policy_unpack.c - OpenGrok cross reference for /linux/security/apparmor/policy

Lines Matching refs:profile
53  * @new: profile if it has been allocated (MAYBE NULL)
54  * @ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)
55  * @name: name of the profile being manipulated (MAYBE NULL)
66 	struct aa_profile *profile = labels_profile(aa_current_raw_label());
78 	return aa_audit(AUDIT_APPARMOR_STATUS, profile, &ad, audit_cb);
453  * unpack_trans_table - unpack a profile transition table
534 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile)
544 		profile->attach.xattr_count = size;
545 		profile->attach.xattrs = kcalloc(size, sizeof(char *), GFP_KERNEL);
546 		if (!profile->attach.xattrs)
549 			if (!aa_unpack_strdup(e, &profile->attach.xattrs[i], NULL))
779 		*info = "failed to unpack profile transition table";
814  * unpack_profile - unpack a serialized profile
818  * NOTE: unpack profile sets audit struct if there is a failure
823 	struct aa_profile *profile = NULL;
825 	const char *info = "failed to unpack profile";
837 	if (!aa_unpack_nameX(e, AA_STRUCT, "profile"))
847 			info = "empty profile name";
859 	profile = aa_alloc_profile(name, NULL, GFP_KERNEL);
860 	if (!profile) {
865 	rules = list_first_entry(&profile->rules, typeof(*rules), list);
867 	/* profile renaming is optional */
868 	(void) aa_unpack_str(e, &profile->rename, "rename");
871 	(void) aa_unpack_str(e, &profile->attach.xmatch_str, "attach");
874 	error = unpack_pdb(e, &profile->attach.xmatch, false, false, &info);
881 	if (profile->attach.xmatch->dfa) {
886 		profile->attach.xmatch_len = tmp;
887 		profile->attach.xmatch->start[AA_CLASS_XMATCH] = DFA_START;
888 		if (!profile->attach.xmatch->perms) {
889 			error = aa_compat_map_xmatch(profile->attach.xmatch);
899 	profile->disconnected = disconnected;
901 	/* per profile debug flags (complain, audit) */
903 		info = "profile missing flags";
906 	info = "failed to unpack profile flags";
910 		profile->label.flags |= FLAG_HAT;
912 		profile->label.flags |= FLAG_DEBUG1;
914 		profile->label.flags |= FLAG_DEBUG2;
918 		profile->mode = APPARMOR_COMPLAIN;
920 		profile->mode = APPARMOR_ENFORCE;
922 		profile->mode = APPARMOR_KILL;
924 		profile->mode = APPARMOR_UNCONFINED;
925 		profile->label.flags |= FLAG_UNCONFINED;
927 		profile->mode = APPARMOR_USER;
934 		profile->audit = AUDIT_ALL;
940 	if (aa_unpack_u32(e, &profile->path_flags, "path_flags"))
941 		profile->path_flags |= profile->label.flags &
945 		profile->path_flags = PATH_MEDIATE_DELETED;
947 	info = "failed to unpack profile capabilities";
957 	info = "failed to unpack upper profile capabilities";
972 	info = "failed to unpack extended profile capabilities";
983 	if (!unpack_xattrs(e, profile)) {
984 		info = "failed to unpack profile xattrs";
989 		info = "failed to unpack profile rlimits";
994 		info = "failed to unpack profile secmark rules";
1048 		profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL);
1049 		if (!profile->data) {
1060 		if (rhashtable_init(profile->data, &params)) {
1083 			if (rhashtable_insert_fast(profile->data, &data->head,
1084 						   profile->data->p)) {
1100 		info = "failed to unpack end of profile";
1104 	return profile;
1114 	if (profile)
1118 	audit_iface(profile, NULL, name, info, e, error);
1119 	aa_free_profile(profile);
1141 			audit_iface(NULL, NULL, NULL, "invalid profile format",
1237  * verify_profile - Do post unpack analysis to verify profile consistency
1238  * @profile: profile to verify (NOT NULL)
1244 static int verify_profile(struct aa_profile *profile)
1246 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
1253 		audit_iface(profile, NULL, NULL,
1260 		audit_iface(profile, NULL, NULL,
1267 		audit_iface(profile, NULL, NULL,
1272 		audit_iface(profile, NULL, NULL,
1276 	if (!verify_perms(profile->attach.xmatch)) {
1277 		audit_iface(profile, NULL, NULL,
1402  * aa_unpack - unpack packed binary profile(s) data loaded from user space
1405  * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
1407  * Unpack user data and return refcounted allocated profile(s) stored in
1411  * Returns: profile(s) on @lh else error pointer if fails to unpack
1417 	struct aa_profile *profile = NULL;
1434 		profile = unpack_profile(&e, &ns_name);
1435 		if (IS_ERR(profile)) {
1436 			error = PTR_ERR(profile);
1440 		error = verify_profile(profile);
1445 			error = aa_calc_profile_hash(profile, e.version, start,
1456 		ent->new = profile;
1480 	aa_put_profile(profile);