#include "domain.h"
#include "match.h"
Go to the source code of this file.
|
| int | aa_audit_file (struct aa_profile *profile, struct file_perms *perms, gfp_t gfp, int op, u32 request, const char *name, const char *target, kuid_t ouid, const char *info, int error) |
| |
| unsigned int | aa_str_perms (struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms) |
| |
| int | aa_path_perm (int op, struct aa_profile *profile, struct path *path, int flags, u32 request, struct path_cond *cond) |
| |
| int | aa_path_link (struct aa_profile *profile, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) |
| |
| int | aa_file_perm (int op, struct aa_profile *profile, struct file *file, u32 request) |
| |
| #define AA_AUDIT_FILE_MASK |
Value:
Definition at line 44 of file file.h.
| #define AA_EXEC_MMAP 0x0800 |
| #define AA_MAY_CHANGE_PROFILE 0x80000000 |
| #define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */ |
| #define AA_MAY_CHMOD 0x0100 |
| #define AA_MAY_CHOWN 0x0200 |
| #define AA_MAY_CREATE 0x0010 |
| #define AA_MAY_DELETE 0x0020 |
| #define AA_MAY_LINK 0x1000 |
| #define AA_MAY_LOCK 0x0400 |
| #define AA_MAY_META_READ 0x0080 |
| #define AA_MAY_META_WRITE 0x0040 |
| #define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */ |
| #define AA_SECURE_X_NEEDED 0x8000 |
| #define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ |
| #define AA_X_INDEX_MASK 0x03ff |
| #define AA_X_INHERIT 0x4000 |
| #define AA_X_NAME 0x0400 /* use executable name px */ |
| #define AA_X_TABLE 0x0800 /* use a specified name ->n# */ |
| #define AA_X_TYPE_MASK 0x0c00 |
| #define AA_X_TYPE_SHIFT 10 |
| #define AA_X_UNCONFINED 0x8000 |
| #define AA_X_UNSAFE 0x1000 |
| #define ACC_FMODE |
( |
|
x | ) |
(("\000\004\002\006"[(x)&O_ACCMODE]) | (((x) << 1) & 0x40)) |
| #define COMBINED_PERM_MASK |
( |
|
X | ) |
((X).allow | (X).audit | (X).quiet | (X).kill) |
| #define dfa_other_allow |
( |
|
dfa, |
|
|
|
state |
|
) |
| |
Value:
Definition at line 138 of file file.h.
| #define dfa_user_allow |
( |
|
dfa, |
|
|
|
state |
|
) |
| |
Value:
Definition at line 131 of file file.h.
| #define MAP_OPEN_FLAGS |
( |
|
x | ) |
((((x) + 1) & O_ACCMODE) ? (x) + 1 : (x)) |
aa_path_link - Handle hard link permission check : the profile being enforced (NOT NULL) : the target dentry (NOT NULL) : directory the new link will be created in (NOT NULL) : the link being created (NOT NULL)
Handle the permission test for a link & target pair. Permission is encoded as a pair where the link permission is determined first, and if allowed, the target is tested. The target test is done from the point of the link match (not start of DFA) making the target permission dependent on the link permission match.
The subset test if required forces that permissions granted on link are a subset of the permission granted to target.
Returns: %0 if allowed else error
Definition at line 348 of file file.c.
aa_path_perm - do permissions check & audit for : operation being checked : profile being enforced (NOT NULL) : path to check permissions of (NOT NULL) : any additional path flags beyond what the profile specifies : requested permissions : conditional info for this request (NOT NULL)
Returns: %0 else error if access denied or other error
Definition at line 278 of file file.c.
1.8.2