函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:31:49
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:aa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change

函数原型:int aa_change_hat(const char *hats[], int count, u64 token, int flags)

返回类型:int

参数:

类型参数名称
const char *hats
intcount
u64token
intflags
1163  ctx等于task_ctx(当前进程)
1164  struct aa_label * label, * previous, * new = NULL, * target = NULL
1166  struct aa_perms perms = {}
1167  const char * info = NULL
1168  error等于0
1171  cred等于get_current_cred - Get the current task's subjective credentials* Get the subjective credentials of the current task, pinning them so that* they can't go away. Accessing the current task's credentials directly is* not permitted.()
1172  label等于aa_get_newest_cred_label - obtain the newest label on a cred*@cred: cred to obtain label from (NOT NULL)* Returns: newest version of confining label
1173  previous等于aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l.
1182  如果task_no_new_privs(当前进程)且非unconfined(label)且非nnpnnp等于aa_get_label(label)
1185  如果unconfined(label)则
1186  info等于"unconfined can not change_hat"
1187  error等于负EPERM
1188  转到:fail
1191  如果count
1192  new等于helper fn for changing into a hat* Returns: label for hat transition or ERR_PTR. Does not return NULL
1193  AA_BUG(!new)
1194  如果是错误
1195  error等于错误
1196  new = NULL
1198  转到:out
1201  error等于may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:
1202  如果error则转到:fail
1209  如果task_no_new_privs(当前进程)且非unconfined(label)且非aa_label_is_subset(new, nnp)则
1212  AA_DEBUG("no_new_privs - change_hat denied")
1213  error等于负EPERM
1214  转到:out
1217  如果flags按位与AA_CHANGE_TEST则转到:out
1220  target等于new
1221  error等于aa_set_current_hat - set the current tasks hat*@label: label to set as the current hat (NOT NULL)*@token: token value that must be specified to change from the hat* Do switch of tasks hat
1222  如果error恒等于负EACCES则转到:kill
1225  否则如果previous且非flags按位与AA_CHANGE_TEST的值则
1230  如果task_no_new_privs(当前进程)且非unconfined(label)且非aa_label_is_subset(previous, nnp)则
1233  AA_DEBUG("no_new_privs - change_hat denied")
1234  error等于负EPERM
1235  转到:out
1241  target等于previous
1242  error等于aa_restore_previous_label - exit from hat context restoring previous label*@token: the token that must be matched to exit hat context* Attempt to return out of a hat to the previous label
1243  如果error
1244  如果error恒等于负EACCES则转到:kill
1246  转到:fail
1250  out :
1251  aa_put_label(new)
1252  aa_put_label(previous)
1253  aa_put_label(label)
1254  put_cred - Release a reference to a set of credentials*@cred: The credentials to release* Release a reference to a set of credentials, deleting them when the last ref* is released
1256  返回:error
1258  kill :
1259  info等于"failed token match"
1260  set only when ~allow | deny 等于AA_MAY_CHANGEHAT
1262  fail :
1263  fn_for_each_in_ns(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )
1268  转到:out
调用者
名称描述
aa_setprocattr_changehataa_setprocattr_chagnehat - handle procattr interface to change_hat*@args: args received from writing to /proc//attr/current (NOT NULL)*@size: size of the args*@flags: set of flags governing behavior* Returns: %0 or error code if change_hat fails