Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-28 19:51:38
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:helper fn for changing into a hat* Returns: label for hat transition or ERR_PTR. Does not return NULL

Proto:static struct aa_label *change_hat(struct aa_label *label, const char *hats[], int count, int flags)

Type:struct aa_label

Parameter:

TypeParameterName
struct aa_label *label
const char *hats
intcount
intflags
1050  struct aa_profile * profile, * root, * hat = NULL
1053  bool sibling = false
1054  const char * name, * info = NULL
1057  AA_BUG(!label)
1058  AA_BUG(!hats)
1059  AA_BUG(count < 1)
1061  If PROFILE_IS_HAT(labels_profile(label)) Then sibling = true
1065  When i < count && Not hat cycle
1066  name = hats[i]
1068  If sibling && PROFILE_IS_HAT(profile) Then
1069  root = aa_get_profile_rcu - increment a refcount profile that can be replaced*@p: pointer to profile that can be replaced (NOT NULL)* Returns: pointer to a refcounted profile.* else NULL if no profile
1070  Else if Not sibling && Not PROFILE_IS_HAT(profile) Then
1071  root = aa_get_profile - increment refcount on profile @p*@p: profile (MAYBE NULL)* Returns: pointer to @p if @p is NULL will return NULL* Requires: @p must be held with valid refcount when called
1072  Else
1073  info = "conflicting targets types"
1074  error = -EPERM
1075  Go to fail
1077  hat = aa_find_child - find a profile by @name in @parent*@parent: profile to search (NOT NULL)*@name: profile name to search for (NOT NULL)* Returns: a refcounted profile or NULL if not found
1078  aa_put_profile - decrement refcount on profile @p*@p: profile (MAYBE NULL)
1079  If Not hat Then
1080  If Not COMPLAIN_MODE(profile) Then Go to outer_continue
1083  Else if Not PROFILE_IS_HAT(hat) Then
1084  info = "target not hat"
1085  error = -EPERM
1086  aa_put_profile - decrement refcount on profile @p*@p: profile (MAYBE NULL)
1087  Go to fail
1089  aa_put_profile - decrement refcount on profile @p*@p: profile (MAYBE NULL)
1092  Go to build
1093  outer_continue :
1102  name = NULL
1104  If Not list_empty - tests whether a list is empty*@head: the list to test. Then
1105  info = "hat not found"
1106  error = -ENOENT
1107  Go to fail
1110  info = "no hats defined"
1111  error = -ECHILD
1113  fail :
1122  If count > 1 || COMPLAIN_MODE(profile) Then
1123  aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being
1128  Return ERR_PTR(error)
1130  build :
1131  new = fn_label_build_in_ns(label, profile, GFP_KERNEL, helper fn for change_hat* Returns: label for hat transition OR ERR_PTR. Does NOT return NULL, aa_get_label( & label))
1134  If Not new Then
1135  info = "label build failed"
1136  error = -ENOMEM
1137  Go to fail
1140  Return new
Caller
NameDescribe
aa_change_hataa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change