smk_ptrace_rule

Name:smk_ptrace_rule_check - helper for ptrace access*@tracer: tracer process*@tracee_known: label entry of the process that's about to be traced*@mode: ptrace attachment mode (PTRACE_MODE_*)*@func: name of the function that called us, used for audit* Returns

Proto:static int smk_ptrace_rule_check(struct task_struct *tracer, struct smack_known *tracee_known, unsigned int mode, const char *func)

Type:int

Parameter:

Type	Parameter	Name
struct task_struct *	tracer
struct smack_known *	tracee_known
unsigned int	mode
const char *	func

423

struct smk_audit_info ad, * saip = NULL

428

If (mode & PTRACE_MODE_NOAUDIT) == 0 Then

429

some inline functions to set up audit data* they do nothing if CONFIG_AUDIT is not set

430

smk_ad_setfield_u_tsk( & ad, tracer)

431

saip = ad

434

_read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other

435

tracercred = __task_cred - Access a task's objective credentials*@task: The task to query* Access the objective credentials of a task. The caller must hold the RCU* readlock.* The result of this function should not be passed directly to get_cred();(tracer)

436

tsp = smack_cred(tracercred)

437

tracer_known = Present a pointer to the smack label entry in an task blob.

439

If mode & PTRACE_MODE_ATTACH && ( smack_ptrace_rule == SMACK_PTRACE_EXACT || smack_ptrace_rule == SMACK_PTRACE_DRACONIAN ) Then

442

If smk_known == smk_known Then rc = 0

444

Else if smack_ptrace_rule == SMACK_PTRACE_DRACONIAN Then rc = -EACCES

446

Else if smack_privileged_cred - are all privilege requirements met by cred*@cap: The requested capability*@cred: the credential to use* Is the task privileged and allowed to be privileged* by the onlycap rule. Then rc = 0

448

Else rc = -EACCES

451

If saip Then smack_log(smk_known, smk_known, 0, rc, saip)

456

_read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()

457

Return rc

461

rc = smk_tskacc - determine if a task has a specific access to an object*@tsp: a pointer to the subject's task*@obj_known: a pointer to the object's label entry*@mode: the access requested, in "MAY" format*@a : common audit data* This function checks the

463

464

Return rc

**Caller**
Name	Describe
smack_ptrace_access_check	smack_ptrace_access_check - Smack approval on PTRACE_ATTACH@ctp: child task pointer@mode: ptrace attachment mode (PTRACE_MODE_) Returns 0 if access is OK, an error code otherwise* Do the capability checks.
smack_ptrace_traceme	smack_ptrace_traceme - Smack approval on PTRACE_TRACEME@ptp: parent task pointer Returns 0 if access is OK, an error code otherwise* Do the capability checks, and require PTRACE_MODE_ATTACH.
smack_bprm_set_creds	smack_bprm_set_creds - set creds for exec@bprm: the exec information Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report