Home
last modified time | relevance | path

Searched refs:profile (Results 1 – 25 of 32) sorted by relevance

12

/security/apparmor/
Dpolicy.c109 static void __add_profile(struct list_head *list, struct aa_profile *profile) in __add_profile() argument
114 AA_BUG(!profile); in __add_profile()
115 AA_BUG(!profile->ns); in __add_profile()
116 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
118 list_add_rcu(&profile->base.list, list); in __add_profile()
120 aa_get_profile(profile); in __add_profile()
121 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
122 AA_BUG(l != &profile->label); in __add_profile()
138 static void __list_remove_profile(struct aa_profile *profile) in __list_remove_profile() argument
140 AA_BUG(!profile); in __list_remove_profile()
[all …]
Ddomain.c97 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument
104 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component()
105 if (profile->ns == tp->ns) in match_component()
106 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
109 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
110 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
111 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component()
112 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
113 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
132 static int label_compound_match(struct aa_profile *profile, in label_compound_match() argument
[all …]
Dcapability.c33 struct aa_profile *profile; member
64 static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, in audit_caps() argument
74 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && in audit_caps()
75 !cap_raised(profile->caps.audit, cap))) in audit_caps()
78 } else if (KILL_MODE(profile) || in audit_caps()
79 cap_raised(profile->caps.kill, cap)) { in audit_caps()
81 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
82 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_caps()
83 AUDIT_MODE(profile) != AUDIT_ALL) { in audit_caps()
90 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
[all …]
Dmount.c130 static int audit_mount(struct aa_profile *profile, const char *op, in audit_mount() argument
142 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in audit_mount()
160 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_mount()
161 AUDIT_MODE(profile) != AUDIT_ALL) in audit_mount()
178 return aa_audit(audit_type, profile, &sa, audit_cb); in audit_mount()
293 static int path_flags(struct aa_profile *profile, const struct path *path) in path_flags() argument
295 AA_BUG(!profile); in path_flags()
298 return profile->path_flags | in path_flags()
316 static int match_mnt_path_str(struct aa_profile *profile, in match_mnt_path_str() argument
326 AA_BUG(!profile); in match_mnt_path_str()
[all …]
Dpolicy_unpack.c108 struct aa_profile *profile = labels_profile(aa_current_raw_label()); in audit_iface() local
120 return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb); in audit_iface()
474 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) in unpack_trans_table() argument
486 profile->file.trans.table = kcalloc(size, sizeof(char *), in unpack_trans_table()
488 if (!profile->file.trans.table) in unpack_trans_table()
491 profile->file.trans.size = size; in unpack_trans_table()
500 profile->file.trans.table[i] = str; in unpack_trans_table()
538 aa_free_domain_entries(&profile->file.trans); in unpack_trans_table()
543 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) in unpack_xattrs() argument
551 profile->xattr_count = size; in unpack_xattrs()
[all …]
Dnet.c106 int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa, in aa_profile_af_perm() argument
116 if (profile_unconfined(profile)) in aa_profile_af_perm()
118 state = PROFILE_MEDIATES(profile, AA_CLASS_NET); in aa_profile_af_perm()
124 state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer, in aa_profile_af_perm()
126 aa_compute_perms(profile->policy.dfa, state, &perms); in aa_profile_af_perm()
127 aa_apply_modes_to_perms(profile, &perms); in aa_profile_af_perm()
129 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); in aa_profile_af_perm()
135 struct aa_profile *profile; in aa_af_perm() local
138 return fn_for_each_confined(label, profile, in aa_af_perm()
139 aa_profile_af_perm(profile, &sa, request, family, in aa_af_perm()
[all …]
Dipc.c65 static int profile_ptrace_perm(struct aa_profile *profile, in profile_ptrace_perm() argument
72 aa_profile_match_label(profile, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
74 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
75 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); in profile_ptrace_perm()
123 struct aa_profile *profile; in aa_may_ptrace() local
127 return xcheck_labels(tracer, tracee, profile, in aa_may_ptrace()
128 profile_tracer_perm(profile, tracee, request, &sa), in aa_may_ptrace()
129 profile_tracee_perm(profile, tracer, xrequest, &sa)); in aa_may_ptrace()
187 static int profile_signal_perm(struct aa_profile *profile, in profile_signal_perm() argument
194 if (profile_unconfined(profile) || in profile_signal_perm()
[all …]
Dfile.c101 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, in aa_audit_file() argument
122 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in aa_audit_file()
141 AUDIT_MODE(profile) != AUDIT_NOQUIET && in aa_audit_file()
142 AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit_file()
150 return aa_audit(type, profile, &sa, file_audit_cb); in aa_audit_file()
170 struct aa_profile *profile; in path_name() local
177 fn_for_each_confined(label, profile, in path_name()
178 aa_audit_file(profile, &nullperms, op, request, *name, in path_name()
277 int __aa_path_perm(const char *op, struct aa_profile *profile, const char *name, in __aa_path_perm() argument
283 if (profile_unconfined(profile)) in __aa_path_perm()
[all …]
Dapparmorfs.c610 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, in profile_query_cb() argument
617 if (profile_unconfined(profile)) in profile_query_cb()
619 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { in profile_query_cb()
620 dfa = profile->file.dfa; in profile_query_cb()
621 state = aa_dfa_match_len(dfa, profile->file.start, in profile_query_cb()
628 } else if (profile->policy.dfa) { in profile_query_cb()
629 if (!PROFILE_MEDIATES(profile, *match_str)) in profile_query_cb()
631 dfa = profile->policy.dfa; in profile_query_cb()
632 state = aa_dfa_match_len(dfa, profile->policy.start[0], in profile_query_cb()
637 aa_apply_modes_to_perms(profile, &tmp); in profile_query_cb()
[all …]
Daudit.c80 struct aa_profile *profile = labels_profile(label); in audit_pre() local
82 if (profile->ns != root_ns) { in audit_pre()
85 profile->ns->base.hname); in audit_pre()
88 audit_log_untrustedstring(ab, profile->base.hname); in audit_pre()
125 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, in aa_audit() argument
128 AA_BUG(!profile); in aa_audit()
132 if (AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit()
135 } else if (COMPLAIN_MODE(profile)) in aa_audit()
140 if (AUDIT_MODE(profile) == AUDIT_QUIET || in aa_audit()
142 AUDIT_MODE(profile) == AUDIT_QUIET_DENIED)) in aa_audit()
[all …]
Dresource.c52 static int audit_resource(struct aa_profile *profile, unsigned int resource, in audit_resource() argument
64 return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb); in audit_resource()
81 static int profile_setrlimit(struct aa_profile *profile, unsigned int resource, in profile_setrlimit() argument
86 if (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
87 profile->rlimits.limits[resource].rlim_max) in profile_setrlimit()
89 return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL, in profile_setrlimit()
107 struct aa_profile *profile; in aa_task_setrlimit() local
124 error = fn_for_each(label, profile, in aa_task_setrlimit()
125 audit_resource(profile, resource, in aa_task_setrlimit()
129 error = fn_for_each_confined(label, profile, in aa_task_setrlimit()
[all …]
Dlabel.c319 struct aa_profile *profile; in label_destroy() local
324 label_for_each(i, label, profile) { in label_destroy()
325 aa_put_profile(profile); in label_destroy()
1263 static inline bool label_is_visible(struct aa_profile *profile, in label_is_visible() argument
1266 return aa_ns_visible(profile->ns, labels_ns(label), true); in label_is_visible()
1274 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument
1280 if (profile->ns == tp->ns) in match_component()
1281 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1284 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
1285 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
[all …]
Dcrypto.c61 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, in aa_calc_profile_hash() argument
74 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); in aa_calc_profile_hash()
75 if (!profile->hash) in aa_calc_profile_hash()
89 error = crypto_shash_final(desc, profile->hash); in aa_calc_profile_hash()
96 kfree(profile->hash); in aa_calc_profile_hash()
97 profile->hash = NULL; in aa_calc_profile_hash()
Dlib.c290 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument
292 switch (AUDIT_MODE(profile)) { in aa_apply_modes_to_perms()
307 if (KILL_MODE(profile)) in aa_apply_modes_to_perms()
309 else if (COMPLAIN_MODE(profile)) in aa_apply_modes_to_perms()
381 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label, in aa_profile_match_label() argument
387 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label()
388 profile->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
390 aa_label_match(profile, label, state, false, request, perms); in aa_profile_match_label()
395 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, in aa_profile_label_perm() argument
401 aad(sa)->label = &profile->label; in aa_profile_label_perm()
[all …]
/security/apparmor/include/
Dpolicy.h174 void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
182 void aa_free_profile(struct aa_profile *profile);
216 static inline unsigned int PROFILE_MEDIATES(struct aa_profile *profile, in PROFILE_MEDIATES() argument
220 return profile->policy.start[class]; in PROFILE_MEDIATES()
222 return aa_dfa_match_len(profile->policy.dfa, in PROFILE_MEDIATES()
223 profile->policy.start[0], &class, 1); in PROFILE_MEDIATES()
226 static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile, in PROFILE_MEDIATES_AF() argument
228 unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET); in PROFILE_MEDIATES_AF()
233 return aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2); in PROFILE_MEDIATES_AF()
296 static inline int AUDIT_MODE(struct aa_profile *profile) in AUDIT_MODE() argument
[all …]
Dperms.h142 void aa_apply_modes_to_perms(struct aa_profile *profile,
148 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,
150 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
153 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
Dcrypto.h18 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
25 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, in aa_calc_profile_hash() argument
Dnet.h92 int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
96 static inline int aa_profile_af_sk_perm(struct aa_profile *profile, in aa_profile_af_sk_perm() argument
101 return aa_profile_af_perm(profile, sa, request, sk->sk_family, in aa_profile_af_sk_perm()
Dlib.h232 DEFINE_VEC(profile, __pvec); \
247 if (!vec_setup(profile, __pvec, __count, (GFP))) { \
261 vec_cleanup(profile, __pvec, __count); \
Daudit.h142 struct aa_profile *profile; member
170 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
Dapparmorfs.h108 void __aafs_profile_rmdir(struct aa_profile *profile);
111 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
/security/tomoyo/
Dcommon.c491 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
496 if (profile >= TOMOYO_MAX_PROFILES) in tomoyo_assign_profile()
498 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
504 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
517 ns->profile_ptr[profile] = ptr; in tomoyo_assign_profile()
535 const u8 profile) in tomoyo_profile() argument
538 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; in tomoyo_profile()
595 struct tomoyo_profile *profile) in tomoyo_set_mode() argument
602 config = profile->default_config; in tomoyo_set_mode()
621 config = profile->config[i]; in tomoyo_set_mode()
[all …]
Dutil.c970 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument
978 p = tomoyo_profile(ns, profile); in tomoyo_get_mode()
1000 u8 profile; in tomoyo_init_request_info() local
1006 profile = domain->profile; in tomoyo_init_request_info()
1007 r->profile = profile; in tomoyo_init_request_info()
1009 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1076 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
Ddomain.c540 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
568 e.profile = domain->profile; in tomoyo_assign_domain()
597 entry->profile); in tomoyo_assign_domain()
630 ee->r.profile = r->domain->profile; in tomoyo_environ()
631 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
Daudit.c168 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], in tomoyo_print_header()
328 const u8 profile, const u8 index, in tomoyo_get_audit() argument
339 p = tomoyo_profile(ns, profile); in tomoyo_get_audit()
372 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, in tomoyo_write_log2()

12