#include "include/apparmor.h"
#include "include/audit.h"
#include "include/file.h"
#include "include/match.h"
#include "include/path.h"
#include "include/policy.h"

Functions
: name of object being mediated (MAYBE NULL)
aa_audit_file - handle the auditing of file operations : the profile being enforced (NOT NULL) : the permissions computed for the request (NOT NULL) : allocation flags : operation being mediated : permissions requested : name of target (MAYBE NULL) : object uid : extra information message (MAYBE NULL) : 0 if operation allowed else failure error code Returns: %0 or error on failure
int	aa_audit_file (struct aa_profile profile, struct file_perms perms, gfp_t gfp, int op, u32 request, const char name, const char target, kuid_t ouid, const char *info, int error)


unsigned int	aa_str_perms (struct aa_dfa dfa, unsigned int start, const char name, struct path_cond cond, struct file_perms perms)

int	aa_path_perm (int op, struct aa_profile profile, struct path path, int flags, u32 request, struct path_cond *cond)

int	aa_path_link (struct aa_profile profile, struct dentry old_dentry, struct path new_dir, struct dentry new_dentry)

int	aa_file_perm (int op, struct aa_profile profile, struct file file, u32 request)

Variables
struct file_perms	nullperms

Detailed Description

aa_file_perm - do permission revalidation check & audit for : operation being checked : profile being enforced (NOT NULL)

Definition in file file.c.

Function Documentation

int aa_audit_file	(	struct aa_profile *	profile,
		struct file_perms *	perms,
		gfp_t	gfp,
		int	op,
		u32	request,
		const char *	name,
		const char *	target,
		kuid_t	ouid,
		const char *	info,
		int	error
	)

Definition at line 106 of file file.c.

int aa_file_perm	(	int	op,
		struct aa_profile *	profile,
		struct file *	file,
		u32	request
	)

Definition at line 448 of file file.c.

int aa_path_link	(	struct aa_profile *	profile,
		struct dentry *	old_dentry,
		struct path *	new_dir,
		struct dentry *	new_dentry
	)

aa_path_link - Handle hard link permission check : the profile being enforced (NOT NULL) : the target dentry (NOT NULL) : directory the new link will be created in (NOT NULL) : the link being created (NOT NULL)

Handle the permission test for a link & target pair. Permission is encoded as a pair where the link permission is determined first, and if allowed, the target is tested. The target test is done from the point of the link match (not start of DFA) making the target permission dependent on the link permission match.

The subset test if required forces that permissions granted on link are a subset of the permission granted to target.

Returns: %0 if allowed else error

Definition at line 348 of file file.c.

int aa_path_perm	(	int	op,
		struct aa_profile *	profile,
		struct path *	path,
		int	flags,
		u32	request,
		struct path_cond *	cond
	)

aa_path_perm - do permissions check & audit for : operation being checked : profile being enforced (NOT NULL) : path to check permissions of (NOT NULL) : any additional path flags beyond what the profile specifies : requested permissions : conditional info for this request (NOT NULL)

Returns: %0 else error if access denied or other error

Definition at line 278 of file file.c.

unsigned int aa_str_perms	(	struct aa_dfa *	dfa,
		unsigned int	start,
		const char *	name,
		struct path_cond *	cond,
		struct file_perms *	perms
	)

Definition at line 238 of file file.c.

Variable Documentation

struct file_perms nullperms

Definition at line 22 of file file.c.

Functions

Variables

Detailed Description

Function Documentation

Variable Documentation