49  * aa_split_fqname - split a fqname into a profile and namespace name
50  * @fqname: a full qualified name in namespace profile format (NOT NULL)
53  * Returns: profile name or NULL if one is not specified
55  * Split a namespace name from a profile name (see policy.c for naming
77 			/* a ns name without a following profile is allowed */
130 			/* a ns name without a following profile is allowed */
142  * aa_info_message - log a none profile related status message
306  * aa_apply_modes_to_perms - apply namespace and profile flags to perms
307  * @profile: that perms where computed from
310  * TODO: split into profile and ns based flags for when accumulating perms
312 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms)
314 	switch (AUDIT_MODE(profile)) {
329 	if (KILL_MODE(profile))
331 	else if (COMPLAIN_MODE(profile))
333 	else if (USER_MODE(profile))
337 void aa_profile_match_label(struct aa_profile *profile,
348 	aa_label_match(profile, rules, label, state, false, request, perms);
353 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
357 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
364 	aa_profile_match_label(profile, rules, &target->label, type, request,
366 	aa_apply_modes_to_perms(profile, &perms);
368 	return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);
373  * @profile: profile being checked
381  * Note: profile audit modes need to be set before calling by setting the
388 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
422 		ad->subj_label = &profile->label;

Indexes created Sun Jun 23 19:15:37 MDT 2024