函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\avc.c Create Date:2022-07-27 20:17:30
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:avc_update_node Update an AVC entry*@event : Updating event*@perms : Permission mask bits*@ssid,@tsid,@tclass : identifier of an AVC entry*@seqno : sequence number when decision was made*@xpd: extended_perms_decision to be added to the node

函数原型:static int avc_update_node(struct selinux_avc *avc, unsigned int event, unsigned int perms, u8 driver, u8 xperm, unsigned int ssid, unsigned int tsid, u16 tclass, unsigned int seqno, struct extended_perms_decision *xpd, unsigned int flags)

返回类型:int

参数:

类型参数名称
struct selinux_avc *avc
unsigned intevent
unsigned intperms
u8driver
u8xperm
unsigned intssid
unsigned inttsid
u16tclass
unsigned intseqno
struct extended_perms_decision *xpd
unsigned intflags
834  rc等于0
836  struct avc_node * pos, * node, * orig = NULL
852  如果flags按位与 blocking 则返回:0
855  node等于avc_alloc_node(avc)
856  如果非node
857  rc等于负ENOMEM
858  转到:out
862  hvalue等于avc_hash(ssid, tsid, tclass)
864  head等于 head for avc_node->list [hvalue]
865  lock等于 lock for writes [hvalue]
867  spin_lock_irqsave(lock, flag)
870  如果ssid恒等于ssidtsid恒等于tsidtclass恒等于tclassseqno恒等于seqno
874  orig等于pos
875  退出
879  如果非orig
880  rc等于负ENOENT
881  avc_node_kill(avc, node)
882  转到:out_unlock
889  avc_node_populate(node, ssid, tsid, tclass, & avd)
891  如果xp_node
892  rc等于avc_xperms_populate(node, xp_node)
893  如果rc
894  avc_node_kill(avc, node)
895  转到:out_unlock
900  :event恒等于AVC_CALLBACK_GRANT
905  :event恒等于AVC_CALLBACK_TRY_REVOKE
906  :event恒等于AVC_CALLBACK_REVOKE
907  allowed与等于perms的反
908  退出
909  :event恒等于AVC_CALLBACK_AUDITALLOW_ENABLE
910  auditallow或等于perms
911  退出
912  :event恒等于AVC_CALLBACK_AUDITALLOW_DISABLE
913  auditallow与等于perms的反
914  退出
915  :event恒等于AVC_CALLBACK_AUDITDENY_ENABLE
916  auditdeny或等于perms
917  退出
918  :event恒等于AVC_CALLBACK_AUDITDENY_DISABLE
919  auditdeny与等于perms的反
920  退出
921  :event恒等于AVC_CALLBACK_ADD_XPERMS
925  avc_node_replace(avc, node, orig)
926  out_unlock :
927  spin_unlock_irqrestore(lock, flag)
928  out :
929  返回:rc
调用者
名称描述
avc_denied
avc_has_extended_permsThe avc extended permissions logic adds an additional 256 bits of* permissions to an avc node when extended permissions for that node are* specified in the avtab