security/apparmor/label.c
Source file repositories/reference/linux-study-clean/security/apparmor/label.c
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/label.c- Extension
.c- Size
- 51995 bytes
- Lines
- 2136
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/audit.hlinux/seq_file.hlinux/sort.hinclude/apparmor.hinclude/cred.hinclude/label.hinclude/policy.hinclude/secid.h
Detected Declarations
function free_proxyfunction aa_proxy_kreffunction __aa_proxy_redirectfunction __proxy_sharefunction ns_cmpfunction profile_cmpfunction vec_cmpfunction vec_is_stalefunction accum_label_infofunction sort_cmpfunction uniquefunction aa_vec_uniquefunction aa_label_destroyfunction label_for_eachfunction aa_label_freefunction label_free_switchfunction label_free_rcufunction aa_label_kreffunction label_free_or_put_newfunction aa_label_initfunction label_cmpfunction aa_label_next_confinedfunction aa_label_is_subsetfunction aa_label_is_unconfined_subsetfunction __label_removefunction __label_replacefunction aa_label_removefunction aa_label_replacefunction label_merge_cmpfunction label_for_each_in_mergefunction labelfunction match_componentfunction label_compound_matchfunction label_components_matchfunction aa_label_matchfunction aa_update_label_namefunction use_label_hnamefunction aa_profile_snxprintfunction label_for_eachfunction display_modefunction label_for_eachfunction aa_label_snxprintfunction label_for_eachfunction aa_label_asxprintfunction aa_label_acntsxprintfunction aa_label_xauditfunction aa_label_seq_xprintfunction aa_label_xprintk
Annotated Snippet
if (res == 0) {
/* drop duplicate */
aa_put_profile(vec[i]);
dups++;
continue;
}
pos++;
if (dups)
vec[pos] = vec[i];
}
AA_BUG(dups < 0);
return dups;
}
/**
* aa_vec_unique - canonical sort and unique a list of profiles
* @n: number of refcounted profiles in the list (@n > 0)
* @vec: list of profiles to sort and merge
* @flags: null terminator flags of @vec
*
* Returns: the number of duplicates eliminated == references put
*
* If @flags & VEC_FLAG_TERMINATE @vec has null terminator at vec[n], and will
* null terminate vec[n - dups]
*/
int aa_vec_unique(struct aa_profile **vec, int n, int flags)
{
int i, dups = 0;
AA_BUG(n < 1);
AA_BUG(!vec);
/* vecs are usually small and inorder, have a fallback for larger */
if (n > 8) {
sort(vec, n, sizeof(struct aa_profile *), sort_cmp, NULL);
dups = unique(vec, n);
goto out;
}
/* insertion sort + unique in one */
for (i = 1; i < n; i++) {
struct aa_profile *tmp = vec[i];
int pos, j;
for (pos = i - 1 - dups; pos >= 0; pos--) {
int res = profile_cmp(vec[pos], tmp);
if (res == 0) {
/* drop duplicate entry */
aa_put_profile(tmp);
dups++;
goto continue_outer;
} else if (res < 0)
break;
}
/* pos is at entry < tmp, or index -1. Set to insert pos */
pos++;
for (j = i - dups; j > pos; j--)
vec[j] = vec[j - 1];
vec[pos] = tmp;
continue_outer:
;
}
AA_BUG(dups < 0);
out:
if (flags & VEC_FLAG_TERMINATE)
vec[n - dups] = NULL;
return dups;
}
void aa_label_destroy(struct aa_label *label)
{
AA_BUG(!label);
if (!label_isprofile(label)) {
struct aa_profile *profile;
struct label_it i;
aa_put_str(label->hname);
label_for_each(i, label, profile) {
aa_put_profile(profile);
label->vec[i.i] = (struct aa_profile *)
Annotation
- Immediate include surface: `linux/audit.h`, `linux/seq_file.h`, `linux/sort.h`, `include/apparmor.h`, `include/cred.h`, `include/label.h`, `include/policy.h`, `include/secid.h`.
- Detected declarations: `function free_proxy`, `function aa_proxy_kref`, `function __aa_proxy_redirect`, `function __proxy_share`, `function ns_cmp`, `function profile_cmp`, `function vec_cmp`, `function vec_is_stale`, `function accum_label_info`, `function sort_cmp`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.