Lines Matching refs:perms

109  * label_compound_match - find perms for full compound label
110  * @profile: profile to find perms for
116  * @perms: perms struct to set
121  * @perms should be preinitialized with allperms OR a previous permission
127 				struct aa_perms *perms)
146 	*perms = allperms;
158 	*perms = *(aa_lookup_fperms(rules->file, state, &cond));
159 	aa_apply_modes_to_perms(profile, perms);
160 	if ((perms->allow & request) != request)
166 	*perms = nullperms;
171  * label_components_match - find perms for all subcomponents of a label
172  * @profile: profile to find perms for
178  * @perms: an initialized perms struct to add accumulation to
183  * @perms should be preinitialized with allperms OR a previous permission
189 				  struct aa_perms *perms)
209 	/* no subcomponents visible - no change in perms */
215 	aa_perms_accum(perms, &tmp);
224 		aa_perms_accum(perms, &tmp);
227 	if ((perms->allow & request) != request)
233 	*perms = nullperms;
245  * @perms: Returns computed perms (NOT NULL)
251 		       struct aa_perms *perms)
255 	*perms = nullperms;
257 				     request, perms);
261 	*perms = allperms;
263 				      request, perms);
273  * @request: requested perms
275  * @perms: Returns computed perms (NOT NULL)
286 				struct aa_perms *perms)
289 		perms->allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC;
290 		perms->audit = perms->quiet = perms->kill = 0;
295 	return label_match(profile, target, stack, start, true, request, perms);
340 			perm = attach->xmatch->perms[index].allow;
425 			perm = attach->xmatch->perms[index].allow;
642 	struct aa_perms perms = {};
675 	state = aa_str_perms(rules->file, state, name, cond, &perms);
676 	if (perms.allow & MAY_EXEC) {
678 		new = x_to_label(profile, bprm, name, perms.xindex, &target,
687 			perms.allow &= ~MAY_EXEC;
702 		perms.xindex |= AA_X_UNSAFE;
711 	if (!(perms.xindex & AA_X_UNSAFE)) {
722 	aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name,
742 	struct aa_perms perms = {};
774 	state = aa_str_perms(rules->file, state, xname, cond, &perms);
775 	if (!(perms.allow & AA_MAY_ONEXEC)) {
785 				     state, &perms);
787 		perms.allow &= ~AA_MAY_ONEXEC;
791 	if (!(perms.xindex & AA_X_UNSAFE)) {
802 	return aa_audit_file(subj_cred, profile, &perms, OP_EXEC,
1183 	struct aa_perms perms = {};
1278 	perms.kill = AA_MAY_CHANGEHAT;
1282 		aa_audit_file(subj_cred, profile, &perms, OP_CHANGE_HAT,
1294 					u32 request, struct aa_perms *perms)
1304 					     perms);
1306 		error = aa_audit_file(subj_cred, profile, perms, op, request,
1333 	struct aa_perms perms = {};
1389 		perms.audit = request;
1391 				aa_audit_file(subj_cred, profile, &perms, op,
1394 		perms.audit = 0;
1430 	 * TODO: currently requiring perms for stacking and straight change
1440 						     request, &perms));
1493 			perms.allow = 0;
1510 				      profile, &perms, op, request, auditname,