security/apparmor/include/cred.h
Source file repositories/reference/linux-study-clean/security/apparmor/include/cred.h
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/include/cred.h- Extension
.h- Size
- 7366 bytes
- Lines
- 251
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/cred.hlinux/slab.hlinux/sched.hlabel.hpolicy_ns.htask.h
Detected Declarations
function Copyrightfunction set_cred_labelfunction aa_put_label_condreffunction aa_put_labelfunction __end_cred_crit_sectionfunction __end_cred_crit_sectionfunction __end_cred_crit_sectionfunction end_current_label_crit_sectionfunction __end_current_label_crit_sectionfunction end_current_label_crit_section
Annotated Snippet
#ifndef __AA_CONTEXT_H
#define __AA_CONTEXT_H
#include <linux/cred.h>
#include <linux/slab.h>
#include <linux/sched.h>
#include "label.h"
#include "policy_ns.h"
#include "task.h"
static inline struct aa_label *cred_label(const struct cred *cred)
{
struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred;
AA_BUG(!blob);
return *blob;
}
static inline void set_cred_label(const struct cred *cred,
struct aa_label *label)
{
struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred;
AA_BUG(!blob);
*blob = label;
}
/**
* aa_get_newest_cred_label - obtain the newest label on a cred
* @cred: cred to obtain label from (NOT NULL)
*
* Returns: newest version of confining label
*/
static inline struct aa_label *aa_get_newest_cred_label(const struct cred *cred)
{
return aa_get_newest_label(cred_label(cred));
}
static inline struct aa_label *aa_get_newest_cred_label_condref(const struct cred *cred,
bool *needput)
{
struct aa_label *l = cred_label(cred);
if (unlikely(label_is_stale(l))) {
*needput = true;
return aa_get_newest_label(l);
}
*needput = false;
return l;
}
static inline void aa_put_label_condref(struct aa_label *l, bool needput)
{
if (unlikely(needput))
aa_put_label(l);
}
/**
* aa_current_raw_label - find the current tasks confining label
*
* Returns: up to date confining label or the ns unconfined label (NOT NULL)
*
* This fn will not update the tasks cred to the most up to date version
* of the label so it is safe to call when inside of locks.
*/
static inline struct aa_label *aa_current_raw_label(void)
{
return cred_label(current_cred());
}
/**
* aa_get_current_label - get the newest version of the current tasks label
*
* Returns: newest version of confining label (NOT NULL)
*
* This fn will not update the tasks cred, so it is safe inside of locks
*
* The returned reference must be put with aa_put_label()
*/
static inline struct aa_label *aa_get_current_label(void)
{
struct aa_label *l = aa_current_raw_label();
if (label_is_stale(l))
return aa_get_newest_label(l);
return aa_get_label(l);
}
Annotation
- Immediate include surface: `linux/cred.h`, `linux/slab.h`, `linux/sched.h`, `label.h`, `policy_ns.h`, `task.h`.
- Detected declarations: `function Copyright`, `function set_cred_label`, `function aa_put_label_condref`, `function aa_put_label`, `function __end_cred_crit_section`, `function __end_cred_crit_section`, `function __end_cred_crit_section`, `function end_current_label_crit_section`, `function __end_current_label_crit_section`, `function end_current_label_crit_section`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.