函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\hooks.c Create Date:2022-07-27 20:32:59
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Called whenever SCTP receives an INIT chunk. This happens when an incoming* connect(2), sctp_connectx(3) or sctp_sendmsg(3) (with no association* already present).

函数原型:static int selinux_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb)

返回类型:int

参数:

类型参数名称
struct sctp_endpoint *ep
struct sk_buff *skb
5203  sksec等于sk_security
5205  struct lsm_network_audit net = {0, }
5207  peer_sid等于SECINITSID_UNLABELED
5209  err等于0
5211  如果非selinux_policycap_extsockclass()则返回:0
5214  peerlbl_active等于selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled* Description:* This function checks if NetLabel or labeled IPSEC is enabled
5216  如果peerlbl_active
5220  err等于selinux_skb_peerlbl_sid - Determine the peer label of a packet*@skb: the packet*@family: protocol family*@sid: the packet's peer label SID* Description:* Check the various different forms of network peer labeling and determine* the peer label/SID for the
5222  如果err则返回:err
5225  如果peer_sid恒等于unspecified SID peer_sid等于SECINITSID_UNLABELED
5229  如果sctp_assoc_state恒等于SCTP_ASSOC_UNSET
5230  sctp_assoc_state等于SCTP_ASSOC_SET
5237  SID of peer 等于peer_sid
5238  否则如果 SID of peer 不等于peer_sid
5242  type等于LSM_AUDIT_DATA_NET
5243  net等于net
5244  sk等于 What socket does this endpoint belong to?
5245  err等于avc_has_perm - Check permissions and perform any appropriate auditing
5248  如果err则返回:err
5258  err等于selinux_conn_sid - Determine the child socket label for a connection*@sk_sid: the parent socket's SID*@skb_sid: the packet's SID*@conn_sid: the resulting connection SID* If @skb_sid is valid then the user:role:type information from @sk_sid is* combined
5259  如果err则返回:err
5262  Security identifiers from incoming (INIT). These are set by * security_sctp_assoc_request(). These will only be used by * SCTP TCP type sockets and peeled off connections as they * cause a new socket to be generated. security_sctp_sk_clone() * will then p等于conn_sid
5263  peer_secid等于peer_sid
5266  返回:selinux_netlbl_sctp_assoc_request - Label an incoming sctp association.*@ep: incoming association endpoint.*@skb: the packet.* Description:* A new incoming connection is represented by @ep, ......* Returns zero on success, negative values on failure.