函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\file.c Create Date:2022-07-27 21:42:37
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:aa_file_perm - do permission revalidation check & audit for @file*@op: operation being checked*@label: label being enforced (NOT NULL)*@file: file to revalidate access permissions on (NOT NULL)*@request: requested permissions*@in_atomic: whether

函数原型:int aa_file_perm(const char *op, struct aa_label *label, struct file *file, unsigned int request, bool in_atomic)

返回类型:int

参数:

类型参数名称
const char *op
struct aa_label *label
struct file *file
unsigned intrequest
boolin_atomic
613  error等于0
615  AA_BUG(!label)
616  AA_BUG(!file)
618  fctx等于file_ctx(file)
620  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
621  flabel等于cu_dereference() - fetch RCU-protected pointer for dereferencing*@p: The pointer to read, prior to dereferencing* This is a simple wrapper around rcu_dereference_check().(label)
622  AA_BUG(!flabel)
631  denied等于request按位与allow的反
632  如果unconfined(label)或unconfined(flabel)或非deniedaa_label_is_subset(flabel, label)则
634  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
635  转到:done
638  flabel等于aa_get_newest_label - find the newest version of @l*@l: the label to check for newer versions of* Returns: refcounted newest version of @l taking into account* replacement, renames and removals* return @l.
639  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
642  如果mntpath_mediated_fs(dentry)则error等于__file_path_perm(op, label, flabel, file, request, denied, in_atomic)
646  否则如果S_ISSOCK(i_mode)则error等于__file_sock_perm(op, label, flabel, file, request, denied)
649  aa_put_label(flabel)
651  done :
652  返回:error
调用者
名称描述
revalidate_tty
match_file
common_file_perm