Security Kernel Services
The Security kernel services provide methods for controlling the auditing system and for determining the access rights to objects for the invoking process.
The following services are security kernel services:
Item | Description |
---|---|
suser | Determines the privilege state of a process. |
audit_svcstart | Initiates an audit record for a system call. |
audit_svcbcopy | Appends event information to the current audit event buffer. |
audit_svcfinis | Writes an audit record for a kernel service. |
crcopy | Creates a copy of a security credentials structure. |
crdup | Creates a copy of the current security credentials structure. |
credential macros | Provide a means for accessing the user and group identifier fields within a credentials structure. |
crexport | Copies an internal format credentials structure to an external format credentials structure. |
crfree | Frees a security credentials structure. |
crget | Allocates a new, uninitialized security credentials structure. |
crhold | Increments the reference count of a security credentials structure. |
crref | Increments the reference count of the current security credentials structure. |
crset | Replaces the current security credentials structure. |
kcred_genpagvalue | Generates a system-wide unique PAG value for a given PAG name (such as afs). |
kcred_getcap | Copies a capability vector from a credentials structure. |
kcred_getgroups | Copies the concurrent group set from a credentials structure. |
kcred_getpag | Copies a process authentication group (PAG) ID from a credentials structure. |
kcred_getpag64 | Retrieves 64-bit PAG values from a process's credentials structure. |
kcred_getpagid | Returns the process authentication group (PAG) identifier for a PAG name. |
kcred_getpagname | Retrieves the name of a process authentication group (PAG). |
kcred_getpriv | Copies a privilege vector from a credentials structure. |
kcred_setcap | Copies a capabilities set into a credentials structure. |
kcred_setgroups | Copies a concurrent group set into a credentials structure. |
kcred_setpag | Copies a process authentication group ID into a credentials structure. |
kcred_setpag64 | Stores 64-bit PAG values in a process's credentials structure. |
kcred_setpagname | Copies a process authentication group ID into a credentials structure. |
kcred_setpriv | Copies a privilege vector into a credentials structure. |
TE_verify_reg | Registers a callout handler for trusted execution file verification during
exec() , kernel extension loads, and library load operations. |
TE_verify_unreg | Unregister a previously registered callout handler for trusted execution. |