Lines Matching defs:profile
36 struct aa_profile *profile;
56 * @profile: profile being tested for confinement (NOT NULL)
65 static int audit_caps(struct aa_profile *profile, int cap, int error)
79 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
80 !cap_raised(profile->caps.audit, cap)))
83 } else if (KILL_MODE(profile) ||
84 cap_raised(profile->caps.kill, cap)) {
86 } else if (cap_raised(profile->caps.quiet, cap) &&
87 AUDIT_MODE(profile) != AUDIT_NOQUIET &&
88 AUDIT_MODE(profile) != AUDIT_ALL) {
95 if (profile == ent->profile && cap_raised(ent->caps, cap)) {
97 if (COMPLAIN_MODE(profile))
101 aa_put_profile(ent->profile);
102 ent->profile = aa_get_profile(profile);
107 return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
111 * profile_capable - test if profile allows use of capability @cap
112 * @profile: profile being enforced (NOT NULL, NOT unconfined)
117 static int profile_capable(struct aa_profile *profile, int cap)
119 return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
124 * @profile: profile being tested against (NOT NULL)
128 * Look up capability in profile capability set.
132 int aa_capable(struct aa_profile *profile, int cap, int audit)
134 int error = profile_capable(profile, cap);
137 if (COMPLAIN_MODE(profile))
142 return audit_caps(profile, cap, error);