/security/apparmor/ |
H A D | match.c | 4 * This file contains AppArmor dfa based regular expression matching engine 29 * unpack_table - unpack a dfa table (one of accept, default, base, next check) 92 * @dfa: dfa to test (NOT NULL) 95 * Assumes dfa has gone through the first pass verification done by unpacking 100 static int verify_dfa(struct aa_dfa *dfa, int flags) argument 106 if (!(dfa->tables[YYTD_ID_DEF] && 107 dfa->tables[YYTD_ID_BASE] && 108 dfa->tables[YYTD_ID_NXT] && dfa 168 dfa_free(struct aa_dfa *dfa) argument 187 struct aa_dfa *dfa = container_of(kref, struct aa_dfa, count); local 209 struct aa_dfa *dfa = kzalloc(sizeof(struct aa_dfa), GFP_KERNEL); local 300 aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, const char *str, int len) argument 350 aa_dfa_match(struct aa_dfa *dfa, unsigned int start, const char *str) argument 398 aa_dfa_next(struct aa_dfa *dfa, unsigned int state, const char c) argument [all...] |
H A D | file.c | 184 * compute_perms - convert dfa compressed perms to internal perms 185 * @dfa: dfa to compute perms for (NOT NULL) 186 * @state: state in dfa 189 * TODO: convert from dfa + state to permission entry, do computation conversion 194 static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state, argument 199 /* FIXME: change over to new dfa format 200 * currently file perms are encoded in the dfa, new format 201 * splits the permissions from the dfa. This mapping can be 207 perms.allow = map_old_perms(dfa_user_allow(dfa, stat 238 aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms) argument [all...] |
H A D | policy_unpack.c | 297 * verify_accept - verify the accept tables of a dfa 298 * @dfa: dfa to verify accept tables of (NOT NULL) 299 * @flags: flags governing dfa 303 static bool verify_accept(struct aa_dfa *dfa, int flags) argument 308 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { 309 int mode = ACCEPT_TABLE(dfa)[i]; 314 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) 321 * unpack_dfa - unpack a file rule dfa 324 * returns dfa o 330 struct aa_dfa *dfa = NULL; local 685 verify_dfa_xindex(struct aa_dfa *dfa, int table_size) argument [all...] |
H A D | domain.c | 108 } else if (!profile->file.dfa) { 112 aa_str_perms(profile->file.dfa, start, name, &cond, &perms); 118 state = aa_dfa_match(profile->file.dfa, start, ns->base.name); 119 state = aa_dfa_match_len(profile->file.dfa, state, ":", 1); 120 aa_str_perms(profile->file.dfa, state, name, &cond, &perms); 400 state = aa_str_perms(profile->file.dfa, state, name, &cond, &perms); 411 state = aa_dfa_null_transition(profile->file.dfa, state);
|
H A D | policy.c | 610 aa_put_dfa(profile->policy.dfa);
|
/security/apparmor/include/ |
H A D | file.h | 99 /* FIXME: split perms from dfa and match this to description 129 * map old dfa inline permissions to new format 131 #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ 132 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) 133 #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) 134 #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) 135 #define dfa_user_xindex(dfa, stat 164 struct aa_dfa *dfa; member in struct:aa_file_rules [all...] |
H A D | match.h | 4 * This file contains AppArmor policy dfa matching engine definitions. 34 * The data in the packed dfa is stored in network byte order, and the tables 38 * The dfa begins with a table set header, and is followed by the actual 120 unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, 122 unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, 124 unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state, 130 * aa_put_dfa - put a dfa refcount 131 * @dfa: dfa to put refcount (MAYBE NULL) 133 * Requires: if @dfa ! 135 aa_put_dfa(struct aa_dfa *dfa) argument [all...] |
H A D | apparmor.h | 101 * @dfa: the dfa to match against 102 * @start: the state of the dfa to start matching in 108 static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa, argument 112 return aa_dfa_next(dfa, start, 0);
|
H A D | policy.h | 144 * dfa: dfa pattern match 149 struct aa_dfa *dfa; member in struct:aa_policydb
|