selinux_setprocattr

Name:selinux_setprocattr

Proto:static int selinux_setprocattr(const char *name, void *value, size_t size)

Type:int

Parameter:

Type	Parameter	Name
const char *	name
void *	value
size_t	size

6336

mysid = get the subjective security ID of the current task , sid = 0

6338

6343

If Not strcmp(name, "exec") Then error = avc_has_perm - Check permissions and perform any appropriate auditing

6347

Else if Not strcmp(name, "fscreate") Then error = avc_has_perm - Check permissions and perform any appropriate auditing

6351

Else if Not strcmp(name, "keycreate") Then error = avc_has_perm - Check permissions and perform any appropriate auditing

6355

Else if Not strcmp(name, "sockcreate") Then error = avc_has_perm - Check permissions and perform any appropriate auditing

6359

Else if Not strcmp(name, "current") Then error = avc_has_perm - Check permissions and perform any appropriate auditing

6363

Else error = -EINVAL

6365

If error Then Return error

6369

If size && str[0] && str[0] != '\n' Then

6370

If str[size - 1] == '\n' Then

6371

str[size - 1] = 0

6372

size--

6374

error = security_context_to_sid( & selinux_state, value, size, & sid, GFP_KERNEL)

6376

If error == -EINVAL && Not strcmp(name, "fscreate") Then

6377

If Not has_cap_mac_admin(true) Then

6383

If str[size - 1] == '\0' Then audit_size = size - 1

6385

Else audit_size = size

6387

ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error

6390

audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.

6391

audit_log_n_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@len: length of string (not including trailing null)*@string: string to be logged* This code will escape a string that is passed to it if the string* contains

6392

audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove

6394

Return error

6396

error = security_context_to_sid_force( & selinux_state, value, size, & sid)

6400

If error Then Return error

6404

new = prepare_creds - Prepare a new set of credentials for modification* Prepare a new set of task credentials for modification

6405

If Not new Then Return -ENOMEM

6414

tsec = selinux_cred(new)

6415

If Not strcmp(name, "exec") Then

6416

6417

Else if Not strcmp(name, "fscreate") Then

6418

fscreate SID = sid

6419

Else if Not strcmp(name, "keycreate") Then

6420

If sid Then

6421

error = avc_has_perm - Check permissions and perform any appropriate auditing

6423

If error Then Go to abort_change

6426

keycreate SID = sid

6427

Else if Not strcmp(name, "sockcreate") Then

6428

fscreate SID = sid

6429

Else if Not strcmp(name, "current") Then

6430

error = -EINVAL

6431

If sid == 0 Then Go to abort_change

6435

6436

If Not Returns true if the task does not share ->mm with another thread/process. Then

6437

error = security_bounded_transition( & selinux_state, current SID , sid)

6439

If error Then Go to abort_change

6444

error = avc_has_perm - Check permissions and perform any appropriate auditing

6447

If error Then Go to abort_change

6452

ptsid = prm security operations

6453

If ptsid != 0 Then

6454

error = avc_has_perm - Check permissions and perform any appropriate auditing

6457

If error Then Go to abort_change

6461

current SID = sid

6462

Else

6463

error = -EINVAL

6464

Go to abort_change

6467

mmit_creds - Install new credentials upon the current task*@new: The credentials to be assigned* Install a new set of credentials to the current task, using RCU to replace* the old set. Both the objective and the subjective credentials pointers are

6468

Return size

6470

6471

abort_creds - Discard a set of credentials and unlock the current task*@new: The credentials that were going to be applied* Discard a set of credentials that were under construction and unlock the* current task.

6472

Return error

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion