIATES_AF(struct aa_ruleset *rules, u16 AF) RULE_MEDIATES_AF() argument
[all...] |
| /kernel/linux/linux-6.6/drivers/net/phy/ |
| H A D | marvell.c | 2898 unsigned long rules; member
2904 .rules = BIT(TRIGGER_NETDEV_LINK),
2908 .rules = (BIT(TRIGGER_NETDEV_LINK) |
2914 .rules = (BIT(TRIGGER_NETDEV_RX) |
2919 .rules = (BIT(TRIGGER_NETDEV_RX) |
2924 .rules = BIT(TRIGGER_NETDEV_TX),
2928 .rules = BIT(TRIGGER_NETDEV_LINK),
2932 .rules = BIT(TRIGGER_NETDEV_LINK_1000),
2936 .rules = 0,
2943 .rules
3017 marvell_find_led_mode(unsigned long rules, const struct marvell_led_rules *marvell_rules, int count, int *mode) marvell_find_led_mode() argument
3033 marvell_get_led_mode(u8 index, unsigned long rules, int *mode) marvell_get_led_mode() argument
3057 marvell_find_led_rules(unsigned long *rules, const struct marvell_led_rules *marvell_rules, int count, int mode) marvell_find_led_rules() argument
3073 marvell_get_led_rules(u8 index, unsigned long *rules, int mode) marvell_get_led_rules() argument
3097 m88e1318_led_hw_is_supported(struct phy_device *phydev, u8 index, unsigned long rules) m88e1318_led_hw_is_supported() argument
3115 m88e1318_led_hw_control_set(struct phy_device *phydev, u8 index, unsigned long rules) m88e1318_led_hw_control_set() argument
3144 m88e1318_led_hw_control_get(struct phy_device *phydev, u8 index, unsigned long *rules) m88e1318_led_hw_control_get() argument
[all...] |