IBM®
跳转到主要内容
    中国 [选择]    使用条款
 
 
Select a scope: Search for:    
    首页    产品    服务与解决方案     支持与下载    个性化服务    
跳转到主要内容

developerWorks 中国  >  Linux  >

developerWorks

返回原文.. 

		
	/*
 * Compute access vectors based on a SID pair for
 * the permissions in a particular class.
 */
int security_compute_av(security_id_t ssid,	
			security_id_t tsid,	
			security_class_t tclass,		
			access_vector_t requested,	
			access_vector_t * allowed,	
			access_vector_t * decided,/* set of 
*permissions for which a decision was returned*/
	
#ifdef CONFIG_FLASK_AUDIT
			access_vector_t * auditallow,/*audit when *granted */	
			access_vector_t * auditdeny,/* audit when *denied */	
#endif
#ifdef CONFIG_FLASK_NOTIFY
			access_vector_t * notify,	
#endif
			__u32 seqno) /* sequence number associated 
*with granting of access. If policy change sequence is 
*greater than this, the access granting is invalid. This 
*solves the potential interleaving problem */
{				
	*allowed = 0xffffffff;
	*decided = 0xffffffff;
#ifdef CONFIG_FLASK_AUDIT
	*auditallow = 0;
	*auditdeny = 0xffffffff;
#endif
#ifdef CONFIG_FLASK_NOTIFY
	*notify = 0;
#endif
	*seqno = 0;
	return 0;
}
static char default_scontext[] = "unlabeled";
/*
 * Write the security context string representation of 
 * the context associated with `sid' into a dynamically
 * allocated string of the correct size.  Set `*scontext'
 * to point to this string and set `*scontext_len' to
 * the length of the string. The file system uses this to 
*get the security context when adding to persistent label 
*mapping. Procfs get the context of a process with this so 
*it can include it in the status file */
 
int security_sid_to_context(security_id_t sid,	
			    security_context_t * scontext,	
			    __u32 *scontext_len)
{				
	*scontext_len = strlen(default_scontext) + 1;
	*scontext = malloc(*scontext_len);
	strcpy(*scontext, default_scontext);
	return 0;
}
/*
 * Return a SID associated with the security context that
 * has the string representation specified by `scontext'.
 */
int security_context_to_sid(security_context_t scontext,		
			    __u32 scontext_len,	
			    security_id_t * out_sid)
{				
	*out_sid = SECINITSID_UNLABELED;
	return 0;
}
#ifdef CONFIG_FLASK_NOTIFY
/*
 * Notify the security server that an operation
 * associated with a previously granted permission 
 * has successfully completed.
 */
int security_notify_perm(security_id_t ssid,	
			 security_id_t tsid,	
			 security_class_t tclass,	
			 access_vector_t requested)
{				
	return 0;
}
#endif

返回原文.

    关于 IBM      隐私条约      联系 IBM      使用条款