secpol_check_permission()

Test if a given type has a permission

Synopsis:

#include <secpol/secpol.h>
int secpol_check_permission(const struct _msg_info *info,
                            uint32_t otype,
                            const secpol_permission_t *permission)

Arguments:

info
The message information associated with the message that this check relates to.
otype
The type of the object being accessed or acted on.
permission
A handle to a permission returned by secpol_get_permission().

Library:

libsecpol

Description:

When a call to secpol_check_permission() fails, it indicates that the caller is denied the permission check. The possible errors are:
  • EPERM - Permission denied.
  • EINVAL - Invalid parameters to function.
  • ENOMEM - Out of memory.

In most cases, all errors should be treated identically.

The otype argument allows you to restrict the test for a permission to a specific object that the permission accesses or acts on. For more information, see Customizing permissions using a security policy.

Returns:

0 if the type ptype has the indicated permission for the type otype, or -1 if the call failed (errno is set).