Lines Matching refs:ns
115 AA_BUG(!profile->ns); in __add_profile()
116 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __add_profile()
121 l = aa_label_insert(&profile->ns->labels, &profile->label); in __add_profile()
141 AA_BUG(!profile->ns); in __list_remove_profile()
142 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __list_remove_profile()
157 AA_BUG(!profile->ns); in __remove_profile()
158 AA_BUG(!mutex_is_locked(&profile->ns->lock)); in __remove_profile()
219 aa_put_ns(profile->ns); in aa_free_profile()
360 static struct aa_policy *__lookup_parent(struct aa_ns *ns, in __lookup_parent() argument
367 policy = &ns->base; in __lookup_parent()
379 return &ns->base; in __lookup_parent()
432 struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname, in aa_lookupn_profile() argument
439 profile = __lookupn_profile(&ns->base, hname, n); in aa_lookupn_profile()
445 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile()
451 struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname) in aa_lookup_profile() argument
453 return aa_lookupn_profile(ns, hname, strlen(hname)); in aa_lookup_profile()
460 struct aa_ns *ns; in aa_fqlookupn_profile() local
466 ns = aa_lookupn_ns(labels_ns(base), ns_name, ns_len); in aa_fqlookupn_profile()
467 if (!ns) in aa_fqlookupn_profile()
470 ns = aa_get_ns(labels_ns(base)); in aa_fqlookupn_profile()
473 profile = aa_lookupn_profile(ns, name, n - (name - fqname)); in aa_fqlookupn_profile()
474 else if (ns) in aa_fqlookupn_profile()
476 profile = aa_get_newest_profile(ns->unconfined); in aa_fqlookupn_profile()
479 aa_put_ns(ns); in aa_fqlookupn_profile()
525 atomic_inc_return(&parent->ns->uniq_null)); in aa_new_null_profile()
546 profile->ns = aa_get_ns(parent->ns); in aa_new_null_profile()
550 mutex_lock_nested(&profile->ns->lock, profile->ns->level); in aa_new_null_profile()
558 mutex_unlock(&profile->ns->lock); in aa_new_null_profile()
600 if (aad(sa)->iface.ns) { in audit_cb()
602 audit_log_untrustedstring(ab, aad(sa)->iface.ns); in audit_cb()
623 aad(&sa)->iface.ns = ns_name; in audit_policy()
659 bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns) in aa_policy_view_capable() argument
666 if (!ns) in aa_policy_view_capable()
667 ns = view_ns; in aa_policy_view_capable()
669 if (root_in_user_ns && aa_ns_visible(view_ns, ns, true) && in aa_policy_view_capable()
678 bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns) in aa_policy_admin_capable() argument
686 return aa_policy_view_capable(label, ns) && capable && in aa_policy_admin_capable()
690 bool aa_current_policy_view_capable(struct aa_ns *ns) in aa_current_policy_view_capable() argument
696 res = aa_policy_view_capable(label, ns); in aa_current_policy_view_capable()
702 bool aa_current_policy_admin_capable(struct aa_ns *ns) in aa_current_policy_admin_capable() argument
708 res = aa_policy_admin_capable(label, ns); in aa_current_policy_admin_capable()
721 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, u32 mask) in aa_may_manage_policy() argument
737 if (!aa_policy_admin_capable(label, ns)) in aa_may_manage_policy()
837 static int __lookup_replace(struct aa_ns *ns, const char *hname, in __lookup_replace() argument
841 *p = aa_get_profile(__lookup_profile(&ns->base, hname)); in __lookup_replace()
870 mutex_is_locked(&new->ns->lock)); in update_to_newest_parent()
901 struct aa_ns *ns = NULL; in aa_replace_profiles() local
940 ns = aa_prepare_ns(policy_ns ? policy_ns : labels_ns(label), in aa_replace_profiles()
942 if (IS_ERR(ns)) { in aa_replace_profiles()
945 error = PTR_ERR(ns); in aa_replace_profiles()
946 ns = NULL; in aa_replace_profiles()
951 ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(label)); in aa_replace_profiles()
953 mutex_lock_nested(&ns->lock, ns->level); in aa_replace_profiles()
955 list_for_each_entry(rawdata_ent, &ns->rawdata_list, list) { in aa_replace_profiles()
973 error = __lookup_replace(ns, ent->new->base.hname, in aa_replace_profiles()
980 error = __lookup_replace(ns, ent->new->rename, in aa_replace_profiles()
988 ent->new->ns = aa_get_ns(ns); in aa_replace_profiles()
994 policy = __lookup_parent(ns, ent->new->base.hname); in aa_replace_profiles()
1004 } else if (policy != &ns->base) { in aa_replace_profiles()
1013 error = __aa_fs_create_rawdata(ns, udata); in aa_replace_profiles()
1028 parent = ns_subprofs_dir(ent->new->ns); in aa_replace_profiles()
1039 __aa_bump_ns_revision(ns); in aa_replace_profiles()
1040 __aa_loaddata_update(udata, ns->revision); in aa_replace_profiles()
1075 lh = &ns->base.profiles; in aa_replace_profiles()
1081 __aa_labelset_update_subtree(ns); in aa_replace_profiles()
1082 mutex_unlock(&ns->lock); in aa_replace_profiles()
1085 aa_put_ns(ns); in aa_replace_profiles()
1094 mutex_unlock(&ns->lock); in aa_replace_profiles()
1138 struct aa_ns *ns = NULL; in aa_remove_profiles() local
1155 ns = aa_lookupn_ns(policy_ns ? policy_ns : labels_ns(subj), in aa_remove_profiles()
1157 if (!ns) { in aa_remove_profiles()
1164 ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(subj)); in aa_remove_profiles()
1168 mutex_lock_nested(&ns->parent->lock, ns->level); in aa_remove_profiles()
1169 __aa_bump_ns_revision(ns); in aa_remove_profiles()
1170 __aa_remove_ns(ns); in aa_remove_profiles()
1171 mutex_unlock(&ns->parent->lock); in aa_remove_profiles()
1174 mutex_lock_nested(&ns->lock, ns->level); in aa_remove_profiles()
1175 profile = aa_get_profile(__lookup_profile(&ns->base, name)); in aa_remove_profiles()
1182 __aa_bump_ns_revision(ns); in aa_remove_profiles()
1184 __aa_labelset_update_subtree(ns); in aa_remove_profiles()
1185 mutex_unlock(&ns->lock); in aa_remove_profiles()
1191 aa_put_ns(ns); in aa_remove_profiles()
1196 mutex_unlock(&ns->lock); in aa_remove_profiles()
1197 aa_put_ns(ns); in aa_remove_profiles()