unpack_profile

Name:pack_profile - unpack a serialized profile*@e: serialized data extent information (NOT NULL)* NOTE: unpack profile sets audit struct if there is a failure

Proto:static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)

Type:struct aa_profile

Parameter:

Type	Parameter	Name
struct aa_ext *	e
char **	ns_name

676

struct aa_profile * profile = NULL

677

const char * tmpname, * tmpns = NULL, * name = NULL

678

info = "failed to unpack profile"

680

struct rhashtable_params params = {0}

681

char * key = NULL

683

error = -EPROTO

687

* ns_name = NULL

690

If Not pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then Go to fail

692

If Not unpack_str(e, & name, NULL) Then Go to fail

694

If name == '\0' Then Go to fail

697

tmpname = aa_splitn_fqname(name, strlen - Find the length of a string*@s: The string to be sized, & tmpns, & ns_len)

698

If tmpns Then

699

ns_name = kstrndup - allocate space for and copy an existing string*@s: the string to duplicate*@max: read at most @max chars from @s*@gfp: the GFP mask used in the kmalloc() call when allocating memory* Note: Use kmemdup_nul() instead if the size is known exactly

700

If Not ns_name Then

701

info = "out of memory"

702

Go to fail

704

name = tmpname

707

profile = aa_alloc_profile - allocate, initialize and return a new profile*@hname: name of the profile (NOT NULL)*@gfp: allocation type* Returns: refcount profile or NULL on failure

708

If Not profile Then Return ERR_PTR( - ENOMEM)

712

unpack_str(e, & rename, "rename")

715

unpack_str(e, & attach, "attach")

718

xmatch = pack_dfa - unpack a file rule dfa*@e: serialized data extent information (NOT NULL)* returns dfa or ERR_PTR or NULL if no dfa

719

If IS_ERR(xmatch) Then

720

error = PTR_ERR(xmatch)

721

xmatch = NULL

722

info = "bad xmatch"

723

Go to fail

726

If xmatch Then

727

If Not unpack_u32(e, & tmp, NULL) Then

728

info = "missing xmatch len"

729

Go to fail

731

xmatch_len = tmp

735

unpack_str(e, & disconnected, "disconnected")

738

If Not pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

739

info = "profile missing flags"

740

Go to fail

742

info = "failed to unpack profile flags"

743

If Not unpack_u32(e, & tmp, NULL) Then Go to fail

745

If tmp & PACKED_FLAG_HAT Then flags |= profile is a hat

747

If Not unpack_u32(e, & tmp, NULL) Then Go to fail

749

If tmp == PACKED_MODE_COMPLAIN || version & FORCE_COMPLAIN_FLAG Then mode = allow and log access violations

751

Else if tmp == PACKED_MODE_KILL Then mode = kill task on access violation

753

Else if tmp == PACKED_MODE_UNCONFINED Then mode = profile set to unconfined

755

If Not unpack_u32(e, & tmp, NULL) Then Go to fail

757

If tmp Then audit = AUDIT_ALL

760

764

If unpack_u32(e, & path_flags, "path_flags") Then path_flags |= flags & mediate deleted paths

767

Else path_flags = mediate deleted paths

771

info = "failed to unpack profile capabilities"

772

If Not unpack_u32(e, & (cap[0]), NULL) Then Go to fail

774

If Not unpack_u32(e, & (cap[0]), NULL) Then Go to fail

776

If Not unpack_u32(e, & (cap[0]), NULL) Then Go to fail

778

If Not unpack_u32(e, & cap[0], NULL) Then Go to fail

781

info = "failed to unpack upper profile capabilities"

782

If pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

784

If Not unpack_u32(e, & (cap[1]), NULL) Then Go to fail

786

If Not unpack_u32(e, & (cap[1]), NULL) Then Go to fail

788

If Not unpack_u32(e, & (cap[1]), NULL) Then Go to fail

790

If Not unpack_u32(e, & (cap[1]), NULL) Then Go to fail

792

796

info = "failed to unpack extended profile capabilities"

797

If pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

799

If Not unpack_u32(e, & (cap[0]), NULL) Then Go to fail

801

If Not unpack_u32(e, & (cap[1]), NULL) Then Go to fail

803

807

If Not unpack_xattrs(e, profile) Then

808

info = "failed to unpack profile xattrs"

809

Go to fail

812

If Not unpack_rlimits(e, profile) Then

813

info = "failed to unpack profile rlimits"

814

Go to fail

817

If Not unpack_secmark(e, profile) Then

818

info = "failed to unpack profile secmark rules"

819

Go to fail

822

If pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

824

info = "failed to unpack policydb"

825

Generic policy DFA specific rule types will be subsections of it = pack_dfa - unpack a file rule dfa*@e: serialized data extent information (NOT NULL)* returns dfa or ERR_PTR or NULL if no dfa

826

If IS_ERR(Generic policy DFA specific rule types will be subsections of it ) Then

827

error = PTR_ERR(Generic policy DFA specific rule types will be subsections of it )

828

Generic policy DFA specific rule types will be subsections of it = NULL

829

Go to fail

830

Else if Not Generic policy DFA specific rule types will be subsections of it Then

831

error = -EPROTO

832

Go to fail

834

If Not unpack_u32(e, & set of start states for the different classes of data[0], "start") Then set of start states for the different classes of data[0] = DFA_START

838

When i <= AA_CLASS_LAST cycle

839

set of start states for the different classes of data[i] = aa_dfa_next - step one character to the next state in the dfa*@dfa: the dfa to traverse (NOT NULL)*@state: the state to start in*@c: the input character to transition on* aa_dfa_match will step through the dfa by one input character @c* Returns: state

844

846

Else Generic policy DFA specific rule types will be subsections of it = aa_get_dfa - increment refcount on dfa @p*@dfa: dfa (MAYBE NULL)* Returns: pointer to @dfa if @dfa is NULL will return NULL* Requires: @dfa must be held with valid refcount when called

850

dfa = pack_dfa - unpack a file rule dfa*@e: serialized data extent information (NOT NULL)* returns dfa or ERR_PTR or NULL if no dfa

851

If IS_ERR(dfa) Then

852

error = PTR_ERR(dfa)

853

dfa = NULL

854

info = "failed to unpack profile file rules"

855

Go to fail

856

Else if dfa Then

857

If Not unpack_u32(e, & start, "dfa_start") Then start = DFA_START

860

Else if Generic policy DFA specific rule types will be subsections of it && set of start states for the different classes of data[AA_CLASS_FILE] Then

862

dfa = aa_get_dfa - increment refcount on dfa @p*@dfa: dfa (MAYBE NULL)* Returns: pointer to @dfa if @dfa is NULL will return NULL* Requires: @dfa must be held with valid refcount when called

863

start = set of start states for the different classes of data[AA_CLASS_FILE]

864

Else dfa = aa_get_dfa - increment refcount on dfa @p*@dfa: dfa (MAYBE NULL)* Returns: pointer to @dfa if @dfa is NULL will return NULL* Requires: @dfa must be held with valid refcount when called

867

If Not pack_trans_table - unpack a profile transition table*@e: serialized data extent information (NOT NULL)*@profile: profile to add the accept table to (NOT NULL)* Returns: 1 if table successfully unpacked Then

868

info = "failed to unpack profile transition table"

869

Go to fail

872

If pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

873

info = "out of memory"

874

data = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).

875

If Not data Then Go to fail

878

nelem_hint = 3

879

key_len = size of *

880

key_offset = offsetof(structaa_data, key)

881

head_offset = offsetof(structaa_data, head)

882

hashfn = strhash

883

obj_cmpfn = datacmp

885

If hashtable_init - initialize a new hash table*@ht: hash table to be initialized*@params: configuration parameters* Initializes a new hash table based on the provided configuration* parameters Then

886

info = "failed to init key, value hash table"

887

Go to fail

890

When unpack_strdup(e, & key, NULL) cycle

891

data = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).

892

If Not data Then

893

kzfree - like kfree but zero memory*@p: object to free memory of* The memory of the object @p points to is zeroed before freed.* If @p is %NULL, kzfree() does nothing.* Note: this function zeroes the whole allocated buffer which can be a good

894

Go to fail

897

name for retrieving this data = key

898

size of data in bytes = unpack_blob(e, & binary data, NULL)

899

binary data = kvmemdup( binary data, size of data in bytes)

900

If size of data in bytes && Not binary data Then

901

902

903

Go to fail

906

hashtable_insert_fast - insert object into hash table*@ht: hash table*@obj: pointer to hash head inside object*@params: hash table parameters* Will take the per bucket bitlock to protect against mutual mutations* on the same bucket

910

If Not pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

911

info = "failed to unpack end of key, value data table"

912

Go to fail

916

If Not pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element Then

917

info = "failed to unpack end of profile"

918

Go to fail

921

Return profile

923

fail :

924

If profile Then name = NULL

926

Else if Not name Then name = "unknown"

928

audit_iface - do audit message for policy unpacking/load/replace/remove*@new: profile if it has been allocated (MAYBE NULL)*@ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)*@name: name of the profile being manipulated (MAYBE

929

aa_free_profile - free a profile*@profile: the profile to free (MAYBE NULL)* Free a profile, its hats and null_profile

931

Return ERR_PTR(error)

**Caller**
Name	Describe
aa_unpack	aa_unpack - unpack packed binary profile(s) data loaded from user space@udata: user data copied to kmem (NOT NULL)@lh: list to place unpacked profiles in a aa_repl_ws@ns: Returns namespace profile is in if specified else NULL (NOT NULL) Unpack user

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report