secpol_check_permission()

Updated: April 19, 2023

Check if a requesting process has a specified permission

Synopsis:

#include <secpol/secpol.h>
int secpol_check_permission(const struct _msg_info *info,
                            uint32_t otype,
                            const secpol_permission_t *permission)

Arguments:

info
The message information associated with the message that this check relates to.
otype
The type of the object being accessed or acted on.
permission
A handle to a permission returned by secpol_get_permission().

Library:

libsecpol

Description:

When a call to secpol_check_permission() fails, it indicates that the caller is denied the permission check. In most cases, all errors should be treated identically.

The otype argument allows you to restrict the test for a permission to a specific object that the permission accesses or acts on. For more information, see Customizing permissions using a security policy.

Returns:

0 if the requesting process has the indicated permission for the type otype, or -1 if the call failed. On failure, errno is set to one of the following values:
  • EPERM Permission denied.
  • EINVAL Invalid parameters to function.
  • ENOMEM Out of memory.