函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:30:20
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:label_compound_match - find perms for full compound label*@profile: profile to find perms for*@label: label to check access permissions for*@stack: whether this is a stacking request*@start: state to start match in*@subns: whether to do permission checks

函数原型:static int label_compound_match(struct aa_profile *profile, struct aa_label *label, bool stack, unsigned int state, bool subns, unsigned int request, struct aa_perms *perms)

返回类型:int

参数:

类型参数名称
struct aa_profile *profile
struct aa_label *label
boolstack
unsigned intstate
boolsubns
unsigned intrequest
struct aa_perms *perms
139  struct path_cond cond = {}
143  如果非aa_ns_visible(ns, ns, subns)则继续下一循环
145  state等于match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
146  如果非state则转到:fail
148  转到:next
152  perms等于allperms
153  返回:0
155  :
157  如果非aa_ns_visible(ns, ns, subns)则继续下一循环
159  state等于aa_dfa_match - traverse @dfa to find state @str stops at*@dfa: the dfa to match @str against (NOT NULL)*@start: the state of the dfa to start matching in*@str: the null terminated string of bytes to match against the dfa (NOT NULL)* aa_dfa_match will
160  state等于match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
161  如果非state则转到:fail
164  perms等于aa_compute_fperms(dfa, state, & cond)
165  aa_apply_modes_to_perms - apply namespace and profile flags to perms*@profile: that perms where computed from*@perms: perms to apply mode modifiers to* TODO: split into profile and ns based flags for when accumulating perms
166  如果allow按位与request的值不等于request则返回:负EACCES
169  返回:0
171  fail :
172  perms等于nullperms
173  返回:负EACCES
调用者
名称描述
label_matchlabel_match - do a multi-component label match*@profile: profile to match against (NOT NULL)*@label: label to match (NOT NULL)*@stack: whether this is a stacking request*@state: state to start in*@subns: whether to match subns components*@request: