Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\policy.c Create Date:2022-07-28 19:52:01
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:aa_may_manage_policy - can the current task manage policy*@label: label to check if it can manage policy*@op: the policy manipulation operation being done* Returns: 0 if the task is allowed to manipulate policy else error

Proto:int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns, unsigned int mask)

Type:int

Parameter:

TypeParameterName
struct aa_label *label
struct aa_ns *ns
unsigned intmask
684  If mask & AA_MAY_REMOVE_POLICY Then op = OP_PROF_RM
686  Else if mask & AA_MAY_REPLACE_POLICY Then op = OP_PROF_REPL
688  Else op = OP_PROF_LOAD
692  If aa_g_lock_policy Then Return audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra
696  If Not policy_admin_capable(ns) Then Return audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra
701  Return 0
Caller
NameDescribe
profile_remove.remove file hook fn to remove loaded policy
ns_mkdir_op
ns_rmdir_op