Function report |
Source Code:security\selinux\avc.c |
Create Date:2022-07-28 18:44:21 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:avc_has_perm - Check permissions and perform any appropriate auditing
Proto:int avc_has_perm(struct selinux_state *state, unsigned int ssid, unsigned int tsid, u16 tclass, unsigned int requested, struct common_audit_data *auditdata)
Type:int
Parameter:
Type | Parameter | Name |
---|---|---|
struct selinux_state * | state | |
unsigned int | ssid | |
unsigned int | tsid | |
u16 | tclass | |
unsigned int | requested | |
struct common_audit_data * | auditdata |
1189 | Return rc |
Name | Describe |
---|---|
may_context_mount_sb_relabel | |
may_context_mount_inode_relabel | |
inode_has_perm | Check whether a task has a particular permission to an inode.The 'adp' parameter is optional and allows other auditdata to be passed (e.g. the dentry). |
file_has_perm | Check whether a task can use an open file descriptor toaccess an inode in a given way. Check access to thedescriptor itself, and then use dentry_has_perm tocheck a particular permission to the file.Access to the descriptor is implicitly granted if it |
may_create | Check whether a task can create a file. |
may_link | Check whether a task can link, unlink, or rmdir a file/directory. |
may_rename | |
superblock_has_perm | Check whether a task can perform a filesystem operation. |
selinux_binder_set_context_mgr | Hook functions begin here. |
selinux_binder_transaction | |
selinux_binder_transfer_binder | |
selinux_binder_transfer_file | |
selinux_ptrace_access_check | |
selinux_ptrace_traceme | |
selinux_capget | |
selinux_capset | |
selinux_syslog | |
check_nnp_nosuid | |
selinux_bprm_set_creds | |
selinux_bprm_committing_creds | Prepare a process for imminent new credential changes due to exec |
selinux_bprm_committed_creds | Clean up the process immediately after the installation of new credentials* due to exec |
selinux_inode_setxattr | |
ioctl_has_perm | Check whether a task has the ioctl permission and cmd* operation to an inode. |
file_map_prot_check | |
selinux_mmap_addr | |
selinux_file_mprotect | |
selinux_file_send_sigiotask | |
selinux_task_alloc | ask security operations |
selinux_kernel_act_as | set the security data for a kernel service* - all the creation contexts are set to unlabelled |
selinux_kernel_create_files_as | set the file creation context in a security record to the same as the* objective context of the specified inode |
selinux_kernel_module_request | |
selinux_kernel_module_from_file | |
selinux_task_setpgid | |
selinux_task_getpgid | |
selinux_task_getsid | |
selinux_task_setnice | |
selinux_task_setioprio | |
selinux_task_getioprio | |
selinux_task_prlimit | |
selinux_task_setrlimit | |
selinux_task_setscheduler | |
selinux_task_getscheduler | |
selinux_task_movememory | |
selinux_task_kill | |
sock_has_perm | |
selinux_socket_create | |
selinux_socket_bind | Range of port numbers used to automatically bind.Need to determine whether we should perform a name_bindpermission check between the socket and the port number. |
selinux_socket_connect_helper | This supports connect(2) and SCTP connect services such as sctp_connectx(3)* and sctp_sendmsg(3) as described in Documentation/security/SCTP.rst |
selinux_socket_unix_stream_connect | |
selinux_socket_unix_may_send | |
selinux_inet_sys_rcv_skb | |
selinux_sock_rcv_skb_compat | |
selinux_socket_sock_rcv_skb | |
selinux_sctp_assoc_request | Called whenever SCTP receives an INIT chunk. This happens when an incoming* connect(2), sctp_connectx(3) or sctp_sendmsg(3) (with no association* already present). |
selinux_secmark_relabel_packet | |
selinux_tun_dev_create | |
selinux_tun_dev_attach_queue | |
selinux_tun_dev_open | |
ipc_has_perm | |
selinux_msg_queue_alloc_security | message queue security operations |
selinux_msg_queue_associate | |
selinux_msg_queue_msgctl | |
selinux_msg_queue_msgsnd | |
selinux_msg_queue_msgrcv | |
selinux_shm_alloc_security | Shared Memory security operations |
selinux_shm_associate | |
selinux_shm_shmctl | Note, at this point, shp is locked down |
selinux_sem_alloc_security | Semaphore security operations |
selinux_sem_associate | |
selinux_sem_semctl | Note, at this point, sma is locked down |
selinux_getprocattr | |
selinux_setprocattr | |
selinux_key_permission | |
sel_open_policy | |
sel_read_policy | |
sel_write_load | |
sel_write_context | |
sel_write_checkreqprot | |
sel_write_validatetrans | |
sel_write_access | Remaining nodes use transaction based IO methods like nfsd/nfsctl.c |
sel_write_create | |
sel_write_relabel | |
sel_write_user | |
sel_write_member | |
sel_write_bool | |
sel_commit_bools_write | |
sel_write_avc_cache_threshold | |
selinux_xfrm_alloc_user | Allocates a xfrm_sec_state and populates it using the supplied security* xfrm_user_sec_ctx context. |
selinux_xfrm_delete | Authorize the deletion of a labeled SA or policy rule. |
selinux_xfrm_policy_lookup | LSM hook implementation that authorizes that a flow can use a xfrm policy* rule. |
selinux_xfrm_state_pol_flow_match | LSM hook implementation that authorizes that a state matches* the given policy, flow combo. |
selinux_xfrm_sock_rcv_skb | LSM hook that controls access to unlabelled packets. If* a xfrm_state is authorizable (defined by macro) then it was* already authorized by the IPSec process. If not, then* we need to check for unlabelled access since this may not have |
selinux_xfrm_postroute_last | POSTROUTE_LAST hook's XFRM processing:* If we have no security association, then we need to determine* whether the socket is allowed to send to an unlabelled destination.* If we do have a authorizable security association, then it has already been |
selinux_netlbl_sock_rcv_skb | selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel*@sksec: the sock's sk_security_struct*@skb: the packet*@family: protocol family*@ad: the audit data* Description:* Fetch the NetLabel security attributes from @skb and perform an |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |