security/apparmor/lib.c

49  * aa_split_fqname - split a fqname into a profile and namespace name
50  * @fqname: a full qualified name in namespace profile format (NOT NULL)
53  * Returns: profile name or NULL if one is not specified
55  * Split a namespace name from a profile name (see policy.c for naming
77 			/* a ns name without a following profile is allowed */  in aa_split_fqname()
130 			/* a ns name without a following profile is allowed */  in aa_splitn_fqname()
142  * aa_info_message - log a none profile related status message
306  * aa_apply_modes_to_perms - apply namespace and profile flags to perms
307  * @profile: that perms where computed from
310  * TODO: split into profile and ns based flags for when accumulating perms
312 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms)  in aa_apply_modes_to_perms()  argument
314 	switch (AUDIT_MODE(profile)) {  in aa_apply_modes_to_perms()
329 	if (KILL_MODE(profile))  in aa_apply_modes_to_perms()
331 	else if (COMPLAIN_MODE(profile))  in aa_apply_modes_to_perms()
333 	else if (USER_MODE(profile))  in aa_apply_modes_to_perms()
337 void aa_profile_match_label(struct aa_profile *profile,  in aa_profile_match_label()  argument
348 	aa_label_match(profile, rules, label, state, false, request, perms);  in aa_profile_match_label()
353 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,  in aa_profile_label_perm()  argument
357 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in aa_profile_label_perm()
364 	aa_profile_match_label(profile, rules, &target->label, type, request,  in aa_profile_label_perm()
366 	aa_apply_modes_to_perms(profile, &perms);  in aa_profile_label_perm()
368 	return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);  in aa_profile_label_perm()
373  * @profile: profile being checked
381  * Note: profile audit modes need to be set before calling by setting the
388 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,  in aa_check_perms()  argument
422 		ad->subj_label = &profile->label;  in aa_check_perms()