函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:32:05
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:aa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior

函数原型:int aa_change_profile(const char *fqname, int flags)

返回类型:int

参数:

类型参数名称
const char *fqname
intflags
1307  struct aa_label * label, * new = NULL, * target = NULL
1309  struct aa_perms perms = {}
1310  const char * info = NULL
1311  auditname等于fqname
1312  stack等于flags按位与AA_CHANGE_STACK
1313  ctx等于task_ctx(当前进程)
1314  error等于0
1318  label等于aa_get_current_label - get the newest version of the current tasks label* Returns: newest version of confining label (NOT NULL)* This fn will not update the tasks cred, so it is safe inside of locks* The returned reference must be put with aa_put_label()
1327  如果task_no_new_privs(当前进程)且非unconfined(label)且非nnpnnp等于aa_get_label(label)
1330  如果非fqname或非fqname
1331  AA_DEBUG("no profile name")
1332  返回:负EINVAL
1335  如果flags按位与AA_CHANGE_ONEXEC
1336  request等于her stack or change_profile
1337  如果stackop等于OP_STACK_ONEXEC
1339  否则op等于OP_CHANGE_ONEXEC
1341  否则
1342  request等于AA_MAY_CHANGE_PROFILE
1343  如果stackop等于OP_STACK
1345  否则op等于OP_CHANGE_PROFILE
1349  label等于aa_get_current_label - get the newest version of the current tasks label* Returns: newest version of confining label (NOT NULL)* This fn will not update the tasks cred, so it is safe inside of locks* The returned reference must be put with aa_put_label()
1351  如果fqname恒等于'&'则
1352  stack = true
1354  fqname自加
1356  target等于aa_label_parse(label, fqname, GFP_KERNEL, true, false)
1357  如果是错误
1360  info等于"label not found"
1361  error等于错误
1362  target = NULL
1367  如果flags按位与AA_CHANGE_TEST或非COMPLAIN_MODE(labels_profile(label))则转到:audit
1371  tprofile等于aa_new_null_profile - create or find a null-X learning profile*@parent: profile that caused this profile to be created (NOT NULL)*@hat: true if the null- learning profile is a hat*@base: name to base the null profile off of*@gfp: type of allocation
1373  如果非tprofile
1374  info等于"failed null profile create"
1375  error等于负ENOMEM
1376  转到:audit
1378  target等于label
1379  转到:check
1390  error等于fn_for_each_in_ns(label, profile, change_profile_perms_wrapper(op, auditname, profile, target, stack, request, & perms))
1394  如果error则转到:out
1400  check :
1402  error等于may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:
1403  如果error且非fn_for_each_in_ns(label, profile, COMPLAIN_MODE(profile))则转到:audit
1414  如果flags按位与AA_CHANGE_TEST则转到:out
1418  如果非stack
1419  new等于fn_label_build_in_ns(label, profile, GFP_KERNEL, aa_get_label(target), aa_get_label( & label))
1426  如果task_no_new_privs(当前进程)且非unconfined(label)且非aa_label_is_subset(new, nnp)则
1429  AA_DEBUG("no_new_privs - change_hat denied")
1430  error等于负EPERM
1431  转到:out
1435  如果非flags按位与AA_CHANGE_ONEXEC的值则
1437  如果stacknew等于aa_label_merge - attempt to insert new merged label of @a and @b*@ls: set of labels to insert label into (NOT NULL)*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)*@gfp: memory allocation type* Requires: caller to hold valid
1439  如果是错误或空
1440  info等于"failed to build target label"
1441  如果非newerror等于负ENOMEM
1443  否则error等于错误
1445  new = NULL
1446  allow等于0
1447  转到:audit
1449  error等于aa_replace_current_label - replace the current tasks label*@label: new label (NOT NULL)* Returns: 0 or error on failure
1450  否则
1451  如果new
1452  aa_put_label(new)
1453  new = NULL
1457  error等于aa_set_current_onexec - set the tasks change_profile to happen onexec*@label: system label to set at exec (MAYBE NULL to clear value)*@stack: whether stacking should be done* Returns: 0 or error on failure
1460  audit :
1461  error等于fn_for_each_in_ns(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )
1466  out :
1467  aa_put_label(new)
1468  aa_put_label(target)
1469  aa_put_label(label)
1471  返回:error
调用者
名称描述
apparmor_setprocattr