xref: /security/apparmor/policy_unpack.c

566 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules)  in unpack_secmark()  argument
576 		rules->secmark = kcalloc(size, sizeof(struct aa_secmark),  in unpack_secmark()
578 		if (!rules->secmark)  in unpack_secmark()
581 		rules->secmark_count = size;  in unpack_secmark()
584 			if (!unpack_u8(e, &rules->secmark[i].audit, NULL))  in unpack_secmark()
586 			if (!unpack_u8(e, &rules->secmark[i].deny, NULL))  in unpack_secmark()
588 			if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL))  in unpack_secmark()
600 	if (rules->secmark) {  in unpack_secmark()
602 			kfree_sensitive(rules->secmark[i].label);  in unpack_secmark()
603 		kfree_sensitive(rules->secmark);  in unpack_secmark()
604 		rules->secmark_count = 0;  in unpack_secmark()
605 		rules->secmark = NULL;  in unpack_secmark()
612 static bool unpack_rlimits(struct aa_ext *e, struct aa_ruleset *rules)  in unpack_rlimits()  argument
623 		rules->rlimits.mask = tmp;  in unpack_rlimits()
633 			rules->rlimits.limits[a].rlim_max = tmp2;  in unpack_rlimits()
846 	struct aa_ruleset *rules;  in unpack_profile()  local
889 	rules = profile->label.rules[0];  in unpack_profile()
978 	if (!aa_unpack_cap_low(e, &rules->caps.allow, NULL))  in unpack_profile()
980 	if (!aa_unpack_cap_low(e, &rules->caps.audit, NULL))  in unpack_profile()
982 	if (!aa_unpack_cap_low(e, &rules->caps.quiet, NULL))  in unpack_profile()
990 		if (!aa_unpack_cap_high(e, &rules->caps.allow, NULL))  in unpack_profile()
992 		if (!aa_unpack_cap_high(e, &rules->caps.audit, NULL))  in unpack_profile()
994 		if (!aa_unpack_cap_high(e, &rules->caps.quiet, NULL))  in unpack_profile()
1005 		if (!aa_unpack_cap_low(e, &rules->caps.extended, NULL))  in unpack_profile()
1007 		if (!aa_unpack_cap_high(e, &rules->caps.extended, NULL))  in unpack_profile()
1018 	if (!unpack_rlimits(e, rules)) {  in unpack_profile()
1023 	if (!unpack_secmark(e, rules)) {  in unpack_profile()
1031 		error = unpack_pdb(e, &rules->policy, true, false,  in unpack_profile()
1036 		if (aa_dfa_next(rules->policy->dfa, rules->policy->start[0],  in unpack_profile()
1038 			rules->policy->start[AA_CLASS_FILE] =  in unpack_profile()
1039 			  aa_dfa_next(rules->policy->dfa,  in unpack_profile()
1040 				      rules->policy->start[0],  in unpack_profile()
1044 		if (!rules->policy->perms) {  in unpack_profile()
1045 			error = aa_compat_map_policy(rules->policy,  in unpack_profile()
1053 		rules->policy = aa_get_pdb(nullpdb);  in unpack_profile()
1056 	error = unpack_pdb(e, &rules->file, false, true, &info);  in unpack_profile()
1059 	} else if (rules->file->dfa) {  in unpack_profile()
1060 		if (!rules->file->perms) {  in unpack_profile()
1061 			error = aa_compat_map_file(rules->file);  in unpack_profile()
1067 	} else if (rules->policy->dfa &&  in unpack_profile()
1068 		   rules->policy->start[AA_CLASS_FILE]) {  in unpack_profile()
1069 		aa_put_pdb(rules->file);  in unpack_profile()
1070 		rules->file = aa_get_pdb(rules->policy);  in unpack_profile()
1072 		aa_put_pdb(rules->file);  in unpack_profile()
1073 		rules->file = aa_get_pdb(nullpdb);  in unpack_profile()
1289 	struct aa_ruleset *rules = profile->label.rules[0];  in verify_profile()  local
1291 	if (!rules)  in verify_profile()
1294 	if (rules->file->dfa && !verify_dfa_accept_index(rules->file->dfa,  in verify_profile()
1295 							rules->file->size)) {  in verify_profile()
1301 	if (rules->policy->dfa &&  in verify_profile()
1302 	    !verify_dfa_accept_index(rules->policy->dfa, rules->policy->size)) {  in verify_profile()
1309 	if (!verify_perms(rules->file)) {  in verify_profile()
1314 	if (!verify_perms(rules->policy)) {  in verify_profile()

Last Index update Fri Aug 22 10:33:58 CST 2025