函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-27 20:11:14
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:ap_task_prctl - Implement process control functions for this security module*@option: The process control function requested*@arg2, @arg3, @arg4, @arg5: The argument data for this function* Allow process control functions (sys_prctl()) to alter

函数原型:int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5)

返回类型:int

参数:

类型参数名称
intoption
unsigned longarg2
unsigned longarg3
unsigned longarg4
unsigned longarg5
1170  old等于current_cred - Access the current task's subjective credentials* Access the subjective credentials of the current task. RCU-safe,* since nobody else can modify it.()
1174  :option恒等于Get/set the capability bounding set (as per security/commoncap.c)
1175  如果非cap_valid(arg2)则返回:负EINVAL
1177  返回:非非cap_raised( capability bounding set , arg2)
1179  :option恒等于PR_CAPBSET_DROP
1180  返回:Implement PR_CAPBSET_DROP. Attempt to remove the specified capability from* the current task's bounding set. Returns 0 on success, -ve on error.
1201  :option恒等于PR_SET_SECUREBITS
1202  如果安全管理按位与SECURE_ALL_LOCKS的值右移1位按位与安全管理按位异或arg2的值或安全管理按位与SECURE_ALL_LOCKS按位与arg2的反或arg2按位与SECURE_ALL_LOCKS按位或SECURE_ALL_BITS的值的反或ap_capable - Determine whether a task has a particular effective capability*@cred: The credentials to use*@ns: The user namespace in which we need the capability*@cap: The capability to check for*@opts: Bitmask of options defined in include/linux/security不等于0则返回:负EPERM
1221  new等于prepare_creds - Prepare a new set of credentials for modification* Prepare a new set of task credentials for modification
1222  如果非new则返回:负ENOMEM
1224  安全管理等于arg2
1225  返回:mmit_creds - Install new credentials upon the current task*@new: The credentials to be assigned* Install a new set of credentials to the current task, using RCU to replace* the old set. Both the objective and the subjective credentials pointers are
1227  :option恒等于Get/set securebits (as per security/commoncap.c)
1228  返回:安全管理
1230  :option恒等于Get/set whether or not to drop capabilities on setuid() away from* uid 0 (as per security/commoncap.c)
1231  返回:非非issecure(When set, a process can retain its capabilities even aftertransitioning to a non-root user (the set-uid fixup suppressed bybit 2). Bit-4 is cleared when a process calls exec(); setting bothbit 4 and 5 will create a barrier through exec that no exec()'d)
1233  :option恒等于PR_SET_KEEPCAPS
1234  如果arg2大于1则返回:负EINVAL
1236  如果issecure(make bit-4 immutable )则返回:负EPERM
1239  new等于prepare_creds - Prepare a new set of credentials for modification* Prepare a new set of task credentials for modification
1240  如果非new则返回:负ENOMEM
1242  如果arg2安全管理或等于Each securesetting is implemented using two bits. One bit specifieswhether the setting is on or off. The other bit specify whether thesetting is locked or not. A setting which is locked cannot bechanged from user-level. (When set, a process can retain its capabilities even aftertransitioning to a non-root user (the set-uid fixup suppressed bybit 2). Bit-4 is cleared when a process calls exec(); setting bothbit 4 and 5 will create a barrier through exec that no exec()'d)
1244  否则安全管理与等于Each securesetting is implemented using two bits. One bit specifieswhether the setting is on or off. The other bit specify whether thesetting is locked or not. A setting which is locked cannot bechanged from user-level. (When set, a process can retain its capabilities even aftertransitioning to a non-root user (the set-uid fixup suppressed bybit 2). Bit-4 is cleared when a process calls exec(); setting bothbit 4 and 5 will create a barrier through exec that no exec()'d)的反
1246  返回:mmit_creds - Install new credentials upon the current task*@new: The credentials to be assigned* Install a new set of credentials to the current task, using RCU to replace* the old set. Both the objective and the subjective credentials pointers are
1248  :option恒等于Control the ambient capability set
1249  如果arg2恒等于PR_CAP_AMBIENT_CLEAR_ALL
1250  如果arg3按位或arg4按位或arg5则返回:负EINVAL
1253  new等于prepare_creds - Prepare a new set of credentials for modification* Prepare a new set of task credentials for modification
1254  如果非new则返回:负ENOMEM
1256  cap_clear( Ambient capability set )
1257  返回:mmit_creds - Install new credentials upon the current task*@new: The credentials to be assigned* Install a new set of credentials to the current task, using RCU to replace* the old set. Both the objective and the subjective credentials pointers are
1260  如果非cap_valid(arg3)按位或arg4按位或arg5则返回:负EINVAL
1263  如果arg2恒等于PR_CAP_AMBIENT_IS_SET
1264  返回:非非cap_raised(cap_ambient, arg3)
1265  否则如果arg2不等于PR_CAP_AMBIENT_RAISEarg2不等于PR_CAP_AMBIENT_LOWER
1267  返回:负EINVAL
1268  否则
1269  如果arg2恒等于PR_CAP_AMBIENT_RAISE且非cap_raised(cap_permitted, arg3)或非cap_raised(cap_inheritable, arg3)或issecure(When set, a process cannot add new capabilities to its ambient set. )的值则返回:负EPERM
1276  new等于prepare_creds - Prepare a new set of credentials for modification* Prepare a new set of task credentials for modification
1277  如果非new则返回:负ENOMEM
1279  如果arg2恒等于PR_CAP_AMBIENT_RAISEcap_raise( Ambient capability set , arg3)
1281  否则cap_lower( Ambient capability set , arg3)
1283  返回:mmit_creds - Install new credentials upon the current task*@new: The credentials to be assigned* Install a new set of credentials to the current task, using RCU to replace* the old set. Both the objective and the subjective credentials pointers are
1286  默认
1288  返回:负ENOSYS