| /security/apparmor/ |
| A D | policy.c | 158 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
285 if (!profile) in aa_free_profile()
339 if (!profile) in aa_alloc_profile()
362 profile->label.hname = profile->base.hname; in aa_alloc_profile()
364 profile->label.vec[0] = profile; in aa_alloc_profile()
457 } while (profile && !aa_get_profile_not0(profile)); in aa_find_child()
495 if (!profile) in __lookup_parent()
544 if (!profile) in __create_missing_ancestors()
606 } while (profile && !aa_get_profile_not0(profile)); in aa_lookupn_profile()
653 if (!profile) in aa_alloc_null()
[all …]
|
| A D | domain.c | 101 if (profile->ns == tp->ns) in match_component()
406 &profile->label == ns_unconfined(profile->ns)) in find_attach()
445 aa_put_profile(profile); in find_attach()
474 candidate = profile; in find_attach()
484 candidate = profile; in find_attach()
674 AA_BUG(!profile); in profile_transition()
804 AA_BUG(!profile); in profile_onexec()
874 struct aa_profile *profile; in handle_onexec() local
922 struct aa_profile *profile; in apparmor_bprm_creds_for_exec() local
1226 struct aa_profile *profile; in aa_change_hat() local
[all …]
|
| A D | mount.c | 283 AA_BUG(!profile); in path_flags()
286 return profile->path_flags | in path_flags()
317 AA_BUG(!profile); in match_mnt_path_str()
376 AA_BUG(!profile); in match_mnt()
398 struct aa_profile *profile; in aa_remount() local
424 struct aa_profile *profile; in aa_bind_mount() local
462 struct aa_profile *profile; in aa_mount_change_type() local
489 struct aa_profile *profile; in aa_move_mount() local
539 struct aa_profile *profile; in aa_new_mount() local
611 AA_BUG(!profile); in profile_umount()
[all …]
|
| A D | capability.c | 84 } else if (KILL_MODE(profile) || in audit_caps()
88 AUDIT_MODE(profile) != AUDIT_NOQUIET && in audit_caps()
89 AUDIT_MODE(profile) != AUDIT_ALL) { in audit_caps()
99 if (COMPLAIN_MODE(profile)) in audit_caps()
109 return aa_audit(type, profile, ad, audit_cb); in audit_caps()
137 aa_apply_modes_to_perms(profile, &perms); in profile_capable()
157 if (!COMPLAIN_MODE(profile)) in profile_capable()
165 return audit_caps(ad, profile, cap, error); in profile_capable()
182 struct aa_profile *profile; in aa_capable() local
211 aa_apply_modes_to_perms(profile, &perms); in aa_profile_capget()
[all …]
|
| A D | af_unix.c | 178 AA_BUG(!profile); in match_label()
208 AA_BUG(!profile); in profile_create_perm()
233 AA_BUG(!profile); in profile_sk_perm()
241 &profile->label, in profile_sk_perm()
261 AA_BUG(!profile); in profile_bind_perm()
292 AA_BUG(!profile); in profile_listen_perm()
329 AA_BUG(!profile); in profile_accept_perm()
359 AA_BUG(!profile); in profile_opt_perm()
399 AA_BUG(!profile); in profile_peer_perm()
490 struct aa_profile *profile; in aa_unix_bind_perm() local
[all …]
|
| A D | ipc.c | 79 struct aa_profile *profile, in profile_signal_perm() argument
83 struct aa_ruleset *rules = profile->label.rules[0]; in profile_signal_perm()
87 if (profile_unconfined(profile)) in profile_signal_perm()
97 aa_label_match(profile, rules, peer, state, false, request, &perms); in profile_signal_perm()
98 aa_apply_modes_to_perms(profile, &perms); in profile_signal_perm()
99 return aa_check_perms(profile, &perms, request, ad, audit_signal_cb); in profile_signal_perm()
106 struct aa_profile *profile; in aa_may_signal() local
111 return xcheck_labels(sender, target, profile, in aa_may_signal()
112 profile_signal_perm(subj_cred, profile, target, in aa_may_signal()
114 profile_signal_perm(target_cred, profile, sender, in aa_may_signal()
|
| A D | audit.c | 120 struct aa_profile *profile = labels_profile(label); in audit_pre() local
122 if (profile->ns != root_ns) { in audit_pre()
125 profile->ns->base.hname); in audit_pre()
166 int aa_audit(int type, struct aa_profile *profile, in aa_audit() argument
170 AA_BUG(!profile); in aa_audit()
174 if (AUDIT_MODE(profile) != AUDIT_ALL) in aa_audit()
177 } else if (COMPLAIN_MODE(profile)) in aa_audit()
182 if (AUDIT_MODE(profile) == AUDIT_QUIET || in aa_audit()
184 AUDIT_MODE(profile) == AUDIT_QUIET_DENIED)) in aa_audit()
190 ad->subj_label = &profile->label; in aa_audit()
[all …]
|
| A D | file.c | 153 struct aa_profile *profile; in path_name() local
229 if (profile_unconfined(profile) || in __aa_path_perm()
243 struct aa_profile *profile, in profile_path_perm() argument
251 if (profile_unconfined(profile)) in profile_path_perm()
281 struct aa_profile *profile; in aa_path_perm() local
334 profile->path_flags, in profile_path_link()
341 profile->path_flags, in profile_path_link()
438 struct aa_profile *profile; in aa_path_link() local
483 struct aa_profile *profile; in __file_path_perm() local
521 profile, &file->f_path, in __file_path_perm()
[all …]
|
| A D | policy_unpack.c | 884 if (!profile) { in unpack_profile()
927 if (profile->signal < 1 || profile->signal > MAXMAPPED_SIG) { in unpack_profile()
971 profile->path_flags |= profile->label.flags & in unpack_profile()
1078 profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL); in unpack_profile()
1079 if (!profile->data) { in unpack_profile()
1136 return profile; in unpack_profile()
1146 if (profile) in unpack_profile()
1151 aa_free_profile(profile); in unpack_profile()
1478 if (IS_ERR(profile)) { in aa_unpack()
1499 ent->new = profile; in aa_unpack()
[all …]
|
| A D | net.c | 171 AA_BUG(!profile); in aa_do_perms()
178 aa_apply_modes_to_perms(profile, &perms); in aa_do_perms()
260 AA_BUG(profile_unconfined(profile)); in aa_profile_af_perm()
262 if (profile_unconfined(profile)) in aa_profile_af_perm()
275 struct aa_profile *profile; in aa_af_perm() local
278 return fn_for_each_confined(label, profile, in aa_af_perm()
295 struct aa_profile *profile; in aa_label_sk_perm() local
299 error = fn_for_each_confined(label, profile, in aa_label_sk_perm()
388 aa_apply_modes_to_perms(profile, &perms); in aa_secmark_perm()
396 struct aa_profile *profile; in apparmor_secmark_check() local
[all …]
|
| A D | task.c | 227 struct aa_profile *profile, in profile_ptrace_perm() argument
231 struct aa_ruleset *rules = profile->label.rules[0]; in profile_ptrace_perm()
238 aa_apply_modes_to_perms(profile, &perms); in profile_ptrace_perm()
292 struct aa_profile *profile; in aa_may_ptrace() local
296 return xcheck_labels(tracer, tracee, profile, in aa_may_ptrace()
297 profile_tracer_perm(tracer_cred, profile, tracee, in aa_may_ptrace()
299 profile_tracee_perm(tracee_cred, profile, tracer, in aa_may_ptrace()
315 int aa_profile_ns_perm(struct aa_profile *profile, in aa_profile_ns_perm() argument
322 ad->subj_label = &profile->label; in aa_profile_ns_perm()
325 if (!profile_unconfined(profile)) { in aa_profile_ns_perm()
[all …]
|
| A D | apparmorfs.c | 714 if (!profile->data) in query_data()
1123 if (profile->hash) { in seq_profile_hash_show()
1531 if (!profile) in __aafs_profile_rmdir()
1594 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent)) in profile_depth()
1696 AA_BUG(!profile); in __aafs_profile_mkdir()
1725 mangle_name(profile->base.name, profile->dirname); in __aafs_profile_mkdir()
1726 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++); in __aafs_profile_mkdir()
1752 if (profile->hash) { in __aafs_profile_mkdir()
2228 profile = next_profile(root, profile); in p_start()
2230 return profile; in p_start()
[all …]
|
| A D | resource.c | 57 struct aa_profile *profile, unsigned int resource, in audit_resource() argument
71 return aa_audit(AUDIT_APPARMOR_AUTO, profile, &ad, audit_cb); in audit_resource()
89 struct aa_profile *profile, unsigned int resource, in profile_setrlimit() argument
92 struct aa_ruleset *rules = profile->label.rules[0]; in profile_setrlimit()
98 return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max, in profile_setrlimit()
118 struct aa_profile *profile; in aa_task_setrlimit() local
135 error = fn_for_each(label, profile, in aa_task_setrlimit()
136 audit_resource(subj_cred, profile, resource, in aa_task_setrlimit()
140 error = fn_for_each_confined(label, profile, in aa_task_setrlimit()
141 profile_setrlimit(subj_cred, profile, resource, in aa_task_setrlimit()
|
| A D | label.c | 326 struct aa_profile *profile; in aa_label_destroy() local
332 aa_put_profile(profile); in aa_label_destroy()
1260 if (profile->ns == tp->ns) in match_component()
1509 AA_BUG(!profile); in aa_profile_snxprint()
1517 *prev_ns = profile->ns; in aa_profile_snxprint()
1527 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) { in aa_profile_snxprint()
1539 profile->base.hname); in aa_profile_snxprint()
1553 if (profile == profile->ns->unconfined) in label_modename()
1560 mode = profile->mode; in label_modename()
1586 profile != profile->ns->unconfined) in display_mode()
[all …]
|
| A D | crypto.c | 36 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, in aa_calc_profile_hash() argument
45 profile->hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL); in aa_calc_profile_hash()
46 if (!profile->hash) in aa_calc_profile_hash()
52 sha256_final(&sctx, profile->hash); in aa_calc_profile_hash()
|
| A D | lib.c | 361 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) in aa_apply_modes_to_perms() argument
363 switch (AUDIT_MODE(profile)) { in aa_apply_modes_to_perms()
378 if (KILL_MODE(profile)) in aa_apply_modes_to_perms()
380 else if (COMPLAIN_MODE(profile)) in aa_apply_modes_to_perms()
382 else if (USER_MODE(profile)) in aa_apply_modes_to_perms()
386 void aa_profile_match_label(struct aa_profile *profile, in aa_profile_match_label() argument
397 aa_label_match(profile, rules, label, state, false, request, perms); in aa_profile_match_label()
418 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms, in aa_check_perms() argument
452 ad->subj_label = &profile->label; in aa_check_perms()
|
| A D | policy_ns.c | 85 struct aa_profile *profile; in alloc_unconfined() local
87 profile = aa_alloc_null(NULL, name, GFP_KERNEL); in alloc_unconfined()
88 if (!profile) in alloc_unconfined()
91 profile->label.flags |= FLAG_IX_ON_NAME_ERROR | in alloc_unconfined()
93 profile->mode = APPARMOR_UNCONFINED; in alloc_unconfined()
95 return profile; in alloc_unconfined()
|
| /security/apparmor/include/ |
| A D | policy.h | 276 void aa_free_profile(struct aa_profile *profile);
335 void aa_compute_profile_mediates(struct aa_profile *profile);
336 static inline bool profile_mediates(struct aa_profile *profile, in profile_mediates() argument
339 return label_mediates(&profile->label, class); in profile_mediates()
342 static inline bool profile_mediates_safe(struct aa_profile *profile, in profile_mediates_safe() argument
345 return label_mediates_safe(&profile->label, class); in profile_mediates_safe()
408 static inline int AUDIT_MODE(struct aa_profile *profile) in AUDIT_MODE() argument
413 return profile->audit; in AUDIT_MODE()
|
| A D | net.h | 88 int aa_do_perms(struct aa_profile *profile, struct aa_policydb *policy,
96 int aa_profile_af_perm(struct aa_profile *profile,
102 static inline int aa_profile_af_sk_perm(struct aa_profile *profile, in aa_profile_af_sk_perm() argument
107 return aa_profile_af_perm(profile, ad, request, sk->sk_family, in aa_profile_af_sk_perm()
|
| A D | crypto.h | 18 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
25 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, in aa_calc_profile_hash() argument
|
| A D | file.h | 75 struct aa_profile *profile, struct aa_perms *perms,
88 struct aa_profile *profile, const char *name,
|
| A D | lib.h | 264 DEFINE_VEC(profile, __pvec); \
279 if (!vec_setup(profile, __pvec, __count, (GFP))) { \
293 vec_cleanup(profile, __pvec, __count); \
|
| /security/tomoyo/ |
| A D | common.c | 490 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
496 ptr = ns->profile_ptr[profile]; in tomoyo_assign_profile()
527 const u8 profile) in tomoyo_profile() argument
613 config = profile->config[i]; in tomoyo_set_mode()
653 profile->config[i] = config; in tomoyo_set_mode()
681 if (!profile) in tomoyo_write_profile()
770 profile->comment; in tomoyo_read_profile()
781 profile->pref[i]); in tomoyo_read_profile()
1193 domain->profile = (u8) idx; in tomoyo_write_domain()
1628 domain->profile); in tomoyo_read_domain()
[all …]
|
| A D | util.c | 992 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, in tomoyo_get_mode() argument
1000 p = tomoyo_profile(ns, profile); in tomoyo_get_mode()
1022 u8 profile; in tomoyo_init_request_info() local
1028 profile = domain->profile; in tomoyo_init_request_info()
1029 r->profile = profile; in tomoyo_init_request_info()
1031 r->mode = tomoyo_get_mode(domain->ns, profile, index); in tomoyo_init_request_info()
1095 if (count < tomoyo_profile(domain->ns, domain->profile)-> in tomoyo_domain_quota_is_ok()
|
| A D | domain.c | 538 !entry->ns->profile_ptr[entry->profile]) in tomoyo_assign_domain()
566 e.profile = domain->profile; in tomoyo_assign_domain()
595 entry->profile); in tomoyo_assign_domain()
628 ee->r.profile = r->domain->profile; in tomoyo_environ()
629 ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, in tomoyo_environ()
|