TechQA.

Map SELinux requested permission to string representing System Call

135 views Asked by At

I am trying to map the requested access control vector to the corresponding textual representation of the system call in the following function:

int avc_has_perm(security_id_t ssid, security_id_t tsid,
         security_class_t tclass, access_vector_t requested,
         struct avc_entry_ref *aeref, void *auditdata)

From the documentation I can see that:

requested = requested permissions, interpreted based on @tclass

Is there a function that maps such requested field to the textual representation of the associated system call (i.e., read, write, open, etc.)?

Thanks

selinux libselinux seandroid
Original Q&A
1

There are 1 answers

0
Giuseppe On BEST ANSWER

I found that the mapping is done at the kernel space by using the secclass_map[] structure declared inside the ./security/selinux/include/classmap.h.

A function that shows how to do the mapping is avc_dump_av inside ./security/selinux/avc.c

Related Questions in SELINUX

Related Questions in LIBSELINUX

Related Questions in SEANDROID

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions