调用者名称 | 描述 |
aa_get_task_label | aa_get_task_label - Get another task's label*@task: task to query (NOT NULL)* Returns: counted reference to @task's label |
aa_replace_current_label | aa_replace_current_label - replace the current tasks label*@label: new label (NOT NULL)* Returns: 0 or error on failure |
aa_set_current_hat | aa_set_current_hat - set the current tasks hat*@label: label to set as the current hat (NOT NULL)*@token: token value that must be specified to change from the hat* Do switch of tasks hat |
aa_restore_previous_label | aa_restore_previous_label - exit from hat context restoring previous label*@token: the token that must be matched to exit hat context* Attempt to return out of a hat to the previous label |
x_to_label | x_to_label - get target label for a given xindex*@profile: current profile (NOT NULL)*@bprm: binprm structure of transitioning task*@name: name to lookup (NOT NULL)*@xindex: index into x transition table*@lookupname: returns: name used in lookup if one |
profile_transition | |
handle_onexec | sure none ns domain transitions are correctly applied with onexec |
apparmor_bprm_set_creds | apparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn |
aa_change_hat | aa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change |
apparmor_cred_prepare | prepare new cred label for modification by prepare_cred block |
apparmor_cred_transfer | ransfer the apparmor data to a blank set of creds |
apparmor_getprocattr | |
aa_file_perm | aa_file_perm - do permission revalidation check & audit for @file*@op: operation being checked*@label: label being enforced (NOT NULL)*@file: file to revalidate access permissions on (NOT NULL)*@request: requested permissions*@in_atomic: whether |
aa_label_find_merge | aa_label_find_merge - find label that is equiv to merge of @a and @b*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)* Requires: labels be fully constructed with a valid ns* Returns: ref counted label that is equiv to merge of |
aa_label_merge | aa_label_merge - attempt to insert new merged label of @a and @b*@ls: set of labels to insert label into (NOT NULL)*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)*@gfp: memory allocation type* Requires: caller to hold valid |
build_pivotroot | helper fn for transition on pivotroot* Returns: label for transition or ERR_PTR. Does not return NULL |
aa_get_newest_profile | aa_get_newest_profile - simple wrapper fn to wrap the label version*@p: profile (NOT NULL)* Returns refcount to newest version of the profile (maybe @p)* Requires: @p must be held with a valid refcount |
aa_get_newest_cred_label | aa_get_newest_cred_label - obtain the newest label on a cred*@cred: cred to obtain label from (NOT NULL)* Returns: newest version of confining label |
aa_get_current_label | aa_get_current_label - get the newest version of the current tasks label* Returns: newest version of confining label (NOT NULL)* This fn will not update the tasks cred, so it is safe inside of locks* The returned reference must be put with aa_put_label() |
__begin_current_label_crit_section | __begin_current_label_crit_section - current's confining label* Returns: up to date confining label or the ns unconfined label (NOT NULL)* safe to call inside locks* The returned reference must be put with __end_current_label_crit_section()* This must NOT |
begin_current_label_crit_section | gin_current_label_crit_section - current's confining label and update it* Returns: up to date confining label or the ns unconfined label (NOT NULL)* Not safe to call inside locks* The returned reference must be put with end_current_label_crit_section()* |