lib.c - OpenGrok cross reference for /kernel/linux/linux-5.10/security/apparmor/lib.c

Lines Matching refs:perms
20 #include "include/perms.h"
258  * aa_audit_perms_cb - generic callback fn for auditing perms
284  * aa_apply_modes_to_perms - apply namespace and profile flags to perms
285  * @profile: that perms where computed from
286  * @perms: perms to apply mode modifiers to
288  * TODO: split into profile and ns based flags for when accumulating perms
290 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms)
294 		perms->audit = ALL_PERMS_MASK;
297 		perms->quiet = 0;
300 		perms->audit = 0;
303 		perms->quiet = ALL_PERMS_MASK;
308 		perms->kill = ALL_PERMS_MASK;
310 		perms->complain = ALL_PERMS_MASK;
314  *		perms->prompt = ALL_PERMS_MASK;
326 		      struct aa_perms *perms)
328 	*perms = (struct aa_perms) {
337 	perms->allow |= map_other(dfa_other_allow(dfa, state));
338 	perms->audit |= map_other(dfa_other_audit(dfa, state));
339 	perms->quiet |= map_other(dfa_other_quiet(dfa, state));
340 //	perms->xindex = dfa_user_xindex(dfa, state);
344  * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
345  * @accum - perms struct to accumulate into
346  * @addend - perms struct to add to @accum
363  * aa_perms_accum - accumulate perms, masking off overlapping perms
364  * @accum - perms struct to accumulate into
365  * @addend - perms struct to add to @accum
382 			    int type, u32 request, struct aa_perms *perms)
390 	aa_label_match(profile, label, state, false, request, perms);
399 	struct aa_perms perms;
405 	aa_profile_match_label(profile, &target->label, type, request, &perms);
406 	aa_apply_modes_to_perms(profile, &perms);
407 	*deny |= request & perms.deny;
408 	return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb);
412  * aa_check_perms - do audit mode selection based on perms set
414  * @perms: perms computed for the request
415  * @request: requested perms
429 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
434 	u32 denied = request & (~perms->allow | perms->deny);
437 		/* mask off perms that are not being force audited */
438 		request &= perms->audit;
447 		if (denied & perms->kill)
449 		else if (denied == (denied & perms->complain))
454 		if (denied == (denied & perms->hide))
457 		denied &= ~perms->quiet;