Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-28 18:35:52
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:ap_ptrace_access_check - Determine whether the current process may access* another*@child: The process to be accessed*@mode: The mode of attachment.* If we are in the same or an ancestor user_ns and have all the target

Proto:int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)

Type:int

Parameter:

TypeParameterName
struct task_struct *child
unsigned intmode
135  ret = 0
139  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
140  cred = current_cred - Access the current task's subjective credentials* Access the subjective credentials of the current task. RCU-safe,* since nobody else can modify it.()
141  child_cred = __task_cred - Access a task's objective credentials*@task: The task to query* Access the objective credentials of a task. The caller must hold the RCU* readlock.* The result of this function should not be passed directly to get_cred();(child)
142  If mode & PTRACE_MODE_FSCREDS Then caller_caps = caps we can actually use
144  Else caller_caps = caps we're permitted
146  If user_ns the caps and keyrings are relative to. == user_ns the caps and keyrings are relative to. && Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false Then Go to out
149  If ns_capable( user_ns the caps and keyrings are relative to. , Allow ptrace() of any process ) Then Go to out
151  ret = -EPERM
152  out :
153  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
154  Return ret