函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\policy_unpack.c Create Date:2022-07-27 21:35:31
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:pack_profile - unpack a serialized profile*@e: serialized data extent information (NOT NULL)* NOTE: unpack profile sets audit struct if there is a failure

函数原型:static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)

返回类型:struct aa_profile

参数:

类型参数名称
struct aa_ext *e
char **ns_name
676  struct aa_profile * profile = NULL
677  const char * tmpname, * tmpns = NULL, * name = NULL
678  info等于"failed to unpack profile"
680  struct rhashtable_params params = {0}
681  char * key = NULL
683  error等于负EPROTO
687  * ns_name = NULL
690  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element则转到:fail
692  如果非unpack_str(e, & name, NULL)则转到:fail
694  如果name恒等于'\0'则转到:fail
697  tmpname等于aa_splitn_fqname(name, strlen - Find the length of a string*@s: The string to be sized, & tmpns, & ns_len)
698  如果tmpns
699  ns_name等于kstrndup - allocate space for and copy an existing string*@s: the string to duplicate*@max: read at most @max chars from @s*@gfp: the GFP mask used in the kmalloc() call when allocating memory* Note: Use kmemdup_nul() instead if the size is known exactly
700  如果非ns_name
701  info等于"out of memory"
702  转到:fail
704  name等于tmpname
707  profile等于aa_alloc_profile - allocate, initialize and return a new profile*@hname: name of the profile (NOT NULL)*@gfp: allocation type* Returns: refcount profile or NULL on failure
708  如果非profile则返回:错误号
712  unpack_str(e, & rename, "rename")
715  unpack_str(e, & attach, "attach")
718  xmatch等于pack_dfa - unpack a file rule dfa*@e: serialized data extent information (NOT NULL)* returns dfa or ERR_PTR or NULL if no dfa
719  如果是错误
720  error等于错误
721  xmatch = NULL
722  info等于"bad xmatch"
723  转到:fail
726  如果xmatch
727  如果非unpack_u32(e, & tmp, NULL)则
728  info等于"missing xmatch len"
729  转到:fail
731  xmatch_len等于tmp
735  unpack_str(e, & disconnected, "disconnected")
738  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
739  info等于"profile missing flags"
740  转到:fail
742  info等于"failed to unpack profile flags"
743  如果非unpack_u32(e, & tmp, NULL)则转到:fail
745  如果tmp按位与PACKED_FLAG_HATflags或等于 profile is a hat
747  如果非unpack_u32(e, & tmp, NULL)则转到:fail
749  如果tmp恒等于PACKED_MODE_COMPLAINversion按位与FORCE_COMPLAIN_FLAGmode等于allow and log access violations
751  否则如果tmp恒等于PACKED_MODE_KILLmode等于kill task on access violation
753  否则如果tmp恒等于PACKED_MODE_UNCONFINEDmode等于profile set to unconfined
755  如果非unpack_u32(e, & tmp, NULL)则转到:fail
757  如果tmpaudit等于AUDIT_ALL
760  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element则转到:fail
764  如果unpack_u32(e, & path_flags, "path_flags")则path_flags或等于flags按位与 mediate deleted paths
767  否则path_flags等于 mediate deleted paths
771  info等于"failed to unpack profile capabilities"
772  如果非unpack_u32(e, & (cap[0]), NULL)则转到:fail
774  如果非unpack_u32(e, & (cap[0]), NULL)则转到:fail
776  如果非unpack_u32(e, & (cap[0]), NULL)则转到:fail
778  如果非unpack_u32(e, & cap[0], NULL)则转到:fail
781  info等于"failed to unpack upper profile capabilities"
782  如果pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
784  如果非unpack_u32(e, & (cap[1]), NULL)则转到:fail
786  如果非unpack_u32(e, & (cap[1]), NULL)则转到:fail
788  如果非unpack_u32(e, & (cap[1]), NULL)则转到:fail
790  如果非unpack_u32(e, & (cap[1]), NULL)则转到:fail
792  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element则转到:fail
796  info等于"failed to unpack extended profile capabilities"
797  如果pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
799  如果非unpack_u32(e, & (cap[0]), NULL)则转到:fail
801  如果非unpack_u32(e, & (cap[1]), NULL)则转到:fail
803  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element则转到:fail
807  如果非unpack_xattrs(e, profile)则
808  info等于"failed to unpack profile xattrs"
809  转到:fail
812  如果非unpack_rlimits(e, profile)则
813  info等于"failed to unpack profile rlimits"
814  转到:fail
817  如果非unpack_secmark(e, profile)则
818  info等于"failed to unpack profile secmark rules"
819  转到:fail
822  如果pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
824  info等于"failed to unpack policydb"
825  Generic policy DFA specific rule types will be subsections of it 等于pack_dfa - unpack a file rule dfa*@e: serialized data extent information (NOT NULL)* returns dfa or ERR_PTR or NULL if no dfa
826  如果是错误
827  error等于错误
828  Generic policy DFA specific rule types will be subsections of it = NULL
829  转到:fail
830  否则如果非Generic policy DFA specific rule types will be subsections of it
831  error等于负EPROTO
832  转到:fail
834  如果非unpack_u32(e, & set of start states for the different classes of data[0], "start")则 set of start states for the different classes of data[0]等于DFA_START
838 i小于等于AA_CLASS_LAST循环
839  set of start states for the different classes of data[i]等于aa_dfa_next - step one character to the next state in the dfa*@dfa: the dfa to traverse (NOT NULL)*@state: the state to start in*@c: the input character to transition on* aa_dfa_match will step through the dfa by one input character @c* Returns: state
844  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element则转到:fail
846  否则Generic policy DFA specific rule types will be subsections of it 等于aa_get_dfa - increment refcount on dfa @p*@dfa: dfa (MAYBE NULL)* Returns: pointer to @dfa if @dfa is NULL will return NULL* Requires: @dfa must be held with valid refcount when called
850  dfa等于pack_dfa - unpack a file rule dfa*@e: serialized data extent information (NOT NULL)* returns dfa or ERR_PTR or NULL if no dfa
851  如果是错误
852  error等于错误
853  dfa = NULL
854  info等于"failed to unpack profile file rules"
855  转到:fail
856  否则如果dfa
857  如果非unpack_u32(e, & start, "dfa_start")则start等于DFA_START
860  否则如果Generic policy DFA specific rule types will be subsections of it set of start states for the different classes of data[AA_CLASS_FILE]则
862  dfa等于aa_get_dfa - increment refcount on dfa @p*@dfa: dfa (MAYBE NULL)* Returns: pointer to @dfa if @dfa is NULL will return NULL* Requires: @dfa must be held with valid refcount when called
863  start等于 set of start states for the different classes of data[AA_CLASS_FILE]
864  否则dfa等于aa_get_dfa - increment refcount on dfa @p*@dfa: dfa (MAYBE NULL)* Returns: pointer to @dfa if @dfa is NULL will return NULL* Requires: @dfa must be held with valid refcount when called
867  如果非pack_trans_table - unpack a profile transition table*@e: serialized data extent information (NOT NULL)*@profile: profile to add the accept table to (NOT NULL)* Returns: 1 if table successfully unpacked
868  info等于"failed to unpack profile transition table"
869  转到:fail
872  如果pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
873  info等于"out of memory"
874  data等于分配内存并置零
875  如果非data则转到:fail
878  nelem_hint等于3
879  key_len等于*的长度
880  key_offset等于offsetof(structaa_data, key)
881  head_offset等于offsetof(structaa_data, head)
882  hashfn等于strhash
883  obj_cmpfn等于datacmp
885  如果hashtable_init - initialize a new hash table*@ht: hash table to be initialized*@params: configuration parameters* Initializes a new hash table based on the provided configuration* parameters
886  info等于"failed to init key, value hash table"
887  转到:fail
890 unpack_strdup(e, & key, NULL)循环
891  data等于分配内存并置零
892  如果非data
897  name for retrieving this data等于key
898  size of data in bytes等于unpack_blob(e, & binary data, NULL)
899  binary data等于kvmemdup( binary data, size of data in bytes)
900  如果 size of data in bytes且非 binary data
906  hashtable_insert_fast - insert object into hash table*@ht: hash table*@obj: pointer to hash head inside object*@params: hash table parameters* Will take the per bucket bitlock to protect against mutual mutations* on the same bucket
910  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
911  info等于"failed to unpack end of key, value data table"
912  转到:fail
916  如果非pack_nameX - check is the next element is of type X with a name of @name*@e: serialized data extent information (NOT NULL)*@code: type code*@name: name to match to the serialized element
917  info等于"failed to unpack end of profile"
918  转到:fail
921  返回:profile
923  fail :
924  如果profilename = NULL
926  否则如果非namename等于"unknown"
928  audit_iface - do audit message for policy unpacking/load/replace/remove*@new: profile if it has been allocated (MAYBE NULL)*@ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)*@name: name of the profile being manipulated (MAYBE
929  aa_free_profile - free a profile*@profile: the profile to free (MAYBE NULL)* Free a profile, its hats and null_profile
931  返回:错误号
调用者
名称描述
aa_unpackaa_unpack - unpack packed binary profile(s) data loaded from user space*@udata: user data copied to kmem (NOT NULL)*@lh: list to place unpacked profiles in a aa_repl_ws*@ns: Returns namespace profile is in if specified else NULL (NOT NULL)* Unpack user