| policy.h (e844fe9b51c984472ea98be3b2d1201ba9ee3213) | policy.h (33fc95d8293cfca352ac875668857293e22d7d51) |
|---|---|
| 1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor policy definitions. 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. --- 64 unchanged lines hidden (view full) --- 73/* struct aa_policydb - match engine for a policy 74 * dfa: dfa pattern match 75 * start: set of start states for the different classes of data 76 */ 77struct aa_policydb { 78 struct aa_dfa *dfa; 79 struct aa_perms *perms; 80 struct aa_domain trans; | 1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor policy definitions. 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. --- 64 unchanged lines hidden (view full) --- 73/* struct aa_policydb - match engine for a policy 74 * dfa: dfa pattern match 75 * start: set of start states for the different classes of data 76 */ 77struct aa_policydb { 78 struct aa_dfa *dfa; 79 struct aa_perms *perms; 80 struct aa_domain trans; |
| 81 unsigned int start[AA_CLASS_LAST + 1]; | 81 aa_state_t start[AA_CLASS_LAST + 1]; |
| 82}; 83 84static inline void aa_destroy_policydb(struct aa_policydb *policy) 85{ 86 aa_put_dfa(policy->dfa); 87 if (policy->perms) 88 kvfree(policy->perms); 89 aa_free_domain_entries(&policy->trans); 90 91} 92 93static inline struct aa_perms *aa_lookup_perms(struct aa_policydb *policy, | 82}; 83 84static inline void aa_destroy_policydb(struct aa_policydb *policy) 85{ 86 aa_put_dfa(policy->dfa); 87 if (policy->perms) 88 kvfree(policy->perms); 89 aa_free_domain_entries(&policy->trans); 90 91} 92 93static inline struct aa_perms *aa_lookup_perms(struct aa_policydb *policy, |
| 94 unsigned int state) | 94 aa_state_t state) |
| 95{ 96 unsigned int index = ACCEPT_TABLE(policy->dfa)[state]; 97 98 if (!(policy->perms)) 99 return &default_perms; 100 101 return &(policy->perms[index]); 102} --- 131 unchanged lines hidden (view full) --- 234 * 235 * Requires: @p must be held with a valid refcount 236 */ 237static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p) 238{ 239 return labels_profile(aa_get_newest_label(&p->label)); 240} 241 | 95{ 96 unsigned int index = ACCEPT_TABLE(policy->dfa)[state]; 97 98 if (!(policy->perms)) 99 return &default_perms; 100 101 return &(policy->perms[index]); 102} --- 131 unchanged lines hidden (view full) --- 234 * 235 * Requires: @p must be held with a valid refcount 236 */ 237static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p) 238{ 239 return labels_profile(aa_get_newest_label(&p->label)); 240} 241 |
| 242static inline unsigned int PROFILE_MEDIATES(struct aa_profile *profile, | 242static inline aa_state_t PROFILE_MEDIATES(struct aa_profile *profile, |
| 243 unsigned char class) 244{ 245 if (class <= AA_CLASS_LAST) 246 return profile->policy.start[class]; 247 else 248 return aa_dfa_match_len(profile->policy.dfa, 249 profile->policy.start[0], &class, 1); 250} 251 | 243 unsigned char class) 244{ 245 if (class <= AA_CLASS_LAST) 246 return profile->policy.start[class]; 247 else 248 return aa_dfa_match_len(profile->policy.dfa, 249 profile->policy.start[0], &class, 1); 250} 251 |
| 252static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile, 253 u16 AF) { 254 unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET); | 252static inline aa_state_t PROFILE_MEDIATES_AF(struct aa_profile *profile, 253 u16 AF) { 254 aa_state_t state = PROFILE_MEDIATES(profile, AA_CLASS_NET); |
| 255 __be16 be_af = cpu_to_be16(AF); 256 257 if (!state) | 255 __be16 be_af = cpu_to_be16(AF); 256 257 if (!state) |
| 258 return 0; | 258 return DFA_NOMATCH; |
| 259 return aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2); 260} 261 262/** 263 * aa_get_profile - increment refcount on profile @p 264 * @p: profile (MAYBE NULL) 265 * 266 * Returns: pointer to @p if @p is NULL will return NULL --- 71 unchanged lines hidden --- | 259 return aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2); 260} 261 262/** 263 * aa_get_profile - increment refcount on profile @p 264 * @p: profile (MAYBE NULL) 265 * 266 * Returns: pointer to @p if @p is NULL will return NULL --- 71 unchanged lines hidden --- |