函数逻辑报告 |
Source Code:include\linux\capability.h |
Create Date:2022-07-27 06:41:17 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:操作权限检查
函数原型:static inline bool capable(int cap)
返回类型:bool
参数:
类型 | 参数 | 名称 |
---|---|---|
int | cap |
235 | 返回:true |
名称 | 描述 |
---|---|
mtrr_write | seq_file can seek but we ignore it.* Format of control line:* "base=%Lx size=%Lx type=%s" or "disable=%d" |
mtrr_ioctl | |
msr_open | |
do_open | |
do_vm86_irq_handling | |
copy_process | 创建进程 |
proc_taint | |
proc_dointvec_minmax_sysadmin | |
proc_do_static_key | |
ptrace_setoptions | |
do_prlimit | make sure you are allowed to change @tsk limits before calling this |
prctl_set_mm | |
proc_cap_handler | |
can_nice | an_nice - check if a task can reduce its nice value*@p: task*@nice: nice value |
__sched_setscheduler | |
proc_sched_autogroup_set_nice | |
snapshot_ioctl | |
pm_wake_lock | |
pm_wake_unlock | |
check_syslog_permissions | |
timekeeping_validate_timex | mekeeping_validate_timex - Ensures the timex is ok for use in do_adjtimex |
may_init_module | |
SYSCALL_DEFINE1 | sys_acct - enable/disable process accounting*@name: file name for accounting records or NULL to shutdown accounting* Returns 0 for success or negative errno values for failure.* sys_acct() is the only system call needed to implement process* accounting |
kexec_load_check | Exec Kernel system call: for obvious reasons only root may call it |
SYSCALL_DEFINE5 | |
audit_bind | Run custom bind function on netlink socket group connect or bind requests. |
audit_set_loginuid_perm | |
write_actions_logged | |
perf_event_query_prog_array | |
map_freeze | |
bpf_prog_load | |
bpf_prog_attach | |
bpf_prog_detach | |
bpf_prog_query | |
bpf_prog_test_run | |
bpf_obj_get_next_id | |
bpf_prog_get_fd_by_id | |
bpf_map_get_fd_by_id | |
bpf_prog_get_info_by_fd | |
bpf_btf_load | |
bpf_btf_get_fd_by_id | |
bpf_task_fd_query | |
bpf_check | |
htab_map_alloc_check | Called from syscall |
array_map_alloc | |
trie_alloc | |
queue_stack_map_alloc_check | Called from syscall |
dev_map_alloc | |
cpu_map_alloc | |
xsk_map_alloc | |
bpf_map_offload_map_alloc | |
stack_map_alloc | Called from syscall |
cgroup_base_func_proto | |
reuseport_array_alloc | |
perf_mmap | |
hw_breakpoint_parse | |
account_locked_vm | account_locked_vm - account locked pages to an mm's locked_vm*@mm: mm to account against, may be NULL*@pages: number of pages to account*@inc: %true if @pages should be considered positive, %false if not* Assumes a non-NULL @mm is valid (i |
can_do_mlock | |
do_mlock | |
SYSCALL_DEFINE1 | |
user_shm_lock | |
mlock_future_check | |
acct_stack_growth | Verify that the stack growth is acceptable and* update accounting. This is shared with both the |
vma_to_resize | |
madvise_inject_error | Error injection support for memory error handling. |
SYSCALL_DEFINE1 | |
SYSCALL_DEFINE2 | |
do_mbind | |
kernel_migrate_pages | |
kernel_move_pages | Move a list of pages in the address space of the currently executing* process. |
hwpoison_inject | |
hwpoison_unpoison | |
msgctl_down | This function handles some msgctl commands which require the rwsem* to be held in write mode.* NOTE: no locks must be held, the rwsem is taken inside this function. |
mqueue_get_inode | |
mqueue_create_attr | |
blkpg_ioctl | |
blkdev_reread_part | |
blkdev_pr_register | |
blkdev_pr_reserve | |
blkdev_pr_release | |
blkdev_pr_preempt | |
blkdev_pr_clear | |
blkdev_flushbuf | |
blkdev_roset | |
blkdev_bszset | set the logical block size |
blkdev_ioctl | always keep this in sync with compat_blkdev_ioctl() |
set_task_ioprio | |
ioprio_check_cap | |
blk_verify_command | |
scsi_verify_blk_ioctl | |
bsg_transport_check_proto | |
compat_blkdev_ioctl | Most of the generic ioctls are handled in the normal fallback path.This assumes the blkdev's low level compat_ioctl always returnsENOIOCTLCMD for unknown ioctls. |
blkdev_report_zones_ioctl | BLKREPORTZONE ioctl processing.* Called from blkdev_ioctl. |
blkdev_zone_mgmt_ioctl | BLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE and BLKFINISHZONE ioctl processing.* Called from blkdev_ioctl. |
sed_ioctl | |
keyctl_invalidate_key | Invalidate a key.* The key must be grant the caller Invalidate permission for this to work.* The key and any links to the key will be automatically garbage collected* immediately.* Keys with KEY_FLAG_KEEP set should not be invalidated. |
keyctl_keyring_clear | Clear the specified keyring, creating an empty process keyring if one of the* special keyring IDs is used.* The keyring must grant the caller Write permission and not have* KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned. |
keyctl_chown_key | Change the ownership of a key* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. For the UID to be changed, or* for the GID to be changed to a group the caller is not a member of, the |
keyctl_setperm_key | Change the permission mask on a key.* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. If the caller does not have |
pcrlock | Lock a trusted key, by extending a selected PCR.* Prevents a trusted key that is sealed to PCRs from being accessed.* This uses the tpm driver's extend function. |
cap_settime | ap_settime - Determine whether the current process may set the system clock*@ts: The time to set*@tz: The timezone to set* Determine whether the current process may set the system clock and timezone |
mmap_min_addr_handler | sysctl handler which just sets dac_mmap_min_addr = the new value and then* calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly |
yama_dointvec_minmax | |
devcgroup_update_access | Modify the exception list using allow/deny rules |
ima_protect_xattr | ma_protect_xattr - protect 'security.ima'* Ensure that not just anyone can modify or remove 'security.ima'. |
evm_protect_xattr | vm_protect_xattr - protect the EVM extended attribute* Prevent security.evm from being modified or removed without the* necessary permissions or when the existing value is invalid.* The posix xattr acls are 'system' prefixed, which normally would not |
evm_write_key | vm_write_key - write() for |
sys_vhangup | |
allow_file_dedupe | Check whether we are allowed to dedupe the destination file |
alloc_empty_file | Find an unused file structure and return a pointer to it |
mount_capable | |
is_unprivileged_user | |
alloc_pipe_info | |
pipe_set_size | Allocate a new array of pipe buffers and copy the info over. Returns the* pipe size if successful, or return -ERROR on error. |
vfs_mknod | |
do_linkat | Hardlinks are often used in delicate situations. We avoid* security-related surprises by not following symlinks on the* newname. --KAB* We don't follow them on the oldname either to be compatible* with linux 2.0, and to avoid hard-linking to directories |
do_renameat2 | |
ioctl_fibmap | |
should_remove_suid | The logic we want is* if suid or (sgid and xgrp)* remove privs |
vfs_ioc_setflags_prepare | Generic function to check FS_IOC_SETFLAGS values and reject any invalid* configurations.* Note: the caller should be holding i_mutex, or else be sure that they have* exclusive access to the inode structure. |
vfs_ioc_fssetxattr_check | Generic function to check FS_IOC_FSSETXATTR values and reject any invalid* configurations.* Note: the caller should be holding i_mutex, or else be sure that they have* exclusive access to the inode structure. |
ksys_umount | Now umount can handle mount points as well as block devices.* This is important for filesystems which use unnamed block devices.* We now support a flag for forced unmount like the other 'big iron'* unixes |
xattr_permission | Check permissions for extended attribute access. This is a bit complicated* because different namespaces have very different rules. |
simple_xattr_list | xattr LIST operation for in-memory/pseudo filesystems |
SYSCALL_DEFINE2 | There are no bdflush tunables left. But distributions are* still running obsolete flush daemons, so we terminate them here.* Use of bdflush() is deprecated and will be removed in a future kernel. |
SYSCALL_DEFINE2 | anotify syscalls |
SYSCALL_DEFINE2 | |
do_timerfd_settime | |
userfaultfd_api | serland asks for a certain API version and we return which bits* and ioctl commands are implemented in this kernel for such API* version or -EINVAL if unknown. |
SYSCALL_DEFINE1 | |
io_sq_offload_start | |
io_uring_create | |
io_wq_can_queue | |
fscrypt_ioctl_add_key | Add a master encryption key to the filesystem, causing all files which were* encrypted with it to appear "unlocked" (decrypted) when accessed.* When adding a key for use by v1 encryption policies, this ioctl is |
fscrypt_verify_key_added | Verify that the current user has added a master key with the given identifier* (returns -ENOKEY if not) |
do_remove_key | Try to remove an fscrypt master encryption key |
fscrypt_ioctl_remove_key_all_users | |
generic_setlease | generic_setlease - sets a lease on an open file*@filp: file pointer*@arg: type of lease to obtain*@flp: input - file_lock to use, output - file_lock inserted*@priv: private data for lm_setup (may be NULL if lm_setup* doesn't require it)* The (input) |
handle_to_path | |
ignore_hardlimit | |
check_quotactl_permission | |
do_lookup_dcookie | And here is where the userspace process can look up the cookie value* to retrieve the path. |
dev_validate_header | ll_header must have at least hard_header_len allocated |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |