xref: /security/apparmor/file.c

149 		     struct aa_label *label,  in path_name()  argument
158 			     labels_profile(label)->disconnected);  in path_name()
160 		fn_for_each_confined(label, profile,  in path_name()
226 	struct aa_ruleset *rules = profile->label.rules[0];  in __aa_path_perm()
254 	error = path_name(op, subj_cred, &profile->label, path,  in profile_path_perm()
276 		 struct aa_label *label,  in aa_path_perm()  argument
290 	error = fn_for_each_confined(label, profile,  in aa_path_perm()
325 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_path_link()
333 	error = path_name(OP_LINK, subj_cred, &profile->label, link,  in profile_path_link()
340 	error = path_name(OP_LINK, subj_cred, &profile->label, target,  in profile_path_link()
426 		 struct aa_label *label, struct dentry *old_dentry,  in aa_path_link()  argument
448 	error = fn_for_each_confined(label, profile,  in aa_path_link()
457 static void update_file_ctx(struct aa_file_ctx *fctx, struct aa_label *label,  in update_file_ctx()  argument
464 	old = rcu_dereference_protected(fctx->label,  in update_file_ctx()
466 	l = aa_label_merge(old, label, GFP_ATOMIC);  in update_file_ctx()
469 			rcu_assign_pointer(fctx->label, l);  in update_file_ctx()
479 			    struct aa_label *label,  in __file_path_perm()  argument
495 	if (!denied && aa_label_is_subset(flabel, label))  in __file_path_perm()
505 	error = fn_for_each_not_in_set(flabel, label, profile,  in __file_path_perm()
518 		if (label == flabel)  in __file_path_perm()
519 			error = fn_for_each(label, profile,  in __file_path_perm()
525 			error = fn_for_each_not_in_set(label, flabel, profile,  in __file_path_perm()
532 		update_file_ctx(file_ctx(file), label, request);  in __file_path_perm()
540 			    struct aa_label *label,  in __file_sock_perm()  argument
547 	if (!denied && aa_label_is_subset(flabel, label))  in __file_sock_perm()
551 	error = aa_sock_file_perm(subj_cred, label, op, request, file);  in __file_sock_perm()
559 		update_file_ctx(file_ctx(file), label, request);  in __file_sock_perm()
570 static bool __unix_needs_revalidation(struct file *file, struct aa_label *label,  in __unix_needs_revalidation()  argument
587 		return !__aa_subj_label_is_cached(rcu_dereference(ctx->label),  in __unix_needs_revalidation()
588 						  label);  in __unix_needs_revalidation()
605 		 struct aa_label *label, struct file *file,  in aa_file_perm()  argument
613 	AA_BUG(!label);  in aa_file_perm()
619 	flabel  = rcu_dereference(fctx->label);  in aa_file_perm()
630 	if (unconfined(label) || __file_is_delegated(flabel) ||  in aa_file_perm()
631 	    __unix_needs_revalidation(file, label, request) ||  in aa_file_perm()
632 	    (!denied && __aa_subj_label_is_cached(label, flabel))) {  in aa_file_perm()
642 		error = __file_path_perm(op, subj_cred, label, flabel, file,  in aa_file_perm()
646 		error = __file_sock_perm(op, subj_cred, label, flabel, file,  in aa_file_perm()
654 static void revalidate_tty(const struct cred *subj_cred, struct aa_label *label)  in revalidate_tty()  argument
672 		if (aa_file_perm(OP_INHERIT, subj_cred, label, file,  in revalidate_tty()
685 	struct aa_label *label;  member
692 	if (aa_file_perm(OP_INHERIT, cl->cred, cl->label, file,  in match_file()
702 	struct aa_label *label = aa_get_newest_cred_label(cred);  in aa_inherit_files()  local
705 		.label = label,  in aa_inherit_files()
710 	revalidate_tty(cred, label);  in aa_inherit_files()
727 	aa_put_label(label);  in aa_inherit_files()

Last Index update Fri Aug 22 10:33:58 CST 2025