Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\smack\smack_lsm.c Create Date:2022-07-28 19:23:43
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack*@sap: netlabel secattr*@ssp: socket security information* Returns a pointer to a Smack label entry found on the label list.

Proto:static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, struct socket_smack *ssp)

Type:struct smack_known

Parameter:

TypeParameterName
struct netlbl_lsm_secattr *sap
struct socket_smack *ssp
3720  found = 0
3724  If (flags & NETLBL_SECATTR_MLS_LVL) != 0 Then
3735  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
3737  If lvl != lvl Then Continue
3742  If (flags & NETLBL_SECATTR_MLS_CAT) == 0 Then
3743  If (flags & NETLBL_SECATTR_MLS_CAT) == 0 Then found = 1
3746  Break
3748  When acat == kcat cycle
3749  acat = LSM security attribute operations
3751  kcat = LSM security attribute operations
3754  If acat < 0 || kcat < 0 Then Break
3757  If acat == kcat Then
3758  found = 1
3759  Break
3762  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
3764  If found Then Return skp
3767  If ssp != NULL && inbound label == smack_known_star Then Return smack_known_web
3769  Return smack_known_star
3771  If (flags & NETLBL_SECATTR_SECID) != 0 Then Return smack_from_secid(secid)
3781  Return smack_net_ambient
Caller
NameDescribe
smack_socket_sock_rcv_skbsmack_socket_sock_rcv_skb - Smack packet delivery access check*@sk: socket*@skb: packet* Returns 0 if the packet should be delivered, an error code otherwise
smack_socket_getpeersec_dgramsmack_socket_getpeersec_dgram - pull in packet label*@sock: the peer socket*@skb: packet data*@secid: pointer to where to put the secid of the packet* Sets the netlabel socket state on sk from parent
smack_inet_conn_requestsmack_inet_conn_request - Smack access check on connect*@sk: socket involved*@skb: packet*@req: unused* Returns 0 if a task with the packet label could write to* the socket, otherwise an error code