Searched defs:profile (Results 1 - 21 of 21) sorted by relevance

/security/apparmor/include/
H A Dcrypto.h21 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
24 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, argument
H A Dcontext.h31 * as the profile reference is now stored in the f_cred. However the
61 * @profile: the current profile (NOT NULL)
62 * @exec: profile to transition to on next exec (MAYBE NULL)
63 * @previous: profile the task may return to (MAYBE NULL)
66 * Contains the task's current profile (which could change due to
72 struct aa_profile *profile; member in struct:aa_task_cxt
82 int aa_replace_current_profile(struct aa_profile *profile);
83 int aa_set_current_onexec(struct aa_profile *profile);
84 int aa_set_current_hat(struct aa_profile *profile, u6
152 struct aa_profile *profile; local
[all...]
H A Daudit.h109 void *profile; member in struct:apparmor_audit_data
136 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
H A Dpolicy.h59 APPARMOR_UNCONFINED, /* profile set to unconfined */
63 PFLAG_HAT = 1, /* profile is a hat */
64 PFLAG_NULL = 4, /* profile is null learning profile */
67 PFLAG_USER_DEFINED = 0x20, /* user based profile - lower privs */
68 PFLAG_NO_LIST_REF = 0x40, /* list doesn't keep profile ref */
70 PFLAG_INVALID = 0x200, /* profile replaced/removed */
110 * @unconfined: special unconfined profile for the namespace
117 * which profile to attach to a task. Profiles can not be shared between
118 * aa_namespaces and profile name
156 struct aa_profile __rcu *profile; member in struct:aa_replacedby
398 AUDIT_MODE(struct aa_profile *profile) argument
[all...]
/security/apparmor/
H A Daudit.c132 if (sa->aad->profile) {
133 struct aa_profile *profile = sa->aad->profile; local
134 if (profile->ns != root_ns) {
136 audit_log_untrustedstring(ab, profile->ns->base.hname);
138 audit_log_format(ab, " profile=");
139 audit_log_untrustedstring(ab, profile->base.hname);
161 * aa_audit - Log a profile based audit event to the audit subsystem
163 * @profile: profile t
172 aa_audit(int type, struct aa_profile *profile, gfp_t gfp, struct common_audit_data *sa, void (*cb) (struct audit_buffer *, void *)) argument
[all...]
H A Dcontext.c17 * the aa_task_cxt.profile, both of which are required and are not allowed
19 * to each cred (which is reference count). The profile pointed to by
50 aa_put_profile(cxt->profile);
66 aa_get_profile(new->profile);
72 * aa_get_task_profile - Get another task's profile
75 * Returns: counted reference to @task's profile
90 * @profile: new profile (NOT NULL)
94 int aa_replace_current_profile(struct aa_profile *profile) argument
98 BUG_ON(!profile);
132 aa_set_current_onexec(struct aa_profile *profile) argument
158 aa_set_current_hat(struct aa_profile *profile, u64 token) argument
[all...]
H A Dcrypto.c32 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, argument
45 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
46 if (!profile->hash)
61 error = crypto_shash_final(&desc.shash, profile->hash);
68 kfree(profile->hash);
69 profile->hash = NULL;
84 AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
H A Dipc.c34 * @profile: profile being enforced (NOT NULL)
35 * @target: profile being traced (NOT NULL)
40 static int aa_audit_ptrace(struct aa_profile *profile, argument
51 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
57 * @tracer: profile of the task doing the tracing (NOT NULL)
93 * - confined by the same profile ||
94 * - tracer profile has CAP_SYS_PTRACE
H A Dcapability.c36 struct aa_profile *profile; member in struct:audit_cache
56 * @profile: profile being tested for confinement (NOT NULL)
65 static int audit_caps(struct aa_profile *profile, int cap, int error) argument
79 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
80 !cap_raised(profile->caps.audit, cap)))
83 } else if (KILL_MODE(profile) ||
84 cap_raised(profile->caps.kill, cap)) {
86 } else if (cap_raised(profile->caps.quiet, cap) &&
87 AUDIT_MODE(profile) !
117 profile_capable(struct aa_profile *profile, int cap) argument
132 aa_capable(struct aa_profile *profile, int cap, int audit) argument
[all...]
H A Dresource.c43 * @profile: profile being enforced (NOT NULL)
50 static int audit_resource(struct aa_profile *profile, unsigned int resource, argument
62 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_KERNEL, &sa,
82 * @profile - profile confining the task (NOT NULL)
91 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, argument
104 * the same profile.
106 if (profile != task_profile ||
107 (profile
[all...]
H A Dprocattr.c23 * aa_getprocattr - Return the profile information for @profile
24 * @profile: the profile to print profile info about (NOT NULL)
25 * @string: Returns - string containing the profile info (NOT NULL)
29 * Requires: profile != NULL
32 * @profile.
36 int aa_getprocattr(struct aa_profile *profile, char **string) argument
40 const char *mode_str = aa_profile_mode_names[profile
[all...]
H A Dfile.c93 * @profile: the profile being enforced (NOT NULL)
106 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, argument
126 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
144 AUDIT_MODE(profile) != AUDIT_NOQUIET &&
145 AUDIT_MODE(profile) != AUDIT_ALL)
149 return COMPLAIN_MODE(profile) ? 0 : sa.aad->error;
153 return aa_audit(type, profile, gfp, &sa, file_audit_cb);
202 * done at profile load
270 * @profile
278 aa_path_perm(int op, struct aa_profile *profile, struct path *path, int flags, u32 request, struct path_cond *cond) argument
348 aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) argument
448 aa_file_perm(int op, struct aa_profile *profile, struct file *file, u32 request) argument
[all...]
H A Ddomain.c52 * may_change_ptraced_domain - check if can change profile on ptraced task
53 * @to_profile: profile to change to (NOT NULL)
87 * @profile: the current profile (NOT NULL)
89 * @name: the name of the profile to change to (NOT NULL)
95 static struct file_perms change_profile_perms(struct aa_profile *profile, argument
104 if (unconfined(profile)) {
108 } else if (!profile->file.dfa) {
110 } else if ((ns == profile->ns)) {
112 aa_str_perms(profile
143 struct aa_profile *profile, *candidate = NULL; local
176 struct aa_profile *profile; local
239 x_table_lookup(struct aa_profile *profile, u32 xindex) argument
300 x_to_profile(struct aa_profile *profile, const char *name, u32 xindex) argument
340 struct aa_profile *profile, *new_profile = NULL; local
551 struct aa_profile *profile = __aa_current_profile(); local
612 struct aa_profile *profile, *previous_profile, *hat = NULL; local
751 struct aa_profile *profile, *target = NULL; local
[all...]
H A Dapparmorfs.c34 * aa_mangle_name - mangle a profile name to std profile layout form
35 * @name: profile name to mangle (NOT NULL)
96 * Don't allow profile load/replace/remove from profiles that don't
252 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local
253 seq_printf(seq, "%s\n", profile->base.name);
254 aa_put_profile(profile);
275 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local
298 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local
326 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local
352 __aa_fs_profile_rmdir(struct aa_profile *profile) argument
386 create_profile_file(struct dentry *dir, const char *name, struct aa_profile *profile, const struct file_operations *fops) argument
401 __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) argument
662 next_profile(struct aa_namespace *root, struct aa_profile *profile) argument
684 struct aa_profile *profile = NULL; local
713 struct aa_profile *profile = p; local
729 struct aa_profile *profile = p; local
749 struct aa_profile *profile = (struct aa_profile *)p; local
[all...]
H A Dpolicy.c16 * task is confined by. Every task in the system has a profile attached
20 * Each profile exists in a profile namespace which is a container of
21 * visible profiles. Each namespace contains a special "unconfined" profile,
24 * Namespace and profile names can be written together in either
26 * :namespace:profile - used by kernel interfaces for easy detection
27 * namespace://profile - used by policy
31 * Reserved profile names
32 * unconfined - special automatically generated unconfined profile
33 * inherit - special name to indicate profile inheritanc
425 __list_add_profile(struct list_head *list, struct aa_profile *profile) argument
445 __list_remove_profile(struct aa_profile *profile) argument
459 __remove_profile(struct aa_profile *profile) argument
477 struct aa_profile *profile, *tmp; local
590 aa_free_profile(struct aa_profile *profile) argument
648 struct aa_profile *profile; local
690 struct aa_profile *profile = NULL; local
766 struct aa_profile *profile; local
793 struct aa_profile *profile = NULL; local
826 struct aa_profile *profile = NULL; local
854 struct aa_profile *profile; local
878 replacement_allowed(struct aa_profile *profile, int noreplace, const char **info) argument
941 __list_lookup_parent(struct list_head *lh, struct aa_profile *profile) argument
1243 struct aa_profile *profile = NULL; local
[all...]
H A Dpolicy_unpack.c58 * aa_ext is the read of the buffer containing the serialized profile. The
84 * @new: profile if it has been allocated (MAYBE NULL)
85 * @name: name of the profile being manipulated (MAYBE NULL)
95 struct aa_profile *profile = __aa_current_profile(); local
107 return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa,
366 * unpack_trans_table - unpack a profile transition table
368 * @profile: profile to add the accept table to (NOT NULL)
372 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) argument
384 profile
435 unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) argument
477 struct aa_profile *profile = NULL; local
703 verify_profile(struct aa_profile *profile) argument
752 struct aa_profile *profile = NULL; local
[all...]
H A Dlsm.c119 struct aa_profile *profile; local
124 profile = aa_cred_profile(cred);
130 if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
131 *effective = cap_intersect(*effective, profile->caps.allow);
132 *permitted = cap_intersect(*permitted, profile->caps.allow);
142 struct aa_profile *profile; local
146 profile = aa_cred_profile(cred);
147 if (!unconfined(profile))
148 error = aa_capable(profile, ca
165 struct aa_profile *profile; local
305 struct aa_profile *profile; local
320 struct aa_profile *profile; local
379 struct aa_profile *profile; local
429 struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred); local
511 struct aa_profile *profile = NULL; local
609 struct aa_profile *profile = __aa_current_profile(); local
[all...]
/security/tomoyo/
H A Daudit.c162 "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
166 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile,
315 * @profile: Profile number.
322 const u8 profile, const u8 index,
332 p = tomoyo_profile(ns, profile);
364 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type,
321 tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, const u8 profile, const u8 index, const struct tomoyo_acl_info *matched_acl, const bool is_granted) argument
H A Dutil.c967 * @profile: Profile number.
972 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, argument
980 p = tomoyo_profile(ns, profile);
1002 u8 profile; local
1007 profile = domain->profile;
1008 r->profile = profile;
1010 r->mode = tomoyo_get_mode(domain->ns, profile, index);
1073 if (count < tomoyo_profile(domain->ns, domain->profile)
[all...]
H A Dcommon.c20 /* String table for /sys/kernel/security/tomoyo/profile */
477 * tomoyo_assign_profile - Create a new profile.
480 * @profile: Profile number to create.
485 (struct tomoyo_policy_namespace *ns, const unsigned int profile)
489 if (profile >= TOMOYO_MAX_PROFILES)
491 ptr = ns->profile_ptr[profile];
497 ptr = ns->profile_ptr[profile];
510 ns->profile_ptr[profile] = ptr;
520 * tomoyo_profile - Find a profile.
523 * @profile
484 tomoyo_assign_profile(struct tomoyo_policy_namespace *ns, const unsigned int profile) argument
527 tomoyo_profile(const struct tomoyo_policy_namespace *ns, const u8 profile) argument
584 tomoyo_set_mode(char *name, const char *value, struct tomoyo_profile *profile) argument
665 struct tomoyo_profile *profile; local
733 const struct tomoyo_profile *profile; local
1153 unsigned int profile; local
2705 const u8 profile = domain->profile; local
[all...]
H A Dcommon.h187 /* Follow profile's configuration. */
392 /* Index numbers for profile's PREFERENCE values. */
494 u8 profile; member in struct:tomoyo_request_info
683 u8 profile; /* Profile number to use. */ member in struct:tomoyo_domain_info
874 /* Structure for /sys/kernel/security/tomnoyo/profile interface. */
966 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
1028 const u8 profile);

Completed in 620 milliseconds