apparmor_bprm_set

Name:apparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn

Proto:int apparmor_bprm_set_creds(struct linux_binprm *bprm)

Type:int

Parameter:

Type	Parameter	Name
struct linux_binprm *	bprm

867

struct aa_label * label, * new = NULL

869

char * buffer = NULL

870

const char * info = NULL

871

error = 0

872

bool unsafe = false

873

struct path_cond cond = {i_uid, i_mode}

878

If called_set_creds Then Return 0

881

ctx = task_ctx(current process)

882

AA_BUG(!cred_label(w credentials ))

883

AA_BUG(!ctx)

885

label = aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l.

894

If how unsafe this exec is (mask of LSM_UNSAFE_*) & LSM_UNSAFE_NO_NEW_PRIVS && Not unconfined(label) && Not nnp Then nnp = aa_get_label(label)

899

buffer = aa_get_buffer(false)

900

If Not buffer Then

901

error = -ENOMEM

902

Go to done

906

If onexec Then new = sure none ns domain transitions are correctly applied with onexec

909

Else new = _label_build - abstract out the build of a label transition*@L: label the transition is being computed for*@P: profile parameter derived from L by this macro, can be passed to FN*@GFP: memory allocation type to use(label, profile, GFP_KERNEL, profile_transition(profile, bprm, buffer, & cond, & unsafe))

914

AA_BUG(!new)

915

If IS_ERR(new) Then

916

error = PTR_ERR(new)

917

Go to done

918

Else if Not new Then

919

error = -ENOMEM

920

Go to done

931

If how unsafe this exec is (mask of LSM_UNSAFE_*) & LSM_UNSAFE_NO_NEW_PRIVS && Not unconfined(label) && Not aa_label_is_subset(new, nnp) Then

933

error = -EPERM

934

info = "no new privs"

935

Go to audit

938

If how unsafe this exec is (mask of LSM_UNSAFE_*) & prm->unsafe reasons Then If how unsafe this exec is (mask of LSM_UNSAFE_*) & LSM_UNSAFE_PTRACE Then

945

error = may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:

946

If error Then Go to audit

950

If unsafe Then

951

If DEBUG remains global (no per profile flag) since it is mostly used in sysctl* which is not related to profile accesses. Then

952

dbg_printk("scrubbing environment variables for %s label=", Name of binary as seen by procps )

954

aa_label_printk(new, GFP_KERNEL)

955

dbg_printk("\n")

957

secureexec = 1

960

If proxy != proxy Then

962

If DEBUG remains global (no per profile flag) since it is mostly used in sysctl* which is not related to profile accesses. Then

963

dbg_printk("apparmor: clearing unsafe personality bits. %s label=", Name of binary as seen by procps )

965

aa_label_printk(new, GFP_KERNEL)

966

dbg_printk("\n")

968

s to clear in current->personality |= Security-relevant compatibility flags that must be* cleared upon setuid or setgid exec:

970

aa_put_label(cred_label(w credentials ))

972

set_cred_label(w credentials , new)

974

done :

975

aa_put_label(label)

976

aa_put_buffer(buffer)

978

Return error

980

audit :

981

error = fn_for_each(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )

986

aa_put_label(new)

987

Go to done

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report