函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\smack\smack_access.c Create Date:2022-07-27 20:54:40
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:smk_access - determine if a subject has a specific access to an object*@subject: a pointer to the subject's Smack label entry*@object: a pointer to the object's Smack label entry*@request: the access requested, in "MAY" format*@a : a pointer to the audit

函数原型:int smk_access(struct smack_known *subject, struct smack_known *object, int request, struct smk_audit_info *a)

返回类型:int

参数:

类型参数名称
struct smack_known *subject
struct smack_known *object
intrequest
struct smk_audit_info *a
119  may等于MAY_NOT
120  rc等于0
128  如果subject恒等于smack_known_star
129  rc等于负EACCES
130  转到:out_audit
137  如果object恒等于smack_known_websubject恒等于smack_known_web则转到:out_audit
142  如果object恒等于smack_known_star则转到:out_audit
148  如果smk_known恒等于smk_known则转到:out_audit
154  如果request按位与Just to make the common cases easier to deal with的值恒等于requestrequest按位与Locks should be writes, but ... 的值恒等于request
156  如果object恒等于smack_known_floor则转到:out_audit
158  如果subject恒等于smack_known_hat则转到:out_audit
168  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
169  may等于smk_access_entry - look up matching access rule*@subject_label: a pointer to the subject's Smack label*@object_label: a pointer to the object's Smack label*@rule_list: the list of rules to search* This function looks up the subject/object pair in the
171  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
173  如果may小于等于0或request按位与may的值不等于request
174  rc等于负EACCES
175  转到:out_audit
187  out_audit :
199  如果asmack_log - Audit the granting or denial of permissions
204  返回:rc
调用者
名称描述
smack_file_receivesmack_file_receive - Smack file receive check*@file: the object* Returns 0 if current has access, error code otherwise
smack_task_killsmack_task_kill - Smack check on signal delivery*@p: the task object*@info: unused*@sig: unused*@cred: identifies the cred to use in lieu of current's* Return 0 if write access is permitted
smack_netlabel_sendsmack_netlbel_send - Set the secattr on a socket and perform access checks*@sk: the socket*@sap: the destination address* Set the correct secattr for the given socket based on the destination* address and perform any outbound access checks needed.
smk_ipv6_checksmk_ipv6_check - check Smack access*@subject: subject Smack label*@object: object Smack label*@address: address*@act: the action being taken* Check an IPv6 access
smack_unix_stream_connectsmack_unix_stream_connect - Smack access on UDS*@sock: one sock*@other: the other sock*@newsk: unused* Return 0 if a subject with the smack of sock could access* an object with the smack of other, otherwise an error code
smack_unix_may_sendsmack_unix_may_send - Smack access on UDS*@sock: one socket*@other: the other socket* Return 0 if a subject with the smack of sock could access* an object with the smack of other, otherwise an error code
smack_socket_sock_rcv_skbsmack_socket_sock_rcv_skb - Smack packet delivery access check*@sk: socket*@skb: packet* Returns 0 if the packet should be delivered, an error code otherwise
smack_inet_conn_requestsmack_inet_conn_request - Smack access check on connect*@sk: socket involved*@skb: packet*@req: unused* Returns 0 if a task with the packet label could write to* the socket, otherwise an error code
smack_key_permissionsmack_key_permission - Smack access on a key*@key_ref: gets to the object*@cred: the credentials to use*@perm: requested key permissions* Return 0 if the task has read and write to the object,* an error code otherwise
smk_tskaccsmk_tskacc - determine if a task has a specific access to an object*@tsp: a pointer to the subject's task*@obj_known: a pointer to the object's label entry*@mode: the access requested, in "MAY" format*@a : common audit data* This function checks the
smk_user_accesssmk_user_access - handle access check transaction*@file: file pointer*@buf: data from user space*@count: bytes sent*@ppos: where to start - must be 0