1 // SPDX-License-Identifier: GPL-2.0-only
7  * Copyright (C) 1998-2008 Novell/SUSE
8  * Copyright 2009-2010 Canonical Ltd.
40  * audit_cb - call back for capability components of audit struct
41  * @ab - audit buffer   (NOT NULL)
42  * @va - audit struct to audit data from  (NOT NULL)
49 	audit_log_untrustedstring(ab, capability_names[sa->u.cap]);  in audit_cb()
53  * audit_caps - audit a capability
57  * @error: error code returned by test
62  * Returns: 0 or ad->error on success,  error code on failure
67 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in audit_caps()  local
68 						    typeof(*rules), list);  in audit_caps()
72 	ad->error = error;  in audit_caps()
75 		/* test if auditing is being forced */  in audit_caps()
77 			   !cap_raised(rules->caps.audit, cap)))  in audit_caps()
81 		   cap_raised(rules->caps.kill, cap)) {  in audit_caps()
83 	} else if (cap_raised(rules->caps.quiet, cap) &&  in audit_caps()
92 	if (profile == ent->profile && cap_raised(ent->caps, cap)) {  in audit_caps()
98 		aa_put_profile(ent->profile);  in audit_caps()
99 		if (profile != ent->profile)  in audit_caps()
100 			cap_clear(ent->caps);  in audit_caps()
101 		ent->profile = aa_get_profile(profile);  in audit_caps()
102 		cap_raise(ent->caps, cap);  in audit_caps()
110  * profile_capable - test if profile allows use of capability @cap
112  * @cap: capability to test if allowed
116  * Returns: 0 if allowed else -EPERM
121 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in profile_capable()  local
122 						    typeof(*rules), list);  in profile_capable()
125 	if (cap_raised(rules->caps.allow, cap) &&  in profile_capable()
126 	    !cap_raised(rules->caps.denied, cap))  in profile_capable()
129 		error = -EPERM;  in profile_capable()
137 		ad->info = "optional: no audit";  in profile_capable()
144  * aa_capable - test permission to use capability