find_attach

Name:d_attach - do attachment search for unconfined processes*@bprm - binprm structure of transitioning task*@ns: the current namespace (NOT NULL)*@head - profile list to walk (NOT NULL)*@name - to match against (NOT NULL)*@info - info message if there was an

Proto:static struct aa_label *find_attach(const struct linux_binprm *bprm, struct aa_ns *ns, struct list_head *head, const char *name, const char **info)

Type:struct aa_label

Parameter:

Type	Parameter	Name
const struct linux_binprm *	bprm
struct aa_ns *	ns
struct list_head *	head
const char *	name
const char **	info

385

candidate_len = 0 , candidate_xattrs = 0

386

bool conflict = false

387

struct aa_profile * profile, * candidate = NULL

389

AA_BUG(!name)

390

AA_BUG(!head)

392

_read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other

393

restart :

395

If flags & profile is null learning profile && label == ns_unconfined(ns) Then Continue

410

If xmatch Then

414

state = aa_dfa_leftmatch - traverse @dfa to find state @str stops at*@dfa: the dfa to match @str against (NOT NULL)*@start: the state of the dfa to start matching in*@str: the null terminated string of bytes to match against the dfa (NOT NULL)

416

perm = map old dfa inline permissions to new format(xmatch, state)

418

If perm & MAY_EXEC Then

419

ret = 0

421

If count < candidate_len Then Continue

424

If bprm && xattr_count Then

425

rev = READ_ONCE(revision)

427

If Not aa_get_profile_not0 - increment refcount on profile @p found via lookup*@p: profile (MAYBE NULL)* Returns: pointer to @p if @p is NULL will return NULL* Requires: @p must be held with valid refcount when called Then Go to restart

429

_read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()

430

ret = aa_xattrs_match - check whether a file matches the xattrs defined in profile*@bprm: binprm struct for the process to validate*@profile: profile to match against (NOT NULL)*@state: state to start match in* Returns: number of extended attributes that

432

433

aa_put_profile - decrement refcount on profile @p*@p: profile (MAYBE NULL)

434

If rev != READ_ONCE(revision) Then Go to restart

442

If ret < 0 Then Continue

451

If count == candidate_len && ret <= candidate_xattrs Then

454

If ret == candidate_xattrs Then conflict = true

456

Continue

462

candidate = profile

463

candidate_len = xmatch_len

464

candidate_xattrs = ret

465

conflict = false

467

Else if Not strcmp(name, name) Then

472

candidate = profile

473

Go to out

477

If Not candidate || conflict Then

478

If conflict Then info = "conflicting profile attachments"

480

481

Return NULL

484

out :

485

candidate = aa_get_newest_profile - simple wrapper fn to wrap the label version*@p: profile (NOT NULL)* Returns refcount to newest version of the profile (maybe @p)* Requires: @p must be held with a valid refcount

486

488

Return label

**Caller**
Name	Describe
x_to_label	x_to_label - get target label for a given xindex@profile: current profile (NOT NULL)@bprm: binprm structure of transitioning task@name: name to lookup (NOT NULL)@xindex: index into x transition table*@lookupname: returns: name used in lookup if one
profile_transition

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report