Permission Checking Examples
-
execve() from fs/exec.c:prepare_binprm()
if (!bprm->sid) {
retval = security_transition_sid(current->sid, inode->i_sid,
SECCLASS_PROCESS, &bprm->sid);
if (retval) return retval;}
if (current->sid != bprm->sid && !bprm->sh_bang){
retval = AVC_HAS_PERM_AUDIT(current->sid, bprm->sid,
PROCESS, TRANSITION, &ad);
if (retval) return retval;
retval = process_file_mac_permission(bprm->sid, bprm->file,
PROCESS_ENTRYPOINT);
if (retval) return retval;}
retval = process_file_mac_permission(bprm->sid, bprm->file,
PROCESS_EXECUTE);
if (retval) return retval;
Also checks file:execute, fd:inherit, process:ptrace