secpol_check_permission()
QNX SDP8.0QNX OS System Security GuideAPIConfiguration
Check if a requesting process has a specified permission
Synopsis:
#include <secpol/secpol.h>
int secpol_check_permission(const struct _msg_info *info,
uint32_t otype,
const secpol_permission_t *permission)
Arguments:
- info
- The message information associated with the message that this check relates to.
- otype
- The type of the object being accessed or acted on.
- permission
- A handle to a permission returned by secpol_get_permission().
Library:
libsecpolDescription:
When a call to secpol_check_permission() fails, it indicates that the caller is denied the permission check. In most cases, all errors should be treated identically.
The otype argument allows you to restrict the test for a permission to a specific object that the permission accesses or acts on. For more information, see Customizing permissions using a security policy.
If the system is not using security policies, permission checking is performed by evaluating the class and permission name specified by secpol_get_permission() against environment variables. See Checking custom permissions when no policy is used.
Returns:
0
if the requesting process has the indicated permission for the type otype, or -1
if the call failed. On failure, errno is set to one of the following values:- EPERM Permission denied.
- EINVAL Invalid parameters to function.
- ENOMEM Out of memory.
Page updated: