函数逻辑报告 |
Source Code:security\apparmor\include\label.h |
Create Date:2022-07-27 21:19:06 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| 首页 | 函数Tree |
| 注解内核,赢得工具 | 下载SCCT | English |
函数名称:aa_put_label
函数原型:static inline void aa_put_label(struct aa_label *l)
返回类型:void
参数:
| 类型 | 参数 | 名称 |
|---|---|---|
| struct aa_label * | l |
| 名称 | 描述 |
|---|---|
| query_data | query_data - queries a policy and writes its data to buf*@buf: the resulting data is stored here (NOT NULL)*@buf_len: size of buf*@query: query string used to retrieve data*@query_len: size of query including second NUL byte |
| query_label | query_label - queries a label and writes permissions to buf*@buf: the resulting permissions string is stored here (NOT NULL)*@buf_len: size of buf*@query: binary query string to match against the dfa*@query_len: size of query*@view_only: only compute for |
| seq_profile_name_show | |
| seq_profile_mode_show | |
| seq_profile_attach_show | |
| seq_profile_hash_show | |
| rawdata_get_link_base | |
| aa_audit_rule_free | |
| aa_replace_current_label | aa_replace_current_label - replace the current tasks label*@label: new label (NOT NULL)* Returns: 0 or error on failure |
| aa_set_current_onexec | aa_set_current_onexec - set the tasks change_profile to happen onexec*@label: system label to set at exec (MAYBE NULL to clear value)*@stack: whether stacking should be done* Returns: 0 or error on failure |
| aa_set_current_hat | aa_set_current_hat - set the current tasks hat*@label: label to set as the current hat (NOT NULL)*@token: token value that must be specified to change from the hat* Do switch of tasks hat |
| aa_restore_previous_label | aa_restore_previous_label - exit from hat context restoring previous label*@token: the token that must be matched to exit hat context* Attempt to return out of a hat to the previous label |
| may_change_ptraced_domain | may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns: |
| x_to_label | x_to_label - get target label for a given xindex*@profile: current profile (NOT NULL)*@bprm: binprm structure of transitioning task*@name: name to lookup (NOT NULL)*@xindex: index into x transition table*@lookupname: returns: name used in lookup if one |
| profile_transition | |
| apparmor_bprm_set_creds | apparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn |
| aa_change_hat | aa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change |
| aa_change_profile | aa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior |
| __add_profile | __add_profile - add a profiles to list and label tree*@list: list to add it to (NOT NULL)*@profile: the profile to add (NOT NULL)* refcount @profile, should be put by __list_remove_profile* Requires: namespace lock be held, or list not be shared |
| apparmor_cred_free | put the associated labels |
| apparmor_ptrace_access_check | |
| apparmor_ptrace_traceme | |
| apparmor_capget | Derived from security/commoncap.c:cap_capget |
| apparmor_capable | |
| apparmor_file_open | |
| apparmor_file_free_security | |
| apparmor_sb_pivotroot | |
| apparmor_getprocattr | |
| apparmor_task_getsecid | |
| apparmor_task_kill | |
| apparmor_sk_free_security | apparmor_sk_free_security - free the sk_security field |
| apparmor_socket_post_create | apparmor_socket_post_create - setup the per-socket security struct* Note:* - kernel sockets currently labeled unconfined but we may want to* move to a special kernel label* - socket may not have sk here if created with sock_create_lite or* sock_alloc |
| aa_task_setrlimit | aa_task_setrlimit - test permission to set an rlimit*@label - label confining the task (NOT NULL)*@task - task the resource is being set on*@resource - the resource being set*@new_rlim - the new resource limit (NOT NULL) |
| update_file_ctx | |
| aa_file_perm | aa_file_perm - do permission revalidation check & audit for @file*@op: operation being checked*@label: label being enforced (NOT NULL)*@file: file to revalidate access permissions on (NOT NULL)*@request: requested permissions*@in_atomic: whether |
| aa_inherit_files | ased on selinux's flush_unauthorized_files |
| free_proxy | |
| __aa_proxy_redirect | quires profile list write lock held |
| label_free_or_put_new | |
| aa_label_replace | aa_label_replace - replace a label @old with a new version @new*@old: label to replace*@new: label replacing @old* Returns: true if @old was in tree and replaced* else @old was not in tree, and @new was not inserted |
| aa_label_find_merge | aa_label_find_merge - find label that is equiv to merge of @a and @b*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)* Requires: labels be fully constructed with a valid ns* Returns: ref counted label that is equiv to merge of |
| aa_label_merge | aa_label_merge - attempt to insert new merged label of @a and @b*@ls: set of labels to insert label into (NOT NULL)*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)*@gfp: memory allocation type* Requires: caller to hold valid |
| __labelset_update | __labelset_update - update labels in @ns*@ns: namespace to update labels in (NOT NULL)* Requires: @ns lock be held* Walk the labelset ensuring that all labels are up to date and valid* Any label that has a stale component is marked stale and replaced and |
| aa_pivotroot | |
| aa_free_file_ctx | aa_free_file_ctx - free a file_ctx*@ctx: file_ctx to free (MAYBE_NULL) |
| aa_free_task_ctx | aa_free_task_ctx - free a task_ctx*@ctx: task_ctx to free (MAYBE NULL) |
| aa_clear_task_ctx_trans | aa_clear_task_ctx_trans - clear transition tracking info from the ctx*@ctx: task context to clear (NOT NULL) |
| end_current_label_crit_section | d_label_crit_section - put a reference found with begin_current_label..*@label: label reference to put* Should only be used with a reference obtained with* begin_current_label_crit_section and never used in situations where the* task cred may be updated |
| begin_current_label_crit_section | gin_current_label_crit_section - current's confining label and update it* Returns: up to date confining label or the ns unconfined label (NOT NULL)* Not safe to call inside locks* The returned reference must be put with end_current_label_crit_section()* |
| 源代码转换工具 开放的插件接口 | X |
|---|---|
| 支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |