Home
last modified time | relevance | path

Searched refs:dfa (Results 1 – 16 of 16) sorted by relevance

/security/apparmor/
Dmatch.c131 static int verify_dfa(struct aa_dfa *dfa, int flags) in verify_dfa() argument
137 if (!(dfa->tables[YYTD_ID_DEF] && in verify_dfa()
138 dfa->tables[YYTD_ID_BASE] && in verify_dfa()
139 dfa->tables[YYTD_ID_NXT] && dfa->tables[YYTD_ID_CHK])) in verify_dfa()
143 state_count = dfa->tables[YYTD_ID_BASE]->td_lolen; in verify_dfa()
145 if (!dfa->tables[YYTD_ID_ACCEPT]) in verify_dfa()
147 if (state_count != dfa->tables[YYTD_ID_ACCEPT]->td_lolen) in verify_dfa()
151 if (!dfa->tables[YYTD_ID_ACCEPT2]) in verify_dfa()
153 if (state_count != dfa->tables[YYTD_ID_ACCEPT2]->td_lolen) in verify_dfa()
156 if (state_count != dfa->tables[YYTD_ID_DEF]->td_lolen) in verify_dfa()
[all …]
Dmount.c196 static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state, in match_mnt_flags() argument
203 state = aa_dfa_next(dfa, state, i + 1); in match_mnt_flags()
216 static struct aa_perms compute_mnt_perms(struct aa_dfa *dfa, in compute_mnt_perms() argument
222 perms.allow = dfa_user_allow(dfa, state); in compute_mnt_perms()
223 perms.audit = dfa_user_audit(dfa, state); in compute_mnt_perms()
224 perms.quiet = dfa_user_quiet(dfa, state); in compute_mnt_perms()
225 perms.xindex = dfa_user_xindex(dfa, state); in compute_mnt_perms()
243 static int do_match_mnt(struct aa_dfa *dfa, unsigned int start, in do_match_mnt() argument
250 AA_BUG(!dfa); in do_match_mnt()
253 state = aa_dfa_match(dfa, start, mntpnt); in do_match_mnt()
[all …]
Dpolicy_unpack.c385 static bool verify_accept(struct aa_dfa *dfa, int flags) in verify_accept() argument
390 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { in verify_accept()
391 int mode = ACCEPT_TABLE(dfa)[i]; in verify_accept()
396 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) in verify_accept()
412 struct aa_dfa *dfa = NULL; in unpack_dfa() local
426 dfa = aa_dfa_unpack(blob + pad, size - pad, flags); in unpack_dfa()
428 if (IS_ERR(dfa)) in unpack_dfa()
429 return dfa; in unpack_dfa()
431 if (!verify_accept(dfa, flags)) in unpack_dfa()
435 return dfa; in unpack_dfa()
[all …]
Dfile.c226 struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, in aa_compute_fperms() argument
243 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms()
244 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in aa_compute_fperms()
245 perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); in aa_compute_fperms()
246 perms.xindex = dfa_user_xindex(dfa, state); in aa_compute_fperms()
248 perms.allow = map_old_perms(dfa_other_allow(dfa, state)); in aa_compute_fperms()
249 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in aa_compute_fperms()
250 perms.quiet = map_old_perms(dfa_other_quiet(dfa, state)); in aa_compute_fperms()
251 perms.xindex = dfa_other_xindex(dfa, state); in aa_compute_fperms()
256 if (ACCEPT_TABLE(dfa)[state] & 0x80000000) in aa_compute_fperms()
[all …]
Dlib.c319 void aa_compute_perms(struct aa_dfa *dfa, unsigned int state, in aa_compute_perms() argument
327 perms->allow = dfa_user_allow(dfa, state); in aa_compute_perms()
328 perms->audit = dfa_user_audit(dfa, state); in aa_compute_perms()
329 perms->quiet = dfa_user_quiet(dfa, state); in aa_compute_perms()
334 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms()
335 perms->audit |= map_other(dfa_other_audit(dfa, state)); in aa_compute_perms()
336 perms->quiet |= map_other(dfa_other_quiet(dfa, state)); in aa_compute_perms()
384 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label()
Ddomain.c107 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component()
109 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
113 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
114 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component()
115 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
116 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
162 state = aa_dfa_match(profile->file.dfa, state, "//&"); in label_compound_match()
167 *perms = aa_compute_fperms(profile->file.dfa, state, &cond); in label_compound_match()
220 tmp = aa_compute_fperms(profile->file.dfa, state, &cond); in label_components_match()
229 tmp = aa_compute_fperms(profile->file.dfa, state, &cond); in label_components_match()
[all …]
Dipc.c194 state = aa_dfa_next(profile->policy.dfa, in profile_match_signal()
197 state = aa_dfa_match(profile->policy.dfa, state, label); in profile_match_signal()
198 aa_compute_perms(profile->policy.dfa, state, perms); in profile_match_signal()
Dpolicy_ns.c115 ns->unconfined->file.dfa = aa_get_dfa(nulldfa); in alloc_ns()
116 ns->unconfined->policy.dfa = aa_get_dfa(nulldfa); in alloc_ns()
Dlabel.c1253 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1257 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
1258 state = aa_dfa_match(profile->policy.dfa, state, ns_name); in match_component()
1259 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
1260 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1304 state = aa_dfa_match(profile->policy.dfa, state, "//&"); in label_compound_match()
1309 aa_compute_perms(profile->policy.dfa, state, perms); in label_compound_match()
1360 aa_compute_perms(profile->policy.dfa, state, &tmp); in label_components_match()
1369 aa_compute_perms(profile->policy.dfa, state, &tmp); in label_components_match()
Dapparmorfs.c615 struct aa_dfa *dfa; in profile_query_cb() local
620 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { in profile_query_cb()
621 dfa = profile->file.dfa; in profile_query_cb()
622 state = aa_dfa_match_len(dfa, profile->file.start, in profile_query_cb()
628 tmp = aa_compute_fperms(dfa, state, &cond); in profile_query_cb()
630 } else if (profile->policy.dfa) { in profile_query_cb()
633 dfa = profile->policy.dfa; in profile_query_cb()
634 state = aa_dfa_match_len(dfa, profile->policy.start[0], in profile_query_cb()
637 aa_compute_perms(dfa, state, &tmp); in profile_query_cb()
Dpolicy.c232 aa_put_dfa(profile->policy.dfa); in aa_free_profile()
545 profile->file.dfa = aa_get_dfa(nulldfa); in aa_new_null_profile()
546 profile->policy.dfa = aa_get_dfa(nulldfa); in aa_new_null_profile()
/security/apparmor/include/
Dfile.h144 #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ argument
145 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
146 #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) argument
147 #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) argument
148 #define dfa_user_xindex(dfa, state) \ argument
149 (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))
151 #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ argument
153 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
154 #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) argument
155 #define dfa_other_quiet(dfa, state) \ argument
[all …]
Dmatch.h126 unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
128 unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
130 unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
142 static inline struct aa_dfa *aa_get_dfa(struct aa_dfa *dfa) in aa_get_dfa() argument
144 if (dfa) in aa_get_dfa()
145 kref_get(&(dfa->count)); in aa_get_dfa()
147 return dfa; in aa_get_dfa()
156 static inline void aa_put_dfa(struct aa_dfa *dfa) in aa_put_dfa() argument
158 if (dfa) in aa_put_dfa()
159 kref_put(&dfa->count, aa_dfa_free_kref); in aa_put_dfa()
Dpolicy.h78 struct aa_dfa *dfa; member
217 if (profile->policy.dfa) in PROFILE_MEDIATES_SAFE()
218 return aa_dfa_match_len(profile->policy.dfa, in PROFILE_MEDIATES_SAFE()
Dlib.h91 static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa, in aa_dfa_null_transition() argument
95 return aa_dfa_next(dfa, start, 0); in aa_dfa_null_transition()
Dperms.h146 void aa_compute_perms(struct aa_dfa *dfa, unsigned int state,