Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\policy.c Create Date:2022-07-28 19:52:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:policy_view_capable - check if viewing policy in at @ns is allowed* Returns: true if viewing policy is allowed* If @ns is NULL then the namespace being viewed is assumed to be the* tasks current namespace.

Proto:bool policy_view_capable(struct aa_ns *ns)

Type:bool

Parameter:

TypeParameterName
struct aa_ns *ns namespace being viewed by current task (may be NULL)
644  user_ns = current_user_ns()
645  view_ns = aa_get_current_ns()
646  root_in_user_ns = uid_eq(current_euid(), make_kuid - Map a user-namespace uid pair into a kuid) || in_egroup_p(make_kgid - Map a user-namespace gid pair into a kgid)
648  bool response = false
649  If Not namespace being viewed by current task (may be NULL) Then namespace being viewed by current task (may be NULL) = view_ns
652  If root_in_user_ns && aa_ns_visible(view_ns, namespace being viewed by current task (may be NULL), true) && ( user_ns == userns count is 1 for root user, 1 for init_uts_ns,* and 1 for... ? || unprivileged_userns_apparmor_policy != 0 && level == level ) Then response = true
657  aa_put_ns - decrement refcount on @ns*@ns: namespace to put reference of* Decrement reference count of @ns and if no longer in use free it
659  Return response
Caller
NameDescribe
profiles_open
policy_admin_capable
param_get_aalockpolicy
param_get_aabool
param_get_aauint
param_get_aacompressionlevel
param_get_audit
param_get_mode
rawdata_open