selinux_socket

函数名称：Range of port numbers used to automatically bind.Need to determine whether we should perform a name_bindpermission check between the socket and the port number.

函数原型：static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)

返回类型：int

参数：

类型	参数	名称
struct socket *	sock
struct sockaddr *	address
int	addrlen

4592

struct lsm_network_audit net = {0, }

4593

struct sockaddr_in * addr4 = NULL

4594

struct sockaddr_in6 * addr6 = NULL

4605

如果addrlen小于ffsetofend(TYPE, MEMBER)*@TYPE: The type of the structure*@MEMBER: The member within the structure to get the end offset of(structsockaddr, sa_family)则返回:负EINVAL

4607

family_sa等于address family, AF_xxx

4609

当:family_sa恒等于Supported address families.

4610

当:family_sa恒等于Internet IP Protocol

4611

如果addrlen小于sizeof(structsockaddr_in)则返回:负EINVAL

4613

addr4等于address

4614

如果family_sa恒等于Supported address families. 则

4618

如果s_addr不等于htonl(Address to accept any incoming messages. )则转到:err_af

4620

family_sa等于Internet IP Protocol

4622

snum等于ntohs( Port number )

4623

addrp = (char * ) & s_addr

4624

退出

4625

当:family_sa恒等于IP version 6

4626

如果addrlen小于SIN6_LEN_RFC2133则返回:负EINVAL

4628

addr6等于address

4629

snum等于ntohs( Transport layer port # )

4630

addrp = (char * ) & s6_addr

4631

退出

4632

默认

4633

转到:err_af

4636

type等于LSM_AUDIT_DATA_NET

4637

net等于net

4638

sport等于htons(snum)

4639

family等于family_sa

4641

如果snum则

4644

inet_get_local_port_range(sock_net(sk), & low, & high)

4646

如果inet_port_requires_bind_service(sock_net(sk), snum)或snum小于low或snum大于high则

4648

err等于sel_netport_sid(sk_protocol, snum, & sid)

4650

如果err则转到:out

4652

err等于avc_has_perm - Check permissions and perform any appropriate auditing

4656

如果err则转到:out

4662

当: sock security class 恒等于SECCLASS_TCP_SOCKET

4663

node_perm等于TCP_SOCKET__NODE_BIND

4664

退出

4666

当: sock security class 恒等于SECCLASS_UDP_SOCKET

4667

node_perm等于UDP_SOCKET__NODE_BIND

4668

退出

4670

当: sock security class 恒等于SECCLASS_DCCP_SOCKET

4671

node_perm等于DCCP_SOCKET__NODE_BIND

4672

退出

4674

当: sock security class 恒等于SECCLASS_SCTP_SOCKET

4675

node_perm等于SCTP_SOCKET__NODE_BIND

4676

退出

4678

默认

4679

node_perm等于RAWIP_SOCKET__NODE_BIND

4680

退出

4683

err等于sel_netnode_sid(addrp, family_sa, & sid)

4684

如果err则转到:out

4687

如果family_sa恒等于Internet IP Protocol 则saddr等于s_addr

4689

否则saddr等于 IPv6 address

4692

err等于avc_has_perm - Check permissions and perform any appropriate auditing

4695

如果err则转到:out

4698

out :

4699

返回:err

4700

err_af :

4702

如果 sock security class 恒等于SECCLASS_SCTP_SOCKET则返回:负EINVAL

4704

返回:负EAFNOSUPPORT

**调用者**
名称	描述
selinux_sctp_bind_connect	Check if sctp IPv4/IPv6 addresses are valid for binding or connecting* based on their @optname.

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码

函数逻辑报告