Lines Matching full:rules
10 * AppArmor policy is based around profiles, which contain the rules a
13 * visible set of profiles or by following a profiles attachment rules.
206 static void free_ruleset(struct aa_ruleset *rules) in free_ruleset() argument
210 aa_destroy_policydb(&rules->file); in free_ruleset()
211 aa_destroy_policydb(&rules->policy); in free_ruleset()
212 aa_free_cap_rules(&rules->caps); in free_ruleset()
213 aa_free_rlimit_rules(&rules->rlimits); in free_ruleset()
215 for (i = 0; i < rules->secmark_count; i++) in free_ruleset()
216 kfree_sensitive(rules->secmark[i].label); in free_ruleset()
217 kfree_sensitive(rules->secmark); in free_ruleset()
218 kfree_sensitive(rules); in free_ruleset()
223 struct aa_ruleset *rules; in aa_alloc_ruleset() local
225 rules = kzalloc(sizeof(*rules), gfp); in aa_alloc_ruleset()
226 if (rules) in aa_alloc_ruleset()
227 INIT_LIST_HEAD(&rules->list); in aa_alloc_ruleset()
229 return rules; in aa_alloc_ruleset()
263 * to rules in aa_free_profile()
265 list_for_each_entry_safe(rule, tmp, &profile->rules, list) { in aa_free_profile()
296 struct aa_ruleset *rules; in aa_alloc_profile() local
308 INIT_LIST_HEAD(&profile->rules); in aa_alloc_profile()
311 rules = aa_alloc_ruleset(gfp); in aa_alloc_profile()
312 if (!rules) in aa_alloc_profile()
314 list_add(&rules->list, &profile->rules); in aa_alloc_profile()
582 struct aa_ruleset *rules; in aa_alloc_null() local
590 rules = list_first_entry(&profile->rules, typeof(*rules), list); in aa_alloc_null()
591 rules->file.dfa = aa_get_dfa(nulldfa); in aa_alloc_null()
592 rules->file.perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL); in aa_alloc_null()
593 if (!rules->file.perms) in aa_alloc_null()
595 rules->file.size = 2; in aa_alloc_null()
596 rules->policy.dfa = aa_get_dfa(nulldfa); in aa_alloc_null()
597 rules->policy.perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL); in aa_alloc_null()
598 if (!rules->policy.perms) in aa_alloc_null()
600 rules->policy.size = 2; in aa_alloc_null()