Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\smack\smack_lsm.c Create Date:2022-07-28 19:23:59
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:smack_socket_sock_rcv_skb - Smack packet delivery access check*@sk: socket*@skb: packet* Returns 0 if the packet should be delivered, an error code otherwise

Proto:static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)

Type:int

Parameter:

TypeParameterName
struct sock *sk
struct sk_buff *skb
3844  ssp = sk_security
3845  struct smack_known * skp = NULL
3846  rc = 0
3848  family = sk_family
3856  If family == PF_INET6 && protocol == htons(Internet Protocol packet ) Then family = PF_INET
3861  Case family == PF_INET
3868  If skb && secmark != 0 Then
3869  skp = smack_from_secid(secmark)
3870  Go to access_check
3876  lbl_secattr_init - Initialize a netlbl_lsm_secattr struct*@secattr: the struct to initialize* Description:* Initialize an already allocated netlbl_lsm_secattr struct.
3878  rc = netlbl_skbuff_getattr(skb, family, & secattr)
3879  If rc == 0 Then skp = smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack*@sap: netlabel secattr*@ssp: socket security information* Returns a pointer to a Smack label entry found on the label list.
3881  Else skp = smack_net_ambient
3884  lbl_secattr_destroy - Clears a netlbl_lsm_secattr struct*@secattr: the struct to clear* Description:* Destroys the @secattr struct, including freeing all of the internal buffers.* The struct must be reset with a call to netlbl_secattr_init() before reuse.
3887  access_check :
3890  smk_ad_init_net( & ad, __func__, LSM_AUDIT_DATA_NET, & net)
3891  family = family
3892  netif = skb_iif
3893  pv4_skb_to_auditdata : fill auditdata from skb*@skb : the skb*@ad : the audit data to fill*@proto : the layer 4 protocol* return 0 on success
3901  rc = smk_access(skp, inbound label , MAY_WRITE, & ad)
3902  rc = smk_bu_note("IPv4 delivery", skp, inbound label , MAY_WRITE, rc)
3904  If rc != 0 Then netlbl_skbuff_err(skb, family, rc, 0)
3906  Break
3908  Case family == PF_INET6
3909  proto = smk_skb_to_addr_ipv6(skb, & sadd)
3910  If proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && proto != IPPROTO_TCP && proto != IPPROTO_DCCP Then Break
3914  If skb && secmark != 0 Then skp = smack_from_secid(secmark)
3916  Else if smk_ipv6_localhost - Check for local ipv6 host address*@sip: the address* Returns boolean true if this is the localhost address Then Break
3918  Else skp = smack_ipv6host_label - check host based restrictions*@sip: the object end* looks for host based access restrictions* This version will only be appropriate for really small sets of single label* hosts
3920  If (skp == NULL) Then skp = smack_net_ambient
3922  If (skb == NULL) Then Break
3925  smk_ad_init_net( & ad, __func__, LSM_AUDIT_DATA_NET, & net)
3926  family = family
3927  netif = skb_iif
3928  ipv6_skb_to_auditdata(skb, & a, NULL)
3930  rc = smk_access(skp, inbound label , MAY_WRITE, & ad)
3931  rc = smk_bu_note("IPv6 delivery", skp, inbound label , MAY_WRITE, rc)
3935  rc = smk_ipv6_port_check - check Smack port access*@sk: socket*@address: address*@act: the action being taken* Create or update the port list entry
3937  If rc != 0 Then icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADM_PROHIBITED, 0)
3940  Break
3944  Return rc