Lines Matching refs:perms
20 #include "include/perms.h"
279 * aa_audit_perms_cb - generic callback fn for auditing perms
306 * aa_apply_modes_to_perms - apply namespace and profile flags to perms
307 * @profile: that perms where computed from
308 * @perms: perms to apply mode modifiers to
310 * TODO: split into profile and ns based flags for when accumulating perms
312 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms)
316 perms->audit = ALL_PERMS_MASK;
319 perms->quiet = 0;
322 perms->audit = 0;
325 perms->quiet = ALL_PERMS_MASK;
330 perms->kill = ALL_PERMS_MASK;
332 perms->complain = ALL_PERMS_MASK;
334 perms->prompt = ALL_PERMS_MASK;
340 int type, u32 request, struct aa_perms *perms)
348 aa_label_match(profile, rules, label, state, false, request, perms);
359 struct aa_perms perms;
365 &perms);
366 aa_apply_modes_to_perms(profile, &perms);
367 *deny |= request & perms.deny;
368 return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);
372 * aa_check_perms - do audit mode selection based on perms set
374 * @perms: perms computed for the request
375 * @request: requested perms
388 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
393 u32 denied = request & (~perms->allow | perms->deny);
396 /* mask off perms that are not being force audited */
397 request &= perms->audit;
406 if (denied & perms->kill)
408 else if (denied == (denied & perms->complain))
413 if (denied == (denied & perms->hide))
416 denied &= ~perms->quiet;