Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\hooks.c Create Date:2022-07-28 19:00:38
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:selinux_socket_sock_rcv_skb

Proto:static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)

Type:int

Parameter:

TypeParameterName
struct sock *sk
struct sk_buff *skb
5003  sksec = sk_security
5004  family = sk_family
5005  sk_sid = SID of this object
5007  struct lsm_network_audit net = {0, }
5012  If family != PF_INET && family != PF_INET6 Then Return 0
5016  If family == PF_INET6 && protocol == htons(Internet Protocol packet ) Then family = PF_INET
5023  If Not selinux_policycap_netpeer() Then Return selinux_sock_rcv_skb_compat(sk, skb, family)
5026  secmark_active = selinux_secmark_enabled - Check to see if SECMARK is currently enabled* Description:* This function checks the SECMARK reference counter to see if any SECMARK* targets are currently configured, if the reference counter is greater than
5027  peerlbl_active = selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled* Description:* This function checks if NetLabel or labeled IPSEC is enabled
5028  If Not secmark_active && Not peerlbl_active Then Return 0
5031  type = LSM_AUDIT_DATA_NET
5032  net = net
5033  netif = skb_iif
5034  family = family
5035  err = selinux_parse_skb(skb, & ad, & addrp, 1, NULL)
5036  If err Then Return err
5039  If peerlbl_active Then
5042  err = selinux_skb_peerlbl_sid - Determine the peer label of a packet*@skb: the packet*@family: protocol family*@sid: the packet's peer label SID* Description:* Check the various different forms of network peer labeling and determine* the peer label/SID for the
5043  If err Then Return err
5045  err = selinux_inet_sys_rcv_skb(sock_net(sk), skb_iif, addrp, family, peer_sid, & ad)
5047  If err Then
5048  selinux_netlbl_err(skb, family, err, 0)
5049  Return err
5051  err = avc_has_perm - Check permissions and perform any appropriate auditing
5054  If err Then
5055  selinux_netlbl_err(skb, family, err, 0)
5056  Return err
5060  If secmark_active Then
5061  err = avc_has_perm - Check permissions and perform any appropriate auditing
5064  If err Then Return err
5068  Return err