Home
last modified time | relevance | path

Searched refs:rules (Results 1 – 25 of 434) sorted by relevance

12345678910>>...18

/Linux-v6.6/security/apparmor/
Dresource.c87 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_setrlimit() local
88 typeof(*rules), list); in profile_setrlimit()
91 if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
92 rules->rlimits.limits[resource].rlim_max) in profile_setrlimit()
160 struct aa_ruleset *rules = list_first_entry(&old->rules, in __aa_transition_rlimits() local
161 typeof(*rules), in __aa_transition_rlimits()
163 if (rules->rlimits.mask) { in __aa_transition_rlimits()
168 if (rules->rlimits.mask & mask) { in __aa_transition_rlimits()
180 struct aa_ruleset *rules = list_first_entry(&new->rules, in __aa_transition_rlimits() local
181 typeof(*rules), in __aa_transition_rlimits()
[all …]
Dpolicy_unpack.c565 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules) in unpack_secmark() argument
575 rules->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
577 if (!rules->secmark) in unpack_secmark()
580 rules->secmark_count = size; in unpack_secmark()
583 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
585 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
587 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
599 if (rules->secmark) { in unpack_secmark()
601 kfree(rules->secmark[i].label); in unpack_secmark()
602 kfree(rules->secmark); in unpack_secmark()
[all …]
Dnet.c111 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_af_perm() local
112 typeof(*rules), list); in aa_profile_af_perm()
122 state = RULE_MEDIATES(rules, AA_CLASS_NET); in aa_profile_af_perm()
128 state = aa_dfa_match_len(rules->policy.dfa, state, (char *) &buffer, in aa_profile_af_perm()
130 perms = *aa_lookup_perms(&rules->policy, state); in aa_profile_af_perm()
221 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_secmark_perm() local
222 typeof(*rules), list); in aa_secmark_perm()
224 if (rules->secmark_count == 0) in aa_secmark_perm()
227 for (i = 0; i < rules->secmark_count; i++) { in aa_secmark_perm()
228 if (!rules->secmark[i].secid) { in aa_secmark_perm()
[all …]
Dcapability.c67 struct aa_ruleset *rules = list_first_entry(&profile->rules, in audit_caps() local
68 typeof(*rules), list); in audit_caps()
77 !cap_raised(rules->caps.audit, cap))) in audit_caps()
81 cap_raised(rules->caps.kill, cap)) { in audit_caps()
83 } else if (cap_raised(rules->caps.quiet, cap) && in audit_caps()
119 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_capable() local
120 typeof(*rules), list); in profile_capable()
123 if (cap_raised(rules->caps.allow, cap) && in profile_capable()
124 !cap_raised(rules->caps.denied, cap)) in profile_capable()
Ddomain.c84 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_component() local
85 typeof(*rules), list); in match_component()
89 state = aa_dfa_match(rules->file.dfa, state, "&"); in match_component()
91 return aa_dfa_match(rules->file.dfa, state, tp->base.hname); in match_component()
95 state = aa_dfa_match_len(rules->file.dfa, state, ":", 1); in match_component()
96 state = aa_dfa_match(rules->file.dfa, state, ns_name); in match_component()
97 state = aa_dfa_match_len(rules->file.dfa, state, ":", 1); in match_component()
98 return aa_dfa_match(rules->file.dfa, state, tp->base.hname); in match_component()
122 struct aa_ruleset *rules = list_first_entry(&profile->rules, in label_compound_match() local
123 typeof(*rules), list); in label_compound_match()
[all …]
Dmount.c306 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt_path_str() local
307 typeof(*rules), list); in match_mnt_path_str()
314 if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT)) in match_mnt_path_str()
329 pos = do_match_mnt(&rules->policy, in match_mnt_path_str()
330 rules->policy.start[AA_CLASS_MOUNT], in match_mnt_path_str()
363 struct aa_ruleset *rules = list_first_entry(&profile->rules, in match_mnt() local
364 typeof(*rules), list); in match_mnt()
370 if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT)) in match_mnt()
572 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_umount() local
573 typeof(*rules), list); in profile_umount()
[all …]
Dipc.c81 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_signal_perm() local
82 typeof(*rules), list); in profile_signal_perm()
87 !ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL)) in profile_signal_perm()
92 state = aa_dfa_next(rules->policy.dfa, in profile_signal_perm()
93 rules->policy.start[AA_CLASS_SIGNAL], in profile_signal_perm()
95 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
Dpolicy.c206 static void free_ruleset(struct aa_ruleset *rules) in free_ruleset() argument
210 aa_destroy_policydb(&rules->file); in free_ruleset()
211 aa_destroy_policydb(&rules->policy); in free_ruleset()
212 aa_free_cap_rules(&rules->caps); in free_ruleset()
213 aa_free_rlimit_rules(&rules->rlimits); in free_ruleset()
215 for (i = 0; i < rules->secmark_count; i++) in free_ruleset()
216 kfree_sensitive(rules->secmark[i].label); in free_ruleset()
217 kfree_sensitive(rules->secmark); in free_ruleset()
218 kfree_sensitive(rules); in free_ruleset()
223 struct aa_ruleset *rules; in aa_alloc_ruleset() local
[all …]
Dfile.c215 struct aa_ruleset *rules = list_first_entry(&profile->rules, in __aa_path_perm() local
216 typeof(*rules), list); in __aa_path_perm()
221 aa_str_perms(&(rules->file), rules->file.start[AA_CLASS_FILE], in __aa_path_perm()
309 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_path_link() local
310 typeof(*rules), list); in profile_path_link()
331 state = aa_str_perms(&(rules->file), in profile_path_link()
332 rules->file.start[AA_CLASS_FILE], lname, in profile_path_link()
339 state = aa_dfa_null_transition(rules->file.dfa, state); in profile_path_link()
340 aa_str_perms(&(rules->file), state, tname, cond, &perms); in profile_path_link()
362 aa_str_perms(&(rules->file), rules->file.start[AA_CLASS_FILE], in profile_path_link()
Dtask.c232 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_ptrace_perm() local
233 typeof(*rules), list); in profile_ptrace_perm()
237 aa_profile_match_label(profile, rules, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
248 !ANY_RULE_MEDIATES(&tracee->rules, AA_CLASS_PTRACE)) in profile_tracee_perm()
261 if (ANY_RULE_MEDIATES(&tracer->rules, AA_CLASS_PTRACE)) in profile_tracer_perm()
Dlib.c335 struct aa_ruleset *rules, in aa_profile_match_label() argument
342 state = aa_dfa_next(rules->policy.dfa, in aa_profile_match_label()
343 rules->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
345 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
354 struct aa_ruleset *rules = list_first_entry(&profile->rules, in aa_profile_label_perm() local
355 typeof(*rules), list); in aa_profile_label_perm()
362 aa_profile_match_label(profile, rules, &target->label, type, request, in aa_profile_label_perm()
/Linux-v6.6/drivers/net/dsa/qca/
Dqca8k-leds.c65 qca8k_parse_netdev(unsigned long rules, u32 *offload_trigger) in qca8k_parse_netdev() argument
68 if (test_bit(TRIGGER_NETDEV_TX, &rules)) in qca8k_parse_netdev()
70 if (test_bit(TRIGGER_NETDEV_RX, &rules)) in qca8k_parse_netdev()
72 if (test_bit(TRIGGER_NETDEV_LINK_10, &rules)) in qca8k_parse_netdev()
74 if (test_bit(TRIGGER_NETDEV_LINK_100, &rules)) in qca8k_parse_netdev()
76 if (test_bit(TRIGGER_NETDEV_LINK_1000, &rules)) in qca8k_parse_netdev()
78 if (test_bit(TRIGGER_NETDEV_HALF_DUPLEX, &rules)) in qca8k_parse_netdev()
80 if (test_bit(TRIGGER_NETDEV_FULL_DUPLEX, &rules)) in qca8k_parse_netdev()
83 if (rules && !*offload_trigger) in qca8k_parse_netdev()
278 qca8k_cled_hw_control_is_supported(struct led_classdev *ldev, unsigned long rules) in qca8k_cled_hw_control_is_supported() argument
[all …]
/Linux-v6.6/Documentation/admin-guide/aoe/
Dudev.txt1 # These rules tell udev what device nodes to create for aoe support.
11 # udev_rules="/etc/udev/rules.d/"
12 # bash# ls /etc/udev/rules.d/
13 # 10-wacom.rules 50-udev.rules
15 # /etc/udev/rules.d/60-aoe.rules
/Linux-v6.6/tools/perf/util/
Dstrfilter.c160 struct strfilter *strfilter__new(const char *rules, const char **err) in strfilter__new() argument
166 filter->root = strfilter_node__new(rules, &ep); in strfilter__new()
179 const char *rules, const char **err) in strfilter__append() argument
184 if (!filter || !rules) in strfilter__append()
187 right = strfilter_node__new(rules, &ep); in strfilter__append()
207 int strfilter__or(struct strfilter *filter, const char *rules, const char **err) in strfilter__or() argument
209 return strfilter__append(filter, true, rules, err); in strfilter__or()
212 int strfilter__and(struct strfilter *filter, const char *rules, in strfilter__and() argument
215 return strfilter__append(filter, false, rules, err); in strfilter__and()
Dstrfilter.h30 struct strfilter *strfilter__new(const char *rules, const char **err);
43 const char *rules, const char **err);
56 const char *rules, const char **err);
/Linux-v6.6/security/apparmor/include/
Dpolicy.h211 struct list_head rules; member
275 static inline aa_state_t RULE_MEDIATES(struct aa_ruleset *rules, in RULE_MEDIATES() argument
279 return rules->policy.start[class]; in RULE_MEDIATES()
281 return aa_dfa_match_len(rules->policy.dfa, in RULE_MEDIATES()
282 rules->policy.start[0], &class, 1); in RULE_MEDIATES()
285 static inline aa_state_t RULE_MEDIATES_AF(struct aa_ruleset *rules, u16 AF) in RULE_MEDIATES_AF() argument
287 aa_state_t state = RULE_MEDIATES(rules, AA_CLASS_NET); in RULE_MEDIATES_AF()
292 return aa_dfa_match_len(rules->policy.dfa, state, (char *) &be_af, 2); in RULE_MEDIATES_AF()
/Linux-v6.6/net/netfilter/
Dnft_set_pipapo.h123 unsigned long rules; member
179 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst,
252 unsigned long rules; in pipapo_estimate_size() local
261 rules = ilog2(desc->field_len[i] * BITS_PER_BYTE) * 2; in pipapo_estimate_size()
262 entry_size += rules * in pipapo_estimate_size()
265 entry_size += rules * sizeof(union nft_pipapo_map_bucket); in pipapo_estimate_size()
Dnft_set_pipapo.c365 int pipapo_refill(unsigned long *map, int len, int rules, unsigned long *dst, in pipapo_refill() argument
378 if (unlikely(i >= rules)) { in pipapo_refill()
460 b = pipapo_refill(res_map, f->bsize, f->rules, fill_map, f->mt, in nft_pipapo_lookup()
563 b = pipapo_refill(res_map, f->bsize, f->rules, fill_map, f->mt, in pipapo_get()
621 static int pipapo_resize(struct nft_pipapo_field *f, int old_rules, int rules) in pipapo_resize() argument
628 new_bucket_size = DIV_ROUND_UP(rules, BITS_PER_LONG); in pipapo_resize()
666 new_mt = kvmalloc(rules * sizeof(*new_mt), GFP_KERNEL); in pipapo_resize()
672 memcpy(new_mt, f->mt, min(old_rules, rules) * sizeof(*new_mt)); in pipapo_resize()
673 if (rules > old_rules) { in pipapo_resize()
675 (rules - old_rules) * sizeof(*new_mt)); in pipapo_resize()
[all …]
/Linux-v6.6/drivers/media/i2c/ccs/
Dccs-data.c435 struct ccs_rule *rules_base = NULL, *rules = NULL, *next_rule = NULL; in ccs_data_parse_rules() local
442 bin_alloc(bin, sizeof(*rules) * *__num_rules); in ccs_data_parse_rules()
495 rules = next_rule; in ccs_data_parse_rules()
513 rules->if_rules = if_rule; in ccs_data_parse_rules()
514 rules->num_if_rules = __num_if_rules; in ccs_data_parse_rules()
518 if (bin->base && !rules) in ccs_data_parse_rules()
524 rules ? in ccs_data_parse_rules()
525 &rules->read_only_regs : NULL, in ccs_data_parse_rules()
526 rules ? in ccs_data_parse_rules()
527 &rules->num_read_only_regs : NULL, in ccs_data_parse_rules()
[all …]
/Linux-v6.6/drivers/net/ethernet/microchip/vcap/
DKconfig13 A VCAP is essentially a TCAM with rules consisting of
24 The VCAP implementation provides switchcore independent handling of rules
27 - Creating and deleting rules
28 - Updating and getting rules
32 access rules via the API in a platform independent way, with the
/Linux-v6.6/drivers/net/ethernet/mellanox/mlx5/core/lib/
Dfs_ttc.c33 struct mlx5_ttc_rule rules[MLX5_NUM_TT]; member
47 if (!IS_ERR_OR_NULL(ttc->rules[i].rule)) { in mlx5_cleanup_ttc_rules()
48 mlx5_del_flow_rules(ttc->rules[i].rule); in mlx5_cleanup_ttc_rules()
49 ttc->rules[i].rule = NULL; in mlx5_cleanup_ttc_rules()
240 struct mlx5_ttc_rule *rules; in mlx5_generate_ttc_table_rules() local
246 rules = ttc->rules; in mlx5_generate_ttc_table_rules()
248 struct mlx5_ttc_rule *rule = &rules[tt]; in mlx5_generate_ttc_table_rules()
400 struct mlx5_ttc_rule *rules; in mlx5_generate_inner_ttc_table_rules() local
406 rules = ttc->rules; in mlx5_generate_inner_ttc_table_rules()
409 struct mlx5_ttc_rule *rule = &rules[tt]; in mlx5_generate_inner_ttc_table_rules()
[all …]
/Linux-v6.6/tools/testing/selftests/landlock/
Dfs_test.c650 const struct rule rules[]) in create_ruleset() argument
657 ASSERT_NE(NULL, rules) in create_ruleset()
661 ASSERT_NE(NULL, rules[0].path) in create_ruleset()
673 for (i = 0; rules[i].path; i++) { in create_ruleset()
674 add_path_beneath(_metadata, ruleset_fd, rules[i].access, in create_ruleset()
675 rules[i].path); in create_ruleset()
692 const struct rule rules[] = { in TEST_F_FORK() local
702 _metadata, rules[0].access | LANDLOCK_ACCESS_FS_READ_DIR, in TEST_F_FORK()
703 rules); in TEST_F_FORK()
741 const struct rule rules[] = { in TEST_F_FORK() local
[all …]
/Linux-v6.6/security/smack/
DKconfig17 bool "Reporting on access granted by Smack rules"
21 Enable the bring-up ("b") access mode in Smack rules.
26 rules. The developer can use the information to
27 identify which rules are necessary and what accesses
54 delivering a signal in the Smack rules.
/Linux-v6.6/drivers/net/phy/
Dmarvell.c2898 unsigned long rules; member
2904 .rules = BIT(TRIGGER_NETDEV_LINK),
2908 .rules = (BIT(TRIGGER_NETDEV_LINK) |
2914 .rules = (BIT(TRIGGER_NETDEV_RX) |
2919 .rules = (BIT(TRIGGER_NETDEV_RX) |
2924 .rules = BIT(TRIGGER_NETDEV_TX),
2928 .rules = BIT(TRIGGER_NETDEV_LINK),
2932 .rules = BIT(TRIGGER_NETDEV_LINK_1000),
2936 .rules = 0,
2943 .rules = (BIT(TRIGGER_NETDEV_LINK) |
[all …]
Dmediatek-ge-soc.c1206 unsigned long rules) in mt798x_phy_led_hw_is_supported() argument
1212 if (rules & ~supported_triggers) in mt798x_phy_led_hw_is_supported()
1219 unsigned long *rules) in mt798x_phy_led_hw_control_get() argument
1261 if (!rules) in mt798x_phy_led_hw_control_get()
1265 *rules |= BIT(TRIGGER_NETDEV_LINK); in mt798x_phy_led_hw_control_get()
1268 *rules |= BIT(TRIGGER_NETDEV_LINK_10); in mt798x_phy_led_hw_control_get()
1271 *rules |= BIT(TRIGGER_NETDEV_LINK_100); in mt798x_phy_led_hw_control_get()
1274 *rules |= BIT(TRIGGER_NETDEV_LINK_1000); in mt798x_phy_led_hw_control_get()
1277 *rules |= BIT(TRIGGER_NETDEV_FULL_DUPLEX); in mt798x_phy_led_hw_control_get()
1280 *rules |= BIT(TRIGGER_NETDEV_HALF_DUPLEX); in mt798x_phy_led_hw_control_get()
[all …]

12345678910>>...18