void main(void) { access_vector_t requested = PACKET_SOCKET__IOCTL; int ret = -1; ret = checkPasswdAccess(requested); if(!ret){ printf("the request access privicy is granted\n"); } return ; }
static int check_for_root (pam_handle_t *pamh, int ctrl) { int retval = PAM_AUTH_ERR; if (getuid() == 0) #ifdef WITH_SELINUX if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0) #endif retval = PAM_SUCCESS; if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "root check %s", (retval==PAM_SUCCESS) ? "succeeded" : "failed"); } return retval; }
static void check_selinux_update_passwd(const char *username) { security_context_t context; char *seuser; if (getuid() != (uid_t)0 || is_selinux_enabled() == 0) return; /* No need to check */ if (getprevcon_raw(&context) < 0) bb_perror_msg_and_die("getprevcon failed"); seuser = strtok(context, ":"); if (!seuser) bb_error_msg_and_die("invalid context '%s'", context); if (strcmp(seuser, username) != 0) { if (checkPasswdAccess(PASSWD__PASSWD) != 0) bb_error_msg_and_die("SELinux: access denied"); } if (ENABLE_FEATURE_CLEAN_UP) freecon(context); }