| /kernel/linux/linux-5.10/security/apparmor/ |
| H A D | net.c | 192 static int apparmor_secmark_init(struct aa_secmark *secmark) in apparmor_secmark_init() argument
196 if (secmark->label[0] == '*') { in apparmor_secmark_init()
197 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init()
202 secmark->label, strlen(secmark->label), in apparmor_secmark_init()
208 secmark->secid = label->secid; in apparmor_secmark_init()
223 if (!profile->secmark[i].secid) { in aa_secmark_perm()
224 ret = apparmor_secmark_init(&profile->secmark[i]); in aa_secmark_perm()
229 if (profile->secmark[i].secid == secid || in aa_secmark_perm()
230 profile->secmark[ in aa_secmark_perm()
[all...] |
| H A D | policy_unpack.c | 580 if (unpack_nameX(e, AA_STRUCT, "secmark")) { in unpack_secmark()
583 profile->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
585 if (!profile->secmark) in unpack_secmark()
591 if (!unpack_u8(e, &profile->secmark[i].audit, NULL)) in unpack_secmark()
593 if (!unpack_u8(e, &profile->secmark[i].deny, NULL)) in unpack_secmark()
595 if (!unpack_strdup(e, &profile->secmark[i].label, NULL)) in unpack_secmark()
607 if (profile->secmark) { in unpack_secmark()
609 kfree(profile->secmark[i].label); in unpack_secmark()
610 kfree(profile->secmark); in unpack_secmark()
612 profile->secmark in unpack_secmark()
[all...] |
| H A D | lsm.c | 1048 if (!skb->secmark) in apparmor_socket_sock_rcv_skb()
1059 skb->secmark, sk); in apparmor_socket_sock_rcv_skb()
1162 if (!skb->secmark) in apparmor_inet_conn_request()
1166 skb->secmark, sk); in apparmor_inet_conn_request()
1757 if (!skb->secmark) in apparmor_ip_postroute()
1766 skb->secmark, sk)) in apparmor_ip_postroute()
|
| H A D | policy.c | 230 kfree_sensitive(profile->secmark[i].label); in aa_free_profile()
231 kfree_sensitive(profile->secmark); in aa_free_profile()
|
| /kernel/linux/linux-6.6/security/apparmor/ |
| H A D | net.c | 200 static int apparmor_secmark_init(struct aa_secmark *secmark) in apparmor_secmark_init() argument
204 if (secmark->label[0] == '*') { in apparmor_secmark_init()
205 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init()
210 secmark->label, strlen(secmark->label), in apparmor_secmark_init()
216 secmark->secid = label->secid; in apparmor_secmark_init()
233 if (!rules->secmark[i].secid) { in aa_secmark_perm()
234 ret = apparmor_secmark_init(&rules->secmark[i]); in aa_secmark_perm()
239 if (rules->secmark[i].secid == secid || in aa_secmark_perm()
240 rules->secmark[ in aa_secmark_perm()
[all...] |
| H A D | policy_unpack.c | 571 if (aa_unpack_nameX(e, AA_STRUCT, "secmark")) { in unpack_secmark()
575 rules->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
577 if (!rules->secmark) in unpack_secmark()
583 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
585 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
587 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
599 if (rules->secmark) { in unpack_secmark()
601 kfree(rules->secmark[i].label); in unpack_secmark()
602 kfree(rules->secmark); in unpack_secmark()
604 rules->secmark in unpack_secmark()
[all...] |
| H A D | lsm.c | 1130 if (!skb->secmark) in apparmor_socket_sock_rcv_skb()
1134 skb->secmark, sk); in apparmor_socket_sock_rcv_skb()
1234 if (!skb->secmark) in apparmor_inet_conn_request()
1238 skb->secmark, sk); in apparmor_inet_conn_request()
1839 if (!skb->secmark) in apparmor_ip_postroute()
1848 skb->secmark, sk)) in apparmor_ip_postroute()
|
| H A D | policy.c | 216 kfree_sensitive(rules->secmark[i].label); in free_ruleset()
217 kfree_sensitive(rules->secmark); in free_ruleset()
|
| /kernel/linux/linux-5.10/net/netfilter/ |
| H A D | xt_CONNSECMARK.c | 34 if (skb->secmark) { in secmark_save()
39 if (ct && !ct->secmark) { in secmark_save()
40 ct->secmark = skb->secmark; in secmark_save()
52 if (!skb->secmark) { in secmark_restore()
57 if (ct && ct->secmark) in secmark_restore()
58 skb->secmark = ct->secmark; in secmark_restore()
|
| H A D | xt_SECMARK.c | 3 * Module for modifying the secmark field of the skb, for use by
29 u32 secmark = 0; in secmark_tg() local
33 secmark = info->secid; in secmark_tg()
39 skb->secmark = secmark; in secmark_tg()
|
| H A D | nft_meta.c | 358 *dest = skb->secmark; in nft_meta_get_eval()
446 skb->secmark = value; in nft_meta_set_eval()
827 skb->secmark = priv->secid; in nft_secmark_obj_eval()
|
| H A D | nft_ct.c | 105 *dest = ct->secmark; in nft_ct_get_eval()
305 if (ct->secmark != value) { in nft_ct_set_eval()
306 ct->secmark = value; in nft_ct_set_eval()
|
| H A D | nf_conntrack_netlink.c | 346 ret = security_secid_to_secctx(ct->secmark, &secctx, &len); in ctnetlink_dump_secctx()
655 ret = security_secid_to_secctx(ct->secmark, NULL, &len); in ctnetlink_secctx_size()
798 if ((events & (1 << IPCT_SECMARK) || ct->secmark) in ctnetlink_conntrack_event()
2715 if (ct->secmark && ctnetlink_dump_secctx(skb, ct) < 0) in __ctnetlink_glue_build()
|
| /kernel/linux/linux-6.6/net/netfilter/ |
| H A D | xt_CONNSECMARK.c | 34 if (skb->secmark) { in secmark_save()
39 if (ct && !ct->secmark) { in secmark_save()
40 ct->secmark = skb->secmark; in secmark_save()
52 if (!skb->secmark) { in secmark_restore()
57 if (ct && ct->secmark) in secmark_restore()
58 skb->secmark = ct->secmark; in secmark_restore()
|
| H A D | xt_SECMARK.c | 3 * Module for modifying the secmark field of the skb, for use by
29 u32 secmark = 0; in secmark_tg() local
33 secmark = info->secid; in secmark_tg()
39 skb->secmark = secmark; in secmark_tg()
|
| H A D | nft_ct_fast.c | 52 *dest = ct->secmark; in nft_ct_get_fast_eval()
|
| H A D | nft_meta.c | 362 *dest = skb->secmark; in nft_meta_get_eval()
450 skb->secmark = value; in nft_meta_set_eval()
941 skb->secmark = priv->secid; in nft_secmark_obj_eval()
|
| H A D | nft_ct.c | 96 *dest = ct->secmark; in nft_ct_get_eval()
299 if (ct->secmark != value) { in nft_ct_set_eval()
300 ct->secmark = value; in nft_ct_set_eval()
|
| /kernel/linux/linux-5.10/security/smack/ |
| H A D | smack_netfilter.c | 34 skb->secmark = skp->smk_secid; in smack_ipv6_output()
52 skb->secmark = skp->smk_secid; in smack_ipv4_output()
|
| /kernel/linux/linux-6.6/security/smack/ |
| H A D | smack_netfilter.c | 32 skb->secmark = skp->smk_secid; in smack_ip_output()
|
| /kernel/linux/linux-5.10/security/apparmor/include/ |
| H A D | policy.h | 155 struct aa_secmark *secmark; member
|
| /kernel/linux/linux-5.10/include/net/netfilter/ |
| H A D | nf_conntrack.h | 100 u_int32_t secmark; member
|
| /kernel/linux/linux-6.6/include/net/netfilter/ |
| H A D | nf_conntrack.h | 118 u_int32_t secmark; member
|
| /kernel/linux/linux-6.6/security/apparmor/include/ |
| H A D | policy.h | 133 * @secmark_count: number of secmark entries
134 * @secmark: secmark label match info
149 struct aa_secmark *secmark; member
|
| /kernel/linux/linux-5.10/include/linux/ |
| H A D | skbuff.h | 690 * @secmark: security marking
889 __u32 secmark; member
4317 to->secmark = from->secmark; in skb_copy_secmark()
4322 skb->secmark = 0; in skb_init_secmark()
|