Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\label.c Create Date:2022-07-28 19:54:25
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:label_compound_match - find perms for full compound label*@profile: profile to find perms for*@label: label to check access permissions for*@start: state to start match in*@subns: whether to do permission checks on components in a subns*@request:

Proto:static int label_compound_match(struct aa_profile *profile, struct aa_label *label, unsigned int state, bool subns, unsigned int request, struct aa_perms *perms)

Type:int

Parameter:

TypeParameterName
struct aa_profile *profile
struct aa_label *label
unsigned intstate
boolsubns
unsigned intrequest
struct aa_perms *perms
1283  If Not aa_ns_visible - test if @view is visible from @curr*@curr: namespace to treat as the parent (NOT NULL)*@view: namespace to test if visible from @curr (NOT NULL)*@subns: whether view of a subns is allowed* Returns: true if @view is visible from @curr else Then Continue
1285  state = match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
1286  If Not state Then Go to fail
1288  Go to next
1292  perms = allperms
1293  Return 0
1295  :
1297  If Not aa_ns_visible - test if @view is visible from @curr*@curr: namespace to treat as the parent (NOT NULL)*@view: namespace to test if visible from @curr (NOT NULL)*@subns: whether view of a subns is allowed* Returns: true if @view is visible from @curr else Then Continue
1299  state = aa_dfa_match - traverse @dfa to find state @str stops at*@dfa: the dfa to match @str against (NOT NULL)*@start: the state of the dfa to start matching in*@str: the null terminated string of bytes to match against the dfa (NOT NULL)* aa_dfa_match will
1300  state = match a profile and its associated ns component if needed* Assumes visibility test has already been done.* If a subns profile is not to be matched should be prescreened with* visibility test.
1301  If Not state Then Go to fail
1304  aa_compute_perms(Generic policy DFA specific rule types will be subsections of it , state, perms)
1305  aa_apply_modes_to_perms - apply namespace and profile flags to perms*@profile: that perms where computed from*@perms: perms to apply mode modifiers to* TODO: split into profile and ns based flags for when accumulating perms
1306  If (allow & request) != request Then Return -EACCES
1309  Return 0
1311  fail :
1312  perms = nullperms
1313  Return state
Caller
NameDescribe
aa_label_matchaa_label_match - do a multi-component label match*@profile: profile to match against (NOT NULL)*@label: label to match (NOT NULL)*@state: state to start in*@subns: whether to match subns components*@request: permission request*@perms: Returns computed
label_matchlabel_match - do a multi-component label match*@profile: profile to match against (NOT NULL)*@label: label to match (NOT NULL)*@stack: whether this is a stacking request*@state: state to start in*@subns: whether to match subns components*@request: