unconfined (reference) in projects: kernel

Repository(s)

Full Search		Search through all text tokens(words,strings,identifiers,numbers) in index.
Definition		Only finds symbol definitions(where e.g a variable(function,...) is defined).
Symbol		Only finds symbol(e.g. methods classes,function,variables).
File Path		Path of the source file(use "/").If you want just exact path,enclose it in "".Source files end with: .jar/.bz2/.a/.h/.java...
History		History log comments.
Type		Type of analyzer used to filter file types include with selected(e.g. just C sources).

Help

Searched refs:unconfined (Results 1 - 25 of 25) sorted by relevance

/kernel/linux/linux-5.10/security/apparmor/
H A D	policy_ns.c	104 ns->unconfined = aa_alloc_profile("unconfined", NULL, GFP_KERNEL); in alloc_ns() 105 if (!ns->unconfined) in alloc_ns() 108 ns->unconfined->label.flags \|= FLAG_IX_ON_NAME_ERROR \| in alloc_ns() 110 ns->unconfined->mode = APPARMOR_UNCONFINED; in alloc_ns() 111 ns->unconfined->file.dfa = aa_get_dfa(nulldfa); in alloc_ns() 112 ns->unconfined->policy.dfa = aa_get_dfa(nulldfa); in alloc_ns() 114 /* ns and ns->unconfined share ns->unconfined refcount */ in alloc_ns() 115 ns->unconfined in alloc_ns() [all...]
H A D	domain.c	73 if (!tracer \|\| unconfined(tracerl)) in may_change_ptraced_domain() 370 * find_attach - do attachment search for unconfined processes 655 AA_DEBUG("unconfined attached to new label"); in profile_transition() 658 AA_DEBUG("unconfined exec no attachment"); in profile_transition() 738 * NOTE: Domain transitions from unconfined are allowed in profile_onexec() 877 * Testing for unconfined must be done before the subset test in apparmor_bprm_creds_for_exec() 879 if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && !unconfined(label) && in apparmor_bprm_creds_for_exec() 912 * NOTE: Domain transitions from unconfined and to stacked in apparmor_bprm_creds_for_exec() 917 !unconfined(label) && in apparmor_bprm_creds_for_exec() 1166 * Testing for unconfined mus in aa_change_hat() [all...]
H A D	net.c	`153 if (!unconfined(label)) { in aa_label_sk_perm() 201 label = aa_label_strn_parse(&root_ns->unconfined->label, in apparmor_secmark_init()`
H A D	lsm.c	161 if (!unconfined(label)) { in apparmor_capget() 187 if (!unconfined(label)) in apparmor_capable() 210 if (!unconfined(label)) in common_perm() 346 if (!unconfined(label)) in apparmor_path_link() 363 if (!unconfined(label)) { in apparmor_path_rename() 422 if (!unconfined(label)) { in apparmor_file_open() 542 if (!unconfined(label)) { in apparmor_sb_mount() 567 if (!unconfined(label)) in apparmor_sb_umount() 581 if (!unconfined(label)) in apparmor_sb_pivotroot() 697 /* bail out if unconfined o in apparmor_bprm_committing_creds() [all...]
H A D	secid.c	`102 label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, in apparmor_secctx_to_secid()`
H A D	task.c	`65 if (unconfined(label) \|\| (labels_ns(old) != labels_ns(label))) in aa_replace_current_label() 67 * if switching to unconfined or a different label namespace in aa_replace_current_label()`
H A D	audit.c	`195 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, in aa_audit_rule_init()`
H A D	ipc.c	`80 if (profile_unconfined(tracee) \|\| unconfined(tracer) \|\| in profile_tracee_perm()`
H A D	file.c	`613 /* revalidate access, if task is unconfined, or the cached cred in aa_file_perm() 617 * Note: the test for !unconfined(flabel) is to handle file in aa_file_perm() 618 * delegation from unconfined tasks in aa_file_perm() 621 if (unconfined(label) \|\| unconfined(flabel) \|\| in aa_file_perm()`
H A D	policy.c	12 * to it determined either by matching "unconfined" tasks against the 16 * visible profiles. Each namespace contains a special "unconfined" profile, 27 * unconfined - special automatically generated unconfined profile 96 "unconfined", 132 * replacements to the unconfined profile. 444 /* the unconfined profile is not in the regular profile list / in aa_lookupn_profile() 445 if (!profile && strncmp(hname, "unconfined", n) == 0) in aa_lookupn_profile() 446 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile() 476 / default profile for ns, currently unconfined */ in aa_fqlookupn_profile() [all...]
H A D	label.c	553 * This checks for subset but taking into account unconfined. IF 554 * @sub contains an unconfined profile that does not have a matching 555 * unconfined in @set then this will not cause the test to fail. 556 * Conversely we don't care about an unconfined in @set that is not in 1532 return snprintf(str, size, "%s", "unconfined"); in aa_profile_snxprint() 1537 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) { in aa_profile_snxprint() 1563 if (profile == profile->ns->unconfined) in label_modename() 1564 /* special case unconfined so stacks with in label_modename() 1565 * unconfined don't report as mixed. ie. in label_modename() 1566 * profile_foo//&:ns1:unconfined (mixe in label_modename() [all...]
/kernel/linux/linux-5.10/security/apparmor/include/
H A D	policy_ns.h	`40 * @unconfined: special unconfined profile for the namespace 63 struct aa_profile *unconfined; member 81 #define ns_unconfined(NS) (&(NS)->unconfined->label) 115 aa_get_profile(ns->unconfined); in aa_get_ns() 129 aa_put_profile(ns->unconfined); in aa_put_ns()`
H A D	label.h	`86 FLAG_UNCONFINED = 2, /* label unconfined only if all */ 146 #define unconfined(X) label_unconfined(X) macro`
/kernel/linux/linux-6.6/security/apparmor/include/
H A D	policy_ns.h	`40 * @unconfined: special unconfined profile for the namespace 63 struct aa_profile *unconfined; member 82 #define ns_unconfined(NS) (&(NS)->unconfined->label) 116 aa_get_profile(ns->unconfined); in aa_get_ns() 130 aa_put_profile(ns->unconfined); in aa_put_ns()`
H A D	label.h	`82 FLAG_UNCONFINED = 2, /* label unconfined only if all */ 144 #define unconfined(X) label_unconfined(X) macro`
/kernel/linux/linux-6.6/security/apparmor/
H A D	policy_ns.c	`122 ns->unconfined = alloc_unconfined("unconfined"); in alloc_ns() 123 if (!ns->unconfined) in alloc_ns() 125 /* ns and ns->unconfined share ns->unconfined refcount */ in alloc_ns() 126 ns->unconfined->ns = ns; in alloc_ns() 157 ns->unconfined->ns = NULL; in aa_free_ns() 158 aa_free_profile(ns->unconfined); in aa_free_ns() 416 root_ns->unconfined->ns = aa_get_ns(root_ns); in aa_alloc_root_ns()`
H A D	domain.c	61 if (!tracer \|\| unconfined(tracerl)) in may_change_ptraced_domain() 368 * find_attach - do attachment search for unconfined processes 665 AA_DEBUG("unconfined attached to new label"); in profile_transition() 668 AA_DEBUG("unconfined exec no attachment"); in profile_transition() 752 * NOTE: Domain transitions from unconfined are allowed in profile_onexec() 900 * Testing for unconfined must be done before the subset test in apparmor_bprm_creds_for_exec() 902 if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && !unconfined(label) && in apparmor_bprm_creds_for_exec() 936 * NOTE: Domain transitions from unconfined and to stacked in apparmor_bprm_creds_for_exec() 941 !unconfined(label) && in apparmor_bprm_creds_for_exec() 1195 * Testing for unconfined mus in aa_change_hat() [all...]
H A D	lsm.c	166 if (!unconfined(label)) { in apparmor_capget() 195 if (!unconfined(label)) in apparmor_capable() 218 if (!unconfined(label)) in common_perm() 365 if (!unconfined(label)) in apparmor_path_link() 386 if (!unconfined(label)) { in apparmor_path_rename() 471 if (!unconfined(label)) { in apparmor_file_open() 598 if (!unconfined(label)) { in apparmor_sb_mount() 628 if (!unconfined(label)) in apparmor_move_mount() 642 if (!unconfined(label)) in apparmor_sb_umount() 656 if (!unconfined(labe in apparmor_sb_pivotroot() [all...]
H A D	net.c	`160 if (ctx->label != kernel_t && !unconfined(label)) { in aa_label_sk_perm() 209 label = aa_label_strn_parse(&root_ns->unconfined->label, in apparmor_secmark_init()`
H A D	task.c	`70 if (unconfined(label) \|\| (labels_ns(old) != labels_ns(label))) in aa_replace_current_label() 72 * if switching to unconfined or a different label namespace in aa_replace_current_label() 251 if (profile_unconfined(tracee) \|\| unconfined(tracer) \|\| in profile_tracee_perm()`
H A D	secid.c	`97 label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, in apparmor_secctx_to_secid()`
H A D	audit.c	`239 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, in aa_audit_rule_init()`
H A D	file.c	`602 /* revalidate access, if task is unconfined, or the cached cred in aa_file_perm() 606 * Note: the test for !unconfined(flabel) is to handle file in aa_file_perm() 607 * delegation from unconfined tasks in aa_file_perm() 610 if (unconfined(label) \|\| unconfined(flabel) \|\| in aa_file_perm()`
H A D	label.c	555 * This checks for subset but taking into account unconfined. IF 556 * @sub contains an unconfined profile that does not have a matching 557 * unconfined in @set then this will not cause the test to fail. 558 * Conversely we don't care about an unconfined in @set that is not in 1532 return snprintf(str, size, "%s", "unconfined"); in aa_profile_snxprint() 1537 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) { in aa_profile_snxprint() 1563 if (profile == profile->ns->unconfined) in label_modename() 1564 /* special case unconfined so stacks with in label_modename() 1565 * unconfined don't report as mixed. ie. in label_modename() 1566 * profile_foo//&:ns1:unconfined (mixe in label_modename() [all...]
H A D	policy.c	12 * to it determined either by matching "unconfined" tasks against the 16 * visible profiles. Each namespace contains a special "unconfined" profile, 27 * unconfined - special automatically generated unconfined profile 96 "unconfined", 133 * replacements to the unconfined profile. 538 /* the unconfined profile is not in the regular profile list / in aa_lookupn_profile() 539 if (!profile && strncmp(hname, "unconfined", n) == 0) in aa_lookupn_profile() 540 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile() 570 / default profile for ns, currently unconfined */ in aa_fqlookupn_profile() [all...]

Completed in 31 milliseconds