cred_has_capability

函数名称：Check whether a task is allowed to use a capability.

函数原型：static int cred_has_capability(const struct cred *cred, int cap, unsigned int opts, bool initns)

返回类型：int

参数：

类型	参数	名称
const struct cred *	cred
int	cap
unsigned int	opts
bool	initns

1634

sid等于get the security ID of a set of credentials

1635

av等于mask for indexed __u32 (cap)

1638

type等于LSM_AUDIT_DATA_CAP

1639

cap等于cap

1642

当:1 << 5 == bits in __u32 (cap)恒等于0

1643

sclass等于如果initns则SECCLASS_CAPABILITY否则SECCLASS_CAP_USERNS

1644

1645

当:1 << 5 == bits in __u32 (cap)恒等于1

1646

sclass等于如果initns则SECCLASS_CAPABILITY2否则SECCLASS_CAP2_USERNS

1647

1648

默认

1649

打印错误信息("SELinux: out of range capability %d\n", cap)

1650

BUG()

1651

返回:负EINVAL

1654

rc等于avc_has_perm_noaudit - Check permissions but perform no auditing

1656

如果非opts按位与If capable should audit the security request 的值则

1657

rc2等于avc_audit - Audit the granting or denial of permissions

1659

如果rc2则返回:rc2

1662

返回:rc

**调用者**
名称	描述
selinux_capable	(This comment used to live with the selinux_task_setuid hook,* which was removed).* Since setuid only affects the current process, and since the SELinux* controls are not based on the Linux identity attributes, SELinux does not
selinux_vm_enough_memory	Check that a process has enough memory to allocate a new virtual* mapping. 0 means there is enough memory for the allocation to* succeed and -ENOMEM implies there is not.* Do not audit the selinux permission check, as this is applied to all
has_cap_mac_admin
selinux_file_ioctl

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码