94  * @perms: the permissions computed for the request (NOT NULL)
106 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
124 		u32 mask = perms->audit;
129 		/* mask off perms that are not being force audited */
137 		sa.aad->fs.request = sa.aad->fs.request & ~perms->allow;
139 		if (sa.aad->fs.request & perms->kill)
143 		if ((sa.aad->fs.request & perms->quiet) &&
146 			sa.aad->fs.request &= ~perms->quiet;
152 	sa.aad->fs.denied = sa.aad->fs.request & ~perms->allow;
157  * map_old_perms - map old file perms layout to the new layout
184  * compute_perms - convert dfa compressed perms to internal perms
185  * @dfa: dfa to compute perms for   (NOT NULL)
197 	struct file_perms perms;
200 	 * currently file perms are encoded in the dfa, new format
204 	perms.kill = 0;
207 		perms.allow = map_old_perms(dfa_user_allow(dfa, state));
208 		perms.audit = map_old_perms(dfa_user_audit(dfa, state));
209 		perms.quiet = map_old_perms(dfa_user_quiet(dfa, state));
210 		perms.xindex = dfa_user_xindex(dfa, state);
212 		perms.allow = map_old_perms(dfa_other_allow(dfa, state));
213 		perms.audit = map_old_perms(dfa_other_audit(dfa, state));
214 		perms.quiet = map_old_perms(dfa_other_quiet(dfa, state));
215 		perms.xindex = dfa_other_xindex(dfa, state);
217 	perms.allow |= AA_MAY_META_READ;
221 		perms.allow |= AA_MAY_CHANGE_PROFILE;
223 		perms.allow |= AA_MAY_ONEXEC;
225 	return perms;
234  * @perms: Returns - the permissions found when matching @name
240 			  struct file_perms *perms)
244 		*perms = nullperms;
249 	*perms = compute_perms(dfa, state, cond);
282 	struct file_perms perms = {};
295 			perms.allow = request;
299 			     &perms);
300 		if (request & ~perms.allow)
303 	error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request, name,
359 	struct file_perms lperms, perms;
388 	aa_str_perms(profile->file.dfa, state, tname, &cond, &perms);
393 	lperms.audit = perms.audit;
394 	lperms.quiet = perms.quiet;
395 	lperms.kill = perms.kill;
397 	if (!(perms.allow & AA_MAY_LINK)) {
403 	if (!(perms.allow & AA_LINK_SUBSET))
410 		     &perms);
414 	lperms.allow &= perms.allow | AA_MAY_LINK;
416 	request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);
420 		   !xindex_is_subset(lperms.xindex, perms.xindex)) {

Indexes created Tue Oct 13 23:51:09 CEST 2015