linux/security/apparmor/apparmorfs.c
<<
n> 2" /spav3. 2" /form3. 2" a n> 2" href="../linux+v3pti1/security/apparmor/apparmorfs.c">n> 2" img src="../.static/gfx/right.png" alt=">>">n> /spav3.n> spav class="lxr_search">n> n> 2" input typ.12hidden" nam.12navtarget" v3.4.12">n> 2" input typ.12text" nam.12search" id12search">n> 2" butt typ.12submit">Search spav class="lxr_prefs"3. 2" a href="+prefs?return=security/apparmor/apparmorfs.c"n> 2" onclick="return ajax_prefs();">n> 2"Prefs. 2" /a>n> /spav3. 2" " /div3. 2" " form ace="v="ajax+*" method="post" onsubmit="return false;">n> input typ.12hidden" nam.12ajax_lookup" id12ajax_lookup" v3.4.12">n 2" " /form3.n 2" " div class="headingbott m">. div id12file_contents"3
" "1
/a>
spav class="comment">/*
/spav3." "2
/a>
spav class="comment"> * AppArmor security module
/spav3." "3
/a>
spav class="comment"> *
/spav3." "4
/a>
spav class="comment"> * This file contains AppArmor /sys/kernel/security/apparmor interface funce="vs
/spav3." "5
/a>
spav class="comment"> *
/spav3." "6
/a>
spav class="comment"> * Copyright (C) 1998-2008 Novell/SUSE
/spav3." "7
/a>
spav class="comment"> * Copyright 2009-2010 Canonical Ltd.
/spav3." "8
/a>
spav class="comment"> *
/spav3." "9
/a>
spav class="comment"> * This program is free software; you cav redistribute it and/or
/spav3." n vaa>
spav class="comment"> * modify it under the terms of the GNU General Public License as
/spav3." 11
/a>
spav class="comment"> * published by the Free Software Foundae="v, vers>
  2 of the
/spav3." 12
/a>
spav class="comment"> * License.
/spav3." 13
/a>
spav class="comment"> */
/spav3." 14
/a>." 15
/a>#include <linux/security.h
/a>>." 16
/a>#include <linux/vmalloc.h
/a>>." 17
/a>#include <linux/module.h
/a>>." 18
/a>#include <linux/seq_file.h
/a>>." 19
/a>#include <linux/uaccess.h
/a>>." 20
/a>#include <linux/nam.i.h
/a>>." 21
/a>#include <linux/capability.h
/a>>." 22
/a>." 23
/a>#include "include/apparmor.h
/a>"." 24
/a>#include "include/apparmorfs.h
/a>"." 25
/a>#include "include/audit.h
/a>"." 26
/a>#include "include/context.h
/a>"." 27
/a>#include "include/policy.h
/a>"." 28
/a>#include "include/resource.h
/a>"." 29
/a>." 3 vaa>
spav class="comment">/**
/spav3." 31
/a>
spav class="comment"> * aa_simple_write_to_buffer - comm
  routine for getting policy from user
/spav3." 32
/a>
spav class="comment"> * @op: opera >
  doing the user buffer copy
/spav3." 33
/a>
spav class="comment"> * @userbuf: user buffer to copy daea from  (NOT NULL)
/spav3." 34
/a>
spav class="comment"> * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
/spav3." 35
/a>
spav class="comment"> * @copy_size: size of daea to copy from user buffer
/spav3." 36
/a>
spav class="comment"> * @pos: posi >
  write is at in the file (NOT NULL)
/spav3." 37
/a>
spav class="comment"> *
/spav3." 38
/a>
spav class="comment"> * Returns: kernel buffer containing copy of user buffer daea or an
/spav3." 39
/a>
spav class="comment"> *          ERR_PTR on failure.
/spav3." 4 vaa>
spav class="comment"> */
/spav3." 41
/a>static char *
a href="+code=aa_simple_write_to_buffer" class="sref">aa_simple_write_to_buffer
/a>(int 
a href="+code=op" class="sref">op
/a>, const char 
a href="+code=__user" class="sref">__user
/a> *
a href="+code=userbuf" class="sref">userbuf
/a>,." 42
/a>                                       
a href="+code=size_t" class="sref">size_t
/a> 
a href="+code=alloc_size" class="sref">alloc_size
/a>, 
a href="+code=size_t" class="sref">size_t
/a> 
a href="+code=copy_size" class="sref">copy_size
/a>,." 43
/a>                                       
a href="+code=loff_t" class="sref">loff_t
/a> *
a href="+code=pos" class="sref">pos
/a>)." 44
/a>{." 45
/a>        char *
a href="+code=daea" class="sref">daea
/a>;." 46
/a>." 47
/a>        
a href="+code=BUG_ON" class="sref">BUG_ON
/a>(
a href="+code=copy_size" class="sref">copy_size
/a> > 
a href="+code=alloc_size" class="sref">alloc_size
/a>);." 48
/a>." 49
/a>        if (*
a href="+code=pos" class="sref">pos
/a> != 0)." 50
/a>                
spav class="comment">/* only writes from pos 0, that is complete writes */
/spav3." 51
/a>                return 
a href="+code=ERR_PTR" class="sref">ERR_PTR
/a>(-
a href="+code=ESPIPE" class="sref">ESPIPE
/a>);." 52
/a>." 53
/a>        
spav class="comment">/*
/spav3." 54
/a>
spav class="comment">         * Don't allow profile load/replace/remove from profiles that don't
/spav3." 55
/a>
spav class="comment">         * have CAP_MAC_ADMIN
/spav3." 56
/a>
spav class="comment">         */
/spav3." 57
/a>        if (!
a href="+code=aa_may_manage_policy" class="sref">aa_may_manage_policy
/a>(
a href="+code=op" class="sref">op
/a>))." 58
/a>                return 
a href="+code=ERR_PTR" class="sref">ERR_PTR
/a>(-
a href="+code=EACCES" class="sref">EACCES
/a>);." 59
/a>." 60
/a>        
spav class="comment">/* freed by caller to simple_write_to_buffer */
/spav3." 61
/a>        
a href="+code=daea" class="sref">daea
/a> = 
a href="+code=kvmalloc" class="sref">kvmalloc
/a>(
a href="+code=alloc_size" class="sref">alloc_size
/a>);." 62
/a>        if (
a href="+code=daea" class="sref">daea
/a> == 
a href="+code=NULL" class="sref">NULL
/a>)." 63
/a>                return 
a href="+code=ERR_PTR" class="sref">ERR_PTR
/a>(-
a href="+code=ENOMEM" class="sref">ENOMEM
/a>);." 64
/a>." 65
/a>        if (
a href="+code=copy_from_user" class="sref">copy_from_user
/a>(
a href="+code=daea" class="sref">daea
/a>, 
a href="+code=userbuf" class="sref">userbuf
/a>, 
a href="+code=copy_size" class="sref">copy_size
/a>)) {." 66
/a>                
a href="+code=kvfree" class="sref">kvfree
/a>(
a href="+code=daea" class="sref">daea
/a>);." 67
/a>                return 
a href="+code=ERR_PTR" class="sref">ERR_PTR
/a>(-
a href="+code=EFAULT" class="sref">EFAULT
/a>);." 68
/a>        }." 69
/a>." 70
/a>        return 
a href="+code=daea" class="sref">daea
/a>;." 71
/a>}." 72
/a>." 73
/a>." 74
/a>
spav class="comment">/* .load file hook fn to load policy */
/spav3." 75
/a>static 
a href="+code=ssize_t" class="sref">ssize_t
/a> 
a href="+code=profile_load" class="sref">profile_load
/a>(struct 
a href="+code=file" class="sref">file
/a> *
a href="+code=f" class="sref">f
/a>, const char 
a href="+code=__user" class="sref">__user
/a> *
a href="+code=buf" class="sref">buf
/a>, 
a href="+code=size_t" class="sref">size_t
/a> 
a href="+code=size" class="sref">size
/a>,." 76
/a>                            
a href="+code=loff_t" class="sref">loff_t
/a> *
a href="+code=pos" class="sref">pos
/a>)." 77
/a>{." 78
/a>        char *
a href="+code=daea" class="sref">daea
/a>;." 79
/a>        
a href="+code=ssize_t" class="sref">ssize_t
/a> 
a href="+code=error" class="sref">error
/a>;." 80
/a>." 81
/a>        
a href="+code=daea" class="sref">daea
/a> = 
a href="+code=aa_simple_write_to_buffer" class="sref">aa_simple_write_to_buffer
/a>(
a href="+code=OP_PROF_LOAD" class="sref">OP_PROF_LOAD
/a>, 
a href="+code=buf" class="sref">buf
/a>, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=pos" class="sref">pos
/a>);." 82
/a>." 83
/a>        
a href="+code=error" class="sref">error
/a> = 
a href="+code=PTR_ERR" class="sref">PTR_ERR
/a>(
a href="+code=daea" class="sref">daea
/a>);." 84
/a>        if (!
a href="+code=IS_ERR" class="sref">IS_ERR
/a>(
a href="+code=daea" class="sref">daea
/a>)) {." 85
/a>                
a href="+code=error" class="sref">error
/a> = 
a href="+code=aa_replace_profiles" class="sref">aa_replace_profiles
/a>(
a href="+code=daea" class="sref">daea
/a>, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=PROF_ADD" class="sref">PROF_ADD
/a>);." 86
/a>                
a href="+code=kvfree" class="sref">kvfree
/a>(
a href="+code=daea" class="sref">daea
/a>);." 87
/a>        }." 88
/a>." 89
/a>        return 
a href="+code=error" class="sref">error
/a>;." 90
/a>}." 91
/a>." 92
/a>static const struct 
a href="+code=file_opera >
 s" class="sref">file_opera >
 s
/a> 
a href="+code=aa_fs_profile_load" class="sref">aa_fs_profile_load
/a> = {." 93
/a>        .
a href="+code=write" class="sref">write
/a> = 
a href="+code=profile_load" class="sref">profile_load
/a>,." 94
/a>        .
a href="+code=llseek" class="sref">llseek
/a> = 
a href="+code=default_llseek" class="sref">default_llseek
/a>,." 95
/a>};." 96
/a>." 97
/a>
spav class="comment">/* .replace file hook fn to load and/or replace policy */
/spav3." 98
/a>static 
a href="+code=ssize_t" class="sref">ssize_t
/a> 
a href="+code=profile_replace" class="sref">profile_replace
/a>(struct 
a href="+code=file" class="sref">file
/a> *
a href="+code=f" class="sref">f
/a>, const char 
a href="+code=__user" class="sref">__user
/a> *
a href="+code=buf" class="sref">buf
/a>,." 99
/a>                               
a href="+code=size_t" class="sref">size_t
/a> 
a href="+code=size" class="sref">size
/a>, 
a href="+code=loff_t" class="sref">loff_t
/a> *
a href="+code=pos" class="sref">pos
/a>)."100
/a>{."101
/a>        char *
a href="+code=daea" class="sref">daea
/a>;."102
/a>        
a href="+code=ssize_t" class="sref">ssize_t
/a> 
a href="+code=error" class="sref">error
/a>;."103
/a>."104
/a>        
a href="+code=daea" class="sref">daea
/a> = 
a href="+code=aa_simple_write_to_buffer" class="sref">aa_simple_write_to_buffer
/a>(
a href="+code=OP_PROF_REPL" class="sref">OP_PROF_REPL
/a>, 
a href="+code=buf" class="sref">buf
/a>, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=pos" class="sref">pos
/a>);."105
/a>        
a href="+code=error" class="sref">error
/a> = 
a href="+code=PTR_ERR" class="sref">PTR_ERR
/a>(
a href="+code=daea" class="sref">daea
/a>);."106
/a>        if (!
a href="+code=IS_ERR" class="sref">IS_ERR
/a>(
a href="+code=daea" class="sref">daea
/a>)) {."107
/a>                
a href="+code=error" class="sref">error
/a> = 
a href="+code=aa_replace_profiles" class="sref">aa_replace_profiles
/a>(
a href="+code=daea" class="sref">daea
/a>, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=PROF_REPLACE" class="sref">PROF_REPLACE
/a>);."108
/a>                
a href="+code=kvfree" class="sref">kvfree
/a>(
a href="+code=daea" class="sref">daea
/a>);."109
/a>        }."110
/a>."111
/a>        return 
a href="+code=error" class="sref">error
/a>;."112
/a>}."113
/a>."114
/a>static const struct 
a href="+code=file_opera >
 s" class="sref">file_opera >
 s
/a> 
a href="+code=aa_fs_profile_replace" class="sref">aa_fs_profile_replace
/a> = {."115
/a>        .
a href="+code=write" class="sref">write
/a> = 
a href="+code=profile_replace" class="sref">profile_replace
/a>,."116
/a>        .
a href="+code=llseek" class="sref">llseek
/a> = 
a href="+code=default_llseek" class="sref">default_llseek
/a>,."117
/a>};."118
/a>."119
/a>
spav class="comment">/* .remove file hook fn to remove loaded policy */
/spav3."120
/a>static 
a href="+code=ssize_t" class="sref">ssize_t
/a> 
a href="+code=profile_remove" class="sref">profile_remove
/a>(struct 
a href="+code=file" class="sref">file
/a> *
a href="+code=f" class="sref">f
/a>, const char 
a href="+code=__user" class="sref">__user
/a> *
a href="+code=buf" class="sref">buf
/a>,."121
/a>                              
a href="+code=size_t" class="sref">size_t
/a> 
a href="+code=size" class="sref">size
/a>, 
a href="+code=loff_t" class="sref">loff_t
/a> *
a href="+code=pos" class="sref">pos
/a>)."122
/a>{."123
/a>        char *
a href="+code=daea" class="sref">daea
/a>;."124
/a>        
a href="+code=ssize_t" class="sref">ssize_t
/a> 
a href="+code=error" class="sref">error
/a>;."125
/a>."126
/a>        
spav class="comment">/*
/spav3."127
/a>
spav class="comment">         * aa_remove_profile needs a null terminated string so 1 extra
/spav3."128
/a>
spav class="comment">         * byte is allocated and the copied daea is null terminated.
/spav3."129
/a>
spav class="comment">         */
/spav3."130
/a>        
a href="+code=daea" class="sref">daea
/a> = 
a href="+code=aa_simple_write_to_buffer" class="sref">aa_simple_write_to_buffer
/a>(
a href="+code=OP_PROF_RM" class="sref">OP_PROF_RM
/a>, 
a href="+code=buf" class="sref">buf
/a>, 
a href="+code=size" class="sref">size
/a> + 1, 
a href="+code=size" class="sref">size
/a>, 
a href="+code=pos" class="sref">pos
/a>);."131
/a>."132
/a>        
a href="+code=error" class="sref">error
/a> = 
a href="+code=PTR_ERR" class="sref">PTR_ERR
/a>(
a href="+code=daea" class="sref">daea
/a>);."133
/a>        if (!
a href="+code=IS_ERR" class="sref">IS_ERR
/a>(
a href="+code=daea" class="sref">daea
/a>)) {."134
/a>                
a href="+code=daea" class="sref">daea
/a>[
a href="+code=size" class="sref">size
/a>] = 0;."135
/a>                
a href="+code=error" class="sref">error
/a> = 
a href="+code=aa_remove_profiles" class="sref">aa_remove_profiles
/a>(
a href="+code=daea" class="sref">daea
/a>, 
a href="+code=size" class="sref">size
/a>);."136
/a>                
a href="+code=kvfree" class="sref">kvfree
/a>(
a href="+code=daea" class="sref">daea
/a>);."137
/a>        }."138
/a>."139
/a>        return 
a href="+code=error" class="sref">error
/a>;."140
/a>}."141
/a>."142
/a>static const struct 
a href="+code=file_opera >
 s" class="sref">file_opera >
 s
/a> 
a href="+code=aa_fs_profile_remove" class="sref">aa_fs_profile_remove
/a> = {."143
/a>        .
a href="+code=write" class="sref">write
/a> = 
a href="+code=profile_remove" class="sref">profile_remove
/a>,."144
/a>        .
a href="+code=llseek" class="sref">llseek
/a> = 
a href="+code=default_llseek" class="sref">default_llseek
/a>,."145
/a>};."146
/a>."147
/a>static int 
a href="+code=aa_fs_seq_show" class="sref">aa_fs_seq_show
/a>(struct 
a href="+code=seq_file" class="sref">seq_file
/a> *
a href="+code=seq" class="sref">seq
/a>, void *
a href="+code=v" class="sref">v
/a>)."148
/a>{."149
/a>        struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_file" class="sref">fs_file
/a> = 
a href="+code=seq" class="sref">seq
/a>->
a href="+code=private" class="sref">private
/a>;."150
/a>."151
/a>        if (!
a href="+code=fs_file" class="sref">fs_file
/a>)."152
/a>                return 0;."153
/a>."154
/a>        switch (
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=v_typ." class="sref">v_typ.
/a>) {."155
/a>        case 
a href="+code=AA_FS_TYPE_BOOLEAN" class="sref">AA_FS_TYPE_BOOLEAN
/a>:."156
/a>                
a href="+code=seq_printf" class="sref">seq_printf
/a>(
a href="+code=seq" class="sref">seq
/a>, 
spav class="string">"%s\n"fs_file
/a>->
a href="+code=v" class="sref">v
/a>.
a href="+code=boolean" class="sref">boolean
/a> ? 
spav class="string">"yes""no""157
/a>                break;."158
/a>        case 
a href="+code=AA_FS_TYPE_STRING" class="sref">AA_FS_TYPE_STRING
/a>:."159
/a>                
a href="+code=seq_printf" class="sref">seq_printf
/a>(
a href="+code=seq" class="sref">seq
/a>, 
spav class="string">"%s\n"fs_file
/a>->
a href="+code=v" class="sref">v
/a>.
a href="+code=string" class="sref">string
/a>);."160
/a>                break;."161
/a>        case 
a href="+code=AA_FS_TYPE_U64" class="sref">AA_FS_TYPE_U64
/a>:."162
/a>                
a href="+code=seq_printf" class="sref">seq_printf
/a>(
a href="+code=seq" class="sref">seq
/a>, 
spav class="string">"%#08lx\n"fs_file
/a>->
a href="+code=v" class="sref">v
/a>.
a href="+code=u64" class="sref">u64
/a>);."163
/a>                break;."164
/a>        default:."165
/a>                
spav class="comment">/* Ignore unpritable entry typ.s. */
/spav3."166
/a>                break;."167
/a>        }."168
/a>."169
/a>        return 0;."170
/a>}."171
/a>."172
/a>static int 
a href="+code=aa_fs_seq_open" class="sref">aa_fs_seq_open
/a>(struct 
a href="+code=inode" class="sref">inode
/a> *
a href="+code=inode" class="sref">inode
/a>, struct 
a href="+code=file" class="sref">file
/a> *
a href="+code=file" class="sref">file
/a>)."173
/a>{."174
/a>        return 
a href="+code=single_open" class="sref">single_open
/a>(
a href="+code=file" class="sref">file
/a>, 
a href="+code=aa_fs_seq_show" class="sref">aa_fs_seq_show
/a>, 
a href="+code=inode" class="sref">inode
/a>->
a href="+code=i_private" class="sref">i_private
/a>);."175
/a>}."176
/a>."177
/a>const struct 
a href="+code=file_opera >
 s" class="sref">file_opera >
 s
/a> 
a href="+code=aa_fs_seq_file_ops" class="sref">aa_fs_seq_file_ops
/a> = {."178
/a>        .
a href="+code=owner" class="sref">owner
/a>          = 
a href="+code=THIS_MODULE" class="sref">THIS_MODULE
/a>,."179
/a>        .
a href="+code=open" class="sref">open
/a>           = 
a href="+code=aa_fs_seq_open" class="sref">aa_fs_seq_open
/a>,."180
/a>        .
a href="+code=read" class="sref">read
/a>           = 
a href="+code=seq_read" class="sref">seq_read
/a>,."181
/a>        .
a href="+code=llseek" class="sref">llseek
/a>         = 
a href="+code=seq_lseek" class="sref">seq_lseek
/a>,."182
/a>        .
a href="+code=release" class="sref">release
/a>        = 
a href="+code=single_release" class="sref">single_release
/a>,."183
/a>};."184
/a>."185
/a>
spav class="comment">/** Base file system setup **/
/spav3."186
/a>."187
/a>static struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> 
a href="+code=aa_fs_entry_file" class="sref">aa_fs_entry_file
/a>[] = {."188
/a>        
a href="+code=AA_FS_FILE_STRING" class="sref">AA_FS_FILE_STRING
/a>(
spav class="string">"mask""create read write exec append mmap_exec ""189
/a>                                  
spav class="string">"link lock""190
/a>        { }."191
/a>};."192
/a>."193
/a>static struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> 
a href="+code=aa_fs_entry_domain" class="sref">aa_fs_entry_domain
/a>[] = {."194
/a>        
a href="+code=AA_FS_FILE_BOOLEAN" class="sref">AA_FS_FILE_BOOLEAN
/a>(
spav class="string">"change_hat""195
/a>        
a href="+code=AA_FS_FILE_BOOLEAN" class="sref">AA_FS_FILE_BOOLEAN
/a>(
spav class="string">"change_hatv""196
/a>        
a href="+code=AA_FS_FILE_BOOLEAN" class="sref">AA_FS_FILE_BOOLEAN
/a>(
spav class="string">"change_onexec""197
/a>        
a href="+code=AA_FS_FILE_BOOLEAN" class="sref">AA_FS_FILE_BOOLEAN
/a>(
spav class="string">"change_profile""198
/a>        { }."199
/a>};."200
/a>."201
/a>static struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> 
a href="+code=aa_fs_entry_features" class="sref">aa_fs_entry_features
/a>[] = {."202
/a>        
a href="+code=AA_FS_DIR" class="sref">AA_FS_DIR
/a>(
spav class="string">"domain"aa_fs_entry_domain
/a>),."203
/a>        
a href="+code=AA_FS_DIR" class="sref">AA_FS_DIR
/a>(
spav class="string">"file"aa_fs_entry_file
/a>),."204
/a>        
a href="+code=AA_FS_FILE_U64" class="sref">AA_FS_FILE_U64
/a>(
spav class="string">"capability"VFS_CAP_FLAGS_MASK
/a>),."205
/a>        
a href="+code=AA_FS_DIR" class="sref">AA_FS_DIR
/a>(
spav class="string">"rlimit"aa_fs_entry_rlimit
/a>),."206
/a>        { }."207
/a>};."208
/a>."209
/a>static struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> 
a href="+code=aa_fs_entry_apparmor" class="sref">aa_fs_entry_apparmor
/a>[] = {."210
/a>        
a href="+code=AA_FS_FILE_FOPS" class="sref">AA_FS_FILE_FOPS
/a>(
spav class="string">".load"aa_fs_profile_load
/a>),."211
/a>        
a href="+code=AA_FS_FILE_FOPS" class="sref">AA_FS_FILE_FOPS
/a>(
spav class="string">".replace"aa_fs_profile_replace
/a>),."212
/a>        
a href="+code=AA_FS_FILE_FOPS" class="sref">AA_FS_FILE_FOPS
/a>(
spav class="string">".remove"aa_fs_profile_remove
/a>),."213
/a>        
a href="+code=AA_FS_DIR" class="sref">AA_FS_DIR
/a>(
spav class="string">"features"aa_fs_entry_features
/a>),."214
/a>        { }."215
/a>};."216
/a>."217
/a>static struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> =."218
/a>        
a href="+code=AA_FS_DIR" class="sref">AA_FS_DIR
/a>(
spav class="string">"apparmor"aa_fs_entry_apparmor
/a>);."219
/a>."220
/a>
spav class="comment">/**
/spav3."221
/a>
spav class="comment"> * aafs_create_file - create a file entry in the apparmor securityfs
/spav3."222
/a>
spav class="comment"> * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
/spav3."223
/a>
spav class="comment"> * @parent: the parent dentry in the securityfs
/spav3."224
/a>
spav class="comment"> *
/spav3."225
/a>
spav class="comment"> * Use aafs_remove_file to remove entries created with this fn.
/spav3."226
/a>
spav class="comment"> */
/spav3."227
/a>static int 
a href="+code=__init" class="sref">__init
/a> 
a href="+code=aafs_create_file" class="sref">aafs_create_file
/a>(struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_file" class="sref">fs_file
/a>,."228
/a>                                   struct 
a href="+code=dentry" class="sref">dentry
/a> *
a href="+code=parent" class="sref">parent
/a>)."229
/a>{."230
/a>        int 
a href="+code=error" class="sref">error
/a> = 0;."231
/a>."232
/a>        
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a> = 
a href="+code=securityfs_create_file" class="sref">securityfs_create_file
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=nam." class="sref">nam.
/a>,."233
/a>                                                 
a href="+code=S_IFREG" class="sref">S_IFREG
/a> | 
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=mode" class="sref">mode
/a>,."234
/a>                                                 
a href="+code=parent" class="sref">parent
/a>, 
a href="+code=fs_file" class="sref">fs_file
/a>,."235
/a>                                                 
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=file_ops" class="sref">file_ops
/a>);."236
/a>        if (
a href="+code=IS_ERR" class="sref">IS_ERR
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a>)) {."237
/a>                
a href="+code=error" class="sref">error
/a> = 
a href="+code=PTR_ERR" class="sref">PTR_ERR
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a>);."238
/a>                
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a> = 
a href="+code=NULL" class="sref">NULL
/a>;."239
/a>        }."240
/a>        return 
a href="+code=error" class="sref">error
/a>;."241
/a>}."242
/a>."243
/a>
spav class="comment">/**
/spav3."244
/a>
spav class="comment"> * aafs_create_dir - recursively create a directory entry in the securityfs
/spav3."245
/a>
spav class="comment"> * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
/spav3."246
/a>
spav class="comment"> * @parent: the parent dentry in the securityfs
/spav3."247
/a>
spav class="comment"> *
/spav3."248
/a>
spav class="comment"> * Use aafs_remove_dir to remove entries created with this fn.
/spav3."249
/a>
spav class="comment"> */
/spav3."250
/a>static int 
a href="+code=__init" class="sref">__init
/a> 
a href="+code=aafs_create_dir" class="sref">aafs_create_dir
/a>(struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_dir" class="sref">fs_dir
/a>,."251
/a>                                  struct 
a href="+code=dentry" class="sref">dentry
/a> *
a href="+code=parent" class="sref">parent
/a>)."252
/a>{."253
/a>        int 
a href="+code=error" class="sref">error
/a>;."254
/a>        struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_file" class="sref">fs_file
/a>;."255
/a>."256
/a>        
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=dentry" class="sref">dentry
/a> = 
a href="+code=securityfs_create_dir" class="sref">securityfs_create_dir
/a>(
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=nam." class="sref">nam.
/a>, 
a href="+code=parent" class="sref">parent
/a>);."257
/a>        if (
a href="+code=IS_ERR" class="sref">IS_ERR
/a>(
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=dentry" class="sref">dentry
/a>)) {."258
/a>                
a href="+code=error" class="sref">error
/a> = 
a href="+code=PTR_ERR" class="sref">PTR_ERR
/a>(
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=dentry" class="sref">dentry
/a>);."259
/a>                
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=dentry" class="sref">dentry
/a> = 
a href="+code=NULL" class="sref">NULL
/a>;."260
/a>                goto 
a href="+code=failed" class="sref">failed
/a>;."261
/a>        }."262
/a>."263
/a>        for (
a href="+code=fs_file" class="sref">fs_file
/a> = 
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=v" class="sref">v
/a>.
a href="+code=files" class="sref">files
/a>; 
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=nam." class="sref">nam.
/a>; ++
a href="+code=fs_file" class="sref">fs_file
/a>) {."264
/a>                if (
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=v_typ." class="sref">v_typ.
/a> == 
a href="+code=AA_FS_TYPE_DIR" class="sref">AA_FS_TYPE_DIR
/a>)."265
/a>                        
a href="+code=error" class="sref">error
/a> = 
a href="+code=aafs_create_dir" class="sref">aafs_create_dir
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>, 
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=dentry" class="sref">dentry
/a>);."266
/a>                else."267
/a>                        
a href="+code=error" class="sref">error
/a> = 
a href="+code=aafs_create_file" class="sref">aafs_create_file
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>, 
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=dentry" class="sref">dentry
/a>);."268
/a>                if (
a href="+code=error" class="sref">error
/a>)."269
/a>                        goto 
a href="+code=failed" class="sref">failed
/a>;."270
/a>        }."271
/a>."272
/a>        return 0;."273
/a>."274
/a>
a href="+code=failed" class="sref">failed
/a>:."275
/a>        return 
a href="+code=error" class="sref">error
/a>;."276
/a>}."277
/a>."278
/a>
spav class="comment">/**
/spav3."279
/a>
spav class="comment"> * aafs_remove_file - drop a single file entry in the apparmor securityfs
/spav3."280
/a>
spav class="comment"> * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
/spav3."281
/a>
spav class="comment"> */
/spav3."282
/a>static void 
a href="+code=__init" class="sref">__init
/a> 
a href="+code=aafs_remove_file" class="sref">aafs_remove_file
/a>(struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_file" class="sref">fs_file
/a>)."283
/a>{."284
/a>        if (!
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a>)."285
/a>                return;."286
/a>."287
/a>        
a href="+code=securityfs_remove" class="sref">securityfs_remove
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a>);."288
/a>        
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=dentry" class="sref">dentry
/a> = 
a href="+code=NULL" class="sref">NULL
/a>;."289
/a>}."290
/a>."291
/a>
spav class="comment">/**
/spav3."292
/a>
spav class="comment"> * aafs_remove_dir - recursively drop a directory entry from the securityfs
/spav3."293
/a>
spav class="comment"> * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
/spav3."294
/a>
spav class="comment"> */
/spav3."295
/a>static void 
a href="+code=__init" class="sref">__init
/a> 
a href="+code=aafs_remove_dir" class="sref">aafs_remove_dir
/a>(struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_dir" class="sref">fs_dir
/a>)."296
/a>{."297
/a>        struct 
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a> *
a href="+code=fs_file" class="sref">fs_file
/a>;."298
/a>."299
/a>        for (
a href="+code=fs_file" class="sref">fs_file
/a> = 
a href="+code=fs_dir" class="sref">fs_dir
/a>->
a href="+code=v" class="sref">v
/a>.
a href="+code=files" class="sref">files
/a>; 
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=nam." class="sref">nam.
/a>; ++
a href="+code=fs_file" class="sref">fs_file
/a>) {."300
/a>                if (
a href="+code=fs_file" class="sref">fs_file
/a>->
a href="+code=v_typ." class="sref">v_typ.
/a> == 
a href="+code=AA_FS_TYPE_DIR" class="sref">AA_FS_TYPE_DIR
/a>)."301
/a>                        
a href="+code=aafs_remove_dir" class="sref">aafs_remove_dir
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>);."302
/a>                else."303
/a>                        
a href="+code=aafs_remove_file" class="sref">aafs_remove_file
/a>(
a href="+code=fs_file" class="sref">fs_file
/a>);."304
/a>        }."305
/a>."306
/a>        
a href="+code=aafs_remove_file" class="sref">aafs_remove_file
/a>(
a href="+code=fs_dir" class="sref">fs_dir
/a>);."307
/a>}."308
/a>."309
/a>
spav class="comment">/**
/spav3."310
/a>
spav class="comment"> * aa_destroy_aafs - cleanup and free aafs
/spav3."311
/a>
spav class="comment"> *
/spav3."312
/a>
spav class="comment"> * releases dentries allocated by aa_create_aafs
/spav3."313
/a>
spav class="comment"> */
/spav3."314
/a>void 
a href="+code=__init" class="sref">__init
/a> 
a href="+code=aa_destroy_aafs" class="sref">aa_destroy_aafs
/a>(void)."315
/a>{."316
/a>        
a href="+code=aafs_remove_dir" class="sref">aafs_remove_dir
/a>(&
a href="+code=aa_fs_entry" class="sref">aa_fs_entry
/a>);."317
/a>}."318
/a>."319
/a>
spav class="comment">/**
/spav3."320
/a>
spav class="comment"> * aa_create_aafs - create the apparmor security filesystem
/spav3."321
/a>
spav class="comment"> *
/spav3."322
/a>
spav class="comment"> * dentries created here are released by aa_destroy_aafs
/spav3."323
/a>
spav class="comment"> *
/spav3."324
/a>
spav class="comment"> * Returns: error on failure
/spav3.
spav class="comment"> *e="comment"> *e="comment"> apparmor/3pparmorfs.c#L226" id12L236" cl3ss="line" nam.12L250">"250
/a>static int 
a href="+code=__init" class="sref">__inav class="co href="+code=aa_fsentries alloc"sref">aa_destroy_aafs
/a>(void)."315
/a>{."253
/a>        int 
a href="+code=error" class="sref">error
/a>;."219
/a>."284
/a>    href="see=__iializ4
/a>
a href="+cohref="see=__iializ4
ss="sref">AA_FS_TYPE_DIR
/a>).12L272">"272
/a>        return 0;."262
/a>.           /a>(&
a href="+code=aa_fs_entry" clasde=v" class="sre
/a>->
a href="+code=dentry" lass="sref">fs_file
/a>) {.ss="sref">v_typ.
/ERROref="+code=AA_FS_TYERROr="sref class="sref">seq
/a>, 
spav cla: AppAe file entry innt"s="sy existass="string">"%s\n"__func__nt 
a href="+codefunc__class="sref">aa_fs_entry
/a>);.12L272"-;%s\n"EEXISTnt 
a href="+coEEXISTrror" class="sref">error
/a>;."317
/a>}."277
/a>.                
Popul> * inntroye unpritable entry typ.s. */
/spav3.error
/a> = 
a href="+code=aafs_create_dir" class="sref">aafs_remove_dir
/a>(&
a href="+code=aa_fs_entry" clasot;%s\n"ry
/a> = 
a href="+code=NULs="sref">aa_fs_entry
/a>);.                if (
a href="+code=error" class="sref">error
/a>).                         int 
a href="+code=error" class="sref">error
/a>;."242
/a>.                
TODO: add support.12L2href="secu_nulla_deshref="secu_m2L2unpritable entry typ.s. */
/spav3."184
/a>.                
Report.that AppAe filinnis enommed2unpritable entry typ.s. */
/spav3."316
/a> e=_fo_messagf="+code=aafs_remoe=_fo_messagf="sref class="sref">seq
/a>, 
spAppAe filF the appa Enommed"string">"" class="sref">error
/a>;."272
/a>        return 0;."318
/a>.failed
/a>:."210
/ainit
/a> 
a href="+code=aa_destroy_aafs" class="srt" class="sref">error
/a>;."211
/a>  ERROref="+code=AA_FS_TYERROr="sref class="sref">seq
/a>, 
spE="com_dir"eq
 AppAe file entry inss="string">&qut" class="sref">error
/a>;.error
/a>;."317
/a>}."184
/a>.aafs_remove_fil=__icalla>(
a href="+code==__icall="sref">aafs_remove_inav class="co href="+code=aa_fsentries alloc"st" class="sref">error
/a>;.
The original LXR softw* deby aa_cclass="srhttp://source12Lge.net/projects/lxr">LXR     u__i clasotve enexperi    al versioneby class="srmailto:lxr@#L2ux.no">lxr@#L2ux.noclasd
lxr.#L2ux.no kindly hosreleaseclass="srhttp://www.redpill-#L2pro.no">Redpill LL2pro ASclasotprovider of LL2ux ne" ul"eq _des> s" clasle rvicesafs_celass5.