Cross Reference: /security/apparmor/policy.c

Lines Matching refs:policy
4  * This file contains AppArmor policy manipulation functions
15  * AppArmor policy is based around profiles, which contain the rules a
27  *	namespace://profile - used by policy
52  *    eg. if a mail program starts an editor, the policy might make the
56  *   is preserved.  This feature isn't exploited by AppArmor reference policy
87 #include "include/policy.h"
119  * policy_init - initialize a policy structure
120  * @policy: policy to initialize  (NOT NULL)
122  * @name: name of the policy, init will make a copy of it  (NOT NULL)
126  * Returns: true if policy init successful
128 static bool policy_init(struct aa_policy *policy, const char *prefix,
133 		policy->hname = kmalloc(strlen(prefix) + strlen(name) + 3,
135 		if (policy->hname)
136 			sprintf(policy->hname, "%s//%s", prefix, name);
138 		policy->hname = kstrdup(name, GFP_KERNEL);
139 	if (!policy->hname)
142 	policy->name = (char *)hname_tail(policy->hname);
143 	INIT_LIST_HEAD(&policy->list);
144 	INIT_LIST_HEAD(&policy->profiles);
150  * policy_destroy - free the elements referenced by @policy
151  * @policy: policy that is to have its elements freed  (NOT NULL)
153 static void policy_destroy(struct aa_policy *policy)
156 	if (on_list_rcu(&policy->profiles)) {
158 			 "policy '%s' still contains profiles\n",
159 			 __func__, policy->name);
162 	if (on_list_rcu(&policy->list)) {
163 		AA_ERROR("%s: internal error, policy '%s' still on list\n",
164 			 __func__, policy->name);
169 	kzfree(policy->hname);
173  * __policy_find - find a policy by @name on a policy list
179  * Returns: unrefcounted policy that match @name or NULL if not found
183 	struct aa_policy *policy;
185 	list_for_each_entry_rcu(policy, head, list) {
186 		if (!strcmp(policy->name, name))
187 			return policy;
193  * __policy_strn_find - find a policy that's name matches @len chars of @str
200  * Returns: unrefcounted policy that match @str or NULL if not found
203  * other wise it allows searching for policy by a partial match of name
208 	struct aa_policy *policy;
210 	list_for_each_entry_rcu(policy, head, list) {
211 		if (aa_strneq(policy->name, str, len))
212 			return policy;
610 	aa_put_dfa(profile->policy.dfa);
787  * Returns: unrefcounted policy or NULL if not found
792 	struct aa_policy *policy;
796 	policy = &ns->base;
799 		profile = __strn_find_child(&policy->profiles, hname,
803 		policy = &profile->base;
894  * aa_audit_policy - Do auditing of policy changes
895  * @op: policy operation being performed
920  * aa_may_manage_policy - can the current task manage policy
921  * @op: the policy manipulation operation being done
923  * Returns: true if the task is allowed to manipulate policy
927 	/* check if loading policy is locked out */
934 		audit_policy(op, GFP_KERNEL, NULL, "not policy admin", -EACCES);
1094 		struct aa_policy *policy;
1116 		/* no ref on policy only use inside lock */
1117 		policy = __lookup_parent(ns, ent->new->base.hname);
1118 		if (!policy) {
1128 		} else if (policy != &ns->base) {
1130 			struct aa_profile *p = (struct aa_profile *) policy;