Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\file.c Create Date:2022-07-28 19:54:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:profile_path_link

Proto:static int profile_path_link(struct aa_profile *profile, const struct path *link, char *buffer, const struct path *target, char *buffer2, struct path_cond *cond)

Type:int

Parameter:

TypeParameterName
struct aa_profile *profile
const struct path *link
char *buffer
const struct path *target
char *buffer2
struct path_cond *cond
372  const char * lname, * tname = NULL
373  struct aa_perms lperms = {}, perms
374  const char * info = NULL
375  request = pair
379  error = path_name(OP_LINK, & label, link, path_flags, buffer, & lname, cond, pair )
381  If error Then Go to audit
385  error = path_name(OP_LINK, & label, target, path_flags, buffer2, & tname, cond, pair )
387  If error Then Go to audit
390  error = -EACCES
392  state = aa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -
395  If Not (allow & pair ) Then Go to audit
399  state = aa_dfa_null_transition - step to next state after null character*@dfa: the dfa to match against*@start: the state of the dfa to start matching in* aa_dfa_null_transition transitions to the next state after a null* character which is not used in standard
400  aa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -
405  set only when allow is set = set only when allow is set
406  set only when ~allow | deny = set only when ~allow | deny
407  set only when ~allow | deny = set only when ~allow | deny
409  If Not (allow & pair ) Then
410  info = "target restricted"
411  lperms = perms
412  Go to audit
416  If Not (allow & verlaid ) Then Go to done_tests
422  aa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -
426  request = allow & ~pair
427  allow &= allow | pair
429  request |= AA_AUDIT_FILE_MASK & allow & ~allow
430  If request & ~allow Then
431  Go to audit
432  Else if allow & MAY_EXEC && Not xindex_is_subset - helper for aa_path_link*@link: link permission set*@target: target permission set* test target x permissions are equal OR a subset of link x permissions* this is done as part of the subset test, where a hardlink must have Then
434  allow &= ~MAY_EXEC
435  request |= MAY_EXEC
436  info = "link not subset of target"
437  Go to audit
440  done_tests :
441  error = 0
443  audit :
444  Return aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being
Caller
NameDescribe
aa_path_linkaa_path_link - Handle hard link permission check*@label: the label being enforced (NOT NULL)*@old_dentry: the target dentry (NOT NULL)*@new_dir: directory the new link will be created in (NOT NULL)*@new_dentry: the link being created (NOT NULL)