Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\selinux\hooks.c Create Date:2022-07-28 18:55:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Check whether a task is allowed to use a capability.

Proto:static int cred_has_capability(const struct cred *cred, int cap, unsigned int opts, bool initns)

Type:int

Parameter:

TypeParameterName
const struct cred *cred
intcap
unsigned intopts
boolinitns
1634  sid = get the security ID of a set of credentials
1635  av = mask for indexed __u32 (cap)
1638  type = LSM_AUDIT_DATA_CAP
1639  cap = cap
1642  Case 1 << 5 == bits in __u32 (cap) == 0
1643  sclass = If initns Then SECCLASS_CAPABILITY Else SECCLASS_CAP_USERNS
1644  Break
1645  Case 1 << 5 == bits in __u32 (cap) == 1
1646  sclass = If initns Then SECCLASS_CAPABILITY2 Else SECCLASS_CAP2_USERNS
1647  Break
1648  Default
1649  pr_err("SELinux: out of range capability %d\n", cap)
1650  BUG()
1651  Return -EINVAL
1654  rc = avc_has_perm_noaudit - Check permissions but perform no auditing
1656  If Not (opts & If capable should audit the security request ) Then
1657  rc2 = avc_audit - Audit the granting or denial of permissions
1659  If rc2 Then Return rc2
1662  Return rc
Caller
NameDescribe
selinux_capable(This comment used to live with the selinux_task_setuid hook,* which was removed).* Since setuid only affects the current process, and since the SELinux* controls are not based on the Linux identity attributes, SELinux does not
selinux_vm_enough_memoryCheck that a process has enough memory to allocate a new virtual* mapping. 0 means there is enough memory for the allocation to* succeed and -ENOMEM implies there is not.* Do not audit the selinux permission check, as this is applied to all
has_cap_mac_admin
selinux_file_ioctl