checkR policy

Checks whether the holder has the specified access rights to use the resource.

The list of access rights is passed in the policy configuration.

Type: call policy

Syntax

checkR <configuration> (in SID holder, in SID resource)

Parameters

`holder`	Holder of the capability.
`resource`	Resource SID associated with the capability.

Policy configuration

<configuration> ::= "{" <type> "," <rights> "}"

<rights> ::= "rights" ":" "[" <right> {"," <right>} "]"

Configuration elements

`<resource-type>`	Resource type assigned during initialization of the capability. It must match one of the types in the family instance configuration.
`<rights>`	List of access rights. It must be a subset of the list of embedded rights and access rights for the specified resource type in the `ocap` family instance configuration.

Returned value

KSS_GRANT if the holder has all the specified access rights to the resource, and KSS_DENY if not. The check will not be performed in the following cases:

At least one of the specified SIDs is incorrect.
The resource SID is not associated with the capability.
The resource type specified in the configuration (<type>) does not match the type assigned during capability initialization.
holder is not a capability holder for the specified resource.
holder does not have all the specified access rights to the resource.

All specified restrictions apply only within the ocap family instance.

Page top