Function report |
Source Code:security\selinux\hooks.c |
Create Date:2022-07-28 18:55:00 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:Check whether a task is allowed to use a capability.
Proto:static int cred_has_capability(const struct cred *cred, int cap, unsigned int opts, bool initns)
Type:int
Parameter:
Type | Parameter | Name |
---|---|---|
const struct cred * | cred | |
int | cap | |
unsigned int | opts | |
bool | initns |
1635 | av = mask for indexed __u32 (cap) |
1638 | type = LSM_AUDIT_DATA_CAP |
1642 | Case 1 << 5 == bits in __u32 (cap) == 0 |
1643 | sclass = If initns Then SECCLASS_CAPABILITY Else SECCLASS_CAP_USERNS |
1644 | Break |
1645 | Case 1 << 5 == bits in __u32 (cap) == 1 |
1646 | sclass = If initns Then SECCLASS_CAPABILITY2 Else SECCLASS_CAP2_USERNS |
1647 | Break |
1648 | Default |
1656 | If Not (opts & If capable should audit the security request ) Then |
1662 | Return rc |
Name | Describe |
---|---|
selinux_capable | (This comment used to live with the selinux_task_setuid hook,* which was removed).* Since setuid only affects the current process, and since the SELinux* controls are not based on the Linux identity attributes, SELinux does not |
selinux_vm_enough_memory | Check that a process has enough memory to allocate a new virtual* mapping. 0 means there is enough memory for the allocation to* succeed and -ENOMEM implies there is not.* Do not audit the selinux permission check, as this is applied to all |
has_cap_mac_admin | |
selinux_file_ioctl |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |