/security/apparmor/ |
D | domain.c | 100 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument 107 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component() 108 if (profile->ns == tp->ns) in match_component() 109 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component() 112 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component() 113 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component() 114 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component() 115 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component() 116 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component() 135 static int label_compound_match(struct aa_profile *profile, in label_compound_match() argument [all …]
|
D | policy.c | 114 static void __add_profile(struct list_head *list, struct aa_profile *profile) in __add_profile() argument 119 AA_BUG(!profile); in __add_profile() 120 AA_BUG(!profile->ns); in __add_profile() 121 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile() 123 list_add_rcu(&profile->base.list, list); in __add_profile() 125 aa_get_profile(profile); in __add_profile() 126 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile() 127 AA_BUG(l != &profile->label); in __add_profile() 143 static void __list_remove_profile(struct aa_profile *profile) in __list_remove_profile() argument 145 AA_BUG(!profile); in __list_remove_profile() [all …]
|
D | capability.c | 37 struct aa_profile *profile; member 68 static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, in audit_caps() argument 78 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && in audit_caps() 79 !cap_raised(profile->caps.audit, cap))) in audit_caps() 82 } else if (KILL_MODE(profile) || in audit_caps() 83 cap_raised(profile->caps.kill, cap)) { in audit_caps() 85 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps() 86 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_caps() 87 AUDIT_MODE(profile) != AUDIT_ALL) { in audit_caps() 94 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps() [all …]
|
D | mount.c | 133 static int audit_mount(struct aa_profile *profile, const char *op, in audit_mount() argument 145 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in audit_mount() 163 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_mount() 164 AUDIT_MODE(profile) != AUDIT_ALL) in audit_mount() 181 return aa_audit(audit_type, profile, &sa, audit_cb); in audit_mount() 296 static int path_flags(struct aa_profile *profile, const struct path *path) in path_flags() argument 298 AA_BUG(!profile); in path_flags() 301 return profile->path_flags | in path_flags() 319 static int match_mnt_path_str(struct aa_profile *profile, in match_mnt_path_str() argument 329 AA_BUG(!profile); in match_mnt_path_str() [all …]
|
D | policy_unpack.c | 111 struct aa_profile *profile = labels_profile(aa_current_raw_label()); in audit_iface() local 123 return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb); in audit_iface() 449 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) in unpack_trans_table() argument 461 profile->file.trans.table = kzalloc(sizeof(char *) * size, in unpack_trans_table() 463 if (!profile->file.trans.table) in unpack_trans_table() 466 profile->file.trans.size = size; in unpack_trans_table() 475 profile->file.trans.table[i] = str; in unpack_trans_table() 513 aa_free_domain_entries(&profile->file.trans); in unpack_trans_table() 518 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) in unpack_rlimits() argument 528 profile->rlimits.mask = tmp; in unpack_rlimits() [all …]
|
D | file.c | 103 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, in aa_audit_file() argument 124 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in aa_audit_file() 143 AUDIT_MODE(profile) != AUDIT_NOQUIET && in aa_audit_file() 144 AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit_file() 152 return aa_audit(type, profile, &sa, file_audit_cb); in aa_audit_file() 172 struct aa_profile *profile; in path_name() local 179 fn_for_each_confined(label, profile, in path_name() 180 aa_audit_file(profile, &nullperms, op, request, *name, in path_name() 285 int __aa_path_perm(const char *op, struct aa_profile *profile, const char *name, in __aa_path_perm() argument 291 if (profile_unconfined(profile)) in __aa_path_perm() [all …]
|
D | ipc.c | 69 static int profile_ptrace_perm(struct aa_profile *profile, in profile_ptrace_perm() argument 76 aa_profile_match_label(profile, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm() 78 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm() 79 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); in profile_ptrace_perm() 126 struct aa_profile *profile; in aa_may_ptrace() local 130 return xcheck_labels(tracer, tracee, profile, in aa_may_ptrace() 131 profile_tracer_perm(profile, tracee, request, &sa), in aa_may_ptrace() 132 profile_tracee_perm(profile, tracer, xrequest, &sa)); in aa_may_ptrace() 188 static void profile_match_signal(struct aa_profile *profile, const char *label, in profile_match_signal() argument 194 state = aa_dfa_next(profile->policy.dfa, in profile_match_signal() [all …]
|
D | audit.c | 84 struct aa_profile *profile = labels_profile(label); in audit_pre() local 86 if (profile->ns != root_ns) { in audit_pre() 89 profile->ns->base.hname); in audit_pre() 92 audit_log_untrustedstring(ab, profile->base.hname); in audit_pre() 129 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, in aa_audit() argument 132 AA_BUG(!profile); in aa_audit() 136 if (AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit() 139 } else if (COMPLAIN_MODE(profile)) in aa_audit() 144 if (AUDIT_MODE(profile) == AUDIT_QUIET || in aa_audit() 146 AUDIT_MODE(profile) == AUDIT_QUIET)) in aa_audit() [all …]
|
D | apparmorfs.c | 611 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, in profile_query_cb() argument 618 if (profile_unconfined(profile)) in profile_query_cb() 620 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { in profile_query_cb() 621 dfa = profile->file.dfa; in profile_query_cb() 622 state = aa_dfa_match_len(dfa, profile->file.start, in profile_query_cb() 630 } else if (profile->policy.dfa) { in profile_query_cb() 631 if (!PROFILE_MEDIATES_SAFE(profile, *match_str)) in profile_query_cb() 633 dfa = profile->policy.dfa; in profile_query_cb() 634 state = aa_dfa_match_len(dfa, profile->policy.start[0], in profile_query_cb() 641 aa_apply_modes_to_perms(profile, &tmp); in profile_query_cb() [all …]
|
D | resource.c | 56 static int audit_resource(struct aa_profile *profile, unsigned int resource, in audit_resource() argument 68 return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb); in audit_resource() 85 static int profile_setrlimit(struct aa_profile *profile, unsigned int resource, in profile_setrlimit() argument 90 if (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit() 91 profile->rlimits.limits[resource].rlim_max) in profile_setrlimit() 93 return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL, in profile_setrlimit() 111 struct aa_profile *profile; in aa_task_setrlimit() local 128 error = fn_for_each(label, profile, in aa_task_setrlimit() 129 audit_resource(profile, resource, in aa_task_setrlimit() 133 error = fn_for_each_confined(label, profile, in aa_task_setrlimit() [all …]
|
D | label.c | 323 struct aa_profile *profile; in label_destroy() local 328 label_for_each(i, label, profile) { in label_destroy() 329 aa_put_profile(profile); in label_destroy() 1235 static inline bool label_is_visible(struct aa_profile *profile, in label_is_visible() argument 1238 return aa_ns_visible(profile->ns, labels_ns(label), true); in label_is_visible() 1246 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument 1252 if (profile->ns == tp->ns) in match_component() 1253 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component() 1256 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component() 1257 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component() [all …]
|
D | crypto.c | 66 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, in aa_calc_profile_hash() argument 79 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); in aa_calc_profile_hash() 80 if (!profile->hash) in aa_calc_profile_hash() 95 error = crypto_shash_final(desc, profile->hash); in aa_calc_profile_hash() 102 kfree(profile->hash); in aa_calc_profile_hash() 103 profile->hash = NULL; in aa_calc_profile_hash()
|
D | lib.c | 284 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument 286 switch (AUDIT_MODE(profile)) { in aa_apply_modes_to_perms() 301 if (KILL_MODE(profile)) in aa_apply_modes_to_perms() 303 else if (COMPLAIN_MODE(profile)) in aa_apply_modes_to_perms() 378 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label, in aa_profile_match_label() argument 384 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label() 385 profile->policy.start[AA_CLASS_LABEL], in aa_profile_match_label() 387 aa_label_match(profile, label, state, false, request, perms); in aa_profile_match_label() 392 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, in aa_profile_label_perm() argument 398 aad(sa)->label = &profile->label; in aa_profile_label_perm() [all …]
|
/security/apparmor/include/ |
D | policy.h | 170 void aa_add_profile(struct aa_policy *common, struct aa_profile *profile); 178 void aa_free_profile(struct aa_profile *profile); 214 static inline unsigned int PROFILE_MEDIATES_SAFE(struct aa_profile *profile, in PROFILE_MEDIATES_SAFE() argument 217 if (profile->policy.dfa) in PROFILE_MEDIATES_SAFE() 218 return aa_dfa_match_len(profile->policy.dfa, in PROFILE_MEDIATES_SAFE() 219 profile->policy.start[0], &class, 1); in PROFILE_MEDIATES_SAFE() 283 static inline int AUDIT_MODE(struct aa_profile *profile) in AUDIT_MODE() argument 288 return profile->audit; in AUDIT_MODE()
|
D | perms.h | 144 void aa_apply_modes_to_perms(struct aa_profile *profile, 150 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label, 152 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, 155 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
|
D | crypto.h | 22 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, 29 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, in aa_calc_profile_hash() argument
|
D | audit.h | 137 struct aa_profile *profile; member 165 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
|
D | lib.h | 238 DEFINE_VEC(profile, __pvec); \ 253 if (!vec_setup(profile, __pvec, __count, (GFP))) { \ 267 vec_cleanup(profile, __pvec, __count); \
|
D | apparmorfs.h | 112 void __aafs_profile_rmdir(struct aa_profile *profile); 115 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
|
D | domain.h | 34 struct aa_label *x_table_lookup(struct aa_profile *profile, u32 xindex,
|
D | label.h | 265 struct aa_profile *profile; \ 268 label_for_each(i, (L), profile) { \ 269 if (PROFILE_MEDIATES(profile, (C))) { \ 335 int aa_label_match(struct aa_profile *profile, struct aa_label *label,
|
/security/tomoyo/ |
D | common.c | 486 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument 490 if (profile >= TOMOYO_MAX_PROFILES) in tomoyo_assign_profile() 492 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile() 498 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile() 511 ns->profile_ptr[profile] = ptr; in tomoyo_assign_profile() 529 const u8 profile) in tomoyo_profile() argument 532 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; in tomoyo_profile() 586 struct tomoyo_profile *profile) in tomoyo_set_mode() argument 592 config = profile->default_config; in tomoyo_set_mode() 609 config = profile->config[i]; in tomoyo_set_mode() [all …]
|
D | util.c | 978 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument 986 p = tomoyo_profile(ns, profile); in tomoyo_get_mode() 1008 u8 profile; in tomoyo_init_request_info() local 1013 profile = domain->profile; in tomoyo_init_request_info() 1014 r->profile = profile; in tomoyo_init_request_info() 1016 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info() 1079 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
|
D | domain.c | 522 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain() 549 e.profile = domain->profile; in tomoyo_assign_domain() 576 entry->profile); in tomoyo_assign_domain() 606 ee->r.profile = r->domain->profile; in tomoyo_environ() 607 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
|
D | audit.c | 167 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, in tomoyo_print_header() 323 const u8 profile, const u8 index, in tomoyo_get_audit() argument 333 p = tomoyo_profile(ns, profile); in tomoyo_get_audit() 365 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()
|