aa_change_profile

Name:aa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior

Proto:int aa_change_profile(const char *fqname, int flags)

Type:int

Parameter:

Type	Parameter	Name
const char *	fqname
int	flags

1307

struct aa_label * label, * new = NULL, * target = NULL

1309

struct aa_perms perms = {}

1310

const char * info = NULL

1311

auditname = fqname

1312

stack = flags & AA_CHANGE_STACK

1313

ctx = task_ctx(current process)

1314

error = 0

1318

label = aa_get_current_label - get the newest version of the current tasks label* Returns: newest version of confining label (NOT NULL)* This fn will not update the tasks cred, so it is safe inside of locks* The returned reference must be put with aa_put_label()

1327

If task_no_new_privs(current process) && Not unconfined(label) && Not nnp Then nnp = aa_get_label(label)

1330

If Not fqname || Not fqname Then

1331

AA_DEBUG("no profile name")

1332

Return -EINVAL

1335

If flags & AA_CHANGE_ONEXEC Then

1336

request = her stack or change_profile

1337

If stack Then op = OP_STACK_ONEXEC

1339

Else op = OP_CHANGE_ONEXEC

1341

Else

1342

request = AA_MAY_CHANGE_PROFILE

1343

If stack Then op = OP_STACK

1345

Else op = OP_CHANGE_PROFILE

1349

1351

If fqname == '&' Then

1352

stack = true

1354

fqname++

1356

target = aa_label_parse(label, fqname, GFP_KERNEL, true, false)

1357

If IS_ERR(target) Then

1360

info = "label not found"

1361

error = PTR_ERR(target)

1362

target = NULL

1367

If flags & AA_CHANGE_TEST || Not COMPLAIN_MODE(labels_profile(label)) Then Go to audit

1371

tprofile = aa_new_null_profile - create or find a null-X learning profile*@parent: profile that caused this profile to be created (NOT NULL)*@hat: true if the null- learning profile is a hat*@base: name to base the null profile off of*@gfp: type of allocation

1373

If Not tprofile Then

1374

info = "failed null profile create"

1375

error = -ENOMEM

1376

Go to audit

1378

target = label

1379

Go to check

1390

error = fn_for_each_in_ns(label, profile, change_profile_perms_wrapper(op, auditname, profile, target, stack, request, & perms))

1394

If error Then Go to out

1400

check :

1402

error = may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:

1403

If error && Not fn_for_each_in_ns(label, profile, COMPLAIN_MODE(profile)) Then Go to audit

1414

If flags & AA_CHANGE_TEST Then Go to out

1418

If Not stack Then

1419

new = fn_label_build_in_ns(label, profile, GFP_KERNEL, aa_get_label(target), aa_get_label( & label))

1426

If task_no_new_privs(current process) && Not unconfined(label) && Not aa_label_is_subset(new, nnp) Then

1429

AA_DEBUG("no_new_privs - change_hat denied")

1430

error = -EPERM

1431

Go to out

1435

If Not (flags & AA_CHANGE_ONEXEC) Then

1437

If stack Then new = aa_label_merge - attempt to insert new merged label of @a and @b*@ls: set of labels to insert label into (NOT NULL)*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)*@gfp: memory allocation type* Requires: caller to hold valid

1439

If IS_ERR_OR_NULL(new) Then

1440

info = "failed to build target label"

1441

If Not new Then error = -ENOMEM

1443

Else error = PTR_ERR(new)

1445

new = NULL

1446

allow = 0

1447

Go to audit

1449

error = aa_replace_current_label - replace the current tasks label*@label: new label (NOT NULL)* Returns: 0 or error on failure

1450

Else

1451

If new Then

1452

aa_put_label(new)

1453

new = NULL

1457

error = aa_set_current_onexec - set the tasks change_profile to happen onexec*@label: system label to set at exec (MAYBE NULL to clear value)*@stack: whether stacking should be done* Returns: 0 or error on failure

1460

audit :

1461

error = fn_for_each_in_ns(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )

1466

out :

1467

aa_put_label(new)

1468

aa_put_label(target)

1469

aa_put_label(label)

1471

Return error

**Caller**
Name	Describe
apparmor_setprocattr

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report