Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-28 18:36:32
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Extract the on-exec-apply capability sets for an executable file.

Proto:int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)

Type:int

Parameter:

TypeParameterName
const struct dentry *dentry
struct cpu_vfs_cap_data *cpu_caps
573  inode = d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper
577  nscaps = data
578  struct vfs_cap_data * caps = (struct vfs_cap_data * ) & data
582  memset(cpu_caps, 0, sizeof(structcpu_vfs_cap_data))
584  If Not inode Then Return -ENODATA
587  fs_ns = s_user_ns
588  size = __vfs_getxattr((structdentry * )dentry, inode, XATTR_NAME_CAPS, & data, XATTR_CAPS_SZ)
590  If size == -ENODATA || size == -EOPNOTSUPP Then Return -ENODATA
594  If size < 0 Then Return size
597  If size < size of magic_etc Then Return -EINVAL
600  magic_etc = magic_etc = le32_to_cpu( Little endian )
602  rootkuid = make_kuid - Map a user-namespace uid pair into a kuid
604  Case & == VFS_CAP_REVISION_1
605  If size != XATTR_CAPS_SZ_1 Then Return -EINVAL
607  tocopy = VFS_CAP_U32_1
608  Break
609  Case & == VFS_CAP_REVISION_2
610  If size != XATTR_CAPS_SZ_2 Then Return -EINVAL
612  tocopy = VFS_CAP_U32_2
613  Break
614  Case & == VFS_CAP_REVISION_3
615  If size != XATTR_CAPS_SZ_3 Then Return -EINVAL
617  tocopy = VFS_CAP_U32_3
618  rootkuid = make_kuid - Map a user-namespace uid pair into a kuid
619  Break
621  Default
622  Return -EINVAL
627  If Not rootid_owns_currentns(rootkuid) Then Return -ENODATA
631  If i >= tocopy Then Break
633  cap[i] = le32_to_cpu(permitted)
634  cap[i] = le32_to_cpu( Little endian )
637  cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK
638  cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK
640  rootid = rootkuid
642  Return 0
Caller
NameDescribe
__audit_log_bprm_fcaps__audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps*@bprm: pointer to the bprm being processed*@new: the proposed new credentials*@old: the old credentials* Simply check if the proc already has the caps given by the file and
get_file_capsAttempt to get the on-exec apply capability sets for an executable file from* its xattrs and, if present, apply them to the proposed credentials being* constructed by execve().
audit_copy_fcaps