/* TODO: conditionals */ static int profile_ptrace_perm(struct aa_profile *profile, struct aa_label *peer, u32 request, struct common_audit_data *sa) { struct aa_perms perms = { }; aad(sa)->peer = peer; aa_profile_match_label(profile, peer, AA_CLASS_PTRACE, request, &perms); aa_apply_modes_to_perms(profile, &perms); return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); }
int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, u32 request, int type, u32 *deny, struct common_audit_data *sa) { struct aa_perms perms; aad(sa)->label = &profile->label; aad(sa)->target = target; aad(sa)->request = request; aa_profile_match_label(profile, target->base.hname, type, &perms); aa_apply_modes_to_perms(profile, &perms); *deny |= request & perms.deny; return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb); }
/* TODO: conditionals */ static int profile_ptrace_perm(struct aa_profile *profile, struct aa_profile *peer, u32 request, struct common_audit_data *sa) { struct aa_perms perms; /* need because of peer in cross check */ if (profile_unconfined(profile) || !PROFILE_MEDIATES(profile, AA_CLASS_PTRACE)) return 0; aad(sa)->target = peer->base.hname; aa_profile_match_label(profile, aa_peer_name(peer), AA_CLASS_PTRACE, &perms); aa_apply_modes_to_perms(profile, &perms); return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb); }