Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Variables
file.c File Reference
#include "include/apparmor.h"
#include "include/audit.h"
#include "include/file.h"
#include "include/match.h"
#include "include/path.h"
#include "include/policy.h"

Go to the source code of this file.

Functions

: name of object being mediated (MAYBE NULL)

aa_audit_file - handle the auditing of file operations : the profile being enforced (NOT NULL) : the permissions computed for the request (NOT NULL) : allocation flags : operation being mediated : permissions requested

: name of target (MAYBE NULL) : object uid : extra information message (MAYBE NULL) : 0 if operation allowed else failure error code

Returns: %0 or error on failure

int aa_audit_file (struct aa_profile *profile, struct file_perms *perms, gfp_t gfp, int op, u32 request, const char *name, const char *target, kuid_t ouid, const char *info, int error)
 
unsigned int aa_str_perms (struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms)
 
int aa_path_perm (int op, struct aa_profile *profile, struct path *path, int flags, u32 request, struct path_cond *cond)
 
int aa_path_link (struct aa_profile *profile, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry)
 
int aa_file_perm (int op, struct aa_profile *profile, struct file *file, u32 request)
 

Variables

struct file_perms nullperms
 

Detailed Description

aa_file_perm - do permission revalidation check & audit for : operation being checked : profile being enforced (NOT NULL)

Definition in file file.c.

Function Documentation

int aa_audit_file ( struct aa_profile profile,
struct file_perms perms,
gfp_t  gfp,
int  op,
u32  request,
const char name,
const char target,
kuid_t  ouid,
const char info,
int  error 
)

Definition at line 106 of file file.c.

int aa_file_perm ( int  op,
struct aa_profile profile,
struct file file,
u32  request 
)

Definition at line 448 of file file.c.

int aa_path_link ( struct aa_profile profile,
struct dentry old_dentry,
struct path new_dir,
struct dentry new_dentry 
)

aa_path_link - Handle hard link permission check : the profile being enforced (NOT NULL) : the target dentry (NOT NULL) : directory the new link will be created in (NOT NULL) : the link being created (NOT NULL)

Handle the permission test for a link & target pair. Permission is encoded as a pair where the link permission is determined first, and if allowed, the target is tested. The target test is done from the point of the link match (not start of DFA) making the target permission dependent on the link permission match.

The subset test if required forces that permissions granted on link are a subset of the permission granted to target.

Returns: %0 if allowed else error

Definition at line 348 of file file.c.

int aa_path_perm ( int  op,
struct aa_profile profile,
struct path path,
int  flags,
u32  request,
struct path_cond cond 
)

aa_path_perm - do permissions check & audit for : operation being checked : profile being enforced (NOT NULL) : path to check permissions of (NOT NULL) : any additional path flags beyond what the profile specifies : requested permissions : conditional info for this request (NOT NULL)

Returns: %0 else error if access denied or other error

Definition at line 278 of file file.c.

unsigned int aa_str_perms ( struct aa_dfa dfa,
unsigned int  start,
const char name,
struct path_cond cond,
struct file_perms perms 
)

Definition at line 238 of file file.c.

Variable Documentation

struct file_perms nullperms

Definition at line 22 of file file.c.