Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\hooks.c Create Date:2022-07-28 19:01:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Called whenever SCTP receives an INIT chunk. This happens when an incoming* connect(2), sctp_connectx(3) or sctp_sendmsg(3) (with no association* already present).

Proto:static int selinux_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb)

Type:int

Parameter:

TypeParameterName
struct sctp_endpoint *ep
struct sk_buff *skb
5203  sksec = sk_security
5205  struct lsm_network_audit net = {0, }
5207  peer_sid = SECINITSID_UNLABELED
5209  err = 0
5211  If Not selinux_policycap_extsockclass() Then Return 0
5214  peerlbl_active = selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled* Description:* This function checks if NetLabel or labeled IPSEC is enabled
5216  If peerlbl_active Then
5220  err = selinux_skb_peerlbl_sid - Determine the peer label of a packet*@skb: the packet*@family: protocol family*@sid: the packet's peer label SID* Description:* Check the various different forms of network peer labeling and determine* the peer label/SID for the
5222  If err Then Return err
5225  If peer_sid == unspecified SID Then peer_sid = SECINITSID_UNLABELED
5229  If sctp_assoc_state == SCTP_ASSOC_UNSET Then
5230  sctp_assoc_state = SCTP_ASSOC_SET
5237  SID of peer = peer_sid
5238  Else if SID of peer != peer_sid Then
5242  type = LSM_AUDIT_DATA_NET
5243  net = net
5244  sk = What socket does this endpoint belong to?
5245  err = avc_has_perm - Check permissions and perform any appropriate auditing
5248  If err Then Return err
5258  err = selinux_conn_sid - Determine the child socket label for a connection*@sk_sid: the parent socket's SID*@skb_sid: the packet's SID*@conn_sid: the resulting connection SID* If @skb_sid is valid then the user:role:type information from @sk_sid is* combined
5259  If err Then Return err
5262  Security identifiers from incoming (INIT). These are set by * security_sctp_assoc_request(). These will only be used by * SCTP TCP type sockets and peeled off connections as they * cause a new socket to be generated. security_sctp_sk_clone() * will then p = conn_sid
5263  peer_secid = peer_sid
5266  Return selinux_netlbl_sctp_assoc_request - Label an incoming sctp association.*@ep: incoming association endpoint.*@skb: the packet.* Description:* A new incoming connection is represented by @ep, ......* Returns zero on success, negative values on failure.