Lines Matching refs:perms
131 struct aa_perms *perms) in label_compound_match() argument
149 *perms = allperms; in label_compound_match()
161 *perms = *(aa_lookup_condperms(current_fsuid(), rules->file, state, in label_compound_match()
163 aa_apply_modes_to_perms(profile, perms); in label_compound_match()
164 if ((perms->allow & request) != request) in label_compound_match()
170 *perms = nullperms; in label_compound_match()
193 struct aa_perms *perms) in label_components_match() argument
219 aa_perms_accum(perms, &tmp); in label_components_match()
229 aa_perms_accum(perms, &tmp); in label_components_match()
232 if ((perms->allow & request) != request) in label_components_match()
238 *perms = nullperms; in label_components_match()
256 struct aa_perms *perms) in label_match() argument
260 *perms = nullperms; in label_match()
262 request, perms); in label_match()
266 *perms = allperms; in label_match()
268 request, perms); in label_match()
291 struct aa_perms *perms) in change_profile_perms() argument
294 perms->allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC; in change_profile_perms()
295 perms->audit = perms->quiet = perms->kill = 0; in change_profile_perms()
300 return label_match(profile, target, stack, start, true, request, perms); in change_profile_perms()
332 struct aa_perms *perms; in aa_xattrs_match() local
344 perms = aa_lookup_perms(attach->xmatch, state); in aa_xattrs_match()
345 if (!(perms->allow & MAY_EXEC)) { in aa_xattrs_match()
423 struct aa_perms *perms; in find_attach() local
428 perms = aa_lookup_perms(attach->xmatch, state); in find_attach()
430 if (perms->allow & MAY_EXEC) { in find_attach()
670 struct aa_perms perms = {}; in profile_transition() local
703 perms.audit |= MAY_EXEC; in profile_transition()
704 perms.allow |= MAY_EXEC; in profile_transition()
706 (void) aa_audit_file(subj_cred, profile, &perms, in profile_transition()
719 state = aa_str_perms(rules->file, state, name, cond, &perms); in profile_transition()
720 if (perms.allow & MAY_EXEC) { in profile_transition()
722 new = x_to_label(profile, bprm, name, perms.xindex, &target, in profile_transition()
731 perms.audit |= MAY_EXEC; in profile_transition()
742 perms.allow &= ~MAY_EXEC; in profile_transition()
761 perms.xindex |= AA_X_UNSAFE; in profile_transition()
770 if (!(perms.xindex & AA_X_UNSAFE)) { in profile_transition()
781 aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, in profile_transition()
800 struct aa_perms perms = {}; in profile_onexec() local
832 state = aa_str_perms(rules->file, state, xname, cond, &perms); in profile_onexec()
833 if (!(perms.allow & AA_MAY_ONEXEC)) { in profile_onexec()
843 state, &perms); in profile_onexec()
845 perms.allow &= ~AA_MAY_ONEXEC; in profile_onexec()
849 if (!(perms.xindex & AA_X_UNSAFE)) { in profile_onexec()
860 return aa_audit_file(subj_cred, profile, &perms, OP_EXEC, in profile_onexec()
1227 struct aa_perms perms = {}; in aa_change_hat() local
1338 perms.kill = AA_MAY_CHANGEHAT; in aa_change_hat()
1342 aa_audit_file(subj_cred, profile, &perms, OP_CHANGE_HAT, in aa_change_hat()
1354 u32 request, struct aa_perms *perms) in change_profile_perms_wrapper() argument
1363 perms); in change_profile_perms_wrapper()
1365 error = aa_audit_file(subj_cred, profile, perms, op, request, in change_profile_perms_wrapper()
1392 struct aa_perms perms = {}; in aa_change_profile() local
1448 perms.audit = request; in aa_change_profile()
1450 aa_audit_file(subj_cred, profile, &perms, op, in aa_change_profile()
1453 perms.audit = 0; in aa_change_profile()
1499 request, &perms)); in aa_change_profile()
1553 perms.allow = 0; in aa_change_profile()
1570 profile, &perms, op, request, auditname, in aa_change_profile()