security/apparmor/resource.c
Source file repositories/reference/linux-study-clean/security/apparmor/resource.c
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/resource.c- Extension
.c- Size
- 5848 bytes
- Lines
- 207
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/audit.hlinux/security.hinclude/audit.hinclude/cred.hinclude/resource.hinclude/policy.hrlim_names.h
Detected Declarations
function audit_cbfunction audit_resourcefunction aa_map_resourcefunction profile_setrlimitfunction aa_task_setrlimitfunction __aa_transition_rlimits
Annotated Snippet
if (rules->rlimits.mask) {
int j;
for (j = 0, mask = 1; j < RLIM_NLIMITS; j++,
mask <<= 1) {
if (rules->rlimits.mask & mask) {
rlim = current->signal->rlim + j;
initrlim = init_task.signal->rlim + j;
rlim->rlim_cur = min(rlim->rlim_max,
initrlim->rlim_cur);
}
}
}
}
/* set any new hard limits as dictated by the new profile */
label_for_each_confined(i, new_l, new) {
struct aa_ruleset *rules = new->label.rules[0];
int j;
if (!rules->rlimits.mask)
continue;
for (j = 0, mask = 1; j < RLIM_NLIMITS; j++, mask <<= 1) {
if (!(rules->rlimits.mask & mask))
continue;
rlim = current->signal->rlim + j;
rlim->rlim_max = min(rlim->rlim_max,
rules->rlimits.limits[j].rlim_max);
/* soft limit should not exceed hard limit */
rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);
if (j == RLIMIT_CPU &&
rlim->rlim_cur != RLIM_INFINITY &&
IS_ENABLED(CONFIG_POSIX_TIMERS))
(void) update_rlimit_cpu(current->group_leader,
rlim->rlim_cur);
}
}
}
Annotation
- Immediate include surface: `linux/audit.h`, `linux/security.h`, `include/audit.h`, `include/cred.h`, `include/resource.h`, `include/policy.h`, `rlim_names.h`.
- Detected declarations: `function audit_cb`, `function audit_resource`, `function aa_map_resource`, `function profile_setrlimit`, `function aa_task_setrlimit`, `function __aa_transition_rlimits`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.