Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\smack\smack_access.c Create Date:2022-07-28 19:25:22
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:smk_access - determine if a subject has a specific access to an object*@subject: a pointer to the subject's Smack label entry*@object: a pointer to the object's Smack label entry*@request: the access requested, in "MAY" format*@a : a pointer to the audit

Proto:int smk_access(struct smack_known *subject, struct smack_known *object, int request, struct smk_audit_info *a)

Type:int

Parameter:

TypeParameterName
struct smack_known *subject
struct smack_known *object
intrequest
struct smk_audit_info *a
119  may = MAY_NOT
120  rc = 0
128  If subject == smack_known_star Then
129  rc = -EACCES
130  Go to out_audit
137  If object == smack_known_web || subject == smack_known_web Then Go to out_audit
142  If object == smack_known_star Then Go to out_audit
148  If smk_known == smk_known Then Go to out_audit
154  If (request & Just to make the common cases easier to deal with) == request || (request & Locks should be writes, but ... ) == request Then
156  If object == smack_known_floor Then Go to out_audit
158  If subject == smack_known_hat Then Go to out_audit
168  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
169  may = smk_access_entry - look up matching access rule*@subject_label: a pointer to the subject's Smack label*@object_label: a pointer to the object's Smack label*@rule_list: the list of rules to search* This function looks up the subject/object pair in the
171  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
173  If may <= 0 || (request & may) != request Then
174  rc = -EACCES
175  Go to out_audit
187  out_audit :
199  If a Then smack_log - Audit the granting or denial of permissions
204  Return rc
Caller
NameDescribe
smack_file_receivesmack_file_receive - Smack file receive check*@file: the object* Returns 0 if current has access, error code otherwise
smack_task_killsmack_task_kill - Smack check on signal delivery*@p: the task object*@info: unused*@sig: unused*@cred: identifies the cred to use in lieu of current's* Return 0 if write access is permitted
smack_netlabel_sendsmack_netlbel_send - Set the secattr on a socket and perform access checks*@sk: the socket*@sap: the destination address* Set the correct secattr for the given socket based on the destination* address and perform any outbound access checks needed.
smk_ipv6_checksmk_ipv6_check - check Smack access*@subject: subject Smack label*@object: object Smack label*@address: address*@act: the action being taken* Check an IPv6 access
smack_unix_stream_connectsmack_unix_stream_connect - Smack access on UDS*@sock: one sock*@other: the other sock*@newsk: unused* Return 0 if a subject with the smack of sock could access* an object with the smack of other, otherwise an error code
smack_unix_may_sendsmack_unix_may_send - Smack access on UDS*@sock: one socket*@other: the other socket* Return 0 if a subject with the smack of sock could access* an object with the smack of other, otherwise an error code
smack_socket_sock_rcv_skbsmack_socket_sock_rcv_skb - Smack packet delivery access check*@sk: socket*@skb: packet* Returns 0 if the packet should be delivered, an error code otherwise
smack_inet_conn_requestsmack_inet_conn_request - Smack access check on connect*@sk: socket involved*@skb: packet*@req: unused* Returns 0 if a task with the packet label could write to* the socket, otherwise an error code
smack_key_permissionsmack_key_permission - Smack access on a key*@key_ref: gets to the object*@cred: the credentials to use*@perm: requested key permissions* Return 0 if the task has read and write to the object,* an error code otherwise
smk_tskaccsmk_tskacc - determine if a task has a specific access to an object*@tsp: a pointer to the subject's task*@obj_known: a pointer to the object's label entry*@mode: the access requested, in "MAY" format*@a : common audit data* This function checks the
smk_user_accesssmk_user_access - handle access check transaction*@file: file pointer*@buf: data from user space*@count: bytes sent*@ppos: where to start - must be 0