函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-27 20:10:25
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Extract the on-exec-apply capability sets for an executable file.

函数原型:int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)

返回类型:int

参数:

类型参数名称
const struct dentry *dentry
struct cpu_vfs_cap_data *cpu_caps
573  inode等于d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper
577  nscaps等于data
578  struct vfs_cap_data * caps = (struct vfs_cap_data * ) & data
582  memset(cpu_caps, 0, sizeof(structcpu_vfs_cap_data))
584  如果非inode则返回:负ENODATA
587  fs_ns等于s_user_ns
588  size等于__vfs_getxattr((structdentry * )dentry, inode, XATTR_NAME_CAPS, & data, XATTR_CAPS_SZ)
590  如果size恒等于负ENODATAsize恒等于负EOPNOTSUPP则返回:负ENODATA
594  如果size小于0则返回:size
597  如果size小于magic_etc的长度则返回:负EINVAL
600  magic_etc等于magic_etc等于le32_to_cpu( Little endian )
602  rootkuid等于make_kuid - Map a user-namespace uid pair into a kuid
604  : & == VFS_CAP_REVISION_1
605  如果size不等于XATTR_CAPS_SZ_1则返回:负EINVAL
607  tocopy等于VFS_CAP_U32_1
608  退出
609  : & == VFS_CAP_REVISION_2
610  如果size不等于XATTR_CAPS_SZ_2则返回:负EINVAL
612  tocopy等于VFS_CAP_U32_2
613  退出
614  : & == VFS_CAP_REVISION_3
615  如果size不等于XATTR_CAPS_SZ_3则返回:负EINVAL
617  tocopy等于VFS_CAP_U32_3
618  rootkuid等于make_kuid - Map a user-namespace uid pair into a kuid
619  退出
621  默认
622  返回:负EINVAL
627  如果非rootid_owns_currentns(rootkuid)则返回:负ENODATA
631  如果i大于等于tocopy退出
633  cap[i]等于le32_to_cpu(permitted)
634  cap[i]等于le32_to_cpu( Little endian )
637  cap[CAP_LAST_U32]与等于CAP_LAST_U32_VALID_MASK
638  cap[CAP_LAST_U32]与等于CAP_LAST_U32_VALID_MASK
640  rootid等于rootkuid
642  返回:0
调用者
名称描述
__audit_log_bprm_fcaps__audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps*@bprm: pointer to the bprm being processed*@new: the proposed new credentials*@old: the old credentials* Simply check if the proc already has the caps given by the file and
get_file_capsAttempt to get the on-exec apply capability sets for an executable file from* its xattrs and, if present, apply them to the proposed credentials being* constructed by execve().
audit_copy_fcaps