check policy

Checks whether the entity has the specified access rights to use the resource.

The list of access rights is passed in the policy arguments.

Type: call policy

Syntax

check <configuration> (in SID holder, in SID resource,

in Rights rights)

Parameters

holder	Holder of the capability.
resource	Resource SID associated with the capability.
rights	Mask of access rights.

Policy configuration

<configuration> ::= "{" <type> "}"

<type> ::= "type" ":" <resource-type>

Configuration elements

<resource-type>

Resource type assigned during initialization of the capability. It must match one of the types in the family instance configuration.

Returned value

KSS_GRANT if the holder has all the specified access rights to the resource, and KSS_DENY if not. The check will not be performed in the following cases:

• At least one of the specified SIDs is incorrect.
• The resource SID is not associated with the capability.
• The resource type specified in the configuration (<type>) does not match the type assigned during capability initialization.
• holder is not a capability holder for the specified resource.
• holder does not have all the specified access rights to the resource.
• For the specified resource type in the ocap family instance configuration, at least one of the transferred access rights is missing.

All specified restrictions apply only within the ocap family instance.

Page top