Lines Matching refs:rules
10 * AppArmor policy is based around profiles, which contain the rules a
13 * visible set of profiles or by following a profiles attachment rules.
206 static void free_ruleset(struct aa_ruleset *rules)
210 aa_destroy_policydb(&rules->file);
211 aa_destroy_policydb(&rules->policy);
212 aa_free_cap_rules(&rules->caps);
213 aa_free_rlimit_rules(&rules->rlimits);
215 for (i = 0; i < rules->secmark_count; i++)
216 kfree_sensitive(rules->secmark[i].label);
217 kfree_sensitive(rules->secmark);
218 kfree_sensitive(rules);
223 struct aa_ruleset *rules;
225 rules = kzalloc(sizeof(*rules), gfp);
226 if (rules)
227 INIT_LIST_HEAD(&rules->list);
229 return rules;
264 * to rules
266 list_for_each_entry_safe(rule, tmp, &profile->rules, list) {
298 struct aa_ruleset *rules;
310 INIT_LIST_HEAD(&profile->rules);
313 rules = aa_alloc_ruleset(gfp);
314 if (!rules)
316 list_add(&rules->list, &profile->rules);
584 struct aa_ruleset *rules;
592 rules = list_first_entry(&profile->rules, typeof(*rules), list);
593 rules->file.dfa = aa_get_dfa(nulldfa);
594 rules->file.perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL);
595 if (!rules->file.perms)
597 rules->file.size = 2;
598 rules->policy.dfa = aa_get_dfa(nulldfa);
599 rules->policy.perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL);
600 if (!rules->policy.perms)
602 rules->policy.size = 2;