52  * @new: profile if it has been allocated (MAYBE NULL)
53  * @ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)
54  * @name: name of the profile being manipulated (MAYBE NULL)
65 	struct aa_profile *profile = labels_profile(aa_current_raw_label());  in audit_iface()  local
77 	return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb);  in audit_iface()
452  * unpack_trans_table - unpack a profile transition table
534 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile)  in unpack_xattrs()  argument
544 		profile->attach.xattr_count = size;  in unpack_xattrs()
545 		profile->attach.xattrs = kcalloc(size, sizeof(char *), GFP_KERNEL);  in unpack_xattrs()
546 		if (!profile->attach.xattrs)  in unpack_xattrs()
549 			if (!aa_unpack_strdup(e, &profile->attach.xattrs[i], NULL))  in unpack_xattrs()
766 		*info = "failed to unpack profile transition table";  in unpack_pdb()
796  * unpack_profile - unpack a serialized profile
800  * NOTE: unpack profile sets audit struct if there is a failure
805 	struct aa_profile *profile = NULL;  in unpack_profile()  local
807 	const char *info = "failed to unpack profile";  in unpack_profile()
819 	if (!aa_unpack_nameX(e, AA_STRUCT, "profile"))  in unpack_profile()
837 	profile = aa_alloc_profile(name, NULL, GFP_KERNEL);  in unpack_profile()
838 	if (!profile) {  in unpack_profile()
843 	rules = list_first_entry(&profile->rules, typeof(*rules), list);  in unpack_profile()
845 	/* profile renaming is optional */  in unpack_profile()
846 	(void) aa_unpack_str(e, &profile->rename, "rename");  in unpack_profile()
849 	(void) aa_unpack_str(e, &profile->attach.xmatch_str, "attach");  in unpack_profile()
852 	error = unpack_pdb(e, &profile->attach.xmatch, false, false, &info);  in unpack_profile()
859 	if (profile->attach.xmatch.dfa) {  in unpack_profile()
864 		profile->attach.xmatch_len = tmp;  in unpack_profile()
865 		profile->attach.xmatch.start[AA_CLASS_XMATCH] = DFA_START;  in unpack_profile()
866 		if (!profile->attach.xmatch.perms) {  in unpack_profile()
867 			error = aa_compat_map_xmatch(&profile->attach.xmatch);  in unpack_profile()
876 	(void) aa_unpack_str(e, &profile->disconnected, "disconnected");  in unpack_profile()
878 	/* per profile debug flags (complain, audit) */  in unpack_profile()
880 		info = "profile missing flags";  in unpack_profile()
883 	info = "failed to unpack profile flags";  in unpack_profile()
887 		profile->label.flags |= FLAG_HAT;  in unpack_profile()
889 		profile->label.flags |= FLAG_DEBUG1;  in unpack_profile()
891 		profile->label.flags |= FLAG_DEBUG2;  in unpack_profile()
895 		profile->mode = APPARMOR_COMPLAIN;  in unpack_profile()
897 		profile->mode = APPARMOR_ENFORCE;  in unpack_profile()
899 		profile->mode = APPARMOR_KILL;  in unpack_profile()
901 		profile->mode = APPARMOR_UNCONFINED;  in unpack_profile()
902 		profile->label.flags |= FLAG_UNCONFINED;  in unpack_profile()
904 		profile->mode = APPARMOR_USER;  in unpack_profile()
911 		profile->audit = AUDIT_ALL;  in unpack_profile()
917 	if (aa_unpack_u32(e, &profile->path_flags, "path_flags"))  in unpack_profile()
918 		profile->path_flags |= profile->label.flags &  in unpack_profile()
922 		profile->path_flags = PATH_MEDIATE_DELETED;  in unpack_profile()
924 	info = "failed to unpack profile capabilities";  in unpack_profile()
934 	info = "failed to unpack upper profile capabilities";  in unpack_profile()
949 	info = "failed to unpack extended profile capabilities";  in unpack_profile()
960 	if (!unpack_xattrs(e, profile)) {  in unpack_profile()
961 		info = "failed to unpack profile xattrs";  in unpack_profile()
966 		info = "failed to unpack profile rlimits";  in unpack_profile()
971 		info = "failed to unpack profile secmark rules";  in unpack_profile()
1042 		profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL);  in unpack_profile()
1043 		if (!profile->data) {  in unpack_profile()
1054 		if (rhashtable_init(profile->data, &params)) {  in unpack_profile()
1077 			if (rhashtable_insert_fast(profile->data, &data->head,  in unpack_profile()
1078 						   profile->data->p)) {  in unpack_profile()
1093 		info = "failed to unpack end of profile";  in unpack_profile()
1097 	return profile;  in unpack_profile()
1107 	if (profile)  in unpack_profile()
1111 	audit_iface(profile, NULL, name, info, e, error);  in unpack_profile()
1112 	aa_free_profile(profile);  in unpack_profile()
1134 			audit_iface(NULL, NULL, NULL, "invalid profile format",  in verify_header()
1230  * verify_profile - Do post unpack analysis to verify profile consistency
1231  * @profile: profile to verify (NOT NULL)
1237 static int verify_profile(struct aa_profile *profile)  in verify_profile()  argument
1239 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in verify_profile()
1248 		audit_iface(profile, NULL, NULL,  in verify_profile()
1254 		audit_iface(profile, NULL, NULL,  in verify_profile()
1259 		audit_iface(profile, NULL, NULL,  in verify_profile()
1263 	if (!verify_perms(&profile->attach.xmatch)) {  in verify_profile()
1264 		audit_iface(profile, NULL, NULL,  in verify_profile()
1389  * aa_unpack - unpack packed binary profile(s) data loaded from user space
1392  * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
1394  * Unpack user data and return refcounted allocated profile(s) stored in
1398  * Returns: profile(s) on @lh else error pointer if fails to unpack
1404 	struct aa_profile *profile = NULL;  in aa_unpack()  local
1421 		profile = unpack_profile(&e, &ns_name);  in aa_unpack()
1422 		if (IS_ERR(profile)) {  in aa_unpack()
1423 			error = PTR_ERR(profile);  in aa_unpack()
1427 		error = verify_profile(profile);  in aa_unpack()
1432 			error = aa_calc_profile_hash(profile, e.version, start,  in aa_unpack()
1443 		ent->new = profile;  in aa_unpack()
1467 	aa_put_profile(profile);  in aa_unpack()