函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:include\linux\capability.h Create Date:2022-07-27 06:41:17
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:操作权限检查

函数原型:static inline bool capable(int cap)

返回类型:bool

参数:

类型参数名称
intcap
235  返回:true
调用者
名称描述
mtrr_writeseq_file can seek but we ignore it.* Format of control line:* "base=%Lx size=%Lx type=%s" or "disable=%d"
mtrr_ioctl
msr_open
do_open
do_vm86_irq_handling
copy_process创建进程
proc_taint
proc_dointvec_minmax_sysadmin
proc_do_static_key
ptrace_setoptions
do_prlimitmake sure you are allowed to change @tsk limits before calling this
prctl_set_mm
proc_cap_handler
can_nicean_nice - check if a task can reduce its nice value*@p: task*@nice: nice value
__sched_setscheduler
proc_sched_autogroup_set_nice
snapshot_ioctl
pm_wake_lock
pm_wake_unlock
check_syslog_permissions
timekeeping_validate_timexmekeeping_validate_timex - Ensures the timex is ok for use in do_adjtimex
may_init_module
SYSCALL_DEFINE1sys_acct - enable/disable process accounting*@name: file name for accounting records or NULL to shutdown accounting* Returns 0 for success or negative errno values for failure.* sys_acct() is the only system call needed to implement process* accounting
kexec_load_checkExec Kernel system call: for obvious reasons only root may call it
SYSCALL_DEFINE5
audit_bindRun custom bind function on netlink socket group connect or bind requests.
audit_set_loginuid_perm
write_actions_logged
perf_event_query_prog_array
map_freeze
bpf_prog_load
bpf_prog_attach
bpf_prog_detach
bpf_prog_query
bpf_prog_test_run
bpf_obj_get_next_id
bpf_prog_get_fd_by_id
bpf_map_get_fd_by_id
bpf_prog_get_info_by_fd
bpf_btf_load
bpf_btf_get_fd_by_id
bpf_task_fd_query
bpf_check
htab_map_alloc_checkCalled from syscall
array_map_alloc
trie_alloc
queue_stack_map_alloc_checkCalled from syscall
dev_map_alloc
cpu_map_alloc
xsk_map_alloc
bpf_map_offload_map_alloc
stack_map_allocCalled from syscall
cgroup_base_func_proto
reuseport_array_alloc
perf_mmap
hw_breakpoint_parse
account_locked_vmaccount_locked_vm - account locked pages to an mm's locked_vm*@mm: mm to account against, may be NULL*@pages: number of pages to account*@inc: %true if @pages should be considered positive, %false if not* Assumes a non-NULL @mm is valid (i
can_do_mlock
do_mlock
SYSCALL_DEFINE1
user_shm_lock
mlock_future_check
acct_stack_growthVerify that the stack growth is acceptable and* update accounting. This is shared with both the
vma_to_resize
madvise_inject_errorError injection support for memory error handling.
SYSCALL_DEFINE1
SYSCALL_DEFINE2
do_mbind
kernel_migrate_pages
kernel_move_pagesMove a list of pages in the address space of the currently executing* process.
hwpoison_inject
hwpoison_unpoison
msgctl_downThis function handles some msgctl commands which require the rwsem* to be held in write mode.* NOTE: no locks must be held, the rwsem is taken inside this function.
mqueue_get_inode
mqueue_create_attr
blkpg_ioctl
blkdev_reread_part
blkdev_pr_register
blkdev_pr_reserve
blkdev_pr_release
blkdev_pr_preempt
blkdev_pr_clear
blkdev_flushbuf
blkdev_roset
blkdev_bszsetset the logical block size
blkdev_ioctlalways keep this in sync with compat_blkdev_ioctl()
set_task_ioprio
ioprio_check_cap
blk_verify_command
scsi_verify_blk_ioctl
bsg_transport_check_proto
compat_blkdev_ioctlMost of the generic ioctls are handled in the normal fallback path.This assumes the blkdev's low level compat_ioctl always returnsENOIOCTLCMD for unknown ioctls.
blkdev_report_zones_ioctlBLKREPORTZONE ioctl processing.* Called from blkdev_ioctl.
blkdev_zone_mgmt_ioctlBLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE and BLKFINISHZONE ioctl processing.* Called from blkdev_ioctl.
sed_ioctl
keyctl_invalidate_keyInvalidate a key.* The key must be grant the caller Invalidate permission for this to work.* The key and any links to the key will be automatically garbage collected* immediately.* Keys with KEY_FLAG_KEEP set should not be invalidated.
keyctl_keyring_clearClear the specified keyring, creating an empty process keyring if one of the* special keyring IDs is used.* The keyring must grant the caller Write permission and not have* KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
keyctl_chown_keyChange the ownership of a key* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. For the UID to be changed, or* for the GID to be changed to a group the caller is not a member of, the
keyctl_setperm_keyChange the permission mask on a key.* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. If the caller does not have
pcrlockLock a trusted key, by extending a selected PCR.* Prevents a trusted key that is sealed to PCRs from being accessed.* This uses the tpm driver's extend function.
cap_settimeap_settime - Determine whether the current process may set the system clock*@ts: The time to set*@tz: The timezone to set* Determine whether the current process may set the system clock and timezone
mmap_min_addr_handlersysctl handler which just sets dac_mmap_min_addr = the new value and then* calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
yama_dointvec_minmax
devcgroup_update_accessModify the exception list using allow/deny rules
ima_protect_xattrma_protect_xattr - protect 'security.ima'* Ensure that not just anyone can modify or remove 'security.ima'.
evm_protect_xattrvm_protect_xattr - protect the EVM extended attribute* Prevent security.evm from being modified or removed without the* necessary permissions or when the existing value is invalid.* The posix xattr acls are 'system' prefixed, which normally would not
evm_write_keyvm_write_key - write() for /evm*@file: file pointer, not actually used*@buf: where to get the data from*@count: bytes sent*@ppos: where to start* Used to signal that key is on the kernel key ring
sys_vhangup
allow_file_dedupeCheck whether we are allowed to dedupe the destination file
alloc_empty_fileFind an unused file structure and return a pointer to it
mount_capable
is_unprivileged_user
alloc_pipe_info
pipe_set_sizeAllocate a new array of pipe buffers and copy the info over. Returns the* pipe size if successful, or return -ERROR on error.
vfs_mknod
do_linkatHardlinks are often used in delicate situations. We avoid* security-related surprises by not following symlinks on the* newname. --KAB* We don't follow them on the oldname either to be compatible* with linux 2.0, and to avoid hard-linking to directories
do_renameat2
ioctl_fibmap
should_remove_suidThe logic we want is* if suid or (sgid and xgrp)* remove privs
vfs_ioc_setflags_prepareGeneric function to check FS_IOC_SETFLAGS values and reject any invalid* configurations.* Note: the caller should be holding i_mutex, or else be sure that they have* exclusive access to the inode structure.
vfs_ioc_fssetxattr_checkGeneric function to check FS_IOC_FSSETXATTR values and reject any invalid* configurations.* Note: the caller should be holding i_mutex, or else be sure that they have* exclusive access to the inode structure.
ksys_umountNow umount can handle mount points as well as block devices.* This is important for filesystems which use unnamed block devices.* We now support a flag for forced unmount like the other 'big iron'* unixes
xattr_permissionCheck permissions for extended attribute access. This is a bit complicated* because different namespaces have very different rules.
simple_xattr_listxattr LIST operation for in-memory/pseudo filesystems
SYSCALL_DEFINE2There are no bdflush tunables left. But distributions are* still running obsolete flush daemons, so we terminate them here.* Use of bdflush() is deprecated and will be removed in a future kernel.
SYSCALL_DEFINE2anotify syscalls
SYSCALL_DEFINE2
do_timerfd_settime
userfaultfd_apiserland asks for a certain API version and we return which bits* and ioctl commands are implemented in this kernel for such API* version or -EINVAL if unknown.
SYSCALL_DEFINE1
io_sq_offload_start
io_uring_create
io_wq_can_queue
fscrypt_ioctl_add_keyAdd a master encryption key to the filesystem, causing all files which were* encrypted with it to appear "unlocked" (decrypted) when accessed.* When adding a key for use by v1 encryption policies, this ioctl is
fscrypt_verify_key_addedVerify that the current user has added a master key with the given identifier* (returns -ENOKEY if not)
do_remove_keyTry to remove an fscrypt master encryption key
fscrypt_ioctl_remove_key_all_users
generic_setleasegeneric_setlease - sets a lease on an open file*@filp: file pointer*@arg: type of lease to obtain*@flp: input - file_lock to use, output - file_lock inserted*@priv: private data for lm_setup (may be NULL if lm_setup* doesn't require it)* The (input)
handle_to_path
ignore_hardlimit
check_quotactl_permission
do_lookup_dcookieAnd here is where the userspace process can look up the cookie value* to retrieve the path.
dev_validate_headerll_header must have at least hard_header_len allocated