#include <linux/errno.h>
#include <linux/fdtable.h>
#include <linux/file.h>
#include <linux/mount.h>
#include <linux/syscalls.h>
#include <linux/tracehook.h>
#include <linux/personality.h>
#include "include/audit.h"
#include "include/apparmorfs.h"
#include "include/context.h"
#include "include/domain.h"
#include "include/file.h"
#include "include/ipc.h"
#include "include/match.h"
#include "include/path.h"
#include "include/policy.h"

Functions
void	aa_free_domain_entries (struct aa_domain *domain)

: the name of the profile to change to (NOT NULL)
change_profile_perms - find permissions for change_profile : the current profile (NOT NULL) : the namespace being switched to (NOT NULL) : requested perms : state to start matching in Returns: permission set
- to match against (NOT NULL)
__attach_match_ - find an attachment match - profile list to walk (NOT NULL) Do a linear search on the profiles in the list. There is a matching preference where an exact match is preferred over a name which uses expressions to match, and matching expressions with the greatest xmatch_len are preferred. Requires: not be shared or have appropriate locks held Returns: profile or NULL if no match found
: the executable name to match against (NOT NULL)
find_attach - do attachment search for unconfined processes : the current namespace (NOT NULL) : list to search (NOT NULL) Returns: profile or NULL if no match found
: name to lookup (NOT NULL)
x_to_profile - get target profile for a given xindex : current profile (NOT NULL) : index into x transition table find profile for a transition index Returns: refcounted profile or NULL if not found available
int	apparmor_bprm_set_creds (struct linux_binprm *bprm)

int	apparmor_bprm_secureexec (struct linux_binprm *bprm)

void	apparmor_bprm_committing_creds (struct linux_binprm *bprm)

void	apparmor_bprm_committed_creds (struct linux_binprm *bprm)

int	aa_change_hat (const char *hats[], int count, u64 token, bool permtest)

isn't specified the current profile name is
used. If then the transition is delayed until the next exec. Returns %0 on success, error otherwise.
int	aa_change_profile (const char ns_name, const char hname, bool onexec, bool permtest)

Function Documentation

int aa_change_hat	(	const char *	hats[],
		int	count,
		u64	token,
		bool	permtest
	)

aa_change_hat - change hat to/from subprofile : vector of hat names to try changing into (MAYBE NULL if == 0) : number of hat names in : magic value to validate the hat change : true if this is just a permission test

Change to the first profile specified in that exists, and store the in the current task context. If the count == 0 and the matches that stored in the current task context, return to the top level profile.

Returns %0 on success, error otherwise.

Definition at line 616 of file domain.c.

int aa_change_profile	(	const char *	ns_name,
		const char *	hname,
		bool	onexec,
		bool	permtest
	)

Definition at line 749 of file domain.c.

void aa_free_domain_entries ( struct aa_domain * domain )

aa_free_domain_entries - free entries in a domain table : the domain table to free (MAYBE NULL)

Definition at line 37 of file domain.c.

void apparmor_bprm_committed_creds ( struct linux_binprm * bprm )

apparmor_bprm_commited_cred - do cleanup after new creds committed : binprm for the exec (NOT NULL)

Definition at line 577 of file domain.c.

void apparmor_bprm_committing_creds ( struct linux_binprm * bprm )

apparmor_bprm_committing_creds - do task cleanup on committing new creds : binprm for the exec (NOT NULL)

Definition at line 557 of file domain.c.

int apparmor_bprm_secureexec ( struct linux_binprm * bprm )

apparmor_bprm_secureexec - determine if secureexec is needed : binprm for exec (NOT NULL)

Returns: %1 if secureexec is needed else %0

Definition at line 540 of file domain.c.

int apparmor_bprm_set_creds ( struct linux_binprm * bprm )

apparmor_bprm_set_creds - set the new creds on the bprm struct : binprm for the exec (NOT NULL)

Returns: %0 or error on failure

Definition at line 343 of file domain.c.

Functions

Function Documentation