Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Functions
domain.c File Reference
#include <linux/errno.h>
#include <linux/fdtable.h>
#include <linux/file.h>
#include <linux/mount.h>
#include <linux/syscalls.h>
#include <linux/tracehook.h>
#include <linux/personality.h>
#include "include/audit.h"
#include "include/apparmorfs.h"
#include "include/context.h"
#include "include/domain.h"
#include "include/file.h"
#include "include/ipc.h"
#include "include/match.h"
#include "include/path.h"
#include "include/policy.h"

Go to the source code of this file.

Functions

void aa_free_domain_entries (struct aa_domain *domain)
 
: the name of the profile to change to (NOT NULL)

change_profile_perms - find permissions for change_profile : the current profile (NOT NULL) : the namespace being switched to (NOT NULL)

: requested perms : state to start matching in

Returns: permission set

- to match against (NOT NULL)

__attach_match_ - find an attachment match

- profile list to walk (NOT NULL)

Do a linear search on the profiles in the list. There is a matching preference where an exact match is preferred over a name which uses expressions to match, and matching expressions with the greatest xmatch_len are preferred.

Requires: not be shared or have appropriate locks held

Returns: profile or NULL if no match found

: the executable name to match against (NOT NULL)

find_attach - do attachment search for unconfined processes : the current namespace (NOT NULL) : list to search (NOT NULL)

Returns: profile or NULL if no match found

: name to lookup (NOT NULL)

x_to_profile - get target profile for a given xindex : current profile (NOT NULL)

: index into x transition table

find profile for a transition index

Returns: refcounted profile or NULL if not found available

int apparmor_bprm_set_creds (struct linux_binprm *bprm)
 
int apparmor_bprm_secureexec (struct linux_binprm *bprm)
 
void apparmor_bprm_committing_creds (struct linux_binprm *bprm)
 
void apparmor_bprm_committed_creds (struct linux_binprm *bprm)
 
int aa_change_hat (const char *hats[], int count, u64 token, bool permtest)
 
isn't specified the current profile name is

used. If then the transition is delayed until the next exec.

Returns %0 on success, error otherwise.

int aa_change_profile (const char *ns_name, const char *hname, bool onexec, bool permtest)
 

Function Documentation

int aa_change_hat ( const char hats[],
int  count,
u64  token,
bool  permtest 
)

aa_change_hat - change hat to/from subprofile : vector of hat names to try changing into (MAYBE NULL if == 0) : number of hat names in : magic value to validate the hat change : true if this is just a permission test

Change to the first profile specified in that exists, and store the in the current task context. If the count == 0 and the matches that stored in the current task context, return to the top level profile.

Returns %0 on success, error otherwise.

Definition at line 616 of file domain.c.

int aa_change_profile ( const char ns_name,
const char hname,
bool  onexec,
bool  permtest 
)

Definition at line 749 of file domain.c.

void aa_free_domain_entries ( struct aa_domain domain)

aa_free_domain_entries - free entries in a domain table : the domain table to free (MAYBE NULL)

Definition at line 37 of file domain.c.

void apparmor_bprm_committed_creds ( struct linux_binprm bprm)

apparmor_bprm_commited_cred - do cleanup after new creds committed : binprm for the exec (NOT NULL)

Definition at line 577 of file domain.c.

void apparmor_bprm_committing_creds ( struct linux_binprm bprm)

apparmor_bprm_committing_creds - do task cleanup on committing new creds : binprm for the exec (NOT NULL)

Definition at line 557 of file domain.c.

int apparmor_bprm_secureexec ( struct linux_binprm bprm)

apparmor_bprm_secureexec - determine if secureexec is needed : binprm for exec (NOT NULL)

Returns: %1 if secureexec is needed else %0

Definition at line 540 of file domain.c.

int apparmor_bprm_set_creds ( struct linux_binprm bprm)

apparmor_bprm_set_creds - set the new creds on the bprm struct : binprm for the exec (NOT NULL)

Returns: %0 or error on failure

Definition at line 343 of file domain.c.