mount.c - OpenGrok cross reference for /openbmc/linux/security/apparmor/mount.c

Deleted Added

sdiffudifftextold (e844fe9b..)new (33fc95d8..)

mount.c (e844fe9b51c984472ea98be3b2d1201ba9ee3213)	mount.c (33fc95d8293cfca352ac875668857293e22d7d51)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor mediation of files 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2017 Canonical Ltd. --- 176 unchanged lines hidden (view full) --- 185 * @flags: mount flags to match against 186 * 187 * Mount flags are encoded as an ordered match. This is done instead of 188 * checking against a simple bitmask, to allow for logical operations 189 * on the flags. 190 * 191 * Returns: next state after flags match 192 */	1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor mediation of files 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2017 Canonical Ltd. --- 176 unchanged lines hidden (view full) --- 185 * @flags: mount flags to match against 186 * 187 * Mount flags are encoded as an ordered match. This is done instead of 188 * checking against a simple bitmask, to allow for logical operations 189 * on the flags. 190 * 191 * Returns: next state after flags match 192 */
193static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state,	193static aa_state_t match_mnt_flags(struct aa_dfa *dfa, aa_state_t state,
194 unsigned long flags) 195{ 196 unsigned int i; 197 198 for (i = 0; i <= 31 ; ++i) { 199 if ((1 << i) & flags) 200 state = aa_dfa_next(dfa, state, i + 1); 201 } --- 10 unchanged lines hidden (view full) --- 212 "failed data match", 213 "failed perms check" 214}; 215 216/* 217 * Returns 0 on success else element that match failed in, this is the 218 * index into the mnt_info_table above 219 */	194 unsigned long flags) 195{ 196 unsigned int i; 197 198 for (i = 0; i <= 31 ; ++i) { 199 if ((1 << i) & flags) 200 state = aa_dfa_next(dfa, state, i + 1); 201 } --- 10 unchanged lines hidden (view full) --- 212 "failed data match", 213 "failed perms check" 214}; 215 216/* 217 * Returns 0 on success else element that match failed in, this is the 218 * index into the mnt_info_table above 219 */
220static int do_match_mnt(struct aa_policydb *policy, unsigned int start,	220static int do_match_mnt(struct aa_policydb *policy, aa_state_t start,
221 const char mntpnt, const char devname, 222 const char type, unsigned long flags, 223 void data, bool binary, struct aa_perms *perms) 224{	221 const char mntpnt, const char devname, 222 const char type, unsigned long flags, 223 void data, bool binary, struct aa_perms *perms) 224{
225 unsigned int state;	225 aa_state_t state;
226 227 AA_BUG(!policy); 228 AA_BUG(!policy->dfa); 229 AA_BUG(!policy->perms); 230 AA_BUG(!perms); 231 232 state = aa_dfa_match(policy->dfa, start, mntpnt); 233 state = aa_dfa_null_transition(policy->dfa, state); --- 328 unchanged lines hidden (view full) --- 562 return error; 563} 564 565static int profile_umount(struct aa_profile profile, const struct path path, 566 char buffer) 567{ 568 struct aa_perms perms = { }; 569 const char name = NULL, *info = NULL;	226 227 AA_BUG(!policy); 228 AA_BUG(!policy->dfa); 229 AA_BUG(!policy->perms); 230 AA_BUG(!perms); 231 232 state = aa_dfa_match(policy->dfa, start, mntpnt); 233 state = aa_dfa_null_transition(policy->dfa, state); --- 328 unchanged lines hidden (view full) --- 562 return error; 563} 564 565static int profile_umount(struct aa_profile profile, const struct path path, 566 char buffer) 567{ 568 struct aa_perms perms = { }; 569 const char name = NULL, *info = NULL;
570 unsigned int state;	570 aa_state_t state;
571 int error; 572 573 AA_BUG(!profile); 574 AA_BUG(!path); 575 576 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) 577 return 0; 578 --- 43 unchanged lines hidden (view full) --- 622 const struct path new_path, 623 char new_buffer, 624 const struct path old_path, 625 char old_buffer) 626{ 627 const char old_name, new_name = NULL, info = NULL; 628 const char trans_name = NULL; 629 struct aa_perms perms = { };	571 int error; 572 573 AA_BUG(!profile); 574 AA_BUG(!path); 575 576 if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) 577 return 0; 578 --- 43 unchanged lines hidden (view full) --- 622 const struct path new_path, 623 char new_buffer, 624 const struct path old_path, 625 char old_buffer) 626{ 627 const char old_name, new_name = NULL, info = NULL; 628 const char trans_name = NULL; 629 struct aa_perms perms = { };
630 unsigned int state;	630 aa_state_t state;
631 int error; 632 633 AA_BUG(!profile); 634 AA_BUG(!new_path); 635 AA_BUG(!old_path); 636 637 if (profile_unconfined(profile) \|\| 638 !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) --- 85 unchanged lines hidden ---	631 int error; 632 633 AA_BUG(!profile); 634 AA_BUG(!new_path); 635 AA_BUG(!old_path); 636 637 if (profile_unconfined(profile) \|\| 638 !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) --- 85 unchanged lines hidden ---