Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\domain.c Create Date:2022-07-28 19:51:37
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:profile_onexec

Proto:static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec, bool stack, const struct linux_binprm *bprm, char *buffer, struct path_cond *cond, bool *secure_exec)

Type:int

Parameter:

TypeParameterName
struct aa_profile *profile
struct aa_label *onexec
boolstack
const struct linux_binprm *bprm
char *buffer
struct path_cond *cond
bool *secure_exec
737  state = start
738  struct aa_perms perms = {}
739  xname = NULL , info = "change_profile onexec"
740  error = -EACCES
742  AA_BUG(!profile)
743  AA_BUG(!onexec)
744  AA_BUG(!bprm)
745  AA_BUG(!buffer)
747  If profile_unconfined(profile) Then
754  Return 0
757  error = aa_path_name - get the pathname to a buffer ensure dir / is appended*@path: path the file (NOT NULL)*@flags: flags controlling path name generation*@buffer: buffer to put name in (NOT NULL)*@name: Returns - the generated path name if !error (NOT
759  If error Then
762  AA_DEBUG("name lookup ix on error")
763  error = 0
765  xname = Name of binary as seen by procps
766  Go to audit
770  state = aa_str_perms - find permission that match @name*@dfa: to match against (MAYBE NULL)*@state: state to start matching in*@name: string to match against dfa (NOT NULL)*@cond: conditions to consider for permission set computation (NOT NULL)*@perms: Returns -
771  If Not (allow & her stack or change_profile ) Then
772  info = "no change_onexec valid for executable"
773  Go to audit
779  state = aa_dfa_null_transition - step to next state after null character*@dfa: the dfa to match against*@start: the state of the dfa to start matching in* aa_dfa_null_transition transitions to the next state after a null* character which is not used in standard
780  error = hange_profile_perms - find permissions for change_profile*@profile: the current profile (NOT NULL)*@target: label to transition to (NOT NULL)*@stack: whether this is a stacking request*@request: requested perms*@start: state to start matching in* Returns:
782  If error Then
783  allow &= ~her stack or change_profile
784  Go to audit
787  If Not ( Reserved: * u32 subtree; / * set only when allow is set * / & AA_X_UNSAFE) Then
789  dbg_printk("apparmor: scrubbing environment variables for %s label=", xname)
792  dbg_printk("\n")
794  * secure_exec = true
797  audit :
798  Return aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being
Caller
NameDescribe
handle_onexecsure none ns domain transitions are correctly applied with onexec