policy.h - OpenGrok cross reference for /kernel/linux/linux-6.6/security/apparmor/include/policy.h

Lines Matching +full:resource +full:- +full:attachments
1 /* SPDX-License-Identifier: GPL-2.0-only */
7  * Copyright (C) 1998-2008 Novell/SUSE
8  * Copyright 2009-2010 Canonical Ltd.
31 #include "resource.h"
43 	 ((_profile)->mode == (_mode)))
51 #define PROFILE_IS_HAT(_profile) ((_profile)->label.flags & FLAG_HAT)
53 #define CHECK_DEBUG1(_profile) ((_profile)->label.flags & FLAG_DEBUG1)
55 #define CHECK_DEBUG2(_profile) ((_profile)->label.flags & FLAG_DEBUG2)
57 #define profile_is_stale(_profile) (label_is_stale(&(_profile)->label))
59 #define on_list_rcu(X) (!list_empty(X) && (X)->prev != LIST_POISON2)
76 /* struct aa_policydb - match engine for a policy
94 	aa_put_dfa(policy->dfa);  in aa_destroy_policydb()
95 	if (policy->perms)  in aa_destroy_policydb()
96 		kvfree(policy->perms);  in aa_destroy_policydb()
97 	aa_free_str_table(&policy->trans);  in aa_destroy_policydb()
104 	unsigned int index = ACCEPT_TABLE(policy->dfa)[state];  in aa_lookup_perms()
106 	if (!(policy->perms))  in aa_lookup_perms()
109 	return &(policy->perms[index]);  in aa_lookup_perms()
113 /* struct aa_data - generic data structure
126 /* struct aa_ruleset - data covering mediation rules
152 /* struct aa_attachment - data and rules for a profiles attachment
168 /* struct aa_profile - basic confinement data
169  * @base - base components of the profile (name, refcount, lists, lock ...)
170  * @label - label this profile is an extension of
184  * @data: hashtable for free-form policy aa_data
189  * attachments are determined by profile X transition rules.
227 #define profiles_ns(P) ((P)->ns)
228 #define name_is_shared(A, B) ((A)->hname && (A)->hname == (B)->hname)
260 #define profile_unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
263  * aa_get_newest_profile - simple wrapper fn to wrap the label version
272 	return labels_profile(aa_get_newest_label(&p->label));  in aa_get_newest_profile()
279 		return rules->policy.start[class];  in RULE_MEDIATES()
281 		return aa_dfa_match_len(rules->policy.dfa,  in RULE_MEDIATES()
282 					rules->policy.start[0], &class, 1);  in RULE_MEDIATES()
292 	return aa_dfa_match_len(rules->policy.dfa, state, (char *) &be_af, 2);  in RULE_MEDIATES_AF()
306  * aa_get_profile - increment refcount on profile @p
315 		kref_get(&(p->label.count));  in aa_get_profile()
321  * aa_get_profile_not0 - increment refcount on profile @p found via lookup
329 	if (p && kref_get_unless_zero(&p->label.count))  in aa_get_profile_not0()
336  * aa_get_profile_rcu - increment a refcount profile that can be replaced
349 	} while (c && !kref_get_unless_zero(&c->label.count));  in aa_get_profile_rcu()
356  * aa_put_profile - decrement refcount on profile @p
362 		kref_put(&p->label.count, aa_label_kref);  in aa_put_profile()
370 	return profile->audit;  in AUDIT_MODE()