aa_replace_profiles

Name:aa_replace_profiles - replace profile(s) on the profile list*@policy_ns: namespace load is occurring on*@label: label that is attempting to load/replace policy*@mask: permission mask*@udata: serialized data stream (NOT NULL)* unpack and replace a profile

Proto:ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, unsigned int mask, struct aa_loaddata *udata)

Type:ssize_t

Parameter:

Type	Parameter	Name
struct aa_ns *	policy_ns
struct aa_label *	label
unsigned int	mask
struct aa_loaddata *	udata

859

const char * ns_name = NULL, * info = NULL

860

struct aa_ns * ns = NULL

865

867

op = If mask & AA_MAY_REPLACE_POLICY Then OP_PROF_REPL Else OP_PROF_LOAD

868

aa_get_loaddata - get a reference count from a counted data reference*@data: reference to get a count on* Returns: point to reference* Requires: @data to have a valid reference count on it. It is a bug

870

error = aa_unpack - unpack packed binary profile(s) data loaded from user space*@udata: user data copied to kmem (NOT NULL)*@lh: list to place unpacked profiles in a aa_repl_ws*@ns: Returns namespace profile is in if specified else NULL (NOT NULL)* Unpack user

871

If error Then Go to out

879

count = 0

881

If ns_name Then

882

If ns_name && strcmp(ns_name, ns_name) != 0 Then

884

info = "policy load has mixed namespaces"

885

error = -EACCES

886

Go to fail

888

Else if ns_name Then

889

If count Then

890

info = "policy load has mixed namespaces"

891

error = -EACCES

892

Go to fail

894

ns_name = ns_name

895

Else count++

898

If ns_name Then

899

ns = aa_prepare_ns - find an existing or create a new namespace of @name*@parent: ns to treat as parent*@name: the namespace to find or add (NOT NULL)* Returns: refcounted namespace or PTR_ERR if failed to create one

901

If IS_ERR(ns) Then

902

op = OP_PROF_LOAD

903

info = "failed to prepare namespace"

904

error = PTR_ERR(ns)

905

ns = NULL

906

ent = NULL

907

Go to fail

909

Else ns = aa_get_ns - increment references count on @ns*@ns: namespace to increment reference count of (MAYBE NULL)* Returns: pointer to @ns, if @ns is NULL returns NULL* Requires: @ns must be held with valid refcount when called

912

mutex_lock_nested( & lock, level)

915

If aa_rawdata_eq(rawdata_ent, udata) Then

918

tmp = __aa_get_loaddata - get a reference count to uncounted data reference*@data: reference to get a count on* Returns: pointer to reference OR NULL if race is lost and reference is* being repeated

920

If tmp Then

921

aa_put_loaddata(udata)

922

923

Break

931

rawdata = aa_get_loaddata - get a reference count from a counted data reference*@data: reference to get a count on* Returns: point to reference* Requires: @data to have a valid reference count on it. It is a bug

932

error = __lookup_replace - lookup replacement information for a profile*@ns - namespace the lookup occurs in*@hname - name of profile to lookup*@noreplace - true if not replacing an existing profile*@p - Returns: profile to be replaced*@info - Returns: info

935

If error Then Go to fail_lock

938

If rename Then

939

error = __lookup_replace - lookup replacement information for a profile*@ns - namespace the lookup occurs in*@hname - name of profile to lookup*@noreplace - true if not replacing an existing profile*@p - Returns: profile to be replaced*@info - Returns: info

942

If error Then Go to fail_lock

947

ns = aa_get_ns - increment references count on @ns*@ns: namespace to increment reference count of (MAYBE NULL)* Returns: pointer to @ns, if @ns is NULL returns NULL* Requires: @ns must be held with valid refcount when called

949

If old || rename Then Continue

953

policy = __lookup_parent - lookup the parent of a profile of name @hname*@ns: namespace to lookup profile in (NOT NULL)*@hname: hierarchical profile name to find parent of (NOT NULL)* Lookups up the parent of a fully qualified profile name, the profile* that

954

If Not policy Then

956

p = __list_lookup_parent( & lh, new)

957

If Not p Then

958

error = -ENOENT

959

info = "parent does not exist"

960

Go to fail_lock

962

cu_assign_pointer() - assign to RCU-protected pointer*@p: pointer to assign to*@v: value to assign (publish)* Assigns the specified value to the specified RCU-protected* pointer, ensuring that any concurrent RCU readers will see* any prior initialization(parent, aa_get_profile - increment refcount on profile @p*@p: profile (MAYBE NULL)* Returns: pointer to @p if @p is NULL will return NULL* Requires: @p must be held with valid refcount when called)

963

Else if policy != base Then

965

p = policy

966

cu_assign_pointer() - assign to RCU-protected pointer*@p: pointer to assign to*@v: value to assign (publish)* Assigns the specified value to the specified RCU-protected* pointer, ensuring that any concurrent RCU readers will see* any prior initialization(parent, aa_get_profile - increment refcount on profile @p*@p: profile (MAYBE NULL)* Returns: pointer to @p if @p is NULL will return NULL* Requires: @p must be held with valid refcount when called)

971

If Not dents[AAFS_LOADDATA_DIR] Then

972

error = __aa_fs_create_rawdata(ns, udata)

973

If error Then

974

info = "failed to create raw_data dir and files"

975

ent = NULL

976

Go to fail_lock

980

If Not old Then

982

If cu_access_pointer() - fetch RCU pointer with no dereferencing*@p: The pointer to read* Return the value of the specified RCU-protected pointer, but omit the* lockdep checks for being in an RCU read-side critical section(parent) Then

984

p = aa_deref_parent(new)

985

parent = prof_child_dir(p)

986

Else parent = ns_subprofs_dir(ns)

988

error = Requires: @profile->ns->lock held

991

If error Then

992

info = "failed to create"

993

Go to fail_lock

998

__aa_bump_ns_revision(ns)

999

__aa_loaddata_update(udata, revision)

1001

list_del_init - deletes entry from list and reinitialize it.*@entry: the element to delete from the list.

1002

op = If Not old && Not rename Then OP_PROF_LOAD Else OP_PROF_REPL

1004

If old && rawdata == rawdata Then

1006

audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra

1010

aa_put_proxy(proxy)

1011

proxy = NULL

1012

Go to skip

1019

audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra

1022

If old Then

1023

share_name(old, new)

1024

__replace_profile - replace @old with @new on a list*@old: profile to be replaced (NOT NULL)*@new: profile to replace @old with (NOT NULL)*@share_proxy: transfer @old->proxy to @new* Will duplicate and refcount elements that @new inherits from @old

1025

Else

1028

If cu_access_pointer() - fetch RCU pointer with no dereferencing*@p: The pointer to read* Return the value of the specified RCU-protected pointer, but omit the* lockdep checks for being in an RCU read-side critical section(parent) Then

1031

parent = Update to newest version of parent after previous replacements* Returns: unrefcount newest version of parent

1032

1033

Else lh = profiles

1035

__add_profile - add a profiles to list and label tree*@list: list to add it to (NOT NULL)*@profile: the profile to add (NOT NULL)* refcount @profile, should be put by __list_remove_profile* Requires: namespace lock be held, or list not be shared

1037

skip :

1038

aa_load_ent_free(ent)

1040

__aa_labelset_update_subtree(ns)

1041

mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.

1043

out :

1044

aa_put_ns - decrement refcount on @ns*@ns: namespace to put reference of* Decrement reference count of @ns and if no longer in use free it

1045

aa_put_loaddata(udata)

1046

1048

If error Then Return error

1050

Return he original size of the payload

1052

1053

mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.

1056

op = If ent && Not old Then OP_PROF_LOAD Else OP_PROF_REPL

1057

fail :

1058

audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra

1061

info = "valid profile in failed atomic policy load"

1063

If tmp == ent Then

1064

info = "unchecked profile in failed atomic policy load"

1066

Continue

1068

op = If Not old Then OP_PROF_LOAD Else OP_PROF_REPL

1069

audit_policy - Do auditing of policy changes*@label: label to check if it can manage policy*@op: policy operation being performed*@ns_name: name of namespace being manipulated*@name: name of profile being manipulated (NOT NULL)*@info: any extra

1073

list_del_init - deletes entry from list and reinitialize it.*@entry: the element to delete from the list.

1074

aa_load_ent_free(ent)

1077

Go to out

**Caller**
Name	Describe
policy_update

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion