/security/apparmor/include/ |
H A D | crypto.h | 21 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, 24 static inline int aa_calc_profile_hash(struct aa_profile *profile, u32 version, argument
|
H A D | context.h | 31 * as the profile reference is now stored in the f_cred. However the 61 * @profile: the current profile (NOT NULL) 62 * @exec: profile to transition to on next exec (MAYBE NULL) 63 * @previous: profile the task may return to (MAYBE NULL) 66 * Contains the task's current profile (which could change due to 72 struct aa_profile *profile; member in struct:aa_task_cxt 82 int aa_replace_current_profile(struct aa_profile *profile); 83 int aa_set_current_onexec(struct aa_profile *profile); 84 int aa_set_current_hat(struct aa_profile *profile, u6 152 struct aa_profile *profile; local [all...] |
H A D | audit.h | 109 void *profile; member in struct:apparmor_audit_data 136 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
|
H A D | policy.h | 59 APPARMOR_UNCONFINED, /* profile set to unconfined */ 63 PFLAG_HAT = 1, /* profile is a hat */ 64 PFLAG_NULL = 4, /* profile is null learning profile */ 67 PFLAG_USER_DEFINED = 0x20, /* user based profile - lower privs */ 68 PFLAG_NO_LIST_REF = 0x40, /* list doesn't keep profile ref */ 70 PFLAG_INVALID = 0x200, /* profile replaced/removed */ 110 * @unconfined: special unconfined profile for the namespace 117 * which profile to attach to a task. Profiles can not be shared between 118 * aa_namespaces and profile name 156 struct aa_profile __rcu *profile; member in struct:aa_replacedby 398 AUDIT_MODE(struct aa_profile *profile) argument [all...] |
/security/apparmor/ |
H A D | audit.c | 132 if (sa->aad->profile) { 133 struct aa_profile *profile = sa->aad->profile; local 134 if (profile->ns != root_ns) { 136 audit_log_untrustedstring(ab, profile->ns->base.hname); 138 audit_log_format(ab, " profile="); 139 audit_log_untrustedstring(ab, profile->base.hname); 161 * aa_audit - Log a profile based audit event to the audit subsystem 163 * @profile: profile t 172 aa_audit(int type, struct aa_profile *profile, gfp_t gfp, struct common_audit_data *sa, void (*cb) (struct audit_buffer *, void *)) argument [all...] |
H A D | context.c | 17 * the aa_task_cxt.profile, both of which are required and are not allowed 19 * to each cred (which is reference count). The profile pointed to by 50 aa_put_profile(cxt->profile); 66 aa_get_profile(new->profile); 72 * aa_get_task_profile - Get another task's profile 75 * Returns: counted reference to @task's profile 90 * @profile: new profile (NOT NULL) 94 int aa_replace_current_profile(struct aa_profile *profile) argument 98 BUG_ON(!profile); 132 aa_set_current_onexec(struct aa_profile *profile) argument 158 aa_set_current_hat(struct aa_profile *profile, u64 token) argument [all...] |
H A D | crypto.c | 32 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, argument 45 profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL); 46 if (!profile->hash) 61 error = crypto_shash_final(&desc.shash, profile->hash); 68 kfree(profile->hash); 69 profile->hash = NULL; 84 AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
|
H A D | ipc.c | 34 * @profile: profile being enforced (NOT NULL) 35 * @target: profile being traced (NOT NULL) 40 static int aa_audit_ptrace(struct aa_profile *profile, argument 51 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa, 57 * @tracer: profile of the task doing the tracing (NOT NULL) 93 * - confined by the same profile || 94 * - tracer profile has CAP_SYS_PTRACE
|
H A D | capability.c | 36 struct aa_profile *profile; member in struct:audit_cache 56 * @profile: profile being tested for confinement (NOT NULL) 65 static int audit_caps(struct aa_profile *profile, int cap, int error) argument 79 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && 80 !cap_raised(profile->caps.audit, cap))) 83 } else if (KILL_MODE(profile) || 84 cap_raised(profile->caps.kill, cap)) { 86 } else if (cap_raised(profile->caps.quiet, cap) && 87 AUDIT_MODE(profile) ! 117 profile_capable(struct aa_profile *profile, int cap) argument 132 aa_capable(struct aa_profile *profile, int cap, int audit) argument [all...] |
H A D | resource.c | 43 * @profile: profile being enforced (NOT NULL) 50 static int audit_resource(struct aa_profile *profile, unsigned int resource, argument 62 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_KERNEL, &sa, 82 * @profile - profile confining the task (NOT NULL) 91 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, argument 104 * the same profile. 106 if (profile != task_profile || 107 (profile [all...] |
H A D | procattr.c | 23 * aa_getprocattr - Return the profile information for @profile 24 * @profile: the profile to print profile info about (NOT NULL) 25 * @string: Returns - string containing the profile info (NOT NULL) 29 * Requires: profile != NULL 32 * @profile. 36 int aa_getprocattr(struct aa_profile *profile, char **string) argument 40 const char *mode_str = aa_profile_mode_names[profile [all...] |
H A D | file.c | 93 * @profile: the profile being enforced (NOT NULL) 106 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, argument 126 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) 144 AUDIT_MODE(profile) != AUDIT_NOQUIET && 145 AUDIT_MODE(profile) != AUDIT_ALL) 149 return COMPLAIN_MODE(profile) ? 0 : sa.aad->error; 153 return aa_audit(type, profile, gfp, &sa, file_audit_cb); 202 * done at profile load 270 * @profile 278 aa_path_perm(int op, struct aa_profile *profile, struct path *path, int flags, u32 request, struct path_cond *cond) argument 348 aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) argument 448 aa_file_perm(int op, struct aa_profile *profile, struct file *file, u32 request) argument [all...] |
H A D | domain.c | 52 * may_change_ptraced_domain - check if can change profile on ptraced task 53 * @to_profile: profile to change to (NOT NULL) 87 * @profile: the current profile (NOT NULL) 89 * @name: the name of the profile to change to (NOT NULL) 95 static struct file_perms change_profile_perms(struct aa_profile *profile, argument 104 if (unconfined(profile)) { 108 } else if (!profile->file.dfa) { 110 } else if ((ns == profile->ns)) { 112 aa_str_perms(profile 143 struct aa_profile *profile, *candidate = NULL; local 176 struct aa_profile *profile; local 239 x_table_lookup(struct aa_profile *profile, u32 xindex) argument 300 x_to_profile(struct aa_profile *profile, const char *name, u32 xindex) argument 340 struct aa_profile *profile, *new_profile = NULL; local 551 struct aa_profile *profile = __aa_current_profile(); local 612 struct aa_profile *profile, *previous_profile, *hat = NULL; local 751 struct aa_profile *profile, *target = NULL; local [all...] |
H A D | apparmorfs.c | 34 * aa_mangle_name - mangle a profile name to std profile layout form 35 * @name: profile name to mangle (NOT NULL) 96 * Don't allow profile load/replace/remove from profiles that don't 252 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local 253 seq_printf(seq, "%s\n", profile->base.name); 254 aa_put_profile(profile); 275 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local 298 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local 326 struct aa_profile *profile = aa_get_profile_rcu(&r->profile); local 352 __aa_fs_profile_rmdir(struct aa_profile *profile) argument 386 create_profile_file(struct dentry *dir, const char *name, struct aa_profile *profile, const struct file_operations *fops) argument 401 __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) argument 662 next_profile(struct aa_namespace *root, struct aa_profile *profile) argument 684 struct aa_profile *profile = NULL; local 713 struct aa_profile *profile = p; local 729 struct aa_profile *profile = p; local 749 struct aa_profile *profile = (struct aa_profile *)p; local [all...] |
H A D | policy.c | 16 * task is confined by. Every task in the system has a profile attached 20 * Each profile exists in a profile namespace which is a container of 21 * visible profiles. Each namespace contains a special "unconfined" profile, 24 * Namespace and profile names can be written together in either 26 * :namespace:profile - used by kernel interfaces for easy detection 27 * namespace://profile - used by policy 31 * Reserved profile names 32 * unconfined - special automatically generated unconfined profile 33 * inherit - special name to indicate profile inheritanc 425 __list_add_profile(struct list_head *list, struct aa_profile *profile) argument 445 __list_remove_profile(struct aa_profile *profile) argument 459 __remove_profile(struct aa_profile *profile) argument 477 struct aa_profile *profile, *tmp; local 590 aa_free_profile(struct aa_profile *profile) argument 648 struct aa_profile *profile; local 690 struct aa_profile *profile = NULL; local 766 struct aa_profile *profile; local 793 struct aa_profile *profile = NULL; local 826 struct aa_profile *profile = NULL; local 854 struct aa_profile *profile; local 878 replacement_allowed(struct aa_profile *profile, int noreplace, const char **info) argument 941 __list_lookup_parent(struct list_head *lh, struct aa_profile *profile) argument 1243 struct aa_profile *profile = NULL; local [all...] |
H A D | policy_unpack.c | 58 * aa_ext is the read of the buffer containing the serialized profile. The 84 * @new: profile if it has been allocated (MAYBE NULL) 85 * @name: name of the profile being manipulated (MAYBE NULL) 95 struct aa_profile *profile = __aa_current_profile(); local 107 return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa, 366 * unpack_trans_table - unpack a profile transition table 368 * @profile: profile to add the accept table to (NOT NULL) 372 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) argument 384 profile 435 unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) argument 477 struct aa_profile *profile = NULL; local 703 verify_profile(struct aa_profile *profile) argument 752 struct aa_profile *profile = NULL; local [all...] |
H A D | lsm.c | 119 struct aa_profile *profile; local 124 profile = aa_cred_profile(cred); 130 if (!unconfined(profile) && !COMPLAIN_MODE(profile)) { 131 *effective = cap_intersect(*effective, profile->caps.allow); 132 *permitted = cap_intersect(*permitted, profile->caps.allow); 142 struct aa_profile *profile; local 146 profile = aa_cred_profile(cred); 147 if (!unconfined(profile)) 148 error = aa_capable(profile, ca 165 struct aa_profile *profile; local 305 struct aa_profile *profile; local 320 struct aa_profile *profile; local 379 struct aa_profile *profile; local 429 struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred); local 511 struct aa_profile *profile = NULL; local 609 struct aa_profile *profile = __aa_current_profile(); local [all...] |
/security/tomoyo/ |
H A D | audit.c | 162 "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s " 166 stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, 315 * @profile: Profile number. 322 const u8 profile, const u8 index, 332 p = tomoyo_profile(ns, profile); 364 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, 321 tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, const u8 profile, const u8 index, const struct tomoyo_acl_info *matched_acl, const bool is_granted) argument
|
H A D | util.c | 967 * @profile: Profile number. 972 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, argument 980 p = tomoyo_profile(ns, profile); 1002 u8 profile; local 1007 profile = domain->profile; 1008 r->profile = profile; 1010 r->mode = tomoyo_get_mode(domain->ns, profile, index); 1073 if (count < tomoyo_profile(domain->ns, domain->profile) [all...] |
H A D | common.c | 20 /* String table for /sys/kernel/security/tomoyo/profile */ 477 * tomoyo_assign_profile - Create a new profile. 480 * @profile: Profile number to create. 485 (struct tomoyo_policy_namespace *ns, const unsigned int profile) 489 if (profile >= TOMOYO_MAX_PROFILES) 491 ptr = ns->profile_ptr[profile]; 497 ptr = ns->profile_ptr[profile]; 510 ns->profile_ptr[profile] = ptr; 520 * tomoyo_profile - Find a profile. 523 * @profile 484 tomoyo_assign_profile(struct tomoyo_policy_namespace *ns, const unsigned int profile) argument 527 tomoyo_profile(const struct tomoyo_policy_namespace *ns, const u8 profile) argument 584 tomoyo_set_mode(char *name, const char *value, struct tomoyo_profile *profile) argument 665 struct tomoyo_profile *profile; local 733 const struct tomoyo_profile *profile; local 1153 unsigned int profile; local 2705 const u8 profile = domain->profile; local [all...] |
H A D | common.h | 187 /* Follow profile's configuration. */ 392 /* Index numbers for profile's PREFERENCE values. */ 494 u8 profile; member in struct:tomoyo_request_info 683 u8 profile; /* Profile number to use. */ member in struct:tomoyo_domain_info 874 /* Structure for /sys/kernel/security/tomnoyo/profile interface. */ 966 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, 1028 const u8 profile);
|