aa_change

Name:aa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change

Proto:int aa_change_hat(const char *hats[], int count, u64 token, int flags)

Type:int

Parameter:

Type	Parameter	Name
const char *	hats
int	count
u64	token
int	flags

1163

ctx = task_ctx(current process)

1164

struct aa_label * label, * previous, * new = NULL, * target = NULL

1166

struct aa_perms perms = {}

1167

const char * info = NULL

1168

error = 0

1171

cred = get_current_cred - Get the current task's subjective credentials* Get the subjective credentials of the current task, pinning them so that* they can't go away. Accessing the current task's credentials directly is* not permitted.()

1172

label = aa_get_newest_cred_label - obtain the newest label on a cred*@cred: cred to obtain label from (NOT NULL)* Returns: newest version of confining label

1173

previous = aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l.

1182

If task_no_new_privs(current process) && Not unconfined(label) && Not nnp Then nnp = aa_get_label(label)

1185

If unconfined(label) Then

1186

info = "unconfined can not change_hat"

1187

error = -EPERM

1188

Go to fail

1191

If count Then

1192

new = helper fn for changing into a hat* Returns: label for hat transition or ERR_PTR. Does not return NULL

1193

AA_BUG(!new)

1194

If IS_ERR(new) Then

1195

error = PTR_ERR(new)

1196

new = NULL

1198

Go to out

1201

error = may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:

1202

If error Then Go to fail

1209

If task_no_new_privs(current process) && Not unconfined(label) && Not aa_label_is_subset(new, nnp) Then

1212

AA_DEBUG("no_new_privs - change_hat denied")

1213

error = -EPERM

1214

Go to out

1217

If flags & AA_CHANGE_TEST Then Go to out

1220

target = new

1221

error = aa_set_current_hat - set the current tasks hat*@label: label to set as the current hat (NOT NULL)*@token: token value that must be specified to change from the hat* Do switch of tasks hat

1222

If error == -EACCES Then Go to kill

1225

Else if previous && Not (flags & AA_CHANGE_TEST) Then

1230

If task_no_new_privs(current process) && Not unconfined(label) && Not aa_label_is_subset(previous, nnp) Then

1233

AA_DEBUG("no_new_privs - change_hat denied")

1234

error = -EPERM

1235

Go to out

1241

target = previous

1242

error = aa_restore_previous_label - exit from hat context restoring previous label*@token: the token that must be matched to exit hat context* Attempt to return out of a hat to the previous label

1243

If error Then

1244

If error == -EACCES Then Go to kill

1246

Go to fail

1250

out :

1251

aa_put_label(new)

1252

aa_put_label(previous)

1253

aa_put_label(label)

1254

put_cred - Release a reference to a set of credentials*@cred: The credentials to release* Release a reference to a set of credentials, deleting them when the last ref* is released

1256

Return error

1258

kill :

1259

info = "failed token match"

1260

set only when ~allow | deny = AA_MAY_CHANGEHAT

1262

fail :

1263

fn_for_each_in_ns(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )

1268

Go to out

**Caller**
Name	Describe
aa_setprocattr_changehat	aa_setprocattr_chagnehat - handle procattr interface to change_hat@args: args received from writing to /proc//attr/current (NOT NULL)@size: size of the args@flags: set of flags governing behavior Returns: %0 or error code if change_hat fails

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report