/security/apparmor/ |
D | match.c | 131 static int verify_dfa(struct aa_dfa *dfa, int flags) in verify_dfa() argument 137 if (!(dfa->tables[YYTD_ID_DEF] && in verify_dfa() 138 dfa->tables[YYTD_ID_BASE] && in verify_dfa() 139 dfa->tables[YYTD_ID_NXT] && dfa->tables[YYTD_ID_CHK])) in verify_dfa() 143 state_count = dfa->tables[YYTD_ID_BASE]->td_lolen; in verify_dfa() 145 if (!dfa->tables[YYTD_ID_ACCEPT]) in verify_dfa() 147 if (state_count != dfa->tables[YYTD_ID_ACCEPT]->td_lolen) in verify_dfa() 151 if (!dfa->tables[YYTD_ID_ACCEPT2]) in verify_dfa() 153 if (state_count != dfa->tables[YYTD_ID_ACCEPT2]->td_lolen) in verify_dfa() 156 if (state_count != dfa->tables[YYTD_ID_DEF]->td_lolen) in verify_dfa() [all …]
|
D | mount.c | 196 static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state, in match_mnt_flags() argument 203 state = aa_dfa_next(dfa, state, i + 1); in match_mnt_flags() 216 static struct aa_perms compute_mnt_perms(struct aa_dfa *dfa, in compute_mnt_perms() argument 222 perms.allow = dfa_user_allow(dfa, state); in compute_mnt_perms() 223 perms.audit = dfa_user_audit(dfa, state); in compute_mnt_perms() 224 perms.quiet = dfa_user_quiet(dfa, state); in compute_mnt_perms() 225 perms.xindex = dfa_user_xindex(dfa, state); in compute_mnt_perms() 243 static int do_match_mnt(struct aa_dfa *dfa, unsigned int start, in do_match_mnt() argument 250 AA_BUG(!dfa); in do_match_mnt() 253 state = aa_dfa_match(dfa, start, mntpnt); in do_match_mnt() [all …]
|
D | policy_unpack.c | 385 static bool verify_accept(struct aa_dfa *dfa, int flags) in verify_accept() argument 390 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { in verify_accept() 391 int mode = ACCEPT_TABLE(dfa)[i]; in verify_accept() 396 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) in verify_accept() 412 struct aa_dfa *dfa = NULL; in unpack_dfa() local 426 dfa = aa_dfa_unpack(blob + pad, size - pad, flags); in unpack_dfa() 428 if (IS_ERR(dfa)) in unpack_dfa() 429 return dfa; in unpack_dfa() 431 if (!verify_accept(dfa, flags)) in unpack_dfa() 435 return dfa; in unpack_dfa() [all …]
|
D | file.c | 226 struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, in aa_compute_fperms() argument 243 perms.allow = map_old_perms(dfa_user_allow(dfa, state)); in aa_compute_fperms() 244 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in aa_compute_fperms() 245 perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); in aa_compute_fperms() 246 perms.xindex = dfa_user_xindex(dfa, state); in aa_compute_fperms() 248 perms.allow = map_old_perms(dfa_other_allow(dfa, state)); in aa_compute_fperms() 249 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in aa_compute_fperms() 250 perms.quiet = map_old_perms(dfa_other_quiet(dfa, state)); in aa_compute_fperms() 251 perms.xindex = dfa_other_xindex(dfa, state); in aa_compute_fperms() 256 if (ACCEPT_TABLE(dfa)[state] & 0x80000000) in aa_compute_fperms() [all …]
|
D | lib.c | 319 void aa_compute_perms(struct aa_dfa *dfa, unsigned int state, in aa_compute_perms() argument 327 perms->allow = dfa_user_allow(dfa, state); in aa_compute_perms() 328 perms->audit = dfa_user_audit(dfa, state); in aa_compute_perms() 329 perms->quiet = dfa_user_quiet(dfa, state); in aa_compute_perms() 334 perms->allow |= map_other(dfa_other_allow(dfa, state)); in aa_compute_perms() 335 perms->audit |= map_other(dfa_other_audit(dfa, state)); in aa_compute_perms() 336 perms->quiet |= map_other(dfa_other_quiet(dfa, state)); in aa_compute_perms() 384 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label()
|
D | domain.c | 107 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component() 109 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component() 113 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component() 114 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component() 115 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component() 116 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component() 162 state = aa_dfa_match(profile->file.dfa, state, "//&"); in label_compound_match() 167 *perms = aa_compute_fperms(profile->file.dfa, state, &cond); in label_compound_match() 220 tmp = aa_compute_fperms(profile->file.dfa, state, &cond); in label_components_match() 229 tmp = aa_compute_fperms(profile->file.dfa, state, &cond); in label_components_match() [all …]
|
D | ipc.c | 194 state = aa_dfa_next(profile->policy.dfa, in profile_match_signal() 197 state = aa_dfa_match(profile->policy.dfa, state, label); in profile_match_signal() 198 aa_compute_perms(profile->policy.dfa, state, perms); in profile_match_signal()
|
D | policy_ns.c | 115 ns->unconfined->file.dfa = aa_get_dfa(nulldfa); in alloc_ns() 116 ns->unconfined->policy.dfa = aa_get_dfa(nulldfa); in alloc_ns()
|
D | label.c | 1253 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component() 1257 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component() 1258 state = aa_dfa_match(profile->policy.dfa, state, ns_name); in match_component() 1259 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component() 1260 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component() 1304 state = aa_dfa_match(profile->policy.dfa, state, "//&"); in label_compound_match() 1309 aa_compute_perms(profile->policy.dfa, state, perms); in label_compound_match() 1360 aa_compute_perms(profile->policy.dfa, state, &tmp); in label_components_match() 1369 aa_compute_perms(profile->policy.dfa, state, &tmp); in label_components_match()
|
D | apparmorfs.c | 615 struct aa_dfa *dfa; in profile_query_cb() local 620 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { in profile_query_cb() 621 dfa = profile->file.dfa; in profile_query_cb() 622 state = aa_dfa_match_len(dfa, profile->file.start, in profile_query_cb() 628 tmp = aa_compute_fperms(dfa, state, &cond); in profile_query_cb() 630 } else if (profile->policy.dfa) { in profile_query_cb() 633 dfa = profile->policy.dfa; in profile_query_cb() 634 state = aa_dfa_match_len(dfa, profile->policy.start[0], in profile_query_cb() 637 aa_compute_perms(dfa, state, &tmp); in profile_query_cb()
|
D | policy.c | 232 aa_put_dfa(profile->policy.dfa); in aa_free_profile() 545 profile->file.dfa = aa_get_dfa(nulldfa); in aa_new_null_profile() 546 profile->policy.dfa = aa_get_dfa(nulldfa); in aa_new_null_profile()
|
/security/apparmor/include/ |
D | file.h | 144 #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ argument 145 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) 146 #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) argument 147 #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) argument 148 #define dfa_user_xindex(dfa, state) \ argument 149 (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff)) 151 #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ argument 153 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) 154 #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) argument 155 #define dfa_other_quiet(dfa, state) \ argument [all …]
|
D | match.h | 126 unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, 128 unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, 130 unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state, 142 static inline struct aa_dfa *aa_get_dfa(struct aa_dfa *dfa) in aa_get_dfa() argument 144 if (dfa) in aa_get_dfa() 145 kref_get(&(dfa->count)); in aa_get_dfa() 147 return dfa; in aa_get_dfa() 156 static inline void aa_put_dfa(struct aa_dfa *dfa) in aa_put_dfa() argument 158 if (dfa) in aa_put_dfa() 159 kref_put(&dfa->count, aa_dfa_free_kref); in aa_put_dfa()
|
D | policy.h | 78 struct aa_dfa *dfa; member 217 if (profile->policy.dfa) in PROFILE_MEDIATES_SAFE() 218 return aa_dfa_match_len(profile->policy.dfa, in PROFILE_MEDIATES_SAFE()
|
D | lib.h | 91 static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa, in aa_dfa_null_transition() argument 95 return aa_dfa_next(dfa, start, 0); in aa_dfa_null_transition()
|
D | perms.h | 146 void aa_compute_perms(struct aa_dfa *dfa, unsigned int state,
|