函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-27 21:30:12
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:may_change_ptraced_domain - check if can change profile on ptraced task*@to_label: profile to change to (NOT NULL)*@info: message if there is an error* Check if current is ptraced and if so if the tracing task is allowed* to trace the new domain* Returns:

函数原型:static int may_change_ptraced_domain(struct aa_label *to_label, const char **info)

返回类型:int

参数:

类型参数名称
struct aa_label *to_label
const char **info
63  struct aa_label * tracerl = NULL
64  error等于0
66  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
67  tracer等于ptrace_parent - return the task that is tracing the given task*@task: task to consider* Returns %NULL if no one is tracing @task, or the &struct task_struct* pointer to its tracer.* Must called under rcu_read_lock(). The pointer returned might be kept
68  如果tracertracerl等于aa_get_task_label - Get another task's label*@task: task to query (NOT NULL)* Returns: counted reference to @task's label
73  如果非tracerunconfined(tracerl)则转到:out
76  error等于aa_may_ptrace - test if tracer task can trace the tracee*@tracer: label of the task doing the tracing (NOT NULL)*@tracee: task label to be traced*@request: permission request* Returns: %0 else error code if permission denied or error
78  out :
79  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
80  aa_put_label(tracerl)
82  如果errorinfo等于"ptrace prevents transition"
84  返回:error
调用者
名称描述
apparmor_bprm_set_credsapparmor_bprm_set_creds - set the new creds on the bprm struct*@bprm: binprm for the exec (NOT NULL)* Returns: %0 or error on failure* TODO: once the other paths are done see if we can't refactor into a fn
aa_change_hataa_change_hat - change hat to/from subprofile*@hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)*@count: number of hat names in @hats*@token: magic value to validate the hat change*@flags: flags affecting behavior of the change
aa_change_profileaa_change_profile - perform a one-way profile transition*@fqname: name of profile may include namespace (NOT NULL)*@onexec: whether this transition is to take place immediately or at exec*@flags: flags affecting change behavior