Lines Matching refs:perms
117 * label_compound_match - find perms for full compound label
118 * @profile: profile to find perms for
124 * @perms: perms struct to set
129 * @perms should be preinitialized with allperms OR a previous permission
135 struct aa_perms *perms)
152 *perms = allperms;
164 *perms = aa_compute_fperms(profile->file.dfa, state, &cond);
165 aa_apply_modes_to_perms(profile, perms);
166 if ((perms->allow & request) != request)
172 *perms = nullperms;
177 * label_components_match - find perms for all subcomponents of a label
178 * @profile: profile to find perms for
184 * @perms: an initialized perms struct to add accumulation to
189 * @perms should be preinitialized with allperms OR a previous permission
195 struct aa_perms *perms)
213 /* no subcomponents visible - no change in perms */
219 aa_perms_accum(perms, &tmp);
228 aa_perms_accum(perms, &tmp);
231 if ((perms->allow & request) != request)
237 *perms = nullperms;
249 * @perms: Returns computed perms (NOT NULL)
255 struct aa_perms *perms)
259 *perms = nullperms;
261 request, perms);
265 *perms = allperms;
267 request, perms);
277 * @request: requested perms
289 struct aa_perms *perms)
292 perms->allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC;
293 perms->audit = perms->quiet = perms->kill = 0;
298 return label_match(profile, target, stack, start, true, request, perms);
630 struct aa_perms perms = {};
663 state = aa_str_perms(profile->file.dfa, state, name, cond, &perms);
664 if (perms.allow & MAY_EXEC) {
666 new = x_to_label(profile, bprm, name, perms.xindex, &target,
675 perms.allow &= ~MAY_EXEC;
690 perms.xindex |= AA_X_UNSAFE;
699 if (!(perms.xindex & AA_X_UNSAFE)) {
710 aa_audit_file(profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,
726 struct aa_perms perms = {};
758 state = aa_str_perms(profile->file.dfa, state, xname, cond, &perms);
759 if (!(perms.allow & AA_MAY_ONEXEC)) {
769 state, &perms);
771 perms.allow &= ~AA_MAY_ONEXEC;
775 if (!(perms.xindex & AA_X_UNSAFE)) {
786 return aa_audit_file(profile, &perms, OP_EXEC, AA_MAY_ONEXEC, xname,
1152 struct aa_perms perms = {};
1246 perms.kill = AA_MAY_CHANGEHAT;
1250 aa_audit_file(profile, &perms, OP_CHANGE_HAT,
1261 u32 request, struct aa_perms *perms)
1268 profile->file.start, perms);
1270 error = aa_audit_file(profile, perms, op, request, name,
1295 struct aa_perms perms = {};
1369 * TODO: currently requiring perms for stacking and straight change
1378 request, &perms));
1431 perms.allow = 0;
1447 aa_audit_file(profile, &perms, op, request, auditname,