Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\avc.c Create Date:2022-07-28 18:44:19
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:avc_has_perm_noaudit - Check permissions but perform no auditing

Proto:inline int avc_has_perm_noaudit(struct selinux_state *state, unsigned int ssid, unsigned int tsid, u16 tclass, unsigned int requested, unsigned int flags, struct av_decision *avd)

Type:int

Parameter:

TypeParameterName
struct selinux_state *state
unsigned intssid
unsigned inttsid
u16tclass
unsigned intrequested
unsigned intflags
struct av_decision *avd
1137  rc = 0
1140  If WARN_ON(!requested) Then Return -EACCES
1143  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
1145  node = avc_lookup - Look up an AVC entry.*@ssid: source security identifier*@tsid: target security identifier*@tclass: target security class* Look up an AVC entry that is valid for the* (@ssid, @tsid), interpreting the permissions* based on @tclass
1146  If Value for the false possibility is greater at compile time(!node) Then node = Slow-path helper function for avc_has_perm_noaudit,* when the avc_node lookup fails
1148  Else memcpy(avd, & avd, size of avd )
1151  denied = requested & ~allowed
1152  If Value for the false possibility is greater at compile time(denied) Then rc = avc_denied(state, ssid, tsid, tclass, requested, 0, 0, flags, avd)
1156  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
1157  Return rc
Caller
NameDescribe
avc_has_permavc_has_perm - Check permissions and perform any appropriate auditing
avc_has_perm_flags
cred_has_capabilityCheck whether a task is allowed to use a capability.
selinux_inode_permission