Lines Matching defs:profile
115 * @profile: the profile being enforced (NOT NULL)
130 static int audit_mount(struct aa_profile *profile, const char *op,
142 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
160 AUDIT_MODE(profile) != AUDIT_NOQUIET &&
161 AUDIT_MODE(profile) != AUDIT_ALL)
178 return aa_audit(audit_type, profile, &sa, audit_cb);
293 static int path_flags(struct aa_profile *profile, const struct path *path)
295 AA_BUG(!profile);
298 return profile->path_flags |
304 * @profile: the confining profile
316 static int match_mnt_path_str(struct aa_profile *profile,
326 AA_BUG(!profile);
330 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
333 error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,
334 &mntpnt, &info, profile->disconnected);
345 pos = do_match_mnt(profile->policy.dfa,
346 profile->policy.start[AA_CLASS_MOUNT],
355 return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,
361 * @profile: the confining profile
373 static int match_mnt(struct aa_profile *profile, const struct path *path,
381 AA_BUG(!profile);
384 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
388 error = aa_path_name(devpath, path_flags(profile, devpath),
390 profile->disconnected);
395 return match_mnt_path_str(profile, path, buffer, devname, type, flags,
402 struct aa_profile *profile;
415 error = fn_for_each_confined(label, profile,
416 match_mnt(profile, path, buffer, NULL, NULL, NULL,
426 struct aa_profile *profile;
449 error = fn_for_each_confined(label, profile,
450 match_mnt(profile, path, buffer, &old_path, old_buffer,
463 struct aa_profile *profile;
477 error = fn_for_each_confined(label, profile,
478 match_mnt(profile, path, buffer, NULL, NULL, NULL,
488 struct aa_profile *profile;
508 error = fn_for_each_confined(label, profile,
509 match_mnt(profile, path, buffer, &old_path, old_buffer,
523 struct aa_profile *profile;
565 error = fn_for_each_confined(label, profile,
566 match_mnt(profile, path, buffer, dev_path, dev_buffer,
569 error = fn_for_each_confined(label, profile,
570 match_mnt_path_str(profile, path, buffer, dev_name,
583 static int profile_umount(struct aa_profile *profile, struct path *path,
591 AA_BUG(!profile);
594 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
597 error = aa_path_name(path, path_flags(profile, path), buffer, &name,
598 &info, profile->disconnected);
602 state = aa_dfa_match(profile->policy.dfa,
603 profile->policy.start[AA_CLASS_MOUNT],
605 perms = compute_mnt_perms(profile->policy.dfa, state);
610 return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,
616 struct aa_profile *profile;
628 error = fn_for_each_confined(label, profile,
629 profile_umount(profile, &path, buffer));
639 static struct aa_label *build_pivotroot(struct aa_profile *profile,
651 AA_BUG(!profile);
655 if (profile_unconfined(profile) ||
656 !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
657 return aa_get_newest_label(&profile->label);
659 error = aa_path_name(old_path, path_flags(profile, old_path),
661 profile->disconnected);
664 error = aa_path_name(new_path, path_flags(profile, new_path),
666 profile->disconnected);
671 state = aa_dfa_match(profile->policy.dfa,
672 profile->policy.start[AA_CLASS_MOUNT],
674 state = aa_dfa_null_transition(profile->policy.dfa, state);
675 state = aa_dfa_match(profile->policy.dfa, state, old_name);
676 perms = compute_mnt_perms(profile->policy.dfa, state);
682 error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,
688 return aa_get_newest_label(&profile->label);
694 struct aa_profile *profile;
708 target = fn_label_build(label, profile, GFP_KERNEL,
709 build_pivotroot(profile, new_path, new_buffer,
734 error = fn_for_each(label, profile,
735 audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,