Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\file.c Create Date:2022-07-28 19:54:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:aa_compute_fperms - convert dfa compressed perms to internal perms*@dfa: dfa to compute perms for (NOT NULL)*@state: state in dfa*@cond: conditions to consider (NOT NULL)* TODO: convert from dfa + state to permission entry, do computation conversion

Proto:struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, struct path_cond *cond)

Type:struct aa_perms

Parameter:

TypeParameterName
struct aa_dfa *dfa
unsigned intstate
struct path_cond *cond
232  struct aa_perms perms = {}
234  If uid_eq(current_fsuid(), uid) Then
235  allow = map_old_perms - map old file perms layout to the new layout*@old: permission set in old mapping* Returns: new permission mapping
236  set only when allow is set = map_old_perms - map old file perms layout to the new layout*@old: permission set in old mapping* Returns: new permission mapping
237  set only when ~allow | deny = map_old_perms - map old file perms layout to the new layout*@old: permission set in old mapping* Returns: new permission mapping
238  Reserved: * u32 subtree; / * set only when allow is set * / = dfa_user_xindex(dfa, state)
239  Else
240  allow = map_old_perms - map old file perms layout to the new layout*@old: permission set in old mapping* Returns: new permission mapping
241  set only when allow is set = map_old_perms - map old file perms layout to the new layout*@old: permission set in old mapping* Returns: new permission mapping
242  set only when ~allow | deny = map_old_perms - map old file perms layout to the new layout*@old: permission set in old mapping* Returns: new permission mapping
243  Reserved: * u32 subtree; / * set only when allow is set * / = dfa_other_xindex(dfa, state)
245  allow |= meta read
248  If ACCEPT_TABLE(dfa)[state] & 0x80000000 Then allow |= AA_MAY_CHANGE_PROFILE
250  If ACCEPT_TABLE(dfa)[state] & 0x40000000 Then allow |= her stack or change_profile
253  Return perms
Caller
NameDescribe
label_compound_matchlabel_compound_match - find perms for full compound label*@profile: profile to find perms for*@label: label to check access permissions for*@stack: whether this is a stacking request*@start: state to start match in*@subns: whether to do permission checks
label_components_matchlabel_components_match - find perms for all subcomponents of a label*@profile: profile to find perms for*@label: label to check access permissions for*@stack: whether this is a stacking request*@start: state to start match in*@subns: whether to do
aa_str_permsaa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -