Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\hooks.c Create Date:2022-07-28 18:57:29
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:selinux_inode_setxattr

Proto:static int selinux_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags)

Type:int

Parameter:

TypeParameterName
struct dentry *dentry
const char *name
const void *value
size_tsize
intflags
3138  inode = d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper
3142  sid = get the subjective security ID of the current task
3143  rc = 0
3145  If strcmp(name, XATTR_NAME_SELINUX) Then
3146  rc = ap_inode_setxattr - Determine whether an xattr may be altered*@dentry: The inode/dentry being altered*@name: The name of the xattr to be changed*@value: The value that the xattr will be changed to*@size: The size of value*@flags: The replacement flag*
3147  If rc Then Return rc
3152  Return Same as inode_has_perm, but pass explicit audit data containingthe dentry to help the auditing code to more easily generate thepathname if needed.
3155  If Not initialized Then Return If inode_owner_or_capable(inode) Then 0 Else -EPERM
3158  sbsec = s_security
3159  If Not ( which mount options were specified & SBLABEL_MNT) Then Return -EOPNOTSUPP
3162  If Not inode_owner_or_capable(inode) Then Return -EPERM
3165  type = LSM_AUDIT_DATA_DENTRY
3166  dentry = dentry
3168  isec = Get the security label of a dentry's backing inode.
3169  rc = avc_has_perm - Check permissions and perform any appropriate auditing
3172  If rc Then Return rc
3175  rc = security_context_to_sid( & selinux_state, value, size, & newsid, GFP_KERNEL)
3177  If rc == -EINVAL Then
3178  If Not has_cap_mac_admin(true) Then
3184  If value Then
3185  str = value
3187  If str[size - 1] == '\0' Then audit_size = size - 1
3189  Else audit_size = size
3191  Else
3192  audit_size = 0
3194  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
3196  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
3197  audit_log_n_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@len: length of string (not including trailing null)*@string: string to be logged* This code will escape a string that is passed to it if the string* contains
3198  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
3200  Return rc
3202  rc = security_context_to_sid_force( & selinux_state, value, size, & newsid)
3205  If rc Then Return rc
3208  rc = avc_has_perm - Check permissions and perform any appropriate auditing
3211  If rc Then Return rc
3214  rc = security_validate_transition( & selinux_state, SID of this object , newsid, sid, security class of this object )
3216  If rc Then Return rc
3219  Return avc_has_perm - Check permissions and perform any appropriate auditing