鸿蒙研究站
|
官方文档
|
源码分析
== 鸿蒙内核参考手册 ==
内核注释
|
论坛
|
赞助作者
更新日期: 2022/06/01 来源: https://gitee.com/weharmony/kernel_liteos_a_note
capability_type.h
浏览该文件的文档.
1
/*
2
* Copyright (c) 2013-2019 Huawei Technologies Co., Ltd. All rights reserved.
3
* Copyright (c) 2020-2021 Huawei Device Co., Ltd. All rights reserved.
4
*
5
* Redistribution and use in source and binary forms, with or without modification,
6
* are permitted provided that the following conditions are met:
7
*
8
* 1. Redistributions of source code must retain the above copyright notice, this list of
9
* conditions and the following disclaimer.
10
*
11
* 2. Redistributions in binary form must reproduce the above copyright notice, this list
12
* of conditions and the following disclaimer in the documentation and/or other materials
13
* provided with the distribution.
14
*
15
* 3. Neither the name of the copyright holder nor the names of its contributors may be used
16
* to endorse or promote products derived from this software without specific prior written
17
* permission.
18
*
19
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
23
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
*/
31
/*
32
capabilities 翻译为 权限(集)
33
Capabilities 机制是在 Linux 内核 2.2 之后引入的,原理很简单,就是将之前与超级用户 root(UID=0)
34
关联的特权细分为不同的功能组,Capabilites 作为线程(Linux 并不真正区分进程和线程)的属性存在,
35
每个功能组都可以独立启用和禁用。其本质上就是将内核调用分门别类,具有相似功能的内核调用被分到同一组中。
36
这样一来,权限检查的过程就变成了:在执行特权操作时,如果线程的有效身份不是 root,
37
就去检查其是否具有该特权操作所对应的 capabilities,并以此为依据,决定是否可以执行特权操作。
38
capability 作用在进程上,让用户态进程具有内核态进程的某些权限.
39
https://blog.csdn.net/alex_yangchuansheng/article/details/102796001
40
*/
41
#ifndef CAPABILITY_TYPE_H
42
#define CAPABILITY_TYPE_H
43
44
// posix capabilities
45
#define CAP_CHOWN 0
//修改文件所有者的权限
46
#define CAP_DAC_EXECUTE 1
//具有执行权限
47
#define CAP_DAC_WRITE 2
//具有写权限
48
#define CAP_DAC_READ_SEARCH 3
//忽略文件读及目录搜索的 DAC 访问限制
49
#define CAP_FOWNER 4
//忽略文件属主 ID 必须和进程用户 ID 相匹配的限制
50
#define CAP_KILL 5
//允许向其他进程发生信号
51
#define CAP_SETGID 6
//允许设置其他进程组ID
52
#define CAP_SETUID 7
//允许设置其他进程用户ID
53
54
// socket capabilities
55
#define CAP_NET_BIND_SERVICE 8
//允许绑定端口权限
56
#define CAP_NET_BROADCAST 9
//允许广播
57
#define CAP_NET_ADMIN 10
58
#define CAP_NET_RAW 11
59
60
// fs capabilities
61
#define CAP_FS_MOUNT 12
//允许挂载
62
#define CAP_FS_FORMAT 13
//允许格式化
63
64
// process capabilities
65
#define CAP_SCHED_SETPRIORITY 14
//允许设置调度优先级
66
67
// time capabilities
68
#define CAP_SET_TIMEOFDAY 15
69
#define CAP_CLOCK_SETTIME 16
70
71
// process capabilities
72
#define CAP_CAPSET 17
//允许改变进程自身的权限集
73
74
// reboot capability
75
#define CAP_REBOOT 18
//允许重新启动系统
76
// self deined privileged syscalls
77
#define CAP_SHELL_EXEC 19
//自我定义的特权系统调用
78
#endif
security
cap
capability_type.h
公众号:鸿蒙研究站(weharmonyos)
|
论坛: bbs.weharmonyos.com
| 制作者
鸿蒙研究站 | weharmonyos.com