函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\capability.c Create Date:2022-07-27 21:26:13
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:profile_capable - test if profile allows use of capability @cap*@profile: profile being enforced (NOT NULL, NOT unconfined)*@cap: capability to test if allowed*@opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated*@sa: audit data (MAY BE

函数原型:static int profile_capable(struct aa_profile *profile, int cap, unsigned int opts, struct common_audit_data *sa)

返回类型:int

参数:

类型参数名称
struct aa_profile *profile
intcap
unsigned intopts
struct common_audit_data *sa
119  如果cap_raised(allow, cap)且非cap_raised(denied, cap)则error等于0
122  否则error等于负EPERM
125  如果opts按位与If capable should audit the security request
126  如果非COMPLAIN_MODE(profile)则返回:error
131  info等于"optional: no audit"
134  返回:audit_caps - audit a capability*@sa: audit data*@profile: profile being tested for confinement (NOT NULL)*@cap: capability tested*@error: error code returned by test* Do auditing of capability and handle, audit/complain/kill modes switching
调用者
名称描述
aa_capableaa_capable - test permission to use capability*@label: label being tested for capability (NOT NULL)*@cap: capability to be tested*@opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated* Look up capability in profile capability set.