profile_onexec

Name:profile_onexec

Proto:static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec, bool stack, const struct linux_binprm *bprm, char *buffer, struct path_cond *cond, bool *secure_exec)

Type:int

Parameter:

Type	Parameter	Name
struct aa_profile *	profile
struct aa_label *	onexec
bool	stack
const struct linux_binprm *	bprm
char *	buffer
struct path_cond *	cond
bool *	secure_exec

737

state = start

738

struct aa_perms perms = {}

739

xname = NULL , info = "change_profile onexec"

740

error = -EACCES

742

AA_BUG(!profile)

743

AA_BUG(!onexec)

744

AA_BUG(!bprm)

745

AA_BUG(!buffer)

747

If profile_unconfined(profile) Then

754

Return 0

757

error = aa_path_name - get the pathname to a buffer ensure dir / is appended*@path: path the file (NOT NULL)*@flags: flags controlling path name generation*@buffer: buffer to put name in (NOT NULL)*@name: Returns - the generated path name if !error (NOT

759

If error Then

760

If profile_unconfined(profile) || flags & fallback to ix on name lookup fail Then

762

AA_DEBUG("name lookup ix on error")

763

error = 0

765

xname = Name of binary as seen by procps

766

Go to audit

770

state = aa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -

771

If Not (allow & her stack or change_profile ) Then

772

info = "no change_onexec valid for executable"

773

Go to audit

779

state = aa_dfa_null_transition - step to next state after null character*@dfa: the dfa to match against*@start: the state of the dfa to start matching in* aa_dfa_null_transition transitions to the next state after a null* character which is not used in standard

780

error = hange_profile_perms - find permissions for change_profile*@profile: the current profile (NOT NULL)*@target: label to transition to (NOT NULL)*@stack: whether this is a stacking request*@request: requested perms*@start: state to start matching in* Returns:

782

If error Then

783

allow &= ~her stack or change_profile

784

Go to audit

787

If Not ( Reserved: * u32 subtree; / * set only when allow is set * / & AA_X_UNSAFE) Then

788

If DEBUG remains global (no per profile flag) since it is mostly used in sysctl* which is not related to profile accesses. Then

789

dbg_printk("apparmor: scrubbing environment variables for %s label=", xname)

791

aa_label_printk(onexec, GFP_KERNEL)

792

dbg_printk("\n")

794

* secure_exec = true

797

audit :

798

Return aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being

**Caller**
Name	Describe
handle_onexec	sure none ns domain transitions are correctly applied with onexec

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report