• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /netgear-R7000-V1.0.7.12_1.2.5/components/opensource/linux/linux-2.6.36/security/apparmor/

Lines Matching defs:policy

14 #include "include/policy.h"
46  * policy_init - initialize a policy structure
47  * @policy: policy to initialize  (NOT NULL)
49  * @name: name of the policy, init will make a copy of it  (NOT NULL)
53  * Returns: true if policy init successful
55 static bool policy_init(struct aa_policy *policy, const char *prefix,
60 		policy->hname = kmalloc(strlen(prefix) + strlen(name) + 3,
62 		if (policy->hname)
63 			sprintf(policy->hname, "%s//%s", prefix, name);
65 		policy->hname = kstrdup(name, GFP_KERNEL);
66 	if (!policy->hname)
69 	policy->name = (char *)hname_tail(policy->hname);
70 	INIT_LIST_HEAD(&policy->list);
71 	INIT_LIST_HEAD(&policy->profiles);
72 	kref_init(&policy->count);
78  * policy_destroy - free the elements referenced by @policy
79  * @policy: policy that is to have its elements freed  (NOT NULL)
81 static void policy_destroy(struct aa_policy *policy)
84 	if (!list_empty(&policy->profiles)) {
86 			 "policy '%s' still contains profiles\n",
87 			 __func__, policy->name);
90 	if (!list_empty(&policy->list)) {
91 		AA_ERROR("%s: internal error, policy '%s' still on list\n",
92 			 __func__, policy->name);
97 	kzfree(policy->hname);
101  * __policy_find - find a policy by @name on a policy list
107  * Returns: unrefcounted policy that match @name or NULL if not found
111 	struct aa_policy *policy;
113 	list_for_each_entry(policy, head, list) {
114 		if (!strcmp(policy->name, name))
115 			return policy;
121  * __policy_strn_find - find a policy that's name matches @len chars of @str
128  * Returns: unrefcounted policy that match @str or NULL if not found
131  * other wise it allows searching for policy by a partial match of name
136 	struct aa_policy *policy;
138 	list_for_each_entry(policy, head, list) {
139 		if (aa_strneq(policy->name, str, len))
140 			return policy;
416 	struct aa_policy *policy;
420 		policy = &old->parent->base;
422 		policy = &old->ns->base;
428 	__list_add_profile(&policy->profiles, new);
759  * Returns: unrefcounted policy or NULL if not found
764 	struct aa_policy *policy;
768 	policy = &ns->base;
771 		profile = __strn_find_child(&policy->profiles, hname,
775 		policy = &profile->base;
862  * @policy: the policy container to add the profile to  (NOT NULL)
867 static void __add_new_profile(struct aa_namespace *ns, struct aa_policy *policy,
870 	if (policy != &ns->base)
872 		profile->parent = aa_get_profile((struct aa_profile *) policy);
873 	__list_add_profile(&policy->profiles, profile);
880  * aa_audit_policy - Do auditing of policy changes
881  * @op: policy operation being performed
904  * aa_may_manage_policy - can the current task manage policy
905  * @op: the policy manipulation operation being done
907  * Returns: true if the task is allowed to manipulate policy
911 	/* check if loading policy is locked out */
918 		audit_policy(op, GFP_KERNEL, NULL, "not policy admin", -EACCES);
939 	struct aa_policy *policy;
967 	/* no ref on policy only use inside lock */
968 	policy = __lookup_parent(ns, new_profile->base.hname);
970 	if (!policy) {
976 	old_profile = __find_child(&policy->profiles, new_profile->base.name);
1020 			__add_new_profile(ns, policy, new_profile);