函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:31:15
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:sure none ns domain transitions are correctly applied with onexec

函数原型:static struct aa_label *handle_onexec(struct aa_label *label, struct aa_label *onexec, bool stack, const struct linux_binprm *bprm, char *buffer, struct path_cond *cond, bool *unsafe)

返回类型:struct aa_label

参数:

类型参数名称
struct aa_label *label
struct aa_label *onexec
boolstack
const struct linux_binprm *bprm
char *buffer
struct path_cond *cond
bool *unsafe
814  AA_BUG(!label)
815  AA_BUG(!onexec)
816  AA_BUG(!bprm)
817  AA_BUG(!buffer)
819  如果非stack
820  error等于fn_for_each_in_ns(label, profile, profile_onexec(profile, onexec, stack, bprm, buffer, cond, unsafe))
823  如果error则返回:错误号
825  new等于fn_label_build_in_ns(label, profile, GFP_KERNEL, aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l., profile_transition(profile, bprm, buffer, cond, unsafe))
830  否则
832  error等于fn_for_each_in_ns(label, profile, profile_onexec(profile, onexec, stack, bprm, buffer, cond, unsafe))
835  如果error则返回:错误号
837  new等于fn_label_build_in_ns(label, profile, GFP_KERNEL, aa_label_merge - attempt to insert new merged label of @a and @b*@ls: set of labels to insert label into (NOT NULL)*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)*@gfp: memory allocation type* Requires: caller to hold valid , profile_transition(profile, bprm, buffer, cond, unsafe))
844  如果new则返回:new
848  error等于fn_for_each_in_ns(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )
853  返回:错误号
调用者
名称描述
apparmor_bprm_set_credsapparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn