函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:30:40
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:d_attach - do attachment search for unconfined processes*@bprm - binprm structure of transitioning task*@ns: the current namespace (NOT NULL)*@head - profile list to walk (NOT NULL)*@name - to match against (NOT NULL)*@info - info message if there was an

函数原型:static struct aa_label *find_attach(const struct linux_binprm *bprm, struct aa_ns *ns, struct list_head *head, const char *name, const char **info)

返回类型:struct aa_label

参数:

类型参数名称
const struct linux_binprm *bprm
struct aa_ns *ns
struct list_head *head
const char *name
const char **info
385  candidate_len等于0, candidate_xattrs等于0
386  bool conflict = false
387  struct aa_profile * profile, * candidate = NULL
389  AA_BUG(!name)
390  AA_BUG(!head)
392  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
393  restart :
395  如果flags按位与 profile is null learning profile label恒等于ns_unconfined(ns)则继续下一循环
410  如果xmatch
414  state等于aa_dfa_leftmatch - traverse @dfa to find state @str stops at*@dfa: the dfa to match @str against (NOT NULL)*@start: the state of the dfa to start matching in*@str: the null terminated string of bytes to match against the dfa (NOT NULL)
416  perm等于map old dfa inline permissions to new format(xmatch, state)
418  如果perm按位与MAY_EXEC
419  ret等于0
421  如果count小于candidate_len则继续下一循环
424  如果bprmxattr_count
451  如果count恒等于candidate_lenret小于等于candidate_xattrs
454  如果ret恒等于candidate_xattrsconflict = true
456  继续下一循环
462  candidate等于profile
463  candidate_len等于xmatch_len
464  candidate_xattrs等于ret
465  conflict = false
467  否则如果非字符串比较
472  candidate等于profile
473  转到:out
477  如果非candidateconflict
478  如果conflictinfo等于"conflicting profile attachments"
480  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
481  返回:NULL
484  out :
485  candidate等于aa_get_newest_profile - simple wrapper fn to wrap the label version*@p: profile (NOT NULL)* Returns refcount to newest version of the profile (maybe @p)* Requires: @p must be held with a valid refcount
486  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
488  返回:label
调用者
名称描述
x_to_labelx_to_label - get target label for a given xindex*@profile: current profile (NOT NULL)*@bprm: binprm structure of transitioning task*@name: name to lookup (NOT NULL)*@xindex: index into x transition table*@lookupname: returns: name used in lookup if one
profile_transition