函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\policy.c Create Date:2022-07-27 21:33:47
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:aa_replace_profiles - replace profile(s) on the profile list*@policy_ns: namespace load is occurring on*@label: label that is attempting to load/replace policy*@mask: permission mask*@udata: serialized data stream (NOT NULL)* unpack and replace a profile

函数原型:ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, unsigned int mask, struct aa_loaddata *udata)

返回类型:ssize_t

参数:

类型参数名称
struct aa_ns *policy_ns
struct aa_label *label
unsigned intmask
struct aa_loaddata *udata
859  const char * ns_name = NULL, * info = NULL
860  struct aa_ns * ns = NULL
865  LIST_HEAD(lh)
867  op等于如果mask按位与AA_MAY_REPLACE_POLICYOP_PROF_REPL否则OP_PROF_LOAD
868  aa_get_loaddata - get a reference count from a counted data reference*@data: reference to get a count on* Returns: point to reference* Requires: @data to have a valid reference count on it. It is a bug
870  error等于aa_unpack - unpack packed binary profile(s) data loaded from user space*@udata: user data copied to kmem (NOT NULL)*@lh: list to place unpacked profiles in a aa_repl_ws*@ns: Returns namespace profile is in if specified else NULL (NOT NULL)* Unpack user
871  如果error则转到:out
879  count等于0
881  如果ns_name
882  如果ns_name字符串比较不等于0则
884  info等于"policy load has mixed namespaces"
885  error等于负EACCES
886  转到:fail
888  否则如果ns_name
889  如果count
890  info等于"policy load has mixed namespaces"
891  error等于负EACCES
892  转到:fail
894  ns_name等于ns_name
895  否则count自加
898  如果ns_name
899  ns等于aa_prepare_ns - find an existing or create a new namespace of @name*@parent: ns to treat as parent*@name: the namespace to find or add (NOT NULL)* Returns: refcounted namespace or PTR_ERR if failed to create one
901  如果是错误
902  op等于OP_PROF_LOAD
903  info等于"failed to prepare namespace"
904  error等于错误
905  ns = NULL
906  ent = NULL
907  转到:fail
909  否则ns等于aa_get_ns - increment references count on @ns*@ns: namespace to increment reference count of (MAYBE NULL)* Returns: pointer to @ns, if @ns is NULL returns NULL* Requires: @ns must be held with valid refcount when called
912  mutex_lock_nested( & lock, level)
915  如果aa_rawdata_eq(rawdata_ent, udata)则
918  tmp等于__aa_get_loaddata - get a reference count to uncounted data reference*@data: reference to get a count on* Returns: pointer to reference OR NULL if race is lost and reference is* being repeated
920  如果tmp
921  aa_put_loaddata(udata)
922  udata等于tmp
923  退出
931  rawdata等于aa_get_loaddata - get a reference count from a counted data reference*@data: reference to get a count on* Returns: point to reference* Requires: @data to have a valid reference count on it. It is a bug
932  error等于__lookup_replace - lookup replacement information for a profile*@ns - namespace the lookup occurs in*@hname - name of profile to lookup*@noreplace - true if not replacing an existing profile*@p - Returns: profile to be replaced*@info - Returns: info
935  如果error则转到:fail_lock
938  如果rename
947  ns等于aa_get_ns - increment references count on @ns*@ns: namespace to increment reference count of (MAYBE NULL)* Returns: pointer to @ns, if @ns is NULL returns NULL* Requires: @ns must be held with valid refcount when called
949  如果oldrename则继续下一循环
953  policy等于__lookup_parent - lookup the parent of a profile of name @hname*@ns: namespace to lookup profile in (NOT NULL)*@hname: hierarchical profile name to find parent of (NOT NULL)* Lookups up the parent of a fully qualified profile name, the profile* that
954  如果非policy
963  否则如果policy不等于base
971  如果非dents[AAFS_LOADDATA_DIR]则
972  error等于__aa_fs_create_rawdata(ns, udata)
973  如果error
974  info等于"failed to create raw_data dir and files"
975  ent = NULL
976  转到:fail_lock
980  如果非old
991  如果error
992  info等于"failed to create"
993  转到:fail_lock
998  __aa_bump_ns_revision(ns)
999  __aa_loaddata_update(udata, revision)
1001  删除链表项并重新初始化
1002  op等于如果非old且非renameOP_PROF_LOAD否则OP_PROF_REPL
1004  如果oldrawdata恒等于rawdata
1019  audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra
1022  如果old
1025  否则
1037  :
1038  aa_load_ent_free(ent)
1040  __aa_labelset_update_subtree(ns)
1041  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
1043  out :
1044  aa_put_ns - decrement refcount on @ns*@ns: namespace to put reference of* Decrement reference count of @ns and if no longer in use free it
1045  aa_put_loaddata(udata)
1046  释放内存
1048  如果error则返回:error
1050  返回:he original size of the payload
1052  fail_lock :
1053  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
1056  op等于如果ent且非oldOP_PROF_LOAD否则OP_PROF_REPL
1057  fail :
1058  audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra
1061  info等于"valid profile in failed atomic policy load"
1063  如果tmp恒等于ent
1064  info等于"unchecked profile in failed atomic policy load"
1066  继续下一循环
1068  op等于如果非oldOP_PROF_LOAD否则OP_PROF_REPL
1069  audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra
1073  删除链表项并重新初始化
1074  aa_load_ent_free(ent)
1077  转到:out
调用者
名称描述
policy_update