92 int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,  in aa_audit_file()  argument
111 		u32 mask = perms->audit;  in aa_audit_file()
124 		aad(&sa)->request = aad(&sa)->request & ~perms->allow;  in aa_audit_file()
127 		if (aad(&sa)->request & perms->kill)  in aa_audit_file()
131 		if ((aad(&sa)->request & perms->quiet) &&  in aa_audit_file()
134 			aad(&sa)->request &= ~perms->quiet;  in aa_audit_file()
140 	aad(&sa)->denied = aad(&sa)->request & ~perms->allow;  in aa_audit_file()
223 	struct aa_perms perms = { };  in aa_compute_fperms()  local
226 		perms.allow = map_old_perms(dfa_user_allow(dfa, state));  in aa_compute_fperms()
227 		perms.audit = map_old_perms(dfa_user_audit(dfa, state));  in aa_compute_fperms()
228 		perms.quiet = map_old_perms(dfa_user_quiet(dfa, state));  in aa_compute_fperms()
229 		perms.xindex = dfa_user_xindex(dfa, state);  in aa_compute_fperms()
231 		perms.allow = map_old_perms(dfa_other_allow(dfa, state));  in aa_compute_fperms()
232 		perms.audit = map_old_perms(dfa_other_audit(dfa, state));  in aa_compute_fperms()
233 		perms.quiet = map_old_perms(dfa_other_quiet(dfa, state));  in aa_compute_fperms()
234 		perms.xindex = dfa_other_xindex(dfa, state);  in aa_compute_fperms()
236 	perms.allow |= AA_MAY_GETATTR;  in aa_compute_fperms()
240 		perms.allow |= AA_MAY_CHANGE_PROFILE;  in aa_compute_fperms()
242 		perms.allow |= AA_MAY_ONEXEC;  in aa_compute_fperms()
244 	return perms;  in aa_compute_fperms()
259 			  struct aa_perms *perms)  in aa_str_perms()  argument
263 	*perms = aa_compute_fperms(dfa, state, cond);  in aa_str_perms()
270 		   struct aa_perms *perms)  in __aa_path_perm()  argument
276 	aa_str_perms(profile->file.dfa, profile->file.start, name, cond, perms);  in __aa_path_perm()
277 	if (request & ~perms->allow)  in __aa_path_perm()
279 	return aa_audit_file(profile, perms, op, request, name, NULL, NULL,  in __aa_path_perm()
287 			     struct aa_perms *perms)  in profile_path_perm()  argument
301 			      perms);  in profile_path_perm()
319 	struct aa_perms perms = {};  in aa_path_perm()  local
331 					  cond, flags, &perms));  in aa_path_perm()
364 	struct aa_perms lperms = {}, perms;  in profile_path_link()  local
391 	aa_str_perms(profile->file.dfa, state, tname, cond, &perms);  in profile_path_link()
396 	lperms.audit = perms.audit;  in profile_path_link()
397 	lperms.quiet = perms.quiet;  in profile_path_link()
398 	lperms.kill = perms.kill;  in profile_path_link()
400 	if (!(perms.allow & AA_MAY_LINK)) {  in profile_path_link()
402 		lperms = perms;  in profile_path_link()
407 	if (!(perms.allow & AA_LINK_SUBSET))  in profile_path_link()
414 		     &perms);  in profile_path_link()
418 	lperms.allow &= perms.allow | AA_MAY_LINK;  in profile_path_link()
420 	request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);  in profile_path_link()
424 		   !xindex_is_subset(lperms.xindex, perms.xindex)) {  in profile_path_link()
512 	struct aa_perms perms = {};  in __file_path_perm()  local
533 					  request, &cond, flags, &perms));  in __file_path_perm()
547 						  &perms));  in __file_path_perm()
552 						  &perms));  in __file_path_perm()