| /linux-6.14.4/security/selinux/include/ |
| D | avc.h | 54 u32 denied; member
67 u32 denied, audited; in avc_audit_required() local
68 denied = requested & ~avd->allowed; in avc_audit_required()
69 if (unlikely(denied)) { in avc_audit_required()
70 audited = denied & avd->auditdeny; in avc_audit_required()
76 * actual permissions that were denied. As an example lets in avc_audit_required()
79 * denied == READ in avc_audit_required()
83 * We will NOT audit the denial even though the denied in avc_audit_required()
90 audited = denied = requested; in avc_audit_required()
93 *deniedp = denied; in avc_audit_required()
[all …]
|
| /linux-6.14.4/include/trace/events/ |
| D | avc.h | 26 __field(u32, denied)
36 __entry->denied = sad->denied;
44 TP_printk("requested=0x%x denied=0x%x audited=0x%x result=%d scontext=%s tcontext=%s tclass=%s",
45 __entry->requested, __entry->denied, __entry->audited, __entry->result,
|
| /linux-6.14.4/security/apparmor/ |
| D | lib.c | 309 u32 denied = request & (~perms->allow | perms->deny); in aa_check_perms() local
311 if (likely(!denied)) { in aa_check_perms()
322 if (denied & perms->kill) in aa_check_perms()
324 else if (denied == (denied & perms->complain)) in aa_check_perms()
329 if (denied == (denied & perms->hide)) in aa_check_perms()
332 denied &= ~perms->quiet; in aa_check_perms()
333 if (!ad || !denied) in aa_check_perms()
340 ad->denied = denied; in aa_check_perms()
|
| D | file.c | 56 if (ad->denied & AA_AUDIT_FILE_MASK) { in file_audit_cb()
58 map_mask_to_chr_mask(ad->denied)); in file_audit_cb()
126 /* only report permissions that were denied */ in aa_audit_file()
143 ad.denied = ad.request & ~perms->allow; in aa_audit_file()
267 * Returns: %0 else error if access denied or other error
474 u32 request, u32 denied, bool in_atomic) in __file_path_perm() argument
488 if (!denied && aa_label_is_subset(flabel, label)) in __file_path_perm()
502 if (denied && !error) { in __file_path_perm()
535 u32 request, u32 denied) in __file_sock_perm() argument
543 if (!denied && aa_label_is_subset(flabel, label)) in __file_sock_perm()
[all …]
|
| D | task.c | 214 if (ad->denied & AA_PTRACE_PERM_MASK) { in audit_ptrace_cb()
216 audit_ptrace_mask(ad->denied)); in audit_ptrace_cb()
287 * Returns: %0 else error code if permission denied or error
312 if (ad->denied & AA_USERNS_CREATE) in audit_ns_cb()
313 audit_log_format(ab, " denied=\"userns_create\""); in audit_ns_cb()
|
| D | ipc.c | 60 if (ad->denied & AA_SIGNAL_PERM_MASK) { in audit_signal_cb()
62 audit_signal_mask(ad->denied)); in audit_signal_cb()
|
| D | net.c | 95 if (ad->denied & NET_PERMS_MASK) { in audit_net_cb()
97 aa_audit_perm_mask(ab, ad->denied, NULL, 0, in audit_net_cb()
|
| /linux-6.14.4/security/selinux/ |
| D | avc.c | 390 u32 denied, audited; in avc_xperms_audit_required() local
392 denied = requested & ~avd->allowed; in avc_xperms_audit_required()
393 if (unlikely(denied)) { in avc_xperms_audit_required()
394 audited = denied & avd->auditdeny; in avc_xperms_audit_required()
400 audited = denied = requested; in avc_xperms_audit_required()
409 *deniedp = denied; in avc_xperms_audit_required()
419 u32 audited, denied; in avc_xperms_audit() local
422 requested, avd, xpd, perm, result, &denied); in avc_xperms_audit()
426 audited, denied, result, ad); in avc_xperms_audit()
659 audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); in avc_audit_pre_callback()
[all …]
|
| /linux-6.14.4/security/apparmor/include/ |
| D | capability.h | 23 * @denied: caps that are explicitly denied
31 kernel_cap_t denied; member
|
| D | audit.h | 27 AUDIT_QUIET_DENIED, /* quiet all denied access messages */
121 u32 denied; member
|
| /linux-6.14.4/Documentation/ABI/stable/ |
| D | sysfs-hypervisor-xen | 7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
56 Might return "<denied>" in case of special security settings
105 Might return "<denied>" in case of special security settings
|
| /linux-6.14.4/Documentation/admin-guide/cgroup-v1/ |
| D | devices.rst | 19 never receive a device access which is denied by its parent.
77 If a device is denied in group A::
84 group whitelist entries denied devices
97 group whitelist entries denied devices
107 group whitelist entries denied devices
|
| /linux-6.14.4/security/landlock/ |
| D | access.h | 21 * All access rights that are denied by default whether they are handled or not
63 /* Upgrades with all initially denied by default access rights. */
68 * All access rights that are denied by default whether they are in landlock_upgrade_handled_access_masks()
|
| D | task.c | 87 * the same rules. Else denied.
90 * granted, -errno if denied.
105 * or more rules. Else denied.
108 * process, returning 0 if permission is granted, -errno if denied.
|
| /linux-6.14.4/tools/testing/selftests/exec/ |
| D | check-exec-tests.sh | 155 # Direct execution of non-executable script is alwayse denied by the kernel.
165 # With only denied interactive commands: check or monitor script content (e.g. with LSM).
175 # Direct execution of non-executable script is alwayse denied by the kernel.
185 # With both file restriction and denied interactive commands: only allow executable scripts.
195 # Direct execution of non-executable script is alwayse denied by the kernel.
|
| /linux-6.14.4/tools/testing/selftests/kvm/arm64/ |
| D | smccc_filter.c | 10 * - Test that the filter actions (DENIED, FWD_TO_USER) work as intended.
70 * Enable in-kernel emulation of PSCI to ensure that calls are denied in setup_vm()
187 /* Denied SMCCC calls have a return code of SMCCC_RET_NOT_SUPPORTED */
|
| /linux-6.14.4/include/uapi/linux/ |
| D | landlock.h | 20 * different object types, which should be denied by default when the ruleset is
22 * not going to be denied by this ruleset when it is enacted.
24 * For historical reasons, the %LANDLOCK_ACCESS_FS_REFER right is always denied
191 * This is the only access right which is denied by default by any ruleset,
|
| /linux-6.14.4/include/linux/bus/ |
| D | stm32_firewall_device.h | 64 * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
93 * Returns 0 if access is granted, -EACCES if access is denied, -ENODEV if firewall is null or
|
| /linux-6.14.4/arch/um/os-Linux/ |
| D | execvp.c | 92 /* Record the we got a `Permission denied' error. If we end in execvp_noalloc()
94 that we did find one but were denied access. */ in execvp_noalloc()
|
| /linux-6.14.4/security/ |
| D | commoncap.c | 139 * information, returning 0 if permission granted, -ve if denied.
158 * Else denied.
161 * granted, -ve if denied.
195 * Else denied.
198 * process, returning 0 if permission is granted, -ve if denied.
1013 * permission is granted, -ve if denied.
1048 * permission is granted, -ve if denied.
1222 * Return: 0 if permission is granted, -ve if denied.
1237 * Return: 0 if permission is granted, -ve if denied.
1252 * Return: 0 if permission is granted, -ve if denied.
|
| /linux-6.14.4/tools/testing/selftests/landlock/ |
| D | fs_test.c | 540 /* Tests with denied-by-default access right. */ in TEST_F_FORK()
1286 * denied. in TEST_F_FORK()
1325 /* Checks read access is now denied with layer 7. */ in TEST_F_FORK()
1427 * now denied because the new rule mask the rule previously inherited in TEST_F_FORK()
1463 /* Readdir access is denied for dir_s1d2. */ in TEST_F_FORK()
1478 /* Readdir access is still denied for dir_s1d2. */ in TEST_F_FORK()
1631 /* Checks denied access (on a directory). */ in TEST_F_FORK()
1651 /* Checks denied access (on a directory). */ in TEST_F_FORK()
2060 /* Checks before file1_s1d1 being denied. */ in TEST_F_FORK()
2450 * renames and links are denied, thus making the layer handling in refer_denied_by_default()
[all …]
|
| /linux-6.14.4/Documentation/userspace-api/ |
| D | landlock.rst | 54 actions and other TCP actions will be denied.
59 to be explicit about the denied-by-default access rights.
147 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
481 However, :manpage:`chroot(2)` calls are not denied.
559 File truncation could not be denied before the third Landlock ABI, so it is
576 IOCTL operations could not be denied before the fifth Landlock ABI, so
|
| /linux-6.14.4/samples/check-exec/ |
| D | inc.c | 161 * Other kind of interactive interpretations should be denied in main()
169 "ERROR: Interactive interpretation denied.\n"); in main()
|
| /linux-6.14.4/include/linux/ |
| D | memfd.h | 11 * Check for any existing seals on mmap, return an error if access is denied due
|
| /linux-6.14.4/tools/testing/selftests/damon/ |
| D | _chk_dependency.sh | 49 echo "Permission for reading $DBGFS/$f denied; maybe secureboot enabled?"
|