aa_check_perms

Name:aa_check_perms - do audit mode selection based on perms set*@profile: profile being checked*@perms: perms computed for the request*@request: requested perms*@deny: Returns: explicit deny set*@sa: initialized audit structure (MAY BE NULL if not

Proto:int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms, unsigned int request, struct common_audit_data *sa, void (*cb)(struct audit_buffer *, void *))

Type:int

Parameter:

Type	Parameter	Name
struct aa_profile *	profile
struct aa_perms *	perms
unsigned int	request
struct common_audit_data *	sa
void (*	cb

434

denied = request & ( ~allow | explicit deny, or conflict if allow also set )

436

If Value is more likely to compile time(!denied) Then

438

request &= set only when allow is set

439

If Not request || Not sa Then Return 0

442

type = AUDIT_APPARMOR_AUDIT

443

error = 0

444

Else

445

error = -EACCES

447

If denied & set only when ~allow | deny Then type = AUDIT_APPARMOR_KILL

449

Else if denied == (denied & accumulates only used when ~allow & ~deny ) Then type = AUDIT_APPARMOR_ALLOWED

451

Else type = AUDIT_APPARMOR_DENIED

454

If denied == (denied & set only when ~allow | deny ) Then error = -ENOENT

457

denied &= ~ set only when ~allow | deny

458

If Not sa || Not denied Then Return error

462

If sa Then

463

464

request = request

465

denied = denied

466

467

aa_audit_msg - Log a message to the audit subsystem*@sa: audit event structure (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)

470

If type == AUDIT_APPARMOR_ALLOWED Then error = 0

473

Return error

**Caller**
Name	Describe
profile_signal_perm
aa_profile_label_perm	rrently unused
aa_profile_af_perm	Generic af perm
profile_ptrace_perm	TODO: conditionals

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion