Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-28 19:51:34
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:

Proto:static int may_change_ptraced_domain(struct aa_label *to_label, const char **info)

Type:int

Parameter:

TypeParameterName
struct aa_label *to_label
const char **info
63  struct aa_label * tracerl = NULL
64  error = 0
66  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
67  tracer = ptrace_parent - return the task that is tracing the given task*@task: task to consider* Returns %NULL if no one is tracing @task, or the &struct task_struct* pointer to its tracer.* Must called under rcu_read_lock(). The pointer returned might be kept
68  If tracer Then tracerl = aa_get_task_label - Get another task's label*@task: task to query (NOT NULL)* Returns: counted reference to @task's label
73  If Not tracer || unconfined(tracerl) Then Go to out
76  error = aa_may_ptrace - test if tracer task can trace the tracee*@tracer: label of the task doing the tracing (NOT NULL)*@tracee: task label to be traced*@request: permission request* Returns: %0 else error code if permission denied or error
78  out :
79  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
80  aa_put_label(tracerl)
82  If error Then info = "ptrace prevents transition"
84  Return error
Caller
NameDescribe
apparmor_bprm_set_credsapparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn
aa_change_hataa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change
aa_change_profileaa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior