selinux_netlbl_sock_rcv_skb

函数名称：selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel*@sksec: the sock's sk_security_struct*@skb: the packet*@family: protocol family*@ad: the audit data* Description:* Fetch the NetLabel security attributes from @skb and perform an

函数原型：int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, struct sk_buff *skb, u16 family, struct common_audit_data *ad)

返回类型：int

参数：

类型	参数	名称
struct sk_security_struct *	sksec
struct sk_buff *	skb
u16	family
struct common_audit_data *	ad

438

如果非LSM protocol operations (NetLabel LSM/kernel API)则返回:0

441

lbl_secattr_init - Initialize a netlbl_lsm_secattr struct*@secattr: the struct to initialize* Description:* Initialize an already allocated netlbl_lsm_secattr struct.

442

rc等于netlbl_skbuff_getattr(skb, family, & secattr)

443

如果rc恒等于0且flags不等于map values for 'flags' 则rc等于selinux_netlbl_sidlookup_cached - Cache a SID lookup*@skb: the packet*@secattr: the NetLabel security attributes*@sid: the SID* Description:* Query the SELinux security server to lookup the correct SID for the given* security attributes

446

否则nlbl_sid等于SECINITSID_UNLABELED

448

lbl_secattr_destroy - Clears a netlbl_lsm_secattr struct*@secattr: the struct to clear* Description:* Destroys the @secattr struct, including freeing all of the internal buffers.* The struct must be reset with a call to netlbl_secattr_init() before reuse.

449

如果rc不等于0则返回:rc

453

当: sock security class 恒等于SECCLASS_UDP_SOCKET

454

perm等于UDP_SOCKET__RECVFROM

455

456

当: sock security class 恒等于SECCLASS_TCP_SOCKET

457

perm等于TCP_SOCKET__RECVFROM

458

459

默认

460

perm等于RAWIP_SOCKET__RECVFROM

463

rc等于avc_has_perm - Check permissions and perform any appropriate auditing

465

如果rc恒等于0则返回:0

468

如果nlbl_sid不等于SECINITSID_UNLABELED则netlbl_skbuff_err(skb, family, rc, 0)

470

返回:rc

**调用者**
名称	描述
selinux_sock_rcv_skb_compat

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码