Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-28 19:51:35
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:label_components_match - find perms for all subcomponents of a label*@profile: profile to find perms for*@label: label to check access permissions for*@stack: whether this is a stacking request*@start: state to start match in*@subns: whether to do

Proto:static int label_components_match(struct aa_profile *profile, struct aa_label *label, bool stack, unsigned int start, bool subns, unsigned int request, struct aa_perms *perms)

Type:int

Parameter:

TypeParameterName
struct aa_profile *profile
struct aa_label *label
boolstack
unsigned intstart
boolsubns
unsigned intrequest
struct aa_perms *perms
200  struct path_cond cond = {}
201  state = 0
205  If Not aa_ns_visible(ns, ns, subns) Then Continue
207  state = match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
208  If Not state Then Go to fail
210  Go to next
214  Return 0
216  :
217  tmp = aa_compute_fperms(dfa, state, & cond)
218  aa_apply_modes_to_perms - apply namespace and profile flags to perms*@profile: that perms where computed from*@perms: perms to apply mode modifiers to* TODO: split into profile and ns based flags for when accumulating perms
219  aa_perms_accum - accumulate perms, masking off overlapping perms*@accum - perms struct to accumulate into*@addend - perms struct to add to @accum
221  If Not aa_ns_visible(ns, ns, subns) Then Continue
223  state = match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
224  If Not state Then Go to fail
226  tmp = aa_compute_fperms(dfa, state, & cond)
227  aa_apply_modes_to_perms - apply namespace and profile flags to perms*@profile: that perms where computed from*@perms: perms to apply mode modifiers to* TODO: split into profile and ns based flags for when accumulating perms
228  aa_perms_accum - accumulate perms, masking off overlapping perms*@accum - perms struct to accumulate into*@addend - perms struct to add to @accum
231  If (allow & request) != request Then Return -EACCES
234  Return 0
236  fail :
237  perms = nullperms
238  Return -EACCES
Caller
NameDescribe
label_matchlabel_match - do a multi-component label match*@profile: profile to match against (NOT NULL)*@label: label to match (NOT NULL)*@stack: whether this is a stacking request*@state: state to start in*@subns: whether to match subns components*@request: