函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\file.c Create Date:2022-07-27 21:41:51
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being

函数原型:int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, const char *op, unsigned int request, const char *name, const char *target, struct aa_label *tlabel, kuid_t ouid, const char *info, int error)

返回类型:int

参数:

类型参数名称
struct aa_profile *profile
struct aa_perms *perms
const char *op
unsigned intrequest
const char *name
const char *target
struct aa_label *tlabel
kuid_touid
const char *info
interror
106  type等于AUDIT_APPARMOR_AUTO
107  TODO: cleanup audit init so we don't need _aad = {0,} (sa, LSM_AUDIT_DATA_TASK, op)
109  tsk = NULL
110  request等于request
111  name等于name
112  target等于target
113  peer等于tlabel
114  ouid等于ouid
115  info等于info
116  error等于error
117  tsk = NULL
119  如果此条件成立可能性大(为编译器优化)(!error)则
120  mask等于 set only when allow is set
122  如果此条件成立可能性小(为编译器优化)(AUDIT_MODE(profile) == AUDIT_ALL)则mask等于0xffff
126  request与等于mask
128  如果此条件成立可能性大(为编译器优化)(!request)则返回:0
130  type等于AUDIT_APPARMOR_AUDIT
131  否则
133  request等于request按位与allow的反
134  AA_BUG(!request)
136  如果request按位与 set only when ~allow | deny type等于AUDIT_APPARMOR_KILL
140  如果request按位与 set only when ~allow | deny AUDIT_MODE(profile)不等于 do not quiet audit messages AUDIT_MODE(profile)不等于AUDIT_ALLrequest与等于 set only when ~allow | deny 的反
145  如果非request则返回:error
149  denied等于request按位与allow的反
150  返回:aa_audit - Log a profile based audit event to the audit subsystem*@type: audit type for the message*@profile: profile to check against (NOT NULL)*@sa: audit event (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)* Handle default
调用者
名称描述
profile_onexec
handle_onexecsure none ns domain transitions are correctly applied with onexec
apparmor_bprm_set_credsapparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn
build_change_hathelper fn for change_hat* Returns: label for hat transition OR ERR_PTR. Does NOT return NULL
change_hathelper fn for changing into a hat* Returns: label for hat transition or ERR_PTR. Does not return NULL
aa_change_hataa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change
change_profile_perms_wrapper
aa_change_profileaa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior
path_name
__aa_path_perm
profile_path_link
profile_transition