Home
last modified time | relevance | path

Searched refs:profile (Results 1 – 25 of 30) sorted by relevance

12

/security/apparmor/
Ddomain.c100 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument
107 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component()
108 if (profile->ns == tp->ns) in match_component()
109 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
112 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
113 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
114 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component()
115 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
116 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
135 static int label_compound_match(struct aa_profile *profile, in label_compound_match() argument
[all …]
Dpolicy.c114 static void __add_profile(struct list_head *list, struct aa_profile *profile) in __add_profile() argument
119 AA_BUG(!profile); in __add_profile()
120 AA_BUG(!profile->ns); in __add_profile()
121 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
123 list_add_rcu(&profile->base.list, list); in __add_profile()
125 aa_get_profile(profile); in __add_profile()
126 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
127 AA_BUG(l != &profile->label); in __add_profile()
143 static void __list_remove_profile(struct aa_profile *profile) in __list_remove_profile() argument
145 AA_BUG(!profile); in __list_remove_profile()
[all …]
Dcapability.c37 struct aa_profile *profile; member
68 static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, in audit_caps() argument
78 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && in audit_caps()
79 !cap_raised(profile->caps.audit, cap))) in audit_caps()
82 } else if (KILL_MODE(profile) || in audit_caps()
83 cap_raised(profile->caps.kill, cap)) { in audit_caps()
85 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
86 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_caps()
87 AUDIT_MODE(profile) != AUDIT_ALL) { in audit_caps()
94 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
[all …]
Dmount.c133 static int audit_mount(struct aa_profile *profile, const char *op, in audit_mount() argument
145 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in audit_mount()
163 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_mount()
164 AUDIT_MODE(profile) != AUDIT_ALL) in audit_mount()
181 return aa_audit(audit_type, profile, &sa, audit_cb); in audit_mount()
296 static int path_flags(struct aa_profile *profile, const struct path *path) in path_flags() argument
298 AA_BUG(!profile); in path_flags()
301 return profile->path_flags | in path_flags()
319 static int match_mnt_path_str(struct aa_profile *profile, in match_mnt_path_str() argument
329 AA_BUG(!profile); in match_mnt_path_str()
[all …]
Dpolicy_unpack.c111 struct aa_profile *profile = labels_profile(aa_current_raw_label()); in audit_iface() local
123 return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb); in audit_iface()
449 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) in unpack_trans_table() argument
461 profile->file.trans.table = kzalloc(sizeof(char *) * size, in unpack_trans_table()
463 if (!profile->file.trans.table) in unpack_trans_table()
466 profile->file.trans.size = size; in unpack_trans_table()
475 profile->file.trans.table[i] = str; in unpack_trans_table()
513 aa_free_domain_entries(&profile->file.trans); in unpack_trans_table()
518 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) in unpack_rlimits() argument
528 profile->rlimits.mask = tmp; in unpack_rlimits()
[all …]
Dfile.c103 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, in aa_audit_file() argument
124 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in aa_audit_file()
143 AUDIT_MODE(profile) != AUDIT_NOQUIET && in aa_audit_file()
144 AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit_file()
152 return aa_audit(type, profile, &sa, file_audit_cb); in aa_audit_file()
172 struct aa_profile *profile; in path_name() local
179 fn_for_each_confined(label, profile, in path_name()
180 aa_audit_file(profile, &nullperms, op, request, *name, in path_name()
285 int __aa_path_perm(const char *op, struct aa_profile *profile, const char *name, in __aa_path_perm() argument
291 if (profile_unconfined(profile)) in __aa_path_perm()
[all …]
Dipc.c69 static int profile_ptrace_perm(struct aa_profile *profile, in profile_ptrace_perm() argument
76 aa_profile_match_label(profile, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
78 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
79 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); in profile_ptrace_perm()
126 struct aa_profile *profile; in aa_may_ptrace() local
130 return xcheck_labels(tracer, tracee, profile, in aa_may_ptrace()
131 profile_tracer_perm(profile, tracee, request, &sa), in aa_may_ptrace()
132 profile_tracee_perm(profile, tracer, xrequest, &sa)); in aa_may_ptrace()
188 static void profile_match_signal(struct aa_profile *profile, const char *label, in profile_match_signal() argument
194 state = aa_dfa_next(profile->policy.dfa, in profile_match_signal()
[all …]
Daudit.c84 struct aa_profile *profile = labels_profile(label); in audit_pre() local
86 if (profile->ns != root_ns) { in audit_pre()
89 profile->ns->base.hname); in audit_pre()
92 audit_log_untrustedstring(ab, profile->base.hname); in audit_pre()
129 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, in aa_audit() argument
132 AA_BUG(!profile); in aa_audit()
136 if (AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit()
139 } else if (COMPLAIN_MODE(profile)) in aa_audit()
144 if (AUDIT_MODE(profile) == AUDIT_QUIET || in aa_audit()
146 AUDIT_MODE(profile) == AUDIT_QUIET)) in aa_audit()
[all …]
Dapparmorfs.c611 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, in profile_query_cb() argument
618 if (profile_unconfined(profile)) in profile_query_cb()
620 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { in profile_query_cb()
621 dfa = profile->file.dfa; in profile_query_cb()
622 state = aa_dfa_match_len(dfa, profile->file.start, in profile_query_cb()
630 } else if (profile->policy.dfa) { in profile_query_cb()
631 if (!PROFILE_MEDIATES_SAFE(profile, *match_str)) in profile_query_cb()
633 dfa = profile->policy.dfa; in profile_query_cb()
634 state = aa_dfa_match_len(dfa, profile->policy.start[0], in profile_query_cb()
641 aa_apply_modes_to_perms(profile, &tmp); in profile_query_cb()
[all …]
Dresource.c56 static int audit_resource(struct aa_profile *profile, unsigned int resource, in audit_resource() argument
68 return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb); in audit_resource()
85 static int profile_setrlimit(struct aa_profile *profile, unsigned int resource, in profile_setrlimit() argument
90 if (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
91 profile->rlimits.limits[resource].rlim_max) in profile_setrlimit()
93 return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL, in profile_setrlimit()
111 struct aa_profile *profile; in aa_task_setrlimit() local
128 error = fn_for_each(label, profile, in aa_task_setrlimit()
129 audit_resource(profile, resource, in aa_task_setrlimit()
133 error = fn_for_each_confined(label, profile, in aa_task_setrlimit()
[all …]
Dlabel.c323 struct aa_profile *profile; in label_destroy() local
328 label_for_each(i, label, profile) { in label_destroy()
329 aa_put_profile(profile); in label_destroy()
1235 static inline bool label_is_visible(struct aa_profile *profile, in label_is_visible() argument
1238 return aa_ns_visible(profile->ns, labels_ns(label), true); in label_is_visible()
1246 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument
1252 if (profile->ns == tp->ns) in match_component()
1253 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1256 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
1257 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
[all …]
Dcrypto.c66 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, in aa_calc_profile_hash() argument
79 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); in aa_calc_profile_hash()
80 if (!profile->hash) in aa_calc_profile_hash()
95 error = crypto_shash_final(desc, profile->hash); in aa_calc_profile_hash()
102 kfree(profile->hash); in aa_calc_profile_hash()
103 profile->hash = NULL; in aa_calc_profile_hash()
Dlib.c284 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument
286 switch (AUDIT_MODE(profile)) { in aa_apply_modes_to_perms()
301 if (KILL_MODE(profile)) in aa_apply_modes_to_perms()
303 else if (COMPLAIN_MODE(profile)) in aa_apply_modes_to_perms()
378 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label, in aa_profile_match_label() argument
384 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label()
385 profile->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
387 aa_label_match(profile, label, state, false, request, perms); in aa_profile_match_label()
392 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, in aa_profile_label_perm() argument
398 aad(sa)->label = &profile->label; in aa_profile_label_perm()
[all …]
/security/apparmor/include/
Dpolicy.h170 void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
178 void aa_free_profile(struct aa_profile *profile);
214 static inline unsigned int PROFILE_MEDIATES_SAFE(struct aa_profile *profile, in PROFILE_MEDIATES_SAFE() argument
217 if (profile->policy.dfa) in PROFILE_MEDIATES_SAFE()
218 return aa_dfa_match_len(profile->policy.dfa, in PROFILE_MEDIATES_SAFE()
219 profile->policy.start[0], &class, 1); in PROFILE_MEDIATES_SAFE()
283 static inline int AUDIT_MODE(struct aa_profile *profile) in AUDIT_MODE() argument
288 return profile->audit; in AUDIT_MODE()
Dperms.h144 void aa_apply_modes_to_perms(struct aa_profile *profile,
150 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,
152 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
155 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
Dcrypto.h22 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
29 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, in aa_calc_profile_hash() argument
Daudit.h137 struct aa_profile *profile; member
165 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
Dlib.h238 DEFINE_VEC(profile, __pvec); \
253 if (!vec_setup(profile, __pvec, __count, (GFP))) { \
267 vec_cleanup(profile, __pvec, __count); \
Dapparmorfs.h112 void __aafs_profile_rmdir(struct aa_profile *profile);
115 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
Ddomain.h34 struct aa_label *x_table_lookup(struct aa_profile *profile, u32 xindex,
Dlabel.h265 struct aa_profile *profile; \
268 label_for_each(i, (L), profile) { \
269 if (PROFILE_MEDIATES(profile, (C))) { \
335 int aa_label_match(struct aa_profile *profile, struct aa_label *label,
/security/tomoyo/
Dcommon.c486 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
490 if (profile >= TOMOYO_MAX_PROFILES) in tomoyo_assign_profile()
492 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
498 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
511 ns->profile_ptr[profile] = ptr; in tomoyo_assign_profile()
529 const u8 profile) in tomoyo_profile() argument
532 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; in tomoyo_profile()
586 struct tomoyo_profile *profile) in tomoyo_set_mode() argument
592 config = profile->default_config; in tomoyo_set_mode()
609 config = profile->config[i]; in tomoyo_set_mode()
[all …]
Dutil.c978 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument
986 p = tomoyo_profile(ns, profile); in tomoyo_get_mode()
1008 u8 profile; in tomoyo_init_request_info() local
1013 profile = domain->profile; in tomoyo_init_request_info()
1014 r->profile = profile; in tomoyo_init_request_info()
1016 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1079 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
Ddomain.c522 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
549 e.profile = domain->profile; in tomoyo_assign_domain()
576 entry->profile); in tomoyo_assign_domain()
606 ee->r.profile = r->domain->profile; in tomoyo_environ()
607 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
Daudit.c167 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, in tomoyo_print_header()
323 const u8 profile, const u8 index, in tomoyo_get_audit() argument
333 p = tomoyo_profile(ns, profile); in tomoyo_get_audit()
365 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()

12