• Home
  • Raw
  • Download

Lines Matching refs:profile

130 static int audit_mount(struct aa_profile *profile, const char *op,  in audit_mount()  argument
142 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in audit_mount()
160 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_mount()
161 AUDIT_MODE(profile) != AUDIT_ALL) in audit_mount()
178 return aa_audit(audit_type, profile, &sa, audit_cb); in audit_mount()
293 static int path_flags(struct aa_profile *profile, const struct path *path) in path_flags() argument
295 AA_BUG(!profile); in path_flags()
298 return profile->path_flags | in path_flags()
316 static int match_mnt_path_str(struct aa_profile *profile, in match_mnt_path_str() argument
326 AA_BUG(!profile); in match_mnt_path_str()
330 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) in match_mnt_path_str()
333 error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer, in match_mnt_path_str()
334 &mntpnt, &info, profile->disconnected); in match_mnt_path_str()
345 pos = do_match_mnt(profile->policy.dfa, in match_mnt_path_str()
346 profile->policy.start[AA_CLASS_MOUNT], in match_mnt_path_str()
355 return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL, in match_mnt_path_str()
373 static int match_mnt(struct aa_profile *profile, const struct path *path, in match_mnt() argument
381 AA_BUG(!profile); in match_mnt()
384 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) in match_mnt()
388 error = aa_path_name(devpath, path_flags(profile, devpath), in match_mnt()
390 profile->disconnected); in match_mnt()
395 return match_mnt_path_str(profile, path, buffer, devname, type, flags, in match_mnt()
402 struct aa_profile *profile; in aa_remount() local
413 error = fn_for_each_confined(label, profile, in aa_remount()
414 match_mnt(profile, path, buffer, NULL, NULL, NULL, in aa_remount()
424 struct aa_profile *profile; in aa_bind_mount() local
442 error = fn_for_each_confined(label, profile, in aa_bind_mount()
443 match_mnt(profile, path, buffer, &old_path, old_buffer, in aa_bind_mount()
454 struct aa_profile *profile; in aa_mount_change_type() local
466 error = fn_for_each_confined(label, profile, in aa_mount_change_type()
467 match_mnt(profile, path, buffer, NULL, NULL, NULL, in aa_mount_change_type()
477 struct aa_profile *profile; in aa_move_mount() local
493 error = fn_for_each_confined(label, profile, in aa_move_mount()
494 match_mnt(profile, path, buffer, &old_path, old_buffer, in aa_move_mount()
506 struct aa_profile *profile; in aa_new_mount() local
539 error = fn_for_each_confined(label, profile, in aa_new_mount()
540 match_mnt(profile, path, buffer, dev_path, dev_buffer, in aa_new_mount()
543 error = fn_for_each_confined(label, profile, in aa_new_mount()
544 match_mnt_path_str(profile, path, buffer, dev_name, in aa_new_mount()
554 static int profile_umount(struct aa_profile *profile, struct path *path, in profile_umount() argument
562 AA_BUG(!profile); in profile_umount()
565 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) in profile_umount()
568 error = aa_path_name(path, path_flags(profile, path), buffer, &name, in profile_umount()
569 &info, profile->disconnected); in profile_umount()
573 state = aa_dfa_match(profile->policy.dfa, in profile_umount()
574 profile->policy.start[AA_CLASS_MOUNT], in profile_umount()
576 perms = compute_mnt_perms(profile->policy.dfa, state); in profile_umount()
581 return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL, in profile_umount()
587 struct aa_profile *profile; in aa_umount() local
596 error = fn_for_each_confined(label, profile, in aa_umount()
597 profile_umount(profile, &path, buffer)); in aa_umount()
607 static struct aa_label *build_pivotroot(struct aa_profile *profile, in build_pivotroot() argument
619 AA_BUG(!profile); in build_pivotroot()
623 if (profile_unconfined(profile) || in build_pivotroot()
624 !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) in build_pivotroot()
625 return aa_get_newest_label(&profile->label); in build_pivotroot()
627 error = aa_path_name(old_path, path_flags(profile, old_path), in build_pivotroot()
629 profile->disconnected); in build_pivotroot()
632 error = aa_path_name(new_path, path_flags(profile, new_path), in build_pivotroot()
634 profile->disconnected); in build_pivotroot()
639 state = aa_dfa_match(profile->policy.dfa, in build_pivotroot()
640 profile->policy.start[AA_CLASS_MOUNT], in build_pivotroot()
642 state = aa_dfa_null_transition(profile->policy.dfa, state); in build_pivotroot()
643 state = aa_dfa_match(profile->policy.dfa, state, old_name); in build_pivotroot()
644 perms = compute_mnt_perms(profile->policy.dfa, state); in build_pivotroot()
650 error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name, in build_pivotroot()
656 return aa_get_newest_label(&profile->label); in build_pivotroot()
662 struct aa_profile *profile; in aa_pivotroot() local
672 target = fn_label_build(label, profile, GFP_ATOMIC, in aa_pivotroot()
673 build_pivotroot(profile, new_path, new_buffer, in aa_pivotroot()
697 error = fn_for_each(label, profile, in aa_pivotroot()
698 audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */, in aa_pivotroot()