82  * @perms: the permissions computed for the request (NOT NULL)
95 		  struct aa_profile *profile, struct aa_perms *perms,
114 		u32 mask = perms->audit;
119 		/* mask off perms that are not being force audited */
127 		ad.request = ad.request & ~perms->allow;
130 		if (ad.request & perms->kill)
134 		if ((ad.request & perms->quiet) &&
137 			ad.request &= ~perms->quiet;
143 	ad.denied = ad.request & ~perms->allow;
184  * aa_lookup_fperms - convert dfa compressed perms to internal perms
185  * @file_rules: the aa_policydb to lookup perms for  (NOT NULL)
198 	if (!(file_rules->perms))
202 		return &(file_rules->perms[index]);
204 	return &(file_rules->perms[index + 1]);
213  * @perms: Returns - the permissions found when matching @name
219 			struct aa_perms *perms)
223 	*perms = *(aa_lookup_fperms(file_rules, state, cond));
231 			  struct aa_perms *perms)
240 		     name, cond, perms);
241 	if (request & ~perms->allow)
244 			     profile, perms, op, request, name, NULL, NULL,
253 			     struct aa_perms *perms)
267 			      flags, perms);
287 	struct aa_perms perms = {};
299 					  request, cond, flags, &perms));
335 	struct aa_perms lperms = {}, perms;
365 	aa_str_perms(rules->file, state, tname, cond, &perms);
370 	lperms.audit = perms.audit;
371 	lperms.quiet = perms.quiet;
372 	lperms.kill = perms.kill;
374 	if (!(perms.allow & AA_MAY_LINK)) {
376 		lperms = perms;
381 	if (!(perms.allow & AA_LINK_SUBSET))
388 		     tname, cond, &perms);
392 	lperms.allow &= perms.allow | AA_MAY_LINK;
394 	request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);
398 		   !xindex_is_subset(lperms.xindex, perms.xindex)) {
490 	struct aa_perms perms = {};
514 					  request, &cond, flags, &perms));
520 		 * TODO: cache full perms so this only happens because of
529 						  &perms));
535 						  &perms));

Indexes created Thu May 02 11:06:28 MDT 2024