file.c - OpenGrok cross reference for /kernel/linux/linux-5.10/security/apparmor/file.c

Lines Matching refs:perms
78  * @perms: the permissions computed for the request (NOT NULL)
90 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
109 		u32 mask = perms->audit;
114 		/* mask off perms that are not being force audited */
122 		aad(&sa)->request = aad(&sa)->request & ~perms->allow;
125 		if (aad(&sa)->request & perms->kill)
129 		if ((aad(&sa)->request & perms->quiet) &&
132 			aad(&sa)->request &= ~perms->quiet;
138 	aad(&sa)->denied = aad(&sa)->request & ~perms->allow;
176  * map_old_perms - map old file perms layout to the new layout
203  * aa_compute_fperms - convert dfa compressed perms to internal perms
204  * @dfa: dfa to compute perms for   (NOT NULL)
217 	 * currently file perms are encoded in the dfa, new format
221 	struct aa_perms perms = { };
224 		perms.allow = map_old_perms(dfa_user_allow(dfa, state));
225 		perms.audit = map_old_perms(dfa_user_audit(dfa, state));
226 		perms.quiet = map_old_perms(dfa_user_quiet(dfa, state));
227 		perms.xindex = dfa_user_xindex(dfa, state);
229 		perms.allow = map_old_perms(dfa_other_allow(dfa, state));
230 		perms.audit = map_old_perms(dfa_other_audit(dfa, state));
231 		perms.quiet = map_old_perms(dfa_other_quiet(dfa, state));
232 		perms.xindex = dfa_other_xindex(dfa, state);
234 	perms.allow |= AA_MAY_GETATTR;
238 		perms.allow |= AA_MAY_CHANGE_PROFILE;
240 		perms.allow |= AA_MAY_ONEXEC;
242 	return perms;
251  * @perms: Returns - the permissions found when matching @name
257 			  struct aa_perms *perms)
261 	*perms = aa_compute_fperms(dfa, state, cond);
268 		   struct aa_perms *perms)
274 	aa_str_perms(profile->file.dfa, profile->file.start, name, cond, perms);
275 	if (request & ~perms->allow)
277 	return aa_audit_file(profile, perms, op, request, name, NULL, NULL,
285 			     struct aa_perms *perms)
299 			      perms);
317 	struct aa_perms perms = {};
329 					  cond, flags, &perms));
362 	struct aa_perms lperms = {}, perms;
389 	aa_str_perms(profile->file.dfa, state, tname, cond, &perms);
394 	lperms.audit = perms.audit;
395 	lperms.quiet = perms.quiet;
396 	lperms.kill = perms.kill;
398 	if (!(perms.allow & AA_MAY_LINK)) {
400 		lperms = perms;
405 	if (!(perms.allow & AA_LINK_SUBSET))
412 		     &perms);
416 	lperms.allow &= perms.allow | AA_MAY_LINK;
418 	request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);
422 		   !xindex_is_subset(lperms.xindex, perms.xindex)) {
510 	struct aa_perms perms = {};
531 					  request, &cond, flags, &perms));
537 		 * TODO: cache full perms so this only happens because of
545 						  &perms));
550 						  &perms));