[redhat-lspp] avc_has_perm oddness
Matt Anderson
mra at hp.com
Mon Jun 26 18:33:50 UTC 2006
In trying to come up with the correct access check for lpq I looked at
security_compute_av() and avc_has_perm_noaudit() According to the man
page for security_compute_av the cron source is an example, so I also
took a look at that.
Using this sample program I always get 0 as the return value, which
should indicate success, but I get it even when I supply values which
should fail. The only time avc_has_perm_noaudit() returns -1 is when
the policy does not allow access to the selinux_netlink_socket tclass.
Looking at the cron source I see a comparison of the av_decision.allowed
with the access_vector_t that was requested. When I look at the
av_decision.allowed after calling avc_has_perm I always see 0.
Am I doing something wrong? Does the documentation describe the current
functionality?
Any help would be appreciated.
-matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: access-check.c
Type: text/x-csrc
Size: 1030 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060626/eb143a88/attachment.bin>
More information about the redhat-lspp
mailing list