Home
last modified time | relevance | path

Searched refs:profile (Results 1 – 25 of 34) sorted by relevance

12

/security/apparmor/
Ddomain.c98 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument
105 state = aa_dfa_match(profile->file.dfa, state, "&"); in match_component()
106 if (profile->ns == tp->ns) in match_component()
107 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
110 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
111 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
112 state = aa_dfa_match(profile->file.dfa, state, ns_name); in match_component()
113 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); in match_component()
114 return aa_dfa_match(profile->file.dfa, state, tp->base.hname); in match_component()
133 static int label_compound_match(struct aa_profile *profile, in label_compound_match() argument
[all …]
Dpolicy.c109 static void __add_profile(struct list_head *list, struct aa_profile *profile) in __add_profile() argument
114 AA_BUG(!profile); in __add_profile()
115 AA_BUG(!profile->ns); in __add_profile()
116 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
118 list_add_rcu(&profile->base.list, list); in __add_profile()
120 aa_get_profile(profile); in __add_profile()
121 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
122 AA_BUG(l != &profile->label); in __add_profile()
138 static void __list_remove_profile(struct aa_profile *profile) in __list_remove_profile() argument
140 AA_BUG(!profile); in __list_remove_profile()
[all …]
Dcapability.c33 struct aa_profile *profile; member
64 static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, in audit_caps() argument
74 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && in audit_caps()
75 !cap_raised(profile->caps.audit, cap))) in audit_caps()
78 } else if (KILL_MODE(profile) || in audit_caps()
79 cap_raised(profile->caps.kill, cap)) { in audit_caps()
81 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
82 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_caps()
83 AUDIT_MODE(profile) != AUDIT_ALL) { in audit_caps()
90 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
[all …]
Dpolicy_unpack.c73 struct aa_profile *profile = labels_profile(aa_current_raw_label()); in audit_iface() local
85 return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb); in audit_iface()
454 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) in unpack_trans_table() argument
466 profile->file.trans.table = kcalloc(size, sizeof(char *), in unpack_trans_table()
468 if (!profile->file.trans.table) in unpack_trans_table()
471 profile->file.trans.size = size; in unpack_trans_table()
480 profile->file.trans.table[i] = str; in unpack_trans_table()
518 aa_free_domain_entries(&profile->file.trans); in unpack_trans_table()
523 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) in unpack_xattrs() argument
531 profile->xattr_count = size; in unpack_xattrs()
[all …]
Dmount.c130 static int audit_mount(struct aa_profile *profile, const char *op, in audit_mount() argument
142 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in audit_mount()
160 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_mount()
161 AUDIT_MODE(profile) != AUDIT_ALL) in audit_mount()
178 return aa_audit(audit_type, profile, &sa, audit_cb); in audit_mount()
292 static int path_flags(struct aa_profile *profile, const struct path *path) in path_flags() argument
294 AA_BUG(!profile); in path_flags()
297 return profile->path_flags | in path_flags()
315 static int match_mnt_path_str(struct aa_profile *profile, in match_mnt_path_str() argument
325 AA_BUG(!profile); in match_mnt_path_str()
[all …]
Dnet.c108 int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa, in aa_profile_af_perm() argument
118 if (profile_unconfined(profile)) in aa_profile_af_perm()
120 state = PROFILE_MEDIATES(profile, AA_CLASS_NET); in aa_profile_af_perm()
126 state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer, in aa_profile_af_perm()
128 aa_compute_perms(profile->policy.dfa, state, &perms); in aa_profile_af_perm()
129 aa_apply_modes_to_perms(profile, &perms); in aa_profile_af_perm()
131 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); in aa_profile_af_perm()
137 struct aa_profile *profile; in aa_af_perm() local
140 return fn_for_each_confined(label, profile, in aa_af_perm()
141 aa_profile_af_perm(profile, &sa, request, family, in aa_af_perm()
[all …]
Dfile.c92 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, in aa_audit_file() argument
113 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) in aa_audit_file()
132 AUDIT_MODE(profile) != AUDIT_NOQUIET && in aa_audit_file()
133 AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit_file()
141 return aa_audit(type, profile, &sa, file_audit_cb); in aa_audit_file()
161 struct aa_profile *profile; in path_name() local
168 fn_for_each_confined(label, profile, in path_name()
169 aa_audit_file(profile, &nullperms, op, request, *name, in path_name()
268 int __aa_path_perm(const char *op, struct aa_profile *profile, const char *name, in __aa_path_perm() argument
274 if (profile_unconfined(profile)) in __aa_path_perm()
[all …]
Dipc.c77 static int profile_signal_perm(struct aa_profile *profile, in profile_signal_perm() argument
84 if (profile_unconfined(profile) || in profile_signal_perm()
85 !PROFILE_MEDIATES(profile, AA_CLASS_SIGNAL)) in profile_signal_perm()
90 state = aa_dfa_next(profile->policy.dfa, in profile_signal_perm()
91 profile->policy.start[AA_CLASS_SIGNAL], in profile_signal_perm()
93 aa_label_match(profile, peer, state, false, request, &perms); in profile_signal_perm()
94 aa_apply_modes_to_perms(profile, &perms); in profile_signal_perm()
95 return aa_check_perms(profile, &perms, request, sa, audit_signal_cb); in profile_signal_perm()
100 struct aa_profile *profile; in aa_may_signal() local
105 return xcheck_labels(sender, target, profile, in aa_may_signal()
[all …]
Dapparmorfs.c611 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, in profile_query_cb() argument
618 if (profile_unconfined(profile)) in profile_query_cb()
620 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { in profile_query_cb()
621 dfa = profile->file.dfa; in profile_query_cb()
622 state = aa_dfa_match_len(dfa, profile->file.start, in profile_query_cb()
629 } else if (profile->policy.dfa) { in profile_query_cb()
630 if (!PROFILE_MEDIATES(profile, *match_str)) in profile_query_cb()
632 dfa = profile->policy.dfa; in profile_query_cb()
633 state = aa_dfa_match_len(dfa, profile->policy.start[0], in profile_query_cb()
638 aa_apply_modes_to_perms(profile, &tmp); in profile_query_cb()
[all …]
Daudit.c78 struct aa_profile *profile = labels_profile(label); in audit_pre() local
80 if (profile->ns != root_ns) { in audit_pre()
83 profile->ns->base.hname); in audit_pre()
86 audit_log_untrustedstring(ab, profile->base.hname); in audit_pre()
123 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, in aa_audit() argument
126 AA_BUG(!profile); in aa_audit()
130 if (AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit()
133 } else if (COMPLAIN_MODE(profile)) in aa_audit()
138 if (AUDIT_MODE(profile) == AUDIT_QUIET || in aa_audit()
140 AUDIT_MODE(profile) == AUDIT_QUIET_DENIED)) in aa_audit()
[all …]
Dresource.c52 static int audit_resource(struct aa_profile *profile, unsigned int resource, in audit_resource() argument
64 return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb); in audit_resource()
81 static int profile_setrlimit(struct aa_profile *profile, unsigned int resource, in profile_setrlimit() argument
86 if (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max > in profile_setrlimit()
87 profile->rlimits.limits[resource].rlim_max) in profile_setrlimit()
89 return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL, in profile_setrlimit()
107 struct aa_profile *profile; in aa_task_setrlimit() local
124 error = fn_for_each(label, profile, in aa_task_setrlimit()
125 audit_resource(profile, resource, in aa_task_setrlimit()
129 error = fn_for_each_confined(label, profile, in aa_task_setrlimit()
[all …]
Dlabel.c320 struct aa_profile *profile; in aa_label_destroy() local
325 label_for_each(i, label, profile) { in aa_label_destroy()
326 aa_put_profile(profile); in aa_label_destroy()
1259 static inline bool label_is_visible(struct aa_profile *profile, in label_is_visible() argument
1262 return aa_ns_visible(profile->ns, labels_ns(label), true); in label_is_visible()
1270 static inline unsigned int match_component(struct aa_profile *profile, in match_component() argument
1276 if (profile->ns == tp->ns) in match_component()
1277 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname); in match_component()
1280 ns_name = aa_ns_name(profile->ns, tp->ns, true); in match_component()
1281 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1); in match_component()
[all …]
Dcrypto.c61 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, in aa_calc_profile_hash() argument
74 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); in aa_calc_profile_hash()
75 if (!profile->hash) in aa_calc_profile_hash()
89 error = crypto_shash_final(desc, profile->hash); in aa_calc_profile_hash()
96 kfree(profile->hash); in aa_calc_profile_hash()
97 profile->hash = NULL; in aa_calc_profile_hash()
Dlib.c290 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument
292 switch (AUDIT_MODE(profile)) { in aa_apply_modes_to_perms()
307 if (KILL_MODE(profile)) in aa_apply_modes_to_perms()
309 else if (COMPLAIN_MODE(profile)) in aa_apply_modes_to_perms()
398 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label, in aa_profile_match_label() argument
404 state = aa_dfa_next(profile->policy.dfa, in aa_profile_match_label()
405 profile->policy.start[AA_CLASS_LABEL], in aa_profile_match_label()
407 aa_label_match(profile, label, state, false, request, perms); in aa_profile_match_label()
412 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, in aa_profile_label_perm() argument
418 aad(sa)->label = &profile->label; in aa_profile_label_perm()
[all …]
Dtask.c228 static int profile_ptrace_perm(struct aa_profile *profile, in profile_ptrace_perm() argument
235 aa_profile_match_label(profile, peer, AA_CLASS_PTRACE, request, in profile_ptrace_perm()
237 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
238 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); in profile_ptrace_perm()
286 struct aa_profile *profile; in aa_may_ptrace() local
290 return xcheck_labels(tracer, tracee, profile, in aa_may_ptrace()
291 profile_tracer_perm(profile, tracee, request, &sa), in aa_may_ptrace()
292 profile_tracee_perm(profile, tracer, xrequest, &sa)); in aa_may_ptrace()
Dpolicy_ns.c85 struct aa_profile *profile; in alloc_unconfined() local
87 profile = aa_alloc_profile(name, NULL, GFP_KERNEL); in alloc_unconfined()
88 if (!profile) in alloc_unconfined()
91 profile->label.flags |= FLAG_IX_ON_NAME_ERROR | in alloc_unconfined()
93 profile->mode = APPARMOR_UNCONFINED; in alloc_unconfined()
94 profile->file.dfa = aa_get_dfa(nulldfa); in alloc_unconfined()
95 profile->policy.dfa = aa_get_dfa(nulldfa); in alloc_unconfined()
97 return profile; in alloc_unconfined()
/security/apparmor/include/
Dpolicy.h178 void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
186 void aa_free_profile(struct aa_profile *profile);
220 static inline unsigned int PROFILE_MEDIATES(struct aa_profile *profile, in PROFILE_MEDIATES() argument
224 return profile->policy.start[class]; in PROFILE_MEDIATES()
226 return aa_dfa_match_len(profile->policy.dfa, in PROFILE_MEDIATES()
227 profile->policy.start[0], &class, 1); in PROFILE_MEDIATES()
230 static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile, in PROFILE_MEDIATES_AF() argument
232 unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET); in PROFILE_MEDIATES_AF()
237 return aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2); in PROFILE_MEDIATES_AF()
300 static inline int AUDIT_MODE(struct aa_profile *profile) in AUDIT_MODE() argument
[all …]
Dperms.h142 void aa_apply_modes_to_perms(struct aa_profile *profile,
148 void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,
150 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
153 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
Dcrypto.h18 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
25 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, in aa_calc_profile_hash() argument
Dnet.h92 int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
96 static inline int aa_profile_af_sk_perm(struct aa_profile *profile, in aa_profile_af_sk_perm() argument
101 return aa_profile_af_perm(profile, sa, request, sk->sk_family, in aa_profile_af_sk_perm()
Dlib.h237 DEFINE_VEC(profile, __pvec); \
252 if (!vec_setup(profile, __pvec, __count, (GFP))) { \
266 vec_cleanup(profile, __pvec, __count); \
Daudit.h142 struct aa_profile *profile; member
170 int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
/security/tomoyo/
Dcommon.c482 (struct tomoyo_policy_namespace *ns, const unsigned int profile) in tomoyo_assign_profile() argument
487 if (profile >= TOMOYO_MAX_PROFILES) in tomoyo_assign_profile()
489 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
495 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
508 ns->profile_ptr[profile] = ptr; in tomoyo_assign_profile()
526 const u8 profile) in tomoyo_profile() argument
529 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; in tomoyo_profile()
586 struct tomoyo_profile *profile) in tomoyo_set_mode() argument
593 config = profile->default_config; in tomoyo_set_mode()
612 config = profile->config[i]; in tomoyo_set_mode()
[all …]
Dutil.c992 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument
1000 p = tomoyo_profile(ns, profile); in tomoyo_get_mode()
1022 u8 profile; in tomoyo_init_request_info() local
1028 profile = domain->profile; in tomoyo_init_request_info()
1029 r->profile = profile; in tomoyo_init_request_info()
1031 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1095 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
Ddomain.c538 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
566 e.profile = domain->profile; in tomoyo_assign_domain()
595 entry->profile); in tomoyo_assign_domain()
628 ee->r.profile = r->domain->profile; in tomoyo_environ()
629 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()

12