函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\smack\smack_lsm.c Create Date:2022-07-27 20:48:51
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:smk_ptrace_rule_check - helper for ptrace access*@tracer: tracer process*@tracee_known: label entry of the process that's about to be traced*@mode: ptrace attachment mode (PTRACE_MODE_*)*@func: name of the function that called us, used for audit* Returns

函数原型:static int smk_ptrace_rule_check(struct task_struct *tracer, struct smack_known *tracee_known, unsigned int mode, const char *func)

返回类型:int

参数:

类型参数名称
struct task_struct *tracer
struct smack_known *tracee_known
unsigned intmode
const char *func
423  struct smk_audit_info ad, * saip = NULL
428  如果mode按位与PTRACE_MODE_NOAUDIT的值恒等于0则
429  some inline functions to set up audit data* they do nothing if CONFIG_AUDIT is not set
430  smk_ad_setfield_u_tsk( & ad, tracer)
431  saip等于ad
434  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
435  tracercred等于__task_cred - Access a task's objective credentials*@task: The task to query* Access the objective credentials of a task. The caller must hold the RCU* readlock.* The result of this function should not be passed directly to get_cred();(tracer)
436  tsp等于smack_cred(tracercred)
437  tracer_known等于Present a pointer to the smack label entry in an task blob.
439  如果mode按位与PTRACE_MODE_ATTACHsmack_ptrace_rule恒等于SMACK_PTRACE_EXACTsmack_ptrace_rule恒等于SMACK_PTRACE_DRACONIAN的值则
442  如果smk_known恒等于smk_knownrc等于0
444  否则如果smack_ptrace_rule恒等于SMACK_PTRACE_DRACONIANrc等于负EACCES
446  否则如果smack_privileged_cred - are all privilege requirements met by cred*@cap: The requested capability*@cred: the credential to use* Is the task privileged and allowed to be privileged* by the onlycap rule.rc等于0
448  否则rc等于负EACCES
451  如果saipsmack_log(smk_known, smk_known, 0, rc, saip)
456  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
457  返回:rc
461  rc等于smk_tskacc - determine if a task has a specific access to an object*@tsp: a pointer to the subject's task*@obj_known: a pointer to the object's label entry*@mode: the access requested, in "MAY" format*@a : common audit data* This function checks the
463  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
464  返回:rc
调用者
名称描述
smack_ptrace_access_checksmack_ptrace_access_check - Smack approval on PTRACE_ATTACH*@ctp: child task pointer*@mode: ptrace attachment mode (PTRACE_MODE_*)* Returns 0 if access is OK, an error code otherwise* Do the capability checks.
smack_ptrace_tracemesmack_ptrace_traceme - Smack approval on PTRACE_TRACEME*@ptp: parent task pointer* Returns 0 if access is OK, an error code otherwise* Do the capability checks, and require PTRACE_MODE_ATTACH.
smack_bprm_set_credssmack_bprm_set_creds - set creds for exec*@bprm: the exec information* Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise