1 // SPDX-License-Identifier: GPL-2.0-only
7  * Copyright (C) 1998-2008 Novell/SUSE
8  * Copyright 2009-2010 Canonical Ltd.
36 			 rlim_names[ad->rlim.rlim], ad->rlim.max);  in audit_cb()
37 	if (ad->peer) {  in audit_cb()
39 		aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,  in audit_cb()
45  * audit_resource - audit setting resource limit
54  * Returns: 0 or ad->error else other error code on failure
75  * aa_map_resource - map compiled policy resource to internal #
92 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in profile_setrlimit()  local
93 						    typeof(*rules), list);  in profile_setrlimit()
96 	if (rules->rlimits.mask & (1 << resource) && new_rlim->rlim_max >  in profile_setrlimit()
97 	    rules->rlimits.limits[resource].rlim_max)  in profile_setrlimit()
98 		e = -EACCES;  in profile_setrlimit()
99 	return audit_resource(subj_cred, profile, resource, new_rlim->rlim_max,  in profile_setrlimit()
104  * aa_task_setrlimit - test permission to set an rlimit
128 	 * profiles.  AppArmor rules currently have the implicit assumption  in aa_task_setrlimit()
138 					       new_rlim->rlim_max, peer,  in aa_task_setrlimit()
139 					       "cap_sys_resource", -EACCES));  in aa_task_setrlimit()
150  * __aa_transition_rlimits - apply new profile rlimits
168 		struct aa_ruleset *rules = list_first_entry(&old->rules,  in __aa_transition_rlimits()  local
169 							    typeof(*rules),  in __aa_transition_rlimits()
171 		if (rules->rlimits.mask) {  in __aa_transition_rlimits()
176 				if (rules->rlimits.mask & mask) {  in __aa_transition_rlimits()
177 					rlim = current->signal->rlim + j;  in __aa_transition_rlimits()
178 					initrlim = init_task.signal->rlim + j;  in __aa_transition_rlimits()
179 					rlim->rlim_cur = min(rlim->rlim_max,  in __aa_transition_rlimits()
180 							    initrlim->rlim_cur);  in __aa_transition_rlimits()
188 		struct aa_ruleset *rules = list_first_entry(&new->rules,  in __aa_transition_rlimits()  local
189 							    typeof(*rules),  in __aa_transition_rlimits()
193 		if (!rules->rlimits.mask)  in __aa_transition_rlimits()
196 			if (!(rules->rlimits.mask & mask))  in __aa_transition_rlimits()
199 			rlim = current->signal->rlim + j;  in __aa_transition_rlimits()
200 			rlim->rlim_max = min(rlim->rlim_max,  in __aa_transition_rlimits()
201 					     rules->rlimits.limits[j].rlim_max);  in __aa_transition_rlimits()
203 			rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);  in __aa_transition_rlimits()