22 #include "include/label.h"
34 			struct aa_label *label, struct path *path)  in unix_fs_perm()  argument
36 	AA_BUG(!label);  in unix_fs_perm()
39 	if (unconfined(label) || !label_mediates(label, AA_CLASS_FILE))  in unix_fs_perm()
55 		return aa_path_perm(op, subj_cred, label, path,  in unix_fs_perm()
96 			/* todo: local label matching */  in match_to_local()
99 				*info = "failed local label match";  in match_to_local()
181 	ad->peer = &peer->label;  in match_label()
187 			ad->info = "failed peer label match";  in match_label()
205 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_create_perm()
229 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_sk_perm()
241 					    &profile->label,  in profile_sk_perm()
257 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_bind_perm()
288 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_listen_perm()
303 					    ad->subj_cred, &profile->label,  in profile_listen_perm()
325 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_accept_perm()
338 					    ad->subj_cred, &profile->label,  in profile_accept_perm()
355 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_opt_perm()
369 					    ad->subj_cred, &profile->label,  in profile_opt_perm()
387 /* null peer_label is allowed, in which case the peer_sk label is used */
395 	struct aa_ruleset *rules = profile->label.rules[0];  in profile_peer_perm()
411 					    &profile->label, peer_path);  in profile_peer_perm()
414 					    &profile->label, path);  in profile_peer_perm()
429 int aa_unix_create_perm(struct aa_label *label, int family, int type,  in aa_unix_create_perm()  argument
432 	if (!unconfined(label)) {  in aa_unix_create_perm()
437 		return fn_for_each_confined(label, profile,  in aa_unix_create_perm()
446 				 struct aa_label *label,  in aa_unix_label_sk_perm()  argument
450 	if (!unconfined(label)) {  in aa_unix_label_sk_perm()
454 		return fn_for_each_confined(label, profile,  in aa_unix_label_sk_perm()
464 	struct aa_label *label;  in aa_unix_sock_perm()  local
467 	label = begin_current_label_crit_section();  in aa_unix_sock_perm()
468 	error = aa_unix_label_sk_perm(current_cred(), label, op,  in aa_unix_sock_perm()
471 	end_current_label_crit_section(label);  in aa_unix_sock_perm()
491 	struct aa_label *label;  in aa_unix_bind_perm()  local
498 	label = begin_current_label_crit_section();  in aa_unix_bind_perm()
500 	if (!unconfined(label)) {  in aa_unix_bind_perm()
506 		error = fn_for_each_confined(label, profile,  in aa_unix_bind_perm()
509 	end_current_label_crit_section(label);  in aa_unix_bind_perm()
530 	struct aa_label *label;  in aa_unix_listen_perm()  local
533 	label = begin_current_label_crit_section();  in aa_unix_listen_perm()
534 	if (!unconfined(label)) {  in aa_unix_listen_perm()
537 		error = fn_for_each_confined(label, profile,  in aa_unix_listen_perm()
541 	end_current_label_crit_section(label);  in aa_unix_listen_perm()
551 	struct aa_label *label;  in aa_unix_accept_perm()  local
554 	label = begin_current_label_crit_section();  in aa_unix_accept_perm()
555 	if (!unconfined(label)) {  in aa_unix_accept_perm()
558 		error = fn_for_each_confined(label, profile,  in aa_unix_accept_perm()
561 	end_current_label_crit_section(label);  in aa_unix_accept_perm()
584 	struct aa_label *label;  in aa_unix_opt_perm()  local
587 	label = begin_current_label_crit_section();  in aa_unix_opt_perm()
588 	if (!unconfined(label)) {  in aa_unix_opt_perm()
591 		error = fn_for_each_confined(label, profile,  in aa_unix_opt_perm()
595 	end_current_label_crit_section(label);  in aa_unix_opt_perm()
601 			  struct aa_label *label, const char *op, u32 request,  in unix_peer_perm()  argument
612 	return fn_for_each_confined(label, profile,  in unix_peer_perm()
624 		      struct aa_label *label, const char *op, u32 request,  in aa_unix_peer_perm()  argument
633 	AA_BUG(!label);  in aa_unix_peer_perm()
638 	return unix_peer_perm(subj_cred, label, op, request, sk,  in aa_unix_peer_perm()
646 static void update_sk_ctx(struct sock *sk, struct aa_label *label,  in update_sk_ctx()  argument
657 	  !__aa_subj_label_is_cached(label, rcu_dereference(ctx->label));  in update_sk_ctx()
663 	old = rcu_dereference_protected(ctx->label,  in update_sk_ctx()
665 	l = aa_label_merge(old, label, GFP_ATOMIC);  in update_sk_ctx()
668 			rcu_assign_pointer(ctx->label, l);  in update_sk_ctx()
688 			    struct aa_label *label)  in update_peer_ctx()  argument
695 	l = aa_label_merge(old, label, GFP_ATOMIC);  in update_peer_ctx()
709 int aa_unix_file_perm(const struct cred *subj_cred, struct aa_label *label,  in aa_unix_file_perm()  argument
722 	AA_BUG(!label);  in aa_unix_file_perm()
744 			error = aa_unix_label_sk_perm(subj_cred, label, op,  in aa_unix_file_perm()
758 			   unix_fs_perm(op, request, subj_cred, label,  in aa_unix_file_perm()
765 		plabel = aa_get_label_rcu(&pctx->label);  in aa_unix_file_perm()
771 			xcheck(unix_peer_perm(subj_cred, label, op,  in aa_unix_file_perm()
784 					      label)));  in aa_unix_file_perm()
785 		if (!error && !__aa_subj_label_is_cached(plabel, label))  in aa_unix_file_perm()
786 			update_peer_ctx(peer_sk, pctx, label);  in aa_unix_file_perm()
794 		update_sk_ctx(sock->sk, label, plabel);  in aa_unix_file_perm()