linux/security/apparmor/domain.c
<<
>>
Prefs
   1/*
   2 * AppArmor security module
   3 *
   4 * This file contains AppArmor policy attachment and domain transitions
   5 *
   6 * Copyright (C) 2002-2008 Novell/SUSE
   7 * Copyright 2009-2010 Canonical Ltd.
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License as
  11 * published by the Free Software Foundation, version 2 of the
  12 * License.
  13 */
  14
  15#include <linux/errno.h>
  16#include <linux/fdtable.h>
  17#include <linux/file.h>
  18#include <linux/mount.h>
  19#include <linux/syscalls.h>
  20#include <linux/tracehook.h>
  21#include <linux/personality.h>
  22
  23#include "include/audit.h"
  24#include "include/apparmorfs.h"
  25#include "include/context.h"
  26#include "include/domain.h"
  27#include "include/file.h"
  28#include "include/ipc.h"
  29#include "include/match.h"
  30#include "include/path.h"
  31#include "include/policy.h"
  32
  33/**
  34 * aa_free_domain_entries - free entries in a domain table
  35 * @domain: the domain table to free  (MAYBE NULL)
  36 */
  37void aa_free_domain_entries(struct aa_domain *domain)
  38{
  39        int i;
  40        if (domain) {
  41                if (!domain->table)
  42                        return;
  43
  44                for (i = 0; i < domain->size; i++)
  45                        kzfree(domain->table[i]);
  46                kzfree(domain->table);
  47                domain->table = NULL;
  48        }
  49}
  50
  51/**
  52 * may_change_ptraced_domain - check if can change profile on ptraced task
  53 * @task: task we want to change profile of   (NOT NULL)
  54 * @to_profile: profile to change to  (NOT NULL)
  55 *
  56 * Check if the task is ptraced and if so if the tracing task is allowed
  57 * to trace the new domain
  58 *
  59 * Returns: %0 or error if change not allowed
  60 */
  61static int may_change_ptraced_domain(struct task_struct *task,
  62                                     struct aa_profile *to_profile)
  63{
  64        struct task_struct *tracer;
  65        const struct cred *cred = NULL;
  66        struct aa_profile *tracerp = NULL;
  67        int error = 0;
  68
  69        rcu_read_lock();
  70        tracer = ptrace_parent(task);
  71        if (tracer) {
  72                /* released below */
  73                cred = get_task_cred(tracer);
  74                tracerp = aa_cred_profile(cred);
  75        }
  76
  77        /* not ptraced */
  78        if (!tracer || unconfined(tracerp))
  79                goto out;
  80
  81        error = aa_may_ptrace(tracer, tracerp, to_profile, PTRACE_MODE_ATTACH);
  82
  83out:
  84        rcu_read_unlock();
  85        if (cred)
  86                put_cred(cred);
  87
  88        return error;
  89}
  90
  91/**
  92 * change_profile_perms - find permissions for change_profile
  93 * @profile: the current profile  (NOT NULL)
  94 * @ns: the namespace being switched to  (NOT NULL)
  95 * @name: the name of the profile to change to  (NOT NULL)
  96 * @request: requested perms
  97 * @start: state to start matching in
  98 *
  99 * Returns: permission set
 100 */
 101static struct file_perms change_profile_perms(struct aa_profile *profile,
 102                                              struct aa_namespace *ns,
 103                                              const char *name, u32 request,
 104                                              unsigned int start)
 105{
 106        struct file_perms perms;
 107        struct path_cond cond = { };
 108        unsigned int state;
 109
 110        if (unconfined(profile)) {
 111                perms.allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC;
 112                perms.audit = perms.quiet = perms.kill = 0;
 113                return perms;
 114        } else if (!profile->file.dfa) {
 115                return nullperms;
 116        } else if ((ns == profile->ns)) {
 117                /* try matching against rules with out namespace prepended */
 118                aa_str_perms(profile->file.dfa, start, name, &cond, &perms);
 119                if (COMBINED_PERM_MASK(perms) & request)
 120                        return perms;
 121        }
 122
 123        /* try matching with namespace name and then profile */
 124        state = aa_dfa_match(profile->file.dfa, start, ns->base.name);
 125        state = aa_dfa_match_len(profile->file.dfa, state, ":", 1);
 126        aa_str_perms(profile->file.dfa, state, name, &cond, &perms);
 127
 128        return perms;
 129}
 130
 131/**
 132 * __attach_match_ - find an attachment match
 133 * @name - to match against  (NOT NULL)
 134 * @head - profile list to walk  (NOT NULL)
 135 *
 136 * Do a linear search on the profiles in the list.  There is a matching
 137 * preference where an exact match is preferred over a name which uses
 138 * expressions to match, and matching expressions with the greatest
 139 * xmatch_len are preferred.
 140 *
 141 * Requires: @head not be shared or have appropriate locks held
 142 *
 143 * Returns: profile or NULL if no match found
 144 */
 145static struct aa_profile *__attach_match(const char *name,
 146                                         struct list_head *head)
 147{
 148        int len = 0;
 149        struct aa_profile *profile, *candidate = NULL;
 150
 151        list_for_each_entry(profile, head, base.list) {
 152                if (profile->flags & PFLAG_NULL)
 153                        continue;
 154                if (profile->xmatch && profile->xmatch_len > len) {
 155                        unsigned int state = aa_dfa_match(profile->xmatch,
 156                                                          DFA_START, name);
 157                        u32 perm = dfa_user_allow(profile->xmatch, state);
 158                        /* any accepting state means a valid match. */
 159                        if (perm & MAY_EXEC) {
 160                                candidate = profile;
 161                                len = profile->xmatch_len;
 162                        }
 163                } else if (!strcmp(profile->base.name, name))
 164                        /* exact non-re match, no more searching required */
 165                        return profile;
 166        }
 167
 168        return candidate;
 169}
 170
 171/**
 172 * find_attach - do attachment search for unconfined processes
 173 * @ns: the current namespace  (NOT NULL)
 174 * @list: list to search  (NOT NULL)
 175 * @name: the executable name to match against  (NOT NULL)
 176 *
 177 * Returns: profile or NULL if no match found
 178 */
 179static struct aa_profile *find_attach(struct aa_namespace *ns,
 180                                      struct list_head *list, const char *name)
 181{
 182        struct aa_profile *profile;
 183
 184        read_lock(&ns->lock);
 185        profile = aa_get_profile(__attach_match(name, list));
 186        read_unlock(&ns->lock);
 187
 188        return profile;
 189}
 190
 191/**
 192 * separate_fqname - separate the namespace and profile names
 193 * @fqname: the fqname name to split  (NOT NULL)
 194 * @ns_name: the namespace name if it exists  (NOT NULL)
 195 *
 196 * This is the xtable equivalent routine of aa_split_fqname.  It finds the
 197 * split in an xtable fqname which contains an embedded \0 instead of a :
 198 * if a namespace is specified.  This is done so the xtable is constant and
 199 * isn't re-split on every lookup.
 200 *
 201 * Either the profile or namespace name may be optional but if the namespace
 202 * is specified the profile name termination must be present.  This results
 203 * in the following possible encodings:
 204 * profile_name\0
 205 * :ns_name\0profile_name\0
 206 * :ns_name\0\0
 207 *
 208 * NOTE: the xtable fqname is pre-validated at load time in unpack_trans_table
 209 *
 210 * Returns: profile name if it is specified else NULL
 211 */
 212static const char *separate_fqname(const char *fqname, const char **ns_name)
 213{
 214        const char *name;
 215
 216        if (fqname[0] == ':') {
 217                /* In this case there is guaranteed to be two \0 terminators
 218                 * in the string.  They are verified at load time by
 219                 * by unpack_trans_table
 220                 */
 221                *ns_name = fqname + 1;          /* skip : */
 222                name = *ns_name + strlen(*ns_name) + 1;
 223                if (!*name)
 224                        name = NULL;
 225        } else {
 226                *ns_name = NULL;
 227                name = fqname;
 228        }
 229
 230        return name;
 231}
 232
 233static const char *next_name(int xtype, const char *name)
 234{
 235        return NULL;
 236}
 237
 238/**
 239 * x_table_lookup - lookup an x transition name via transition table
 240 * @profile: current profile (NOT NULL)
 241 * @xindex: index into x transition table
 242 *
 243 * Returns: refcounted profile, or NULL on failure (MAYBE NULL)
 244 */
 245static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
 246{
 247        struct aa_profile *new_profile = NULL;
 248        struct aa_namespace *ns = profile->ns;
 249        u32 xtype = xindex & AA_X_TYPE_MASK;
 250        int index = xindex & AA_X_INDEX_MASK;
 251        const char *name;
 252
 253        /* index is guaranteed to be in range, validated at load time */
 254        for (name = profile->file.trans.table[index]; !new_profile && name;
 255             name = next_name(xtype, name)) {
 256                struct aa_namespace *new_ns;
 257                const char *xname = NULL;
 258
 259                new_ns = NULL;
 260                if (xindex & AA_X_CHILD) {
 261                        /* release by caller */
 262                        new_profile = aa_find_child(profile, name);
 263                        continue;
 264                } else if (*name == ':') {
 265                        /* switching namespace */
 266                        const char *ns_name;
 267                        xname = name = separate_fqname(name, &ns_name);
 268                        if (!xname)
 269                                /* no name so use profile name */
 270                                xname = profile->base.hname;
 271                        if (*ns_name == '@') {
 272                                /* TODO: variable support */
 273                                ;
 274                        }
 275                        /* released below */
 276                        new_ns = aa_find_namespace(ns, ns_name);
 277                        if (!new_ns)
 278                                continue;
 279                } else if (*name == '@') {
 280                        /* TODO: variable support */
 281                        continue;
 282                } else {
 283                        /* basic namespace lookup */
 284                        xname = name;
 285                }
 286
 287                /* released by caller */
 288                new_profile = aa_lookup_profile(new_ns ? new_ns : ns, xname);
 289                aa_put_namespace(new_ns);
 290        }
 291
 292        /* released by caller */
 293        return new_profile;
 294}
 295
 296/**
 297 * x_to_profile - get target profile for a given xindex
 298 * @profile: current profile  (NOT NULL)
 299 * @name: name to lookup (NOT NULL)
 300 * @xindex: index into x transition table
 301 *
 302 * find profile for a transition index
 303 *
na5> *<./apparmor/domainor/domainu3pan>
 302    78" clas7 name="L301"> 301 * 293        return x_table_lookup(struct x_table_lookupxrmor/e=profile" class="sref">profile, u32  293        return xindex)
 246{
 283                        
profile, *c">NULL;
 248        struct p = profile->ns;
 249        
xindex & AA_X_TYPE_MASK;
 250        int  253         &  280                        name;3 280                         293        return fqname[0] =3  236}
3* In this case there is 3uaran3eed to be two pclasurity/apparmor/domaiNAME id="L250" class="liNAME"sec:"> 280                         = AA_X_CHILD) {
 280                        
31 profile name */
 293        return 
c">NULL;
aa_namespace *.hname;
 293        return ns_name = <3 href="+code=fqname" cccccccccccccccccccccccccccccccccccin.c#L263" id="L263" class="line" name="L263"> 263                        cont3e=name" c3ass="sref">name = *<3 href3"+code=ns_name" class=="L2"> 263                        cont3eomain.c#3me" class="sref">name 293        return name<3a> = 3a href="+code=NULL" class="sref">NULL;
NULL;
aa_namespace * 293        return  263                        cont3eame" cla3" class="sref">ns_name = <3 href="+code=NULL" clabreak3"> 263                        cont3eomment">3ass="sref">name =  280                         293        return NULL;
;
aa_profile *u32  263                        cont3=name" cl3ss="sref">name;
 263                        cont3domain.c#3232" id="L232" class="li3e" na33href="+code=f5"> 295
 233static const char *next_3ame
 293        return  294}
NULL;
 295
 287                
 297 * x_t3an>
 297 * x_t3a>

 299 * @na3file: cur3ent profile (NOT NULL)
3a href="security/apparmor/domae="L299"> 299 * @na3fomain.c#3 into x transition table3/span3
 299 * @na3fmain.c#L3="security/apparmor/doma3n.c#L343" id="L243" class="line" namme="L293"> 293        return xindexprofile-&bprm href="+code=prbprm="sr2"> 280                        
 235        return aa_profil3 34lass="line" ne=profile" class="sref">ptask_cx86" class="line"">ptask_cx8="sref">profile-&cx86" class="line"cx8="sr4"> 294}
profile, u32 c">NULL;
 248        struct aa_profi3e3*profile-> 248        struct aa_nam3space3/a> * 248        struct u32 unsigss="ass="sref">xindex 248        struct index = xindex 248        struct name;3xindex,  280                        ns_nametrans.trans.trans.trans.,  293        return ns_nametrans.trans.trans.trans. 287                name =  248        struct name = c#L298" class="line" n#L298""L14main.c#L248" id="L248" class="line" name="L24f"" class="sref">cinfo="+code=table" infor/domain.c#L248" id="L248" class="line" name="L248"> 248        struct xindexu32 bprm href="+code=prbprm="sr28"> 248        struct 3name<3a> =  280                         =  248        struct new_ns 3  230        return xindex<3a> &a3p; trans.,  280                        /* release by cal3er */3/span>
 248        struct  233static const char *profile-&cx86" class="line"cx8="srmain.c#L248" id="Lbprm href="+code=prbprm="sr"sref">trans., trans. 248        struct n3metrans. 248        struct /* switching name3pace 36"L296"> 296/**aa_get_profile(__attach_match(trans.aa_get_profile( 186        xnam3 3  293        return 
 293        return /* no nam3 so u36a href="security/apparmor/domain.c#L* csecuh254"ass="line" name="L202"> 202 * is 3   xn37rmor/domain.c#L221" id="L221" class=mme="L293"> 293        return ns_37entry(ns;
 249        /* TODO: 3ariab3e support */xindexfile.trans.table[ 249         249         293        return /* released below3*/
xindextrans.trans..trans. 293        return new3ns 186         280                        trans. 280                        
n3me 280                        /* TODO: variable3suppo3t */
xindex 248        struct trans. 249         249        /* basic namespac3 look3p */
 295
xnam3 3  295
 293        return  293        return 38xindex
 293        return new_pr3file<3a> = aa_get_profile( 280                        a3_put_3amespace( 293        return trans. 280                        
 293        return 
<3 href39ofile = aa_find_child(__attach_match(trans. 249        new_pro3ile 263                        cont3domain.c#3295" id="L295" class="li3e" na39 href="+code=NULL" class="sref">NULL;
NULL;
aa_namespace * 263                        cont3omain.c#L396" id="L296" class="lin3" nam39lass="line" name="L28mor/domain.c#L278" id="LLL;
 280                        aa_profileclean"s"L249"> 249         293        return  293        return  293        return  293        return  293        return  249        
 295
 295
 293        return filehaa_get_profile(trans.table[ 263                        cont4n7me\0\0<4sget target profile for 4n.c#L40> = trans. 280                        xindexaa_profilecs"L249"> 249        
NULLinfo="+code=table" infor/domainc#L280" id="L280" claquot;uh254"parmor/doonor/daquot;e="L2939"> 249        table[ 280                        
 249         253         293        return name;4 293        return  293        return fqname[0] =4  293        return 4* In this case there is 4uaran41a href="security/apparns" class="sref="+a href="+code=prf="+a"L24 class="sref">filehaa_get_profile(trans.table[ 263                        cont4+ the xta4* in the string.  They a4e ver41> = xindexaa_profilecs"L24main.c#L248" id="Lch254"parmor/dnpermt;aa_get_profile(trans. 293        return trans. 293        return 
 263                        cont4de=ns_nam4" class="sref">ns_name = <42"L292"> 292        name = *<4 href4"+code=ns_name" class=_CHI!de=name" class="csref">aa_profilecs"L24ref">table[ 280                        name 249        name<4a> = 4a href="+code=NULL" cl_find_child" class="sref">aa_find_child(__attach_match(trans. 263                        cont4d5mor/dom4rmor/domain.c#L226" id="4226" 42lass="line" name="L28go301n.c#L248" id="Lcpplc href="+code=prcpplc"L249"> 249        ns_name = <4 href="+code=N5"> 295
4ass="sref">name =  295
table[ 280                        
 293        return name;
aa_find_child(x_table_lookupxrmor/e=name" class="ef">aa_get_profile(table[ 263                        cont4domain.c#4232" id="L232" class="li4e" na43span>
 280                         = table[<">AA_X_CHILD) {
 280                        next_4ame
 293        return  293        return NULL;
(tclasarmor/de="L293"> 293        return  293        return 438" id="L238" class="lin4" nam43)
NULLinfo="+code=table" infor/domainc#L280" id="L280" claquot;ixL44llbackaquot;e="L2939"> 249        
aa_find_child(__attach_match(aa_get_profile( 249        

 249        
44 */
'@&#LD" class="srefeermt;table[<">AA_X_CHILD) {
 280                        aa_find_child(__attach_match( 249        NULLinfo="+code=table" infor/domainc#L280" id="L280" claquot;uxL44llbackaquot;e="L2939"> 249         283                        
NULLerr30 class="line" nerr30r/domai-asref">NULLENOENT; 249        aa_profil4 44lass="line" name="L28 href="security/asref">NULLinfo="+code=table" infor/domainc#L280" id="L280" claquot;armor/doa>    78"aquot;e="L2939"> 249         295
aa_profi4e44)
 295
aa_nam4space4/a> *'@&#LD" class="srefCOMPLAIN_MODE="+code=table" COMPLAIN_MODE"+code=name" class="ef">aa_get_profile( 280                        
u32  293        return index = aa_find_child(__attach_matchaa_get_profile( 249        name;4
 280                        NULLENOMEM; 249        /* index4is guaranteed to be in r4nge, 45ef="security/apparmorecurity/asref">NULLinfo="+code=table" infor/domainc#L280" id="L280" claquot;couldoa>  creatdoaullsarmor/daquot;e="L2939"> 249        name =  283                        name = NULLEACCES; 249        ame" cla4a_namespace" class="sref4>aa_n45= NULL#L298" class="line" n#L298""L14main.c#L248" id="Ld="LLL;
 249        4name<45)
 295
 = table[<">AA_X_CHILD) {
 249        
new_ns 4  *"> 249        xindex<4a> &a46 */
 293        return /* release by cal4er */4/span>
NULLEACCES; 249         233static const char * 293        return n4me_ity/apivs3thene="L293"> 293        return /* switching name4pace 46ity/apparmor/domain.c#L206"         "L44" mparmor/d.e="L293"> 293        return  293        return xnam4 46> = trans. 280                         = __attach_match;
 249        
/* no nam4 so u46f="+code=NULL" class="sref">NULLerr30 class="line" nerr30r/domai-asref">NULLEPERM; 249        xn47 */
aa_profileclean"s"L249"> 249        ns_47href="+code=f5"> 295
/* TODO: 4ariab47"L233"> 233static const char * 280                         249        /* released below4*/ 296/**new4nstrans. 280                         293        return  249        
n4me 295
/* TODO: variable4suppo4t */ 295
trans. 280                        NULLerr30 class="line" nerr30r/domai"sref">NULLmay_ch254"paclaced_       class="line" nmay_ch254"paclaced_      "+code=name" class="   r8" ref">aa_profilec  r8" f="+fcin.c#L263" id="L="LLL;
 249        /* basic namespac4 look48ef="security/apparmor_CHILD" class="sreferr30 class="line" nerr30r/do280"> 280                        xnam4 48 href="+code=NULL" class="sref">NULL;
__attach_match;
 249         249         295
487=  295
new_pr4file<4a> = <"> 295
a4_put_4amespace( 293        return  293        return  293        return 
<4 href493" id="L243" class="line" naoooooooo* 2. confsred switchclas301differ"L29confsrem"L2e="L293"> 293        return new_pro4ile 293        return  293        return  293        return  299 * @na4_profile 4 get target profile for 4 give49xindex
 299 * @na4_  contin4ent profile  (NOT NULL)<4span>4 299 * @na4_>
 293        return  293        return table[<">AA_X_CHILD) {
 280                        
<50L283" class="line" naapparmor/domain.c#DEBUG="+code=table" .c#DEBUG"+codec#L280" id="L280" claquot;scrubbclasenvironm"L29variablesdL303%ssarmor/d=%s\naquot;e="L293d"> 293        return ;
 249        
trans. 249         295
 295
NULL#L298" class="line" n#L298""L14main.c#L248" id="Ld="LLL;
 249         293        return trans. 249         295
ef">table[<"_clea0 class="line" nx_clea0"L24:"> 295
xindex__attach_matchtrans.aa_get_profile( 249        
 293        return name;5trans.trans.aa_get_profile(;
 249         296/**fqname[0] =5  293        return NULLcodeuass="sref">__attach_matchtrans. 249         = NULLcodeuass="sref">__attach_matchtrans. 249        
51f="+code=NULL_find_child" clcx86" class="line"cx8="sr"sref">trans. 248        struct 
trans. 248        struct ns_name = <52entry(trans. 248        struct name = *<5 href52"L233"> 233static const char *name 295
name<5a> = 52== trans.__attach_matchaa_get_profile( 293        return ,  248        struct ns_name = <5 href="> 248        struct name = aa_profileclean"s"L24:"> 295
NULLcodeuass="sref">__attach_matchaa_get_profile( 249        
kfre="+code=name" class="buffer href="+code=prbufferr/do19"> 249        name;
 295

 249         295
next_5ame 249         299 * @na5=NULL" cl5ss="sref">NULL;
 299 * @na5=6mor/dom5237" id="L237" class="li5e" na53/domain.c#L207" id="L207" cl* @bprm: binprmdL303or/ds (NOT ame=me="L299"> 299 * @na5=omment">538" id="L238" class="lin5" nam53xindex
 299 * @na5= the xta5f="security/apparmor/dom5in.c#53a href="security/apparmor/do* Returns:3%1 _CH
 299 * @na5=>
 293        return 
*_find_child" clbprm href="+code=prbprm="sr2"> 280                         280                         249         249        
 293        return aa_profil5 54ity/apparmor/domain.c#L206"         "Land stored =" bprm"srefunsaf3.e="L293"> 293        return  293        return aa_profi5e54> = trans. 280                        
aa_nam5space54> =  249        
u32  249        index =  249        name;55"> 295
 233static const char * 299 * @na5ame" clas5="sref">name =  293        return name =  299 * @na5>ame" cla5a_namespace" class="sref5>aa_n55/domain.c#L207" id="L207" cl*me="L293"> 293        return 5name<55)void n.c#L248" id="Lcpp"comm_bprm_n.c#i(tcla_creds href="+code=prcpp"comm_bprm_n.c#i(tcla_creds"+code=profile" class="sref (Nux_binprm href="+code=pr (Nux_binprmpan>
*_find_child" clbprm href="+code=prbprm="sr2"> 280                         = <0"> 280                        
new_ns 5  *__attach_matchaa_get_profile(__attach_matc__h 249        xindex<5a> &a56 */
trans.trans. 249        /* release by cal5er */56"L292"> 292         299 * @na5>ame" cla5a_namespace" class="sref5>aa_n55/domain.c#L207" id="L207" cl*me="L293"> 293        return 5name<55)void n.c#L248" i4ame 249  32" 5 class="c5mment">/* relepan class="comment">/**fqname 249         249 249  32" 5 class="c5mment">/* relepan class="comment">/**fqname<)href="+code5xtype54f="+c"> 249       lllllll*m5="L293"> 293        5eturn56cin.c#L263" id="info=nam55"outs_CHunconfsred L299"> 299trans.<5 unsa56 c5ass="52> = NULLcodeuaeLSM2UNSA5E_NO_NEW_PRIVSr/do280"> 580/death_signal+6mor/dom5s="sredeath_signalline""udi8"L24:"> 295
/* 56r/d4main.c#L291" id="L291" c4ass="49rmor/do5e=xname" 5lass="sr4f">xn47 */
 295
ns_name = <52entry i8"L249"> 249  32" 5 class="c5mment">/* relepan class="comment">/**fqname<)i8"L24:"> 295
 299 * @na5ame" cla>       5                 293        return nampan class5"comment">/** 299<5> = <08" id="L238" class="lin5" nam53xindex
5name<55)void n.c#L248" id="Lcpp"comm_bprm_n.c#i(tcla_cSAFE_SHAR5r/do280"> 280       5     57a_creds"+code=profile" class="sref (Nux_binprm href="+code=pr (Nux_binprmpanity/app4r5or/4omain.c#L279" id="L2599"> 57"sr2"> 280                         = <0ed280                        
new_ns 5  *__attach_match/* TO5O: variable4suppo4t */ 29557main.c#L248" id="L__h__attr/do4ain.54L282" id="L282_CHILD" c5ass="57/appoassdL303parmfollowclasreasons:e="TODO:slass="cosignal9xrmor/e=name" class="ef">aa_get_pro5f3" class5"line" unsaf3="security/5LD" c58class="lin5" nam55"i8"L24:"> 295
 299 * @na5ame" cl  r8" ref5>aa_profilec  r8" f="+fc5n.c#L58ity/apparmor/domain.c#L475" i47 href="+code5L" class=5sref">NULL;
 293   ilo"sref">xrmor/e=name" class="ef">aa_get_pro5fan class5ode=u32" 4eclass="c4armo5/doma58#L206" * @bprm: binprmdL303parFllb iup#Lass=self direc="+c>.xrmor/e=name" class="ef">aa_get_pro5f3" class5_f5"> 295
xrmor/e=name" class="ef">aa_get_pro5fAFE_SHAR5ref">new_pr4file<4a> = <5> 29558 c5ass="52> = NULLcodeuaf">a4_put54amespace(        return nam293  5     return /omp/a>)_ef=" 2@n1    return nam2/do4ain.5" id="L221" class=m Csec5e atH58=profile" class="sref (Nux_bi2@n1xnaase of    reaame<55)void n.c#L248" id="Lcpp"comm_bprm_n.c#i(tcla_cam492" id5"L302" class="line" naoo5ooooo5 1.cunconfsred switchclas301ci2@n2:ne" ncod5norendame<55)void n.c#L248" id="Lcpp"comm_bprm_n.c#i(tcla_caNSAFE_PT5="line" naoooooooo* 2. c5nfsre5 switchclas301differ"L29confs     return nam/49ef="s=5L243" class="line" naooo5oooo*53. confsred switchclas301unco"+cod5file:sommecode=u3  return nam/" class=5n.c#L302"         *"+"L253"> 253        return xrmor/e=name" class="ef">aa_get_pro52 and 3 a5esmarkor/asop"quip0" H
<5 hrmo5/d"+"Llassic"ok4r     /omp/a>)_ef=">    cup#t"ok4r      cup#t"ok4r     __attach_match_itef="61              1n.c#L302"3ain.c#L475" i47 href="+odeuass="sref    249  32"ass="c5mmen1dod"> cup#) +de=ns_name" class= lLcudi86" class="l   lLc8"L249"> 249  32"ass="c5mmen2e="sref">__ +d3in.c#L226" id="5226" 52lass="line" name="L28armorn>
 295
 =  249  32"d="err30 class="line" nerr30r class="h263" class="line"rity/a//rity/aarmor/doin.c#L49"> 249  32"ass="c5mmen1dod"> cup#t"9"> 249  32"ass="c5mmen2e="sref">__:"> 295
59ssdL303parmfoL233"> 233static c"d="err30 class="line" nerr:"> 295
table[<">AA6X_CHI6D)pan class="comment"> * @na5ame" cl  r8"680"> 280<6a>                      6 aa_n55/domain.c#L207" id="L207" cl6293  6     return nam293 293hathto/x8="ssubid="L238" class="lin4" nam43)
 249        .<>omreaaath    se_lookyi4ame * @na5= the xta5f="securityine"": magr  valuorendvalid    >5naaathilo"sref">xrmor/e=name" class="ef">aa_get_pro5f3" c61" id=hL263" class="line" h146""L269"> 260pan class="comment"> * @na5=> @rmorteste"tru* @na        jur  aclass=ofilewtestef">xrmor/e=name" class="ef">aa_get_pro5f3" c618 id=hL263="security/apparmor/dom6" clb60       return /ef">xrmor/e=name" class="ef">aa_get_pro5f3" c619 id=hL263apparmor/doooooooo*me="6ef="+60le" class="sref (Nux_bi2@n1xnaC"> 293_loohrefirr  f"ok48eft profile ini@hataoohathexists,lass="srefef">xrmor/e=name" class="ef">aa_get_pro5f3" c6or/5code=6epa5ate_fqname" class="s6ef"5s61onfsred switchclas301ci2@n2:neohre@hat_magr  cod4"sre/do2palass="cf">tra.  Ifsr"sref="ty ca0lass=r"sef">xrmor/e=name" class="ef">aa_get_pro5f3" c6o0"> 280<6ch_matchaa_4"sre/do2palass="cf">tra,oL233"> _loohref">xrmor/e=name" class="ef">aa_get_pro5f3" c6o93  6    
name6rans<61      return  293      6 retu61 xrmor/e=name" class="ef">aa_get_pro5fAFE_6e is 5uar6n51> = N6LL 249<""securhatup#t"ok4r      2hata.ca>[],ed profile, or NULL ef="ts="line" nerr30rf="tcup#t"9"> 249  32u 46ity/appallbacka+code=u9"> 249  32d="Lcudi86" class="line""udi8t"9"> 249  32boo/dom5s="sredeathboo/ode=u9"> 249  32rmortestdom5s="sref">fqnmortestnerr_attach_match_itef="61     6     6  
5new_profile" class="sref5>a href="+cod1 5 c5new_profile" class="sref5>:"> 295

 249        name 295

n62o"sref">trans.xindex<5a> &a56 */
xindex< c" clasc" classss=",pan>
 2hatup#t" ntoke r/domai08"> 248        struct name 233static6const6char * 248        struct name  6name" class="sref">name<6a> = 62ns: refc5unted profile, or NULL i8        sti namenametrans. 249  32rmor"+cod5d5mor/dom5rmor/doma ca{}href="+cod5e=name" c5ass="sref">name 248        struct 
                         248        struct name,  295
NULLcodeuass="s6ef">__att6ch_match 293   ilo"sref">xrmor/e=name" class="ef">aa_get_pro5fan c630" id="L630" class="lin5" nam52f=6+code62oooo*/domavoid havclas301reor/euae =" F 249n4n clestf">_pro5fa per_clea0shref="+code=ns_n=  295

Thrr293">ofilecepfilo"lf d>)void n.c#as ""securhath3">oftef">xrmor/e=name" class="ef">aa_get_pro5f3" c6f="+code=632" 5==name" c533" id="L633" c63onfsred switchclas301confsred"+"L293">av 24d="L= ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6y/apparmo6/domain.c#L302"/**e="L296"> 2963ns: refc5unted   /death="+code=ns_nerr30 class="lin"+code=ns_nnerr_attach_matchNU6L;
 249    L233">    ns_47href="+code=f5"> 26determine6_CH
 299<" class="sre4">ns_47href="+code=f5"> 26dparmor/56.c#L207" id="L207" cl* @6prm: 635xta5* in the L293"> 293   ilo"srhref="+maibelow">ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6yr/5  the6299"> 299
5new_profile" class="sref5>aspa5er */56"L292"gla52ity/cx85new_profile" classgla52ity/cx85newup#t"_:"> 295
 26963 xta5* in the string. referr3class="sref">name 299 693xindex<5a>""src" class8"L249"> 249  32onew_profile" class="sref5>_:"> 295
xindex< c" clasc" classss="       trans. 295
 280<6a>   64ss="lin5" nam53ofile5"> 295
 249  325+6mor/dom5s="sref">fqname<)href="+3%ssarmor/d=%s\naquot;e="L293d">629"> 249<6a>        name 293        retu6n  249    ofile, or NULL E" class="line" nGFP_KERNE"lassd   ns_47href="+code=f5"> 26 54it6/apparmor/domain.c#L206"6     6  "Land storedddddddddaller */<4span>487=  295
 293    64 5n.c#L50> = NULL#L298" class="l6 nr8""L146parmourity/ILD" class="s6efbpr64="52> = NULLcodeuass="s6rmor/doma6n.c#SECURE#L2NEEDEid="L261" cl6ss=.c#SECURE#L2NEEofile, or NULL ef="ts="line" nerr30rf="tcup#+3%ssarmor/d=%s\naquot;e="L293d">62rity/app6u32" 5dex" clas5="sref">6ndex<6a> =  293   ilo"srhate" ctn  293into a" ncshathf diclassrenda sibln ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6code=u32"65domain.c#5" class="sref6>name64o301n.c#L248" id="Lcl.xindex<5a> &a56 */
NULLEACCES;
 249  325+6mor/dom5s="sref">fqname<)href=" ?ld" clkfre=get_p class="srefh 2965s="sref5>aa_n55/domain.c#L207" id="L207" cl6ref">name6/a> =  293   ilo"srh;e=defirr  matchn ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6eds - do 6asklclean"soonmn.c#i(tcl69itya65""L2429"> 249    lf d49"> 249  32i8        sti         sti  280 2hatup#t:rofile, or NULL i8        sti  293   ilo"srhref="+maibelow">ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6"L207" cl6me="L293"> 293      6 retu65L263" id="info="+code=table" n>
 2hatup#t" ntoke r/domai08"5a>;e=d_chnlquot;uxL44llback5a>;e=d_chnlq8"L249"> 249  32roost char * 249  32hata      "L149"> 2hata.ca>[ofile, or NULL i8        sti  295
 280 2hatup#t+3%ssarmor/d=%s\naquot;e="L293d">6nd_child"6clbprm href="+code=prbpr6="sr265        280 2COMPLAIN_MODE8"L249"> 249  32roost char * 249  32rmortestdom5s="sref">fqnmortestnerr_3%ssarmor/d=%s\naquot;e="L293d">6nrity/app6get_profile( =  249  32list_" ctain.c#L288" id="list_" cta8"L24>        return  246 65o301n.c#L248" id="Lcl id="info="+code=table" n>

trans<6a>.NULLEACCES;<<<<<<<<<<<<<<<<< */<"security/apparmor/4   contin4ile" cla6fror/d hr6 @na5>ame" cla5a_namespa6e" cl661301n.c#L248" id="Lcl id="info="+code=table" n>
name6 293        return <6 href66hre5="security/apparmmmmmmmmmmmmmmmmmaller */<4span>487= oust char * 249            NULL#L298" class="l6= ns_47href="+code=f5"> 26l*m5="L296"> 293        5eturn66cin.6#L263" id="info=nam55"=table" nL293"> 293   ilo"sref">xrmor/e=name" class="ef">aa_get_pro5fan c6ref=rm="s6"sref">trans.<5 unsa66 c5a66href="+code=prbprm="sr"sref">trans 580 299b"+maioffmreaohrefirr  hatupa href="_CHIdomain.c#L278" ir8" class="line6Nrity/app6a hre4lass="commen5">/* 66r/d466oooo*/domavoid havclas301reor/euae =////////////////* supplied.  T       done due how"userdomcref">xrmor/e=name" class="ef">aa_get_pro5f3" c6e" 5lass=6sr4f">xn47 */
        return n67onfsred switchclas301confsred"+"L293////////////////*  2967clas301differ"L29confsrem"L2e="L293"////////////////* lass="Add logxrmor/e=name" class="ef">aa_get_pro5fAFE_6clg5301n.6#L248" id="Lcudi865 clas67itya67ef="+cod5fNULL" cl5" class="sref">aa_profil6ass5"comm6nt">/** 293   ilo"srh="Ld="below">ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6ass5"line6 unsaf3="security/5pparm67retu67L263" id="info="+code=table" n>
)_ef=" 5 class="c5mment">/omp/a>)_ef=">    cup#t"    return  293        return  249  32hata      "L149"> 2hata.ca>[0]_:"> 295
 280       5     67a_cr67href="security/apparm=table" n>
 295
 67"sr267        293   ilo"srhref="+maibelow">ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_6 TO5O: va6iable4suppo4t */ 29567main67> = 
 2hatup#t" ntoke r/domai08"5a>mp/anullc" class="sref">xindex<5a>mp/anullc" class8"L249"> 249  325+6mor/dom5s="sref">fqname<)href=, 1_:"> 295
 280 2hatup#t+3%ssarmor/d=%s\naquot;e="L293d">6ass5"line6 unsaf3="security/5LD" c68clas68ref">NULLEACCES;<<<<<<<<<<<<<<<<                        name 295
487=  295
;
 249            NULL#L298" class="l6ass5ode=u62" 4eclass="c4armo5/doma68#L20686" id=4L286"48lass="l}4 */6ass5"line6295

 2hatup#tclass="linclasarmor/ds clea0 unsaf3 personal    bitso*me="L293"> 293        return 6ew_pr4file<4a> = <5> 29568 c5a68href="security/apparm=table" 2NEEDEi"L2418"> 280 249  32hat      "L149"> 2hatup#t++3%ssarmor/d=%s\naquot;e="L293d">6a4r5or/4o6ace(68       
                        namens_47href="+code=f5"> 26in.5" id=6L221" class=m Csec5e atH68=pro68o301n.c#L248" id="Lcl id="info="+codealler */<4span>487=  295
NULLEACCES;<<<<<<<<<NULL#L298" class="l6_PT5="lin6" naoooooooo* 2. c5nfsre6 swit691301n.c#L248" id="LclNULL#L298" class="l6_ef5>aa_p6class="line" naooo5oooo*63. co69parmor/domain.c#L475" i47 href="+code5L" cl6ss=5n.c#L602"         *"+"L253"> 26369""L2429"> 249    ofile, or NULL E" class="line" nGFP_KERNE"lassdofile, or NULL may<""securptraced_code5Lass="line" nGFPmay<""securptraced_code5L8"L249"> 249  32o0 class="line" nerr30r/do2pan clt"9"> 249  32hat      "L149"> 2hatup#t+="security/apparmor/4   contin4ile" cla6 ss5ode=u6or/asop"quip0" H
<5 hrmo6/d"+"696" id=4L286"48lass="l2NEE9"> 249  32"clean"sref">aa_profileclean"s3%ssarmor/d=%s\naquot;e="L293d">6/do5ain.c6L207" id="L207" cl5lllll68ifie69L263" id="info="+code=table" n>
                        name
ns_47href="+code=f5"> 26af3 /apus6r/domcach cth=".c#L2UNSA6Esper69        295
NULL#L298" class="l6_n.5" id=6/apparmor/doooooooo*me="6293">69a>;55"> 295
table[<">AA7X_CHI70ref">NULLEACCES;<2NEEDEi"L2418"> 280fqnmortestnerr_3%ssarmor/d=%s\naquot;e="L293d">780"> 280<7a>                      7 sla52ity/cx8hat      "L149"> 249 249  32hat      "L149"> 2hatup#t30r/do28"> 248="Lcudi86" class="line""udi8+="security/apparmor/4   contin4ile" cla7293  7     return  249  32"clean"sref">aa_profileclean"y ca     7 2"         *"+"L253"> 27e" h170""L2429"> 249             id="infoL293"> 293   ilo"srhkilllass="i3">    reabrute lf cehateacks">ref">xrmor/e=name" class="ef">aa_get_pro5fAFE_7#L2NEEDEi7L249"> 249         293   ilo"sref">x"298" clas5sok4r          6    8" class="l6_ef5>4a> = <5> 29558 c     6    7     return ar *  8" class="learn/////// ctn ref">xrmor/e=name" class7href7a>  +code=f5"> 26af3 /apus67" cla7068       
aa7get_pro5f3" c618 id=hL267="sec70ity/apparmor/dom6in.oo69> = aa7get_pro5f3" c619 id=hL267appar70ass=m Csec5e }" id="info="+code=table" apparmor/5domain.c#5232" c" clasc" class="sref">xin5s="sref">fqnmortestnerr_3%ssarmor/d=&s="ef">aa7get_pro5f3" c6or/5code=67pa5at71c#L553" id="L2536 clas7     return ar * 293aa7get_pro5f3" c6o0"> 280<67h_mat7h  g  67   
ref">xrmor/e=name" clas#L278" ir7" class="line6">name 26369""L2429"> 24e=table" n>
xinat      "L149"> 2hatup#tclass="linclasarmor/ds clea0 unsaf3 personal    bitso*me="L293"> 293        return          249 248="Lcudi86" class="line""udi8+="security/appar#L278" ir7" class="line6"parmor/567e="L2715iget target pro7ile 8lass="line" nam id="infofile, or NULL rmor"+cod5d5mor/dom5rmor/doma bitso*me="L293"kill+cod5d5mor/dom5killE"lassdofile, or NULL AA_14fcCHANGEHATt char *aa7get_pro5fAFE_6e is 5uar6751> =716ss=m Csec5e }" id=refAA_14fcCHANGEHAThref="security/appars7href7a> m*_find_n.c#46 249 67     71ref">xrmor/e=name" clas#="ef">aa7="61     6     67 487= oust char *69a>;55"> ref="secu7ity/appar/do46487= 69a>;55"> r="ef">aa7sref">nameNULLEACCES;<2NEEDEi"L2418"> 28069a>;55"> ror/4   cosref">name  67ame" 72  mp/anullc" class8"L249"> 249  325+6mor/dom5288" id="list_" cta8m id="infofile, or NULL rmor"="c5mmen2e="sref">__ +d3in.c#L226" id="5226" 52lass="lin,oooooo*me="6293">69a>;55"> rL278" ir7sref">namename 27e" h170""L2429"> 249e6u32" 64hre5="securiOPHATt chi"L2418"> 280 24oooooo*me="6293">69a>;55"> rL278" ir7sref">name        
LOBAL_ROOT_UIssd   
="c5mmen2e="sref""sref">x"298" clas5sok4r     name, aa7ity/appa+code6or/5  the67ta5ma7n.c#L2armmmmmmmmmmmmmmmmmaller */<4span>487= o:oooooo*me="6293">69a>;55"> r7href7a> a>codeuass="s6ef">__att67h_mat72#37;0e="L299"> 26963 xta+c" uh 249  32haust char *aa7get_pro5fan c630" id="L670" cl72ain.*me="L293"> 693 249  32onew_profile" class="sref5>_:"> 295
aa7get_pro5f3" c6f="+code=672" 5=73bprm="sr2"> 280<6a>   64ss="lin5" nam53ofil7#L278" ir7" class="line6urity/app67mor/573=prcap_bprm_
e="5293">59ssdL303parm"sref">x"298" clas5sok4r     _profile" class="sref5>_:"> 295
 = NU67;73d="Lcudi865 clas67itya67ef="+cod5fNULL" cl57ns_47href7"+code=f5"> 26determine67CH
 26dparmor/567c#L20735iget target pro6ile f60 n4n cwitchclas301unco"+cod return aa7get_pro5fAFE_6yr/5  the6799"> 733ain.c#L475" i476"LLL<60t"> * @ns"c5mmwitchclhrefaclass=selstchc        ilo"    se_lookyi4AYBEmmecod   @cf="ty ca0n.c#L248" id="Lcpp"com7ref="secu7ity/appar/do46dsis need67e="L273="line" h146""L269"> 260pan clahc5mmwitchclhreass=selsia>   ilo"    se_lookyi4AYBEmmecod   @cf="ty ca0n.c#L248" id="Lcpp"com7r="ef">aa7       @onexec: whe mauna5=> ici">n4n cn  * @na5=> @rmorteste"tru* @na        jur  aclass=ofilewtestef">xrmor/e=name" cla7ref="secu7ity/appar/do46prm href=67code=74fqname" class="s6ef"5s61onfsr  jur  aclass=ofilewtestef">xrmor/e=name" cla7rL278" ir7>
xrmor/e=name" cla7ror/4   coot;e="L293d">629"> 249<67>    74ref="+code=u32" 6r>
   ilo"back4"sre/@r/d n xrmor/e=name" cla7ra href="7lass="line" n6creds"+"L673"> 274hL263" class="li6e" h160      usednteracts@n2rmo""securhat=  26 54it67appar74+code=u32" 5r5mo6/dom561 * @bpre/@onexece ma"" matici">n4n cn aa7298" class="l6 nr8""L1467armou743ain.c#L475" i476"LLL<60t"> *teracts@n2rmo""securhat= codeuass="s6rmor/doma67.c#SE74="line" h146""L269"> 260pan clrm: binprmdL303parFllb ile:s62rity/app6732" 574 href="+co54ppar583      reabrute lf cehateacks">ref">xrmor/e=name" class="ef">aa7get_pro5fAFE_6code=u32"67domai7.c#5" f="asref">N6LL cup#t"ok4rsr */56"L292"mp/a>)_efs"c5mment"class="c5mmen1dod"> cup#t"ok4sonal    bitso*me="L293"> 293        reture""udi8t"9"> 249  32boo/dom5s="sredeathonexecmaller */<4span>nt ecYB 24oooooo*me="6293">69a>;55"> mor/4   c7ntin4ile" cla6y/apparmo675omai7.c#L553" id="L2536 claror/d"+co6e=pro63ity/e""udi8t"9"> 249  32boo/dom5s="sredeathboo/ode=u9"> 249  32rmortestdom5s="sref">fqnmortestnerr_attach_matchfqnmortestnerr_3%ssarmor/d=&in.c#L2077 id="L207" cl6ref">name67a> = 7a hr5f="+c55it 5+6

5new_profile" class="sref5>a href="+cod1 5 c5new_profile" class="sref5>:"> 295
aa7get_pro5fAFE_6eds - do 67sklcl75c#L248" id="Lcod6udi8_623"sref">traf="+code=u32" 5+code=xin5exode=pr        "L149"> 249        name 295
n62o"sref">trans.xindex<5a> &a56 */
 2class="sref">name 295
 293   ="s6ef">n62o"sref">transxindex<5a> &a5nmment">/death="+cs 5: the xta5le fqname is pre-validat5d at 50ma> 2class="sref">name 295
aa7ity/appar/do46ref="+cod67prcpp7comm_bprm_n.c#cod6udi8_623"sref">trans. 249  32rmor"+cod5d5mor/dom5rmor/doma ca{}href="+cod5e=na7#37;s\naq7ot;e="L293d">6nd_child"67lbprm7href="+code=prass="c5mmen1dod"> cup#t"ok4r=table" n>
                         248        struct 6nrity/app67et_pr7file(N6LLp"/a>="c5mmen2e="sref""sref">x"298" clas5sok4r     ass="line" nGFP_KERNE"lassd4:"> 295
 248        struct trans<67>. 280<6a>   64ss="lin5" nam53ofil7mor/4   c7ntin4ile" cla6fror/d hr67@na5>76=prcap_bprm_
NULLEACCsonal    bitso*me="L293"> 293creds"+"L293"> 293   ilorsr */56"L292"mp/a>)_efs"c5mment"5s="sref">fqnmortestnerr_attach_matchname67293        return <6 hreo63""L2429"> 249    INVA    248        struct aa7ntin4ile" cla6fds - do 67dref=76d="Lcudi865 clas67itya67ef="+cod5fNULL" cl57NULL#7298" class="l6= fqnmortestnerr_3%ssarmor/d=&ns_47href7"+code=f5"> 26l*m5="L2967> 2937/a>        5eturn66cin+co6e=pro63ity/euae ="t_pro5fAFclas5seuae =""> 2l+cod5d5mor/dom5killE"lasONEXECor NULL AA_14fcCHANGEHONEXEC"> 248        struct aa7get_pro5fan c6ref=rm="s67sref"768 c     6  N6LLp"/a>l+cod5d5mor/dom5kiOPHATt chiONEXECor NULL AA_14fcOPHATt chiONEXEC"> 248        struct  2l+cod5d5mor/dom5killE"lasATt chiLE_IS_Hor NULL AA_14fcCHANGEHATt chiLE_IS_H"> 248        struct 76ass=m Csec5e atH68=prsref">N6LLp"/a>l+cod5d5mor/dom5kiOPHATt chiLE_IS_Hor NULL AA_14fcOPHATt chiLE_IS_H"> 248        struct  2965s="sref5>aa_n55/dom7_bprm_n.c7i(tcla_caNSAF6   5     67     772_

5new_profile" class="sref5>aspa5er */56"L292"gla52ity/cx85new_profile" classgla52ity/cx85newup#t"_:"> 295
aa7get_pro5fAFE_6clg5301n.67L248"773_
nameaa_profil6ass5"comm67t">/*7xindex<5a> &a56 */
xindex<5a>""src" class8"L249"> 249  32onew_profile" class="sref5>_:"> 295
aa7get_pro5fAFE_6ass5"line67unsaf77,  287       5   id="info=nam55"=table" nL293"> 293   ilo"sref">xrmor/e=name" cla7ref="secu7ity/appar/do46p4r5or/4o67in.c#77r/do280"> 580n4n clestf">_pro5fa penL293"> 293   ilo"sref">xrmor/e=name" cla7rL278" ir7get_pro5fAFE_6 TO5O: va67able477s="lin5" nam52f=6+code62oooo*/domavoid////l4="a_profil4=success,l3  re oohrrwis =  295
n4n cleecurhrr293">ofilere//* owfileven whe"uccess,l3  re oohrrwis = 6ass5"line67unsaf78ame" c533" id="L633" c63onfsred switch">_pro5fa pen   becausena5=> awayslf7aultf="tealf7duc4n cwitchclas301unco"+cod return 
ref">xrmor/e=name" clasmor/4   c7ntin4ile" cla6ss=5sref"67ULL;
 2963ns: refc5unted   /death="+code=ns_nerr30 ccreds"+"L293"> 293   ilo="+code=table" LSM2UNSAFL280" claquot;uxL44llbackaquot;e=di8"L249"> 249  325+6mor/dom5s="sref">fqname<)href="+3%ssarmor/d=7NULL#7298" class="l6ass5ode=u67" 4ec7ass="c4armo5/doma68#L2+co6e=pro63ity/au5er */56"L292"gla52itau5er */ay<""securptraced_codass8"L249"> 249  32onew_profile" class="sref5>_:"> 295
6ass5"line6795 249    L233">    67w_pr47ile<4a> = <5> o69> = 6a4r5or/4o67ce = )_efs"c5mment"5s="sref">fqname<)href="+3%ssarmor/d=7Nef="secu7"+code=f5"> 26in.5" id=67221" 7lass=m Csec5e atH68=pr   293   ilo"srhref="+maibelow">ref">xrmor/e=name" cla7mor/4   c7ntin4ile" cla6 id5"L30267class7"line" naoo5ooooo6 1.c>xindex<5a> &a5nmment">/death="+cs 5: the xta5le fqname e=d_chnltchc              href="+c"_chnltchc     ot;uxL44llbackaquot;e=di8"L249"> 249  325+6mor/do"line" nerr30r/do2panmment">/death="+cs 5: ="c5mmen2e="sref"psr */56"L292"mp/a>)_efs"c5mment"5" 4#7298" class="l6_PT5="lin67 naoo7ooooo* 2. c5nfsre6 swiNULLEACCnmment">/death="+cs 5: 5s="sref">fqname<)href="+3%ssarmor/d=7NULL#7298" class="l6_ef5>aa_p67lass=79urn ref">xrmor/e=name" cla7mor/4   c7="+code5L" cl6ss=5n.c#L672"   7     *"+"L253"> 263xindex<5a> &a5n=table" n>
)_efs"c5mment"" 4#7ntin4ile" cla6 ss5ode=u67r/aso7"quip0" H
<5 hrmo6/d"+ooo6 1.c>xindex<5a> &a5e=table" n>
                        name6/do5ain.c67207" 7d="L207" cl5lllll68ifie69L263" id="info="+code=table" n>
 295
 26af3 /apus67/domc7ch cth=".c#L2UNSA6Espeo69> = #7298" class="l6_n.5" id=67appar79ass=m Csec5e atH68=pr   293   ilo"srhref="+maibelow">ref">xrmor/e=name" cla8295
<8 href="securi7+codeperm78assre8">table[<">AA7X_CH>xindex<5a> &a5nmment">/death="+cs 5: the xta5le fqname e=dy/cxtchc              href="+c"y/cxtchc     ot;uxL44llbackaquot;e=di8"L249"> 249  325+6mor/do"line" nerr30r/do2panmment">/death="+cs 5: 5" 4780"> 280<78>    80line" n/**e="L296"> 2965s="sref5>aa_n55/dom8mor/4   c8ntin4ile" cla7293  78    r8turn ref">xrmor/e=name" cla823r/4   c8n"+code5L" cl6ss=5n.c#L682"   80;
NULLEACCsonal    bitso*me="L293"> 2935s="sref">fqname<)href="+3%ssarmor/d=8s="ef">aa8get_pro5fAFE_7#L2NEEDEi78249">8249         249  325+6mor/dom5"sref">fqname<)href="+3%ssarmor/d=8s5"ef">aa8gt;e="L293d">6/do5ain.c68mor/d8m5iget target pro7ile f70L263"f">NULLEACCsonal    bitso*me="L293"> 293cerr30 class="linepsment">/death="+cs 5: "line" nerr30r/do2pa="+code=table" LSM2UNSAFL280" claquot;uat      "L149"> 2hatup#tclass="linclasarmor/ds clea0 unsaf3 personal    bitso*me="L293"> 293        return 8 +code=f5"> 26af3 /apus68" cla8068     f">NULLEACCsonal    bitso*me="L293"> 293cerr30 class="linee=di8"L249"> 249  325+6mor/do"line" nerr30r/do2paup#tclass="linclasarmor/ds clea0 unsaf3 personal    bitso*me="L293"> 293        return aa8get_pro5f3" c619 id=hL268appar80r/doooooooo*me="6293">69a>;55">8s="ef">aa8get_pro5f3" c6or/5code=68pa5at81c#L553" id="L5mor/dom5lass_ref="ode=u9"> 249  32rmor"+cosecurptraced_coda     ne"h.. 249  325+6mor/do="c5mmen2e="sref"psment">/death="+cs 5: ="c5mmen2e="sref"sonal    bitso*me="L293"> 293        retureuae ="t_pro5fAFclas5seuae =""> 24oooooo*me="6293">69a>;55">8s="ef">aa8get_pro5f3" c6o0"> 280<68h_mat81e" cla5a_namespa6e" cl661301n.c#L248" id="r30 class="linee=di8"L249"> 249  325+6mor/do"line" nerr30r/do2pai8"L249"> 249  +6mor/doclea0 unsaf3 perstar"t_pro5fAFclas5sstar" 5: 5" 4  68           retureuae ="t_pro5fAFclas5seuae =""> 2m5s="sref">fqname<)href="+3%ssarmor/d=8#L278" ir8" class="line6">name 26369""L2429"> 24e=table" n>
aa8" class="line6"L2NEEDEi68 href8149         295
aa8get_pro5fAFE_6e is 5uar6851> =81ty/ILD" class="s6efbpr64="52> =  293   ilo"srhref="+maibelow">ref">xrmor/e=name" cla8#="ef">aa8="61     6     68  693/death="+cs 5: ="c5mmen2e="sref"sonal    bitso*me="L293"> 2935" 4aa8ity/appar/do46uct  693fqname<)href="+3%ssarmor/d=8ref="secu8ity/appar/do46AA7X_CH>xindex<5a> &a5e=table" n>
                        nameaa8sref">name
name  68ame" 82   249  32rmortestdomt ch href="+codey/apparm2NEEDEi"L2418"> 280 2COMPLAIN_e=di8"L249"> 249  325+6mor/dom5"sref">fqname<)href="+3%ssarmor/d=8rL278" ir8sref">namename 27e" h170""L24   295
name         293   ilo"srhref="+maibelow">ref">xrmor/e=name" cla8e" c5ass=8sref">name        5eturn66cin+co6e=pro63ity/r     mp/anullc" class="sref">xindex<5a>mp/anullc" class8"L249"> 249  325+6mor/dom505" 4aa8ity/appa+code6or/5  the68ta5ma82omm_bprm_n.c#i(t6la_cr65href="security/apr     fqname<)href="+3%ssarmor/d=8r7href7a>8a>codeuass="s6ef">__att68h_mat8268     f">NULLEACC<<<<<<<<                        nameaa8get_pro5fan c630" id="L680" cl82ppo4t */ 29567main67> = 
 295
 295
aa8get_pro5f3" c6f="+code=682" 5=83>table[<">AA7X_CHo69> = NU68;833_
ref">xrmor/e=name" cla8ns_47href8"+code=f5"> 26determine68CH
 249  32o0 class="line" nerr30r/dor      295
 26dparmor/568c#L2083a>        5et"696" id=4L286"48lass="l2NEE9"> 249  32"clean"sref">aa_profileclean"s3%ssarmor/d=8n="ef">aa8get_pro5fAFE_6yr/5  the6899"> 838 c     6  N6LL
                         ici">n4n cclan1nullef"ok48efi     name="L28 href="s_find_child8ref="secu8ity/appar/do46dsis need68e="L283 295
aa869a>;55">8ref="secu8ity/appar/do46prm href=68code=840>        5et"696" id=4L286"48laboo/ode=u9"> 249  32rmortestdom5s="sref">fqnmortestnerr_attach_match
 295
629"> 249<68>    84ine" naooo5oooo*63. co69parmor/domain.c#L478ra href="8lass="line" n6creds"+"L683"> 284;
 2963ns: refconexecmaller */<4span>nt ecYB 25naooo5oooo*63. co69parmor/domain.c#L478rs_47href8"+code=f5"> 26 54it68appar8449         295
        5et id=refAA_14fcCHANGEHAThref="security/appa8n="ef">aa8298" class="l6 nr8""L1468armou848 c     6  N6LL 295
codeuass="s6rmor/doma68.c#SE84 = 62rity/app6832" 584 href=ref="+codey/apparmaller */<4span>487= 69a>;55">8s="ef">aa8get_pro5fAFE_6code=u32"68domai849
 693 249  32rmortestdom5s="sref">fqnmortestnerr_attach_matchN6LLmp/anullc" class8"L249"> 249  325+6mor/dom5288" id="list_" cta8m id="infofile, or NULL rmor"="c5mmen2e="sref">__ +d3in.c#L226" id="5226" 52lass="lin,asref">N6LLp"/a>="c5mmen2e="sref"euae ="t_pro5fAFclas5seuae =""> 24oooooo*me="6293">69a>;55">8mor/4   c8ntin4ile" cla6yror/d hr68class85e" cla5a_namespa6e" cl661301n.c#L248" id="c>xindex<5a> &a5n=table" n>
 293        retur>LOBAL_ROOT_UIssd   
="c5mmen2e="sref""sref">x"298" clas5sok4r     name68a> = 85ine" naooo5oooo*63. co69parmor/domain.c#L478s="ef">aa8get_pro5fAFE_6eds - do 68sklcl853_
/death="+cs 5:  295
 293   id="list_" cta8mu5er */56"L292"gla52itau5er */ay<""securptraced_codass8"L249"> 249  32onew_profile" class="sref5>_:"> 295
aa8ity/appar/do46ref="+cod68prcpp85ty/ILD" class="s6efbpr64="52> = 6nd_child"68lbprm8href="+code=pre="5293">59ssdL303parm"sref">x"298" clas5sok4r     _profile" class="sref5>_:"> 295
6nrity/app68et_pr8file = 


The original LXR softwere/byefacl9> = LXR odeyundomain.,na5=> exULLiy/apal ver@na bye9> = lxr@#46ux.nomor"+
lxr.#46ux.no kindly ho=" F bye9> = R 3pill L46apo ASain.,napoviderlhreL46uxrass=ult////////oULLa4n cleservicelesince 1995.