117  * @profile: the profile being enforced  (NOT NULL)
133 		       struct aa_profile *profile, const char *op,
145 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
163 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&
164 		    AUDIT_MODE(profile) != AUDIT_ALL)
182 	return aa_audit(audit_type, profile, &ad, audit_cb);
279 static int path_flags(struct aa_profile *profile, const struct path *path)
281 	AA_BUG(!profile);
284 	return profile->path_flags |
291  * @profile: the confining profile
304 			      struct aa_profile *profile,
312 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
316 	AA_BUG(!profile);
323 	error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,
324 			     &mntpnt, &info, profile->disconnected);
345 	return audit_mount(subj_cred, profile, OP_MOUNT, mntpnt, devname,
353  * @profile: the confining profile
366 		     struct aa_profile *profile, const struct path *path,
372 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
376 	AA_BUG(!profile);
383 		error = aa_path_name(devpath, path_flags(profile, devpath),
385 				     profile->disconnected);
390 	return match_mnt_path_str(subj_cred, profile, path, buffer, devname,
398 	struct aa_profile *profile;
411 	error = fn_for_each_confined(label, profile,
412 			match_mnt(subj_cred, profile, path, buffer, NULL,
424 	struct aa_profile *profile;
447 	error = fn_for_each_confined(label, profile,
448 			match_mnt(subj_cred, profile, path, buffer, &old_path,
462 	struct aa_profile *profile;
476 	error = fn_for_each_confined(label, profile,
477 			match_mnt(subj_cred, profile, path, buffer, NULL,
489 	struct aa_profile *profile;
506 	error = fn_for_each_confined(label, profile,
507 			match_mnt(subj_cred, profile, to_path, to_buffer,
539 	struct aa_profile *profile;
581 		error = fn_for_each_confined(label, profile,
582 				match_mnt(subj_cred, profile, path, buffer,
586 		error = fn_for_each_confined(label, profile,
587 				match_mnt_path_str(subj_cred, profile, path,
602 			  struct aa_profile *profile, const struct path *path,
605 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
612 	AA_BUG(!profile);
618 	error = aa_path_name(path, path_flags(profile, path), buffer, &name,
619 			     &info, profile->disconnected);
631 	return audit_mount(subj_cred, profile, OP_UMOUNT, name, NULL, NULL,
639 	struct aa_profile *profile;
651 	error = fn_for_each_confined(label, profile,
652 			profile_umount(subj_cred, profile, &path, buffer));
663 					struct aa_profile *profile,
669 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
677 	AA_BUG(!profile);
681 	if (profile_unconfined(profile) ||
683 		return aa_get_newest_label(&profile->label);
685 	error = aa_path_name(old_path, path_flags(profile, old_path),
687 			     profile->disconnected);
690 	error = aa_path_name(new_path, path_flags(profile, new_path),
692 			     profile->disconnected);
708 	error = audit_mount(subj_cred, profile, OP_PIVOTROOT, new_name,
715 	return aa_get_newest_label(&profile->label);
722 	struct aa_profile *profile;
736 	target = fn_label_build(label, profile, GFP_KERNEL,
737 			build_pivotroot(subj_cred, profile, new_path,
763 	error = fn_for_each(label, profile,
764 			audit_mount(subj_cred, profile, OP_PIVOTROOT,

Indexes created Sat Jun 01 22:14:01 MDT 2024