函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\cred.c Create Date:2022-07-27 10:33:04
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:prepare_creds - Prepare a new set of credentials for modification* Prepare a new set of task credentials for modification

函数原型:struct cred *prepare_creds(void)

返回类型:struct cred

参数:

252  task等于当前进程
256  validate_process_creds()
258  new等于kmem_cache_alloc(cred_jar, GFP_KERNEL)
259  如果非new则返回:NULL
262  kdebug("prepare_creds() alloc %p", new)
264  old等于安全管理凭证
265  内存复制(new, old, sizeof(structcred))
267  Can we skip RCU deletion? 等于0
268  atomic_set( & usage, 1)
269  set_cred_subscribers(new, 0)
270  get_group_info - Get a reference to a group info structure*@group_info: The group info to reference* This gets a reference to a set of supplementary groups.* If the caller is accessing a task's credentials, they must hold the RCU read* lock when reading.
271  get_uid(真实用户身份)
272  get_user_ns( user_ns the caps and keyrings are relative to. )
275  key_get( keyring inherited over fork )
276  key_get( keyring private to this process )
277  key_get( keyring private to this thread )
278  key_get( assumed request_key authority )
282  subjective LSM security = NULL
285  如果security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT)小于0则转到:error
287  validate_creds(new)
288  返回:new
290  error :
291  abort_creds - Discard a set of credentials and unlock the current task*@new: The credentials that were going to be applied* Discard a set of credentials that were under construction and unlock the* current task.
292  返回:NULL
调用者
名称描述
prepare_exec_credsPrepare credentials for current to perform an execve()* - The caller must hold ->cred_guard_mutex
copy_creds复制信任
set_current_groupsset_current_groups - Change current's group subscription*@group_info: The group list to impose* Validate a group subscription and, if valid, impose it upon current's task* security record.
unshare_userns
userns_install
keyctl_set_reqkey_keyringRead or set the default keyring in which request_key() will cache keys and* return the old setting.* If a thread or process keyring is specified then it will be created if it* doesn't yet exist. The old setting will be returned if successful.
install_thread_keyringInstall a thread keyring to the current task if it didn't have one already.* Return: 0 if a thread keyring is now present; -errno on failure.
install_process_keyringInstall a process keyring to the current task if it didn't have one already.* Return: 0 if a process keyring is now present; -errno on failure.
install_session_keyringInstall the given keyring as the session keyring of the current task,* replacing the existing one if any. If the given keyring is NULL, then* install a new anonymous session keyring.* Return: 0 on success; -errno on failure.
join_session_keyringJoin the named keyring as the session keyring if possible else attempt to* create a new one of that name and join that
cap_prctl_dropImplement PR_CAPBSET_DROP. Attempt to remove the specified capability from* the current task's bounding set. Returns 0 on success, -ve on error.
cap_task_prctlap_task_prctl - Implement process control functions for this security module*@option: The process control function requested*@arg2, @arg3, @arg4, @arg5: The argument data for this function* Allow process control functions (sys_prctl()) to alter
selinux_inode_copy_up
selinux_setprocattr
smack_setprocattrsmack_setprocattr - Smack process attribute setting*@name: the name of the attribute in /proc/
smack_inode_copy_up
aa_replace_current_labelaa_replace_current_label - replace the current tasks label*@label: new label (NOT NULL)* Returns: 0 or error on failure
aa_set_current_hataa_set_current_hat - set the current tasks hat*@label: label to set as the current hat (NOT NULL)*@token: token value that must be specified to change from the hat* Do switch of tasks hat
aa_restore_previous_labelaa_restore_previous_label - exit from hat context restoring previous label*@token: the token that must be matched to exit hat context* Attempt to return out of a hat to the previous label
do_coredump
keyctl_change_reqkey_authChange the request_key authorisation key on the current process.
do_faccessataccess() needs to use the real uid/gid, not the effective uid/gid.* We do this by temporarily clearing all FS-related capabilities and* switching the fsuid/fsgid around to the real ones.