Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\file.c Create Date:2022-07-28 19:54:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being

Proto:int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, const char *op, unsigned int request, const char *name, const char *target, struct aa_label *tlabel, kuid_t ouid, const char *info, int error)

Type:int

Parameter:

TypeParameterName
struct aa_profile *profile
struct aa_perms *perms
const char *op
unsigned intrequest
const char *name
const char *target
struct aa_label *tlabel
kuid_touid
const char *info
interror
106  type = AUDIT_APPARMOR_AUTO
107  TODO: cleanup audit init so we don't need _aad = {0,} (sa, LSM_AUDIT_DATA_TASK, op)
109  tsk = NULL
110  request = request
111  name = name
112  target = target
113  peer = tlabel
114  ouid = ouid
115  info = info
116  error = error
117  tsk = NULL
119  If Value is more likely to compile time(!error) Then
120  mask = set only when allow is set
122  If Value for the false possibility is greater at compile time(AUDIT_MODE(profile) == AUDIT_ALL) Then mask = 0xffff
126  request &= mask
128  If Value is more likely to compile time(!request) Then Return 0
130  type = AUDIT_APPARMOR_AUDIT
131  Else
133  request = request & ~allow
134  AA_BUG(!request)
136  If request & set only when ~allow | deny Then type = AUDIT_APPARMOR_KILL
140  If request & set only when ~allow | deny && AUDIT_MODE(profile) != do not quiet audit messages && AUDIT_MODE(profile) != AUDIT_ALL Then request &= ~ set only when ~allow | deny
145  If Not request Then Return error
149  denied = request & ~allow
150  Return aa_audit - Log a profile based audit event to the audit subsystem*@type: audit type for the message*@profile: profile to check against (NOT NULL)*@sa: audit event (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)* Handle default
Caller
NameDescribe
profile_onexec
handle_onexecsure none ns domain transitions are correctly applied with onexec
apparmor_bprm_set_credsapparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn
build_change_hathelper fn for change_hat* Returns: label for hat transition OR ERR_PTR. Does NOT return NULL
change_hathelper fn for changing into a hat* Returns: label for hat transition or ERR_PTR. Does not return NULL
aa_change_hataa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change
change_profile_perms_wrapper
aa_change_profileaa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior
path_name
__aa_path_perm
profile_path_link
profile_transition