Lines Matching refs:profile
146 static void __add_profile(struct list_head *list, struct aa_profile *profile) in __add_profile() argument
151 AA_BUG(!profile); in __add_profile()
152 AA_BUG(!profile->ns); in __add_profile()
153 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
155 list_add_rcu(&profile->base.list, list); in __add_profile()
157 aa_get_profile(profile); in __add_profile()
158 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
159 AA_BUG(l != &profile->label); in __add_profile()
175 static void __list_remove_profile(struct aa_profile *profile) in __list_remove_profile() argument
177 AA_BUG(!profile); in __list_remove_profile()
178 AA_BUG(!profile->ns); in __list_remove_profile()
179 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __list_remove_profile()
181 list_del_rcu(&profile->base.list); in __list_remove_profile()
182 aa_put_profile(profile); in __list_remove_profile()
191 static void __remove_profile(struct aa_profile *profile) in __remove_profile() argument
193 AA_BUG(!profile); in __remove_profile()
194 AA_BUG(!profile->ns); in __remove_profile()
195 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __remove_profile()
198 __aa_profile_list_release(&profile->base.profiles); in __remove_profile()
200 aa_label_remove(&profile->label); in __remove_profile()
201 __aafs_profile_rmdir(profile); in __remove_profile()
202 __list_remove_profile(profile); in __remove_profile()
213 struct aa_profile *profile, *tmp; in __aa_profile_list_release() local
214 list_for_each_entry_safe(profile, tmp, head, base.list) in __aa_profile_list_release()
215 __remove_profile(profile); in __aa_profile_list_release()
279 void aa_free_profile(struct aa_profile *profile) in aa_free_profile() argument
283 AA_DEBUG(DEBUG_POLICY, "%s(%p)\n", __func__, profile); in aa_free_profile()
285 if (!profile) in aa_free_profile()
289 aa_policy_destroy(&profile->base); in aa_free_profile()
290 aa_put_profile(rcu_access_pointer(profile->parent)); in aa_free_profile()
292 aa_put_ns(profile->ns); in aa_free_profile()
293 kfree_sensitive(profile->rename); in aa_free_profile()
294 kfree_sensitive(profile->disconnected); in aa_free_profile()
296 free_attachment(&profile->attach); in aa_free_profile()
302 for (int i = 0; i < profile->n_rules; i++) in aa_free_profile()
303 free_ruleset(profile->label.rules[i]); in aa_free_profile()
305 kfree_sensitive(profile->dirname); in aa_free_profile()
307 if (profile->data) { in aa_free_profile()
308 rht = profile->data; in aa_free_profile()
309 profile->data = NULL; in aa_free_profile()
314 kfree_sensitive(profile->hash); in aa_free_profile()
315 aa_put_loaddata(profile->rawdata); in aa_free_profile()
316 aa_label_destroy(&profile->label); in aa_free_profile()
318 kfree_sensitive(profile); in aa_free_profile()
332 struct aa_profile *profile; in aa_alloc_profile() local
338 profile = kzalloc(struct_size(profile, label.rules, 1), gfp); in aa_alloc_profile()
339 if (!profile) in aa_alloc_profile()
342 if (!aa_policy_init(&profile->base, NULL, hname, gfp)) in aa_alloc_profile()
344 if (!aa_label_init(&profile->label, 1, gfp)) in aa_alloc_profile()
348 profile->label.rules[0] = aa_alloc_ruleset(gfp); in aa_alloc_profile()
349 if (!profile->label.rules[0]) in aa_alloc_profile()
351 profile->n_rules = 1; in aa_alloc_profile()
355 proxy = aa_alloc_proxy(&profile->label, gfp); in aa_alloc_profile()
360 profile->label.proxy = proxy; in aa_alloc_profile()
362 profile->label.hname = profile->base.hname; in aa_alloc_profile()
363 profile->label.flags |= FLAG_PROFILE; in aa_alloc_profile()
364 profile->label.vec[0] = profile; in aa_alloc_profile()
366 profile->signal = SIGKILL; in aa_alloc_profile()
368 return profile; in aa_alloc_profile()
371 aa_free_profile(profile); in aa_alloc_profile()
376 static inline bool ANY_RULE_MEDIATES(struct aa_profile *profile, in ANY_RULE_MEDIATES() argument
381 for (i = 0; i < profile->n_rules; i++) { in ANY_RULE_MEDIATES()
382 if (RULE_MEDIATES(profile->label.rules[i], class)) in ANY_RULE_MEDIATES()
392 void aa_compute_profile_mediates(struct aa_profile *profile) in aa_compute_profile_mediates() argument
396 if (profile_unconfined(profile)) { in aa_compute_profile_mediates()
400 if (ANY_RULE_MEDIATES(profile, *pos)) in aa_compute_profile_mediates()
401 profile->label.mediates |= ((u64) 1) << AA_CLASS_NS; in aa_compute_profile_mediates()
406 if (ANY_RULE_MEDIATES(profile, c)) in aa_compute_profile_mediates()
407 profile->label.mediates |= ((u64) 1) << c; in aa_compute_profile_mediates()
452 struct aa_profile *profile; in aa_find_child() local
456 profile = __find_child(&parent->base.profiles, name); in aa_find_child()
457 } while (profile && !aa_get_profile_not0(profile)); in aa_find_child()
461 return profile; in aa_find_child()
481 struct aa_profile *profile = NULL; in __lookup_parent() local
487 profile = __strn_find_child(&policy->profiles, hname, in __lookup_parent()
489 if (!profile) in __lookup_parent()
491 policy = &profile->base; in __lookup_parent()
495 if (!profile) in __lookup_parent()
497 return &profile->base; in __lookup_parent()
516 struct aa_profile *parent, *profile = NULL; in __create_missing_ancestors() local
525 parent = profile; in __create_missing_ancestors()
526 profile = __strn_find_child(&policy->profiles, hname, in __create_missing_ancestors()
528 if (!profile) { in __create_missing_ancestors()
533 profile = aa_alloc_null(parent, name, gfp); in __create_missing_ancestors()
535 if (!profile) in __create_missing_ancestors()
538 profile->ns = aa_get_ns(ns); in __create_missing_ancestors()
540 policy = &profile->base; in __create_missing_ancestors()
544 if (!profile) in __create_missing_ancestors()
546 return &profile->base; in __create_missing_ancestors()
564 struct aa_profile *profile = NULL; in __lookupn_profile() local
569 profile = __strn_find_child(&base->profiles, hname, in __lookupn_profile()
571 if (!profile) in __lookupn_profile()
574 base = &profile->base; in __lookupn_profile()
601 struct aa_profile *profile; in aa_lookupn_profile() local
605 profile = __lookupn_profile(&ns->base, hname, n); in aa_lookupn_profile()
606 } while (profile && !aa_get_profile_not0(profile)); in aa_lookupn_profile()
610 if (!profile && strncmp(hname, "unconfined", n) == 0) in aa_lookupn_profile()
611 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile()
614 return profile; in aa_lookupn_profile()
620 struct aa_profile *profile; in aa_fqlookupn_profile() local
634 profile = aa_lookupn_profile(ns, name, n - (name - fqname)); in aa_fqlookupn_profile()
637 profile = aa_get_newest_profile(ns->unconfined); in aa_fqlookupn_profile()
639 profile = NULL; in aa_fqlookupn_profile()
642 return profile; in aa_fqlookupn_profile()
649 struct aa_profile *profile; in aa_alloc_null() local
652 profile = aa_alloc_profile(name, NULL, gfp); in aa_alloc_null()
653 if (!profile) in aa_alloc_null()
657 profile->label.flags |= FLAG_NULL; in aa_alloc_null()
658 profile->attach.xmatch = aa_get_pdb(nullpdb); in aa_alloc_null()
659 rules = profile->label.rules[0]; in aa_alloc_null()
662 aa_compute_profile_mediates(profile); in aa_alloc_null()
665 profile->path_flags = parent->path_flags; in aa_alloc_null()
667 profile->label.mediates = parent->label.mediates; in aa_alloc_null()
669 rcu_assign_pointer(profile->parent, aa_get_profile(parent)); in aa_alloc_null()
670 profile->ns = aa_get_ns(parent->ns); in aa_alloc_null()
673 return profile; in aa_alloc_null()
697 struct aa_profile *p, *profile; in aa_new_learning_profile() local
722 profile = aa_find_child(parent, bname); in aa_new_learning_profile()
723 if (profile) in aa_new_learning_profile()
726 profile = aa_alloc_null(parent, name, gfp); in aa_new_learning_profile()
727 if (!profile) in aa_new_learning_profile()
729 profile->mode = APPARMOR_COMPLAIN; in aa_new_learning_profile()
731 profile->label.flags |= FLAG_HAT; in aa_new_learning_profile()
733 mutex_lock_nested(&profile->ns->lock, profile->ns->level); in aa_new_learning_profile()
736 aa_free_profile(profile); in aa_new_learning_profile()
737 profile = aa_get_profile(p); in aa_new_learning_profile()
739 __add_profile(&parent->base.profiles, profile); in aa_new_learning_profile()
741 mutex_unlock(&profile->ns->lock); in aa_new_learning_profile()
747 return profile; in aa_new_learning_profile()
751 aa_free_profile(profile); in aa_new_learning_profile()
763 static int replacement_allowed(struct aa_profile *profile, int noreplace, in replacement_allowed() argument
766 if (profile) { in replacement_allowed()
767 if (profile->label.flags & FLAG_IMMUTIBLE) { in replacement_allowed()
939 struct aa_profile *profile) in __list_lookup_parent() argument
941 const char *base = basename(profile->base.hname); in __list_lookup_parent()
942 long len = base - profile->base.hname; in __list_lookup_parent()
951 if (ent->new == profile) in __list_lookup_parent()
953 if (strncmp(ent->new->base.hname, profile->base.hname, len) == in __list_lookup_parent()
1354 struct aa_profile *profile = NULL; in aa_remove_profiles() local
1390 profile = aa_get_profile(__lookup_profile(&ns->base, name)); in aa_remove_profiles()
1391 if (!profile) { in aa_remove_profiles()
1396 name = profile->base.hname; in aa_remove_profiles()
1398 __remove_profile(profile); in aa_remove_profiles()
1407 aa_put_profile(profile); in aa_remove_profiles()