106 int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,  in aa_audit_file()  argument
124 		u32 mask = perms->audit;  in aa_audit_file()
137 		sa.aad->fs.request = sa.aad->fs.request & ~perms->allow;  in aa_audit_file()
139 		if (sa.aad->fs.request & perms->kill)  in aa_audit_file()
143 		if ((sa.aad->fs.request & perms->quiet) &&  in aa_audit_file()
146 			sa.aad->fs.request &= ~perms->quiet;  in aa_audit_file()
152 	sa.aad->fs.denied = sa.aad->fs.request & ~perms->allow;  in aa_audit_file()
197 	struct file_perms perms;  in compute_perms()  local
204 	perms.kill = 0;  in compute_perms()
207 		perms.allow = map_old_perms(dfa_user_allow(dfa, state));  in compute_perms()
208 		perms.audit = map_old_perms(dfa_user_audit(dfa, state));  in compute_perms()
209 		perms.quiet = map_old_perms(dfa_user_quiet(dfa, state));  in compute_perms()
210 		perms.xindex = dfa_user_xindex(dfa, state);  in compute_perms()
212 		perms.allow = map_old_perms(dfa_other_allow(dfa, state));  in compute_perms()
213 		perms.audit = map_old_perms(dfa_other_audit(dfa, state));  in compute_perms()
214 		perms.quiet = map_old_perms(dfa_other_quiet(dfa, state));  in compute_perms()
215 		perms.xindex = dfa_other_xindex(dfa, state);  in compute_perms()
217 	perms.allow |= AA_MAY_META_READ;  in compute_perms()
221 		perms.allow |= AA_MAY_CHANGE_PROFILE;  in compute_perms()
223 		perms.allow |= AA_MAY_ONEXEC;  in compute_perms()
225 	return perms;  in compute_perms()
240 			  struct file_perms *perms)  in aa_str_perms()  argument
244 		*perms = nullperms;  in aa_str_perms()
249 	*perms = compute_perms(dfa, state, cond);  in aa_str_perms()
282 	struct file_perms perms = {};  in aa_path_perm()  local
295 			perms.allow = request;  in aa_path_perm()
299 			     &perms);  in aa_path_perm()
300 		if (request & ~perms.allow)  in aa_path_perm()
303 	error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request, name,  in aa_path_perm()
359 	struct file_perms lperms, perms;  in aa_path_link()  local
388 	aa_str_perms(profile->file.dfa, state, tname, &cond, &perms);  in aa_path_link()
393 	lperms.audit = perms.audit;  in aa_path_link()
394 	lperms.quiet = perms.quiet;  in aa_path_link()
395 	lperms.kill = perms.kill;  in aa_path_link()
397 	if (!(perms.allow & AA_MAY_LINK)) {  in aa_path_link()
403 	if (!(perms.allow & AA_LINK_SUBSET))  in aa_path_link()
410 		     &perms);  in aa_path_link()
414 	lperms.allow &= perms.allow | AA_MAY_LINK;  in aa_path_link()
416 	request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);  in aa_path_link()
420 		   !xindex_is_subset(lperms.xindex, perms.xindex)) {  in aa_path_link()