Lines Matching refs:label
158 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
159 AA_BUG(l != &profile->label); in __add_profile()
200 aa_label_remove(&profile->label); in __remove_profile()
255 kfree_sensitive(rules->secmark[i].label); in free_ruleset()
303 free_ruleset(profile->label.rules[i]); in aa_free_profile()
316 aa_label_destroy(&profile->label); in aa_free_profile()
338 profile = kzalloc(struct_size(profile, label.rules, 1), gfp); in aa_alloc_profile()
344 if (!aa_label_init(&profile->label, 1, gfp)) in aa_alloc_profile()
348 profile->label.rules[0] = aa_alloc_ruleset(gfp); in aa_alloc_profile()
349 if (!profile->label.rules[0]) in aa_alloc_profile()
355 proxy = aa_alloc_proxy(&profile->label, gfp); in aa_alloc_profile()
360 profile->label.proxy = proxy; in aa_alloc_profile()
362 profile->label.hname = profile->base.hname; in aa_alloc_profile()
363 profile->label.flags |= FLAG_PROFILE; in aa_alloc_profile()
364 profile->label.vec[0] = profile; in aa_alloc_profile()
382 if (RULE_MEDIATES(profile->label.rules[i], class)) in ANY_RULE_MEDIATES()
401 profile->label.mediates |= ((u64) 1) << AA_CLASS_NS; in aa_compute_profile_mediates()
407 profile->label.mediates |= ((u64) 1) << c; in aa_compute_profile_mediates()
657 profile->label.flags |= FLAG_NULL; in aa_alloc_null()
659 rules = profile->label.rules[0]; in aa_alloc_null()
667 profile->label.mediates = parent->label.mediates; in aa_alloc_null()
731 profile->label.flags |= FLAG_HAT; in aa_new_learning_profile()
767 if (profile->label.flags & FLAG_IMMUTIBLE) { in replacement_allowed()
822 struct aa_label *label, in policy_ns_capable() argument
830 err = aa_capable(subj_cred, label, cap, CAP_OPT_NONE); in policy_ns_capable()
847 struct aa_label *label, struct aa_ns *ns) in aa_policy_view_capable() argument
850 struct aa_ns *view_ns = labels_view(label); in aa_policy_view_capable()
867 struct aa_label *label, struct aa_ns *ns) in aa_policy_admin_capable() argument
870 bool capable = policy_ns_capable(subj_cred, label, user_ns, in aa_policy_admin_capable()
876 return aa_policy_view_capable(subj_cred, label, ns) && capable && in aa_policy_admin_capable()
882 struct aa_label *label; in aa_current_policy_view_capable() local
885 label = __begin_current_label_crit_section(&needput); in aa_current_policy_view_capable()
886 res = aa_policy_view_capable(current_cred(), label, ns); in aa_current_policy_view_capable()
887 __end_current_label_crit_section(label, needput); in aa_current_policy_view_capable()
894 struct aa_label *label; in aa_current_policy_admin_capable() local
897 label = __begin_current_label_crit_section(&needput); in aa_current_policy_admin_capable()
898 res = aa_policy_admin_capable(current_cred(), label, ns); in aa_current_policy_admin_capable()
899 __end_current_label_crit_section(label, needput); in aa_current_policy_admin_capable()
913 int aa_may_manage_policy(const struct cred *subj_cred, struct aa_label *label, in aa_may_manage_policy() argument
927 return audit_policy(label, op, NULL, NULL, "policy_locked", in aa_may_manage_policy()
930 if (!aa_policy_admin_capable(subj_cred, label, ns)) in aa_may_manage_policy()
931 return audit_policy(label, op, NULL, NULL, "not policy admin", in aa_may_manage_policy()
1006 aa_label_replace(&old->label, &new->label); in __replace_profile()
1051 new->label.hname = old->label.hname; in share_name()
1089 ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, in aa_replace_profiles() argument
1132 ns = aa_prepare_ns(policy_ns ? policy_ns : labels_ns(label), in aa_replace_profiles()
1143 ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(label)); in aa_replace_profiles()
1262 audit_policy(label, op, ns_name, ent->new->base.hname, in aa_replace_profiles()
1266 aa_put_proxy(ent->new->label.proxy); in aa_replace_profiles()
1267 ent->new->label.proxy = NULL; in aa_replace_profiles()
1275 audit_policy(label, op, ns_name, ent->new->base.hname, NULL, in aa_replace_profiles()
1314 audit_policy(label, op, ns_name, ent ? ent->new->base.hname : NULL, in aa_replace_profiles()
1325 audit_policy(label, op, ns_name, tmp->new->base.hname, info, in aa_replace_profiles()