Example #1
0
/* Generic af perm */
int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
		       u32 request, u16 family, int type)
{
	struct aa_perms perms = { };
	unsigned int state;
	__be16 buffer[2];

	AA_BUG(family >= AF_MAX);
	AA_BUG(type < 0 || type >= SOCK_MAX);

	if (profile_unconfined(profile))
		return 0;
	state = PROFILE_MEDIATES(profile, AA_CLASS_NET);
	if (!state)
		return 0;

	buffer[0] = cpu_to_be16(family);
	buffer[1] = cpu_to_be16((u16) type);
	state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer,
				 4);
	aa_compute_perms(profile->policy.dfa, state, &perms);
	aa_apply_modes_to_perms(profile, &perms);

	return aa_check_perms(profile, &perms, request, sa, audit_net_cb);
}
Example #2
0
File: ipc.c Project: SelfImp/m75 
/* TODO: update to handle compound name&name2, conditionals */
static void profile_match_signal(struct aa_profile *profile, const char *label,
				 int signal, struct aa_perms *perms)
{
	unsigned int state;
	if (profile->policy.dfa) {
		/* TODO: secondary cache check <profile, profile, perm> */
		state = aa_dfa_next(profile->policy.dfa,
				    profile->policy.start[AA_CLASS_SIGNAL],
				    signal);
		state = aa_dfa_match(profile->policy.dfa, state, label);
		aa_compute_perms(profile->policy.dfa, state, perms);
	} else
		memset(perms, 0, sizeof(*perms));
}
Example #3
0
File: lib.c Project: SelfImp/m75 
void aa_profile_match_label(struct aa_profile *profile, const char *label,
			    int type, struct aa_perms *perms)
{
	/* TODO: doesn't yet handle extended types */
	unsigned int state;
	if (profile->policy.dfa) {
		state = aa_dfa_next(profile->policy.dfa,
				    profile->policy.start[AA_CLASS_LABEL],
				    type);
		state = aa_dfa_match(profile->policy.dfa, state, label);
		aa_compute_perms(profile->policy.dfa, state, perms);
	} else
		memset(perms, 0, sizeof(*perms));
}