函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\label.c Create Date:2022-07-27 21:45:14
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:label_components_match - find perms for all subcomponents of a label*@profile: profile to find perms for*@label: label to check access permissions for*@start: state to start match in*@subns: whether to do permission checks on components in a

函数原型:static int label_components_match(struct aa_profile *profile, struct aa_label *label, unsigned int start, bool subns, unsigned int request, struct aa_perms *perms)

返回类型:int

参数:

类型参数名称
struct aa_profile *profile
struct aa_label *label
unsigned intstart
boolsubns
unsigned intrequest
struct aa_perms *perms
1339  state等于0
1343  如果非aa_ns_visible - test if @view is visible from @curr*@curr: namespace to treat as the parent (NOT NULL)*@view: namespace to test if visible from @curr (NOT NULL)*@subns: whether view of a subns is allowed* Returns: true if @view is visible from @curr else 则继续下一循环
1345  state等于match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
1346  如果非state则转到:fail
1348  转到:next
1352  返回:0
1354  :
1355  aa_compute_perms(Generic policy DFA specific rule types will be subsections of it , state, & tmp)
1356  aa_apply_modes_to_perms - apply namespace and profile flags to perms*@profile: that perms where computed from*@perms: perms to apply mode modifiers to* TODO: split into profile and ns based flags for when accumulating perms
1357  aa_perms_accum - accumulate perms, masking off overlapping perms*@accum - perms struct to accumulate into*@addend - perms struct to add to @accum
1359  如果非aa_ns_visible - test if @view is visible from @curr*@curr: namespace to treat as the parent (NOT NULL)*@view: namespace to test if visible from @curr (NOT NULL)*@subns: whether view of a subns is allowed* Returns: true if @view is visible from @curr else 则继续下一循环
1361  state等于match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
1362  如果非state则转到:fail
1364  aa_compute_perms(Generic policy DFA specific rule types will be subsections of it , state, & tmp)
1365  aa_apply_modes_to_perms - apply namespace and profile flags to perms*@profile: that perms where computed from*@perms: perms to apply mode modifiers to* TODO: split into profile and ns based flags for when accumulating perms
1366  aa_perms_accum - accumulate perms, masking off overlapping perms*@accum - perms struct to accumulate into*@addend - perms struct to add to @accum
1369  如果allow按位与request的值不等于request则返回:负EACCES
1372  返回:0
1374  fail :
1375  perms等于nullperms
1376  返回:负EACCES
调用者
名称描述
aa_label_matchaa_label_match - do a multi-component label match*@profile: profile to match against (NOT NULL)*@label: label to match (NOT NULL)*@state: state to start in*@subns: whether to match subns components*@request: permission request*@perms: Returns computed
label_matchlabel_match - do a multi-component label match*@profile: profile to match against (NOT NULL)*@label: label to match (NOT NULL)*@stack: whether this is a stacking request*@state: state to start in*@subns: whether to match subns components*@request: