函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-27 20:09:53
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:ap_capset - Validate and apply proposed changes to current's capabilities*@new: The proposed new credentials; alterations should be made here*@old: The current task's current credentials*@effective: A pointer to the proposed new effective capabilities

函数原型:int cap_capset(struct cred *new, const struct cred *old, const kernel_cap_t *effective, const kernel_cap_t *inheritable, const kernel_cap_t *permitted)

返回类型:int

参数:

类型参数名称
struct cred *new
const struct cred *old
const kernel_cap_t *effective
const kernel_cap_t *inheritable
const kernel_cap_t *permitted
247  如果Determine whether the inheritable capabilities are limited to the old* permitted set. Returns 1 if they are limited, 0 if they are not.且非Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false则返回:负EPERM
254  如果非Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false则返回:负EPERM
261  如果非Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false则返回:负EPERM
265  如果非Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false则返回:负EPERM
268  caps we can actually use 等于effective
269  caps our children can inherit 等于inheritable
270  caps we're permitted 等于permitted
276  Ambient capability set 等于cap_intersect( Ambient capability set , cap_intersect( * permitted, * inheritable))
279  如果WARN_ON(!cap_ambient_invariant_ok(new))则返回:负EINVAL
281  返回:0