函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:31:24
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:apparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn

函数原型:int apparmor_bprm_set_creds(struct linux_binprm *bprm)

返回类型:int

参数:

类型参数名称
struct linux_binprm *bprm
867  struct aa_label * label, * new = NULL
869  char * buffer = NULL
870  const char * info = NULL
871  error等于0
872  bool unsafe = false
873  struct path_cond cond = {i_uid, i_mode}
878  如果called_set_creds则返回:0
881  ctx等于task_ctx(当前进程)
882  AA_BUG(!cred_label(w credentials ))
883  AA_BUG(!ctx)
885  label等于aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l.
894  如果how unsafe this exec is (mask of LSM_UNSAFE_*) 按位与LSM_UNSAFE_NO_NEW_PRIVS且非unconfined(label)且非nnpnnp等于aa_get_label(label)
899  buffer等于aa_get_buffer(false)
900  如果非buffer
901  error等于负ENOMEM
902  转到:done
906  如果onexecnew等于sure none ns domain transitions are correctly applied with onexec
909  否则new等于_label_build - abstract out the build of a label transition*@L: label the transition is being computed for*@P: profile parameter derived from L by this macro, can be passed to FN*@GFP: memory allocation type to use(label, profile, GFP_KERNEL, profile_transition(profile, bprm, buffer, & cond, & unsafe))
914  AA_BUG(!new)
915  如果是错误
916  error等于错误
917  转到:done
918  否则如果非new
919  error等于负ENOMEM
920  转到:done
931  如果how unsafe this exec is (mask of LSM_UNSAFE_*) 按位与LSM_UNSAFE_NO_NEW_PRIVS且非unconfined(label)且非aa_label_is_subset(new, nnp)则
933  error等于负EPERM
934  info等于"no new privs"
935  转到:audit
938  如果how unsafe this exec is (mask of LSM_UNSAFE_*) 按位与prm->unsafe reasons 则如果how unsafe this exec is (mask of LSM_UNSAFE_*) 按位与LSM_UNSAFE_PTRACE
945  error等于may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:
946  如果error则转到:audit
950  如果unsafe
951  如果DEBUG remains global (no per profile flag) since it is mostly used in sysctl* which is not related to profile accesses.
952  dbg_printk("scrubbing environment variables for %s label=", Name of binary as seen by procps )
954  aa_label_printk(new, GFP_KERNEL)
955  dbg_printk("\n")
957  secureexec等于1
960  如果proxy不等于proxy
962  如果DEBUG remains global (no per profile flag) since it is mostly used in sysctl* which is not related to profile accesses.
963  dbg_printk("apparmor: clearing unsafe personality bits. %s label=", Name of binary as seen by procps )
965  aa_label_printk(new, GFP_KERNEL)
966  dbg_printk("\n")
968  s to clear in current->personality 或等于Security-relevant compatibility flags that must be* cleared upon setuid or setgid exec:
970  aa_put_label(cred_label(w credentials ))
972  set_cred_label(w credentials , new)
974  done :
975  aa_put_label(label)
976  aa_put_buffer(buffer)
978  返回:error
980  audit :
981  error等于fn_for_each(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )
986  aa_put_label(new)
987  转到:done