security/apparmor/domain.c
Source file repositories/reference/linux-study-clean/security/apparmor/domain.c
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/domain.c- Extension
.c- Size
- 44121 bytes
- Lines
- 1584
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/errno.hlinux/fs.hlinux/file.hlinux/mount.hlinux/syscalls.hlinux/personality.hlinux/xattr.hlinux/user_namespace.hinclude/audit.hinclude/apparmorfs.hinclude/cred.hinclude/domain.hinclude/file.hinclude/ipc.hinclude/match.hinclude/path.hinclude/policy.hinclude/policy_ns.h
Detected Declarations
function may_change_ptraced_domainfunction match_componentfunction label_compound_matchfunction label_components_matchfunction label_matchfunction change_profile_permsfunction aa_xattrs_matchfunction attributesfunction wellfunction profile_onexecfunction apparmor_bprm_creds_for_execfunction label_for_each_in_scopefunction aa_change_hatfunction label_for_each_in_scopefunction change_profile_perms_wrapperfunction aa_change_profilefunction cap_capable
Annotated Snippet
if (size >= 0) {
struct aa_perms *perms;
/*
* Check the xattr presence before value. This ensure
* that not present xattr can be distinguished from a 0
* length value or rule that matches any value
*/
state = aa_dfa_null_transition(attach->xmatch->dfa,
state);
/* Check xattr value */
state = aa_dfa_match_len(attach->xmatch->dfa, state,
value, size);
perms = aa_lookup_perms(attach->xmatch, state);
if (!(perms->allow & MAY_EXEC)) {
ret = -EINVAL;
goto out;
}
}
/* transition to next element */
state = aa_dfa_outofband_transition(attach->xmatch->dfa, state);
if (size < 0) {
/*
* No xattr match, so verify if transition to
* next element was valid. IFF so the xattr
* was optional.
*/
if (!state) {
ret = -EINVAL;
goto out;
}
/* don't count missing optional xattr as matched */
ret--;
}
}
out:
kfree(value);
return ret;
}
/**
* find_attach - do attachment search for unconfined processes
* @bprm: binprm structure of transitioning task
* @ns: the current namespace (NOT NULL)
* @head: profile list to walk (NOT NULL)
* @name: to match against (NOT NULL)
* @info: info message if there was an error (NOT NULL)
*
* Do a linear search on the profiles in the list. There is a matching
* preference where an exact match is preferred over a name which uses
* expressions to match, and matching expressions with the greatest
* xmatch_len are preferred.
*
* Requires: @head not be shared or have appropriate locks held
*
* Returns: label or NULL if no match found
*/
static struct aa_label *find_attach(const struct linux_binprm *bprm,
struct aa_ns *ns, struct list_head *head,
const char *name, const char **info)
{
int candidate_len = 0, candidate_xattrs = 0;
bool conflict = false;
struct aa_profile *profile, *candidate = NULL;
AA_BUG(!name);
AA_BUG(!head);
rcu_read_lock();
restart:
list_for_each_entry_rcu(profile, head, base.list) {
struct aa_attachment *attach = &profile->attach;
if (profile->label.flags & FLAG_NULL &&
&profile->label == ns_unconfined(profile->ns))
continue;
/* Find the "best" matching profile. Profiles must
* match the path and extended attributes (if any)
* associated with the file. A more specific path
* match will be preferred over a less specific one,
* and a match with more matching extended attributes
* will be preferred over one with fewer. If the best
* match has both the same level of path specificity
* and the same number of matching extended attributes
* as another profile, signal a conflict and refuse to
* match.
*/
if (attach->xmatch->dfa) {
Annotation
- Immediate include surface: `linux/errno.h`, `linux/fs.h`, `linux/file.h`, `linux/mount.h`, `linux/syscalls.h`, `linux/personality.h`, `linux/xattr.h`, `linux/user_namespace.h`.
- Detected declarations: `function may_change_ptraced_domain`, `function match_component`, `function label_compound_match`, `function label_components_match`, `function label_match`, `function change_profile_perms`, `function aa_xattrs_match`, `function attributes`, `function well`, `function profile_onexec`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.