profile_onexec

函数名称：profile_onexec

函数原型：static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec, bool stack, const struct linux_binprm *bprm, char *buffer, struct path_cond *cond, bool *secure_exec)

返回类型：int

参数：

类型	参数	名称
struct aa_profile *	profile
struct aa_label *	onexec
bool	stack
const struct linux_binprm *	bprm
char *	buffer
struct path_cond *	cond
bool *	secure_exec

737

state等于start

738

struct aa_perms perms = {}

739

xname等于NULL, info等于"change_profile onexec"

740

error等于负EACCES

742

AA_BUG(!profile)

743

AA_BUG(!onexec)

744

AA_BUG(!bprm)

745

AA_BUG(!buffer)

747

如果profile_unconfined(profile)则

754

返回:0

757

error等于aa_path_name - get the pathname to a buffer ensure dir / is appended*@path: path the file (NOT NULL)*@flags: flags controlling path name generation*@buffer: buffer to put name in (NOT NULL)*@name: Returns - the generated path name if !error (NOT

759

如果error则

760

如果profile_unconfined(profile)或flags按位与 fallback to ix on name lookup fail 则

762

AA_DEBUG("name lookup ix on error")

763

error等于0

765

xname等于Name of binary as seen by procps

766

转到:audit

770

state等于aa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -

771

如果非allow按位与her stack or change_profile 的值则

772

info等于"no change_onexec valid for executable"

773

转到:audit

779

state等于aa_dfa_null_transition - step to next state after null character*@dfa: the dfa to match against*@start: the state of the dfa to start matching in* aa_dfa_null_transition transitions to the next state after a null* character which is not used in standard

780

error等于hange_profile_perms - find permissions for change_profile*@profile: the current profile (NOT NULL)*@target: label to transition to (NOT NULL)*@stack: whether this is a stacking request*@request: requested perms*@start: state to start matching in* Returns:

782

如果error则

783

allow与等于her stack or change_profile 的反

784

转到:audit

787

如果非 Reserved: * u32 subtree; / * set only when allow is set * /按位与AA_X_UNSAFE的值则

788

如果DEBUG remains global (no per profile flag) since it is mostly used in sysctl* which is not related to profile accesses.则

789

dbg_printk("apparmor: scrubbing environment variables for %s label=", xname)

791

aa_label_printk(onexec, GFP_KERNEL)

792

dbg_printk("\n")

794

* secure_exec = true

797

audit :

798

返回:aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being

**调用者**
名称	描述
handle_onexec	sure none ns domain transitions are correctly applied with onexec

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码

函数逻辑报告