Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-28 19:51:37
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:sure none ns domain transitions are correctly applied with onexec

Proto:static struct aa_label *handle_onexec(struct aa_label *label, struct aa_label *onexec, bool stack, const struct linux_binprm *bprm, char *buffer, struct path_cond *cond, bool *unsafe)

Type:struct aa_label

Parameter:

TypeParameterName
struct aa_label *label
struct aa_label *onexec
boolstack
const struct linux_binprm *bprm
char *buffer
struct path_cond *cond
bool *unsafe
814  AA_BUG(!label)
815  AA_BUG(!onexec)
816  AA_BUG(!bprm)
817  AA_BUG(!buffer)
819  If Not stack Then
820  error = fn_for_each_in_ns(label, profile, profile_onexec(profile, onexec, stack, bprm, buffer, cond, unsafe))
823  If error Then Return ERR_PTR(error)
825  new = fn_label_build_in_ns(label, profile, GFP_KERNEL, aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l., profile_transition(profile, bprm, buffer, cond, unsafe))
830  Else
832  error = fn_for_each_in_ns(label, profile, profile_onexec(profile, onexec, stack, bprm, buffer, cond, unsafe))
835  If error Then Return ERR_PTR(error)
837  new = fn_label_build_in_ns(label, profile, GFP_KERNEL, aa_label_merge - attempt to insert new merged label of @a and @b*@ls: set of labels to insert label into (NOT NULL)*@a: label to merge with @b (NOT NULL)*@b: label to merge with @a (NOT NULL)*@gfp: memory allocation type* Requires: caller to hold valid , profile_transition(profile, bprm, buffer, cond, unsafe))
844  If new Then Return new
848  error = fn_for_each_in_ns(label, profile, aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being )
853  Return ERR_PTR(error)
Caller
NameDescribe
apparmor_bprm_set_credsapparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn