file.c - OpenGrok cross reference for /kernel/linux/linux-6.6/security/apparmor/file.c

Lines Matching defs:label
25 #include "include/label.h"
87  * @tlabel: target label (MAY BE NULL)
161 		     struct aa_label *label,
170 			     labels_profile(label)->disconnected);
172 		fn_for_each_confined(label, profile,
261 	error = path_name(op, subj_cred, &profile->label, path,
274  * @label: profile being enforced  (NOT NULL)
283 		 struct aa_label *label,
297 	error = fn_for_each_confined(label, profile,
341 	error = path_name(OP_LINK, subj_cred, &profile->label, link,
348 	error = path_name(OP_LINK, subj_cred, &profile->label, target,
417  * @label: the label being enforced  (NOT NULL)
434 		 struct aa_label *label, struct dentry *old_dentry,
454 	error = fn_for_each_confined(label, profile,
463 static void update_file_ctx(struct aa_file_ctx *fctx, struct aa_label *label,
468 	/* update caching of label on file_ctx */
470 	old = rcu_dereference_protected(fctx->label,
472 	l = aa_label_merge(old, label, GFP_ATOMIC);
475 			rcu_assign_pointer(fctx->label, l);
485 			    struct aa_label *label,
500 	/* revalidation due to label out of date. No revocation at this time */
501 	if (!denied && aa_label_is_subset(flabel, label))
510 	/* check every profile in task label not in current cache */
511 	error = fn_for_each_not_in_set(flabel, label, profile,
517 		 * check every profile in file label that was not tested
524 		if (label == flabel)
525 			error = fn_for_each(label, profile,
531 			error = fn_for_each_not_in_set(label, flabel, profile,
538 		update_file_ctx(file_ctx(file), label, request);
546 			    struct aa_label *label,
555 	/* revalidation due to label out of date. No revocation at this time */
556 	if (!denied && aa_label_is_subset(flabel, label))
560 	error = aa_sock_file_perm(subj_cred, label, op, request, sock);
563 		/* check every profile in file label to is cached */
568 		update_file_ctx(file_ctx(file), label, request);
577  * @label: label being enforced   (NOT NULL)
585 		 struct aa_label *label, struct file *file,
593 	AA_BUG(!label);
599 	flabel  = rcu_dereference(fctx->label);
610 	if (unconfined(label) || unconfined(flabel) ||
611 	    (!denied && aa_label_is_subset(flabel, label))) {
618 	/* TODO: label cross check */
621 		error = __file_path_perm(op, subj_cred, label, flabel, file,
625 		error = __file_sock_perm(op, subj_cred, label, flabel, file,
633 static void revalidate_tty(const struct cred *subj_cred, struct aa_label *label)
651 		if (aa_file_perm(OP_INHERIT, subj_cred, label, file,
664 	struct aa_label *label;
671 	if (aa_file_perm(OP_INHERIT, cl->cred, cl->label, file,
681 	struct aa_label *label = aa_get_newest_cred_label(cred);
684 		.label = label,
689 	revalidate_tty(cred, label);
706 	aa_put_label(label);