| /security/apparmor/ |
| D | capability.c | 51 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb()
65 static int audit_caps(struct aa_profile *profile, int cap, int error) in audit_caps() argument
73 sa.u.cap = cap; in audit_caps()
80 !cap_raised(profile->caps.audit, cap))) in audit_caps()
84 cap_raised(profile->caps.kill, cap)) { in audit_caps()
86 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
95 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
103 cap_raise(ent->caps, cap); in audit_caps()
117 static int profile_capable(struct aa_profile *profile, int cap) in profile_capable() argument
119 return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM; in profile_capable()
[all …]
|
| D | policy_unpack.c | 543 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
545 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile()
547 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) in unpack_profile()
549 if (!unpack_u32(e, &tmpcap.cap[0], NULL)) in unpack_profile()
554 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
556 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile()
558 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) in unpack_profile()
560 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) in unpack_profile()
568 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) in unpack_profile()
570 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) in unpack_profile()
|
| D | lsm.c | 140 int cap, int audit) in apparmor_capable() argument
144 int error = cap_capable(cred, ns, cap, audit); in apparmor_capable()
148 error = aa_capable(profile, cap, audit); in apparmor_capable()
|
| /security/ |
| D | commoncap.c | 81 int cap, int audit) in cap_capable()
86 if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) in cap_capable()
88 if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN)) in cap_capable()
99 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
376 __u32 permitted = caps->permitted.cap[i]; in bprm_caps_from_vfs_caps()
377 __u32 inheritable = caps->inheritable.cap[i]; in bprm_caps_from_vfs_caps()
383 new->cap_permitted.cap[i] = in bprm_caps_from_vfs_caps()
384 (new->cap_bset.cap[i] & permitted) | in bprm_caps_from_vfs_caps()
385 (new->cap_inheritable.cap[i] & inheritable); in bprm_caps_from_vfs_caps()
387 if (permitted & ~new->cap_permitted.cap[i]) in bprm_caps_from_vfs_caps()
[all …]
|
| D | security.c | 198 int cap) in security_capable() argument
200 return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); in security_capable()
204 int cap) in security_capable_noaudit() argument
206 return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); in security_capable_noaudit()
|
| D | lsm_audit.c | 233 audit_log_format(ab, " capability=%d ", a->u.cap); in dump_common_audit_data()
|
| /security/apparmor/include/ |
| D | capability.h | 41 int aa_capable(struct aa_profile *profile, int cap, int audit);
|
| /security/smack/ |
| D | smack.h | 331 static inline int smack_privileged(int cap) in smack_privileged() argument
335 if (!capable(cap)) in smack_privileged()
|
| /security/selinux/ |
| D | hooks.c | 1550 int cap, int audit) in cred_has_capability() argument
1556 u32 av = CAP_TO_MASK(cap); in cred_has_capability()
1560 ad.u.cap = cap; in cred_has_capability()
1562 switch (CAP_TO_INDEX(cap)) { in cred_has_capability()
1571 "SELinux: out of range capability %d\n", cap); in cred_has_capability()
2059 int cap, int audit) in selinux_capable() argument
2063 rc = cap_capable(cred, ns, cap, audit); in selinux_capable()
2067 return cred_has_capability(cred, cap, audit); in selinux_capable()
|