Function report |
Source Code:security\selinux\hooks.c |
Create Date:2022-07-28 18:55:00 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:Check whether a task is allowed to use a capability.
Proto:static int cred_has_capability(const struct cred *cred, int cap, unsigned int opts, bool initns)
Type:int
Parameter:
| Type | Parameter | Name |
|---|---|---|
| const struct cred * | cred | |
| int | cap | |
| unsigned int | opts | |
| bool | initns |
| 1635 | av = mask for indexed __u32 (cap) |
| 1638 | type = LSM_AUDIT_DATA_CAP |
| 1642 | Case 1 << 5 == bits in __u32 (cap) == 0 |
| 1643 | sclass = If initns Then SECCLASS_CAPABILITY Else SECCLASS_CAP_USERNS |
| 1644 | Break |
| 1645 | Case 1 << 5 == bits in __u32 (cap) == 1 |
| 1646 | sclass = If initns Then SECCLASS_CAPABILITY2 Else SECCLASS_CAP2_USERNS |
| 1647 | Break |
| 1648 | Default |
| 1656 | If Not (opts & If capable should audit the security request ) Then |
| 1662 | Return rc |
| Name | Describe |
|---|---|
| selinux_capable | (This comment used to live with the selinux_task_setuid hook,* which was removed).* Since setuid only affects the current process, and since the SELinux* controls are not based on the Linux identity attributes, SELinux does not |
| selinux_vm_enough_memory | Check that a process has enough memory to allocate a new virtual* mapping. 0 means there is enough memory for the allocation to* succeed and -ENOMEM implies there is not.* Do not audit the selinux permission check, as this is applied to all |
| has_cap_mac_admin | |
| selinux_file_ioctl |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |