Home
last modified time | relevance | path

Searched refs:profile (Results 1 – 25 of 25) sorted by relevance

/security/apparmor/
Dcontext.c50 aa_put_profile(cxt->profile); in aa_free_task_context()
66 aa_get_profile(new->profile); in aa_dup_task_context()
77 int aa_replace_current_profile(struct aa_profile *profile) in aa_replace_current_profile() argument
81 BUG_ON(!profile); in aa_replace_current_profile()
83 if (cxt->profile == profile) in aa_replace_current_profile()
91 if (unconfined(profile) || (cxt->profile->ns != profile->ns)) { in aa_replace_current_profile()
105 aa_get_profile(profile); in aa_replace_current_profile()
106 aa_put_profile(cxt->profile); in aa_replace_current_profile()
107 cxt->profile = profile; in aa_replace_current_profile()
119 int aa_set_current_onexec(struct aa_profile *profile) in aa_set_current_onexec() argument
[all …]
Dcapability.c31 struct aa_profile *profile; member
61 static int audit_caps(struct aa_profile *profile, struct task_struct *task, in audit_caps() argument
77 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && in audit_caps()
78 !cap_raised(profile->caps.audit, cap))) in audit_caps()
81 } else if (KILL_MODE(profile) || in audit_caps()
82 cap_raised(profile->caps.kill, cap)) { in audit_caps()
84 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
85 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_caps()
86 AUDIT_MODE(profile) != AUDIT_ALL) { in audit_caps()
93 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
[all …]
Ddomain.c101 static struct file_perms change_profile_perms(struct aa_profile *profile, in change_profile_perms() argument
110 if (unconfined(profile)) { in change_profile_perms()
114 } else if (!profile->file.dfa) { in change_profile_perms()
116 } else if ((ns == profile->ns)) { in change_profile_perms()
118 aa_str_perms(profile->file.dfa, start, name, &cond, &perms); in change_profile_perms()
124 state = aa_dfa_match(profile->file.dfa, start, ns->base.name); in change_profile_perms()
125 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in change_profile_perms()
126 aa_str_perms(profile->file.dfa, state, name, &cond, &perms); in change_profile_perms()
149 struct aa_profile *profile, *candidate = NULL; in __attach_match() local
151 list_for_each_entry(profile, head, base.list) { in __attach_match()
[all …]
Dpolicy.c448 struct aa_profile *profile) in __list_add_profile() argument
450 list_add(&profile->base.list, list); in __list_add_profile()
452 aa_get_profile(profile); in __list_add_profile()
467 static void __list_remove_profile(struct aa_profile *profile) in __list_remove_profile() argument
469 list_del_init(&profile->base.list); in __list_remove_profile()
470 if (!(profile->flags & PFLAG_NO_LIST_REF)) in __list_remove_profile()
472 aa_put_profile(profile); in __list_remove_profile()
523 static void __remove_profile(struct aa_profile *profile) in __remove_profile() argument
526 __profile_list_release(&profile->base.profiles); in __remove_profile()
528 profile->replacedby = aa_get_profile(profile->ns->unconfined); in __remove_profile()
[all …]
Dpolicy_unpack.c95 struct aa_profile *profile = __aa_current_profile(); in audit_iface() local
107 return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa, in audit_iface()
367 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) in unpack_trans_table() argument
379 profile->file.trans.table = kzalloc(sizeof(char *) * size, in unpack_trans_table()
381 if (!profile->file.trans.table) in unpack_trans_table()
384 profile->file.trans.size = size; in unpack_trans_table()
393 profile->file.trans.table[i] = str; in unpack_trans_table()
425 aa_free_domain_entries(&profile->file.trans); in unpack_trans_table()
430 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) in unpack_rlimits() argument
440 profile->rlimits.mask = tmp; in unpack_rlimits()
[all …]
Daudit.c133 if (sa->aad->profile) { in audit_pre()
134 struct aa_profile *profile = sa->aad->profile; in audit_pre() local
140 if (profile->ns != root_ns) { in audit_pre()
142 audit_log_untrustedstring(ab, profile->ns->base.hname); in audit_pre()
145 audit_log_untrustedstring(ab, profile->base.hname); in audit_pre()
178 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, in aa_audit() argument
182 BUG_ON(!profile); in aa_audit()
186 if (AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit()
189 } else if (COMPLAIN_MODE(profile)) in aa_audit()
194 if (AUDIT_MODE(profile) == AUDIT_QUIET || in aa_audit()
[all …]
Dfile.c104 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, in aa_audit_file() argument
124 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in aa_audit_file()
142 AUDIT_MODE(profile) != AUDIT_NOQUIET && in aa_audit_file()
143 AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit_file()
147 return COMPLAIN_MODE(profile) ? 0 : sa.aad->error; in aa_audit_file()
151 return aa_audit(type, profile, gfp, &sa, file_audit_cb); in aa_audit_file()
276 int aa_path_perm(int op, struct aa_profile *profile, struct path *path, in aa_path_perm() argument
284 flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); in aa_path_perm()
296 aa_str_perms(profile->file.dfa, profile->file.start, name, cond, in aa_path_perm()
301 error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request, name, in aa_path_perm()
[all …]
Dlsm.c119 struct aa_profile *profile; in apparmor_capget() local
124 profile = aa_cred_profile(cred); in apparmor_capget()
130 if (!unconfined(profile) && !COMPLAIN_MODE(profile)) { in apparmor_capget()
131 *effective = cap_intersect(*effective, profile->caps.allow); in apparmor_capget()
132 *permitted = cap_intersect(*permitted, profile->caps.allow); in apparmor_capget()
142 struct aa_profile *profile; in apparmor_capable() local
146 profile = aa_cred_profile(cred); in apparmor_capable()
147 if (!unconfined(profile)) in apparmor_capable()
148 error = aa_capable(current, profile, cap, audit); in apparmor_capable()
165 struct aa_profile *profile; in common_perm() local
[all …]
Dprocattr.c36 int aa_getprocattr(struct aa_profile *profile, char **string) in aa_getprocattr() argument
40 const char *mode_str = profile_mode_names[profile->mode]; in aa_getprocattr()
42 struct aa_namespace *ns = profile->ns; in aa_getprocattr()
57 if (!unconfined(profile)) in aa_getprocattr()
60 name_len = strlen(profile->base.hname); in aa_getprocattr()
71 if (unconfined(profile)) in aa_getprocattr()
73 sprintf(s, "%s\n", profile->base.hname); in aa_getprocattr()
75 sprintf(s, "%s (%s)\n", profile->base.hname, mode_str); in aa_getprocattr()
Dresource.c49 static int audit_resource(struct aa_profile *profile, unsigned int resource, in audit_resource() argument
61 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_KERNEL, &sa, in audit_resource()
90 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, in aa_task_setrlimit() argument
100 (profile->rlimits.mask & (1 << resource) && in aa_task_setrlimit()
101 new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) in aa_task_setrlimit()
104 return audit_resource(profile, resource, new_rlim->rlim_max, error); in aa_task_setrlimit()
Dipc.c40 static int aa_audit_ptrace(struct aa_profile *profile, in aa_audit_ptrace() argument
51 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa, in aa_audit_ptrace()
/security/apparmor/include/
Dcontext.h69 struct aa_profile *profile; member
79 int aa_replace_current_profile(struct aa_profile *profile);
80 int aa_set_current_onexec(struct aa_profile *profile);
81 int aa_set_current_hat(struct aa_profile *profile, u64 token);
94 BUG_ON(!cxt || !cxt->profile); in __aa_task_is_confined()
95 if (unconfined(aa_newest_version(cxt->profile))) in __aa_task_is_confined()
112 BUG_ON(!cxt || !cxt->profile); in aa_cred_profile()
113 return aa_newest_version(cxt->profile); in aa_cred_profile()
140 struct aa_profile *profile; in aa_current_profile() local
141 BUG_ON(!cxt || !cxt->profile); in aa_current_profile()
[all …]
Dpolicy.h203 void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
275 static inline struct aa_profile *aa_newest_version(struct aa_profile *profile) in aa_newest_version() argument
277 while (profile->replacedby) in aa_newest_version()
278 profile = profile->replacedby; in aa_newest_version()
280 return profile; in aa_newest_version()
308 static inline int AUDIT_MODE(struct aa_profile *profile) in AUDIT_MODE() argument
313 return profile->audit; in AUDIT_MODE()
Dfile.h147 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
174 int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
177 int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
180 int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
Daudit.h110 void *profile; member
137 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
Dprocattr.h21 int aa_getprocattr(struct aa_profile *profile, char **string);
Dcapability.h37 int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
Dresource.h40 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
/security/tomoyo/
Dcommon.c485 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
489 if (profile >= TOMOYO_MAX_PROFILES) in tomoyo_assign_profile()
491 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
497 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
510 ns->profile_ptr[profile] = ptr; in tomoyo_assign_profile()
528 const u8 profile) in tomoyo_profile() argument
531 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; in tomoyo_profile()
585 struct tomoyo_profile *profile) in tomoyo_set_mode() argument
591 config = profile->default_config; in tomoyo_set_mode()
608 config = profile->config[i]; in tomoyo_set_mode()
[all …]
DMakefile3 $(obj)/policy/profile.conf:
5 @echo Creating an empty policy/profile.conf
29 $(obj)/builtin-policy.h: $(obj)/policy/profile.conf $(obj)/policy/exception_policy.conf $(obj)/poli…
32 @sed -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/profile.conf >> $@.tmp
Dutil.c977 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument
985 p = tomoyo_profile(ns, profile); in tomoyo_get_mode()
1007 u8 profile; in tomoyo_init_request_info() local
1012 profile = domain->profile; in tomoyo_init_request_info()
1013 r->profile = profile; in tomoyo_init_request_info()
1015 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1078 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
Ddomain.c519 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
546 e.profile = domain->profile; in tomoyo_assign_domain()
573 entry->profile); in tomoyo_assign_domain()
603 ee->r.profile = r->domain->profile; in tomoyo_environ()
604 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
Daudit.c168 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, in tomoyo_print_header()
315 const u8 profile, const u8 index, in tomoyo_get_audit() argument
325 p = tomoyo_profile(ns, profile); in tomoyo_get_audit()
357 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()
Dcommon.h494 u8 profile; member
683 u8 profile; /* Profile number to use. */ member
967 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
1029 const u8 profile);
Dfile.c564 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_path_permission()
596 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); in tomoyo_execute_permission()