Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\file.c Create Date:2022-07-28 19:54:01
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:aa_file_perm - do permission revalidation check & audit for @file*@op: operation being checked*@label: label being enforced (NOT NULL)*@file: file to revalidate access permissions on (NOT NULL)*@request: requested permissions*@in_atomic: whether

Proto:int aa_file_perm(const char *op, struct aa_label *label, struct file *file, unsigned int request, bool in_atomic)

Type:int

Parameter:

TypeParameterName
const char *op
struct aa_label *label
struct file *file
unsigned intrequest
boolin_atomic
613  error = 0
615  AA_BUG(!label)
616  AA_BUG(!file)
618  fctx = file_ctx(file)
620  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
621  flabel = fetch RCU-protected pointer for dereferencing(label)
622  AA_BUG(!flabel)
631  denied = request & ~allow
632  If unconfined(label) || unconfined(flabel) || Not denied && aa_label_is_subset(flabel, label) Then
634  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
635  Go to done
638  flabel = aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l.
639  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
642  If mnt && path_mediated_fs(dentry) Then error = __file_path_perm(op, label, flabel, file, request, denied, in_atomic)
646  Else if S_ISSOCK(i_mode) Then error = __file_sock_perm(op, label, flabel, file, request, denied)
649  aa_put_label(flabel)
651  done :
652  Return error
Caller
NameDescribe
revalidate_tty
match_file
common_file_perm