函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\tomoyo\domain.c Create Date:2022-07-27 21:08:40
Last Modify:2022-05-23 20:14:46 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:moyo_check_acl - Do permission check.*@r: Pointer to "struct tomoyo_request_info".*@check_entry: Callback function to check type specific parameters.* Returns 0 on success, negative value otherwise.* Caller holds tomoyo_read_lock().

函数原型:void tomoyo_check_acl(struct tomoyo_request_info *r, bool (*check_entry)(struct tomoyo_request_info *, const struct tomoyo_acl_info *))

返回类型:void

参数:

类型参数名称
struct tomoyo_request_info *r
bool (*check_entry
165  domain等于domain
167  list等于acl_info_list
168  i等于0
170  retry :
173  如果 true or false or TOMOYO_GC_IN_PROGRESS One of values in "enum tomoyo_acl_entry_type_index". 不等于param_type则继续下一循环
175  如果非check_entry(r, ptr)则继续下一循环
177  如果非moyo_condition - Check condition part.*@r: Pointer to "struct tomoyo_request_info".*@cond: Pointer to "struct tomoyo_condition". Maybe NULL.* Returns true on success, false otherwise.* Caller holds tomoyo_read_lock().则继续下一循环
179  matched_acl等于ptr
180  granted = true
181  返回
183 i小于Group number is an integer between 0 and 255. 循环
184  如果非st_bit - Determine whether a bit is set*@nr: bit number to test*@addr: Address to start counting from则继续下一循环
186  list等于 The global ACL referred by "use_group" keyword. [i++]
187  转到:retry
189  granted = false
调用者
名称描述
tomoyo_env_permmoyo_env_perm - Check permission for environment variable's name.*@r: Pointer to "struct tomoyo_request_info".*@env: The name of environment variable.* Returns 0 on success, negative value otherwise.* Caller holds tomoyo_read_lock().
tomoyo_path_permissionmoyo_path_permission - Check permission for single path operation.*@r: Pointer to "struct tomoyo_request_info".*@operation: Type of operation.*@filename: Filename to check.* Returns 0 on success, negative value otherwise.* Caller holds tomoyo_read_lock().
tomoyo_execute_permissionmoyo_execute_permission - Check permission for execute operation.*@r: Pointer to "struct tomoyo_request_info".*@filename: Filename to check.* Returns 0 on success, negative value otherwise.* Caller holds tomoyo_read_lock().
tomoyo_path_number_permmoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".*@type: Type of operation.*@path: Pointer to "struct path".*@number: Number.* Returns 0 on success, negative value otherwise.
tomoyo_mkdev_permmoyo_mkdev_perm - Check permission for "mkblock" and "mkchar".*@operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)*@path: Pointer to "struct path".*@mode: Create mode.*@dev: Device number.
tomoyo_path2_permmoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".*@operation: Type of operation.*@path1: Pointer to "struct path".*@path2: Pointer to "struct path".* Returns 0 on success, negative value otherwise.
tomoyo_mount_aclmoyo_mount_acl - Check permission for mount() operation.*@r: Pointer to "struct tomoyo_request_info".*@dev_name: Name of device file. Maybe NULL.*@dir: Pointer to "struct path".*@type: Name of filesystem type.*@flags: Mount options.
tomoyo_inet_entrymoyo_inet_entry - Check permission for INET network operation.*@address: Pointer to "struct tomoyo_addr_info".* Returns 0 on success, negative value otherwise.
tomoyo_unix_entrymoyo_unix_entry - Check permission for UNIX network operation.*@address: Pointer to "struct tomoyo_addr_info".* Returns 0 on success, negative value otherwise.
tomoyo_write_selfmoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface