| /security/apparmor/ |
| D | capability.c | 46 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb()
62 int cap, int error) in audit_caps() argument
71 sa.u.cap = cap; in audit_caps()
78 !cap_raised(profile->caps.audit, cap))) in audit_caps()
82 cap_raised(profile->caps.kill, cap)) { in audit_caps()
84 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
93 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
101 cap_raise(ent->caps, cap); in audit_caps()
115 static int profile_capable(struct aa_profile *profile, int cap) in profile_capable() argument
117 return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM; in profile_capable()
[all …]
|
| D | policy_unpack.c | 531 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
533 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile()
535 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) in unpack_profile()
537 if (!unpack_u32(e, &tmpcap.cap[0], NULL)) in unpack_profile()
542 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
544 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile()
546 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) in unpack_profile()
548 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) in unpack_profile()
556 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) in unpack_profile()
558 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) in unpack_profile()
|
| D | lsm.c | 140 int cap, int audit) in apparmor_capable() argument
144 int error = cap_capable(cred, ns, cap, audit); in apparmor_capable()
148 error = aa_capable(current, profile, cap, audit); in apparmor_capable()
|
| /security/ |
| D | commoncap.c | 81 int cap, int audit) in cap_capable()
84 if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) in cap_capable()
86 if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN)) in cap_capable()
97 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
352 __u32 permitted = caps->permitted.cap[i]; in bprm_caps_from_vfs_caps()
353 __u32 inheritable = caps->inheritable.cap[i]; in bprm_caps_from_vfs_caps()
358 new->cap_permitted.cap[i] = in bprm_caps_from_vfs_caps()
359 (new->cap_bset.cap[i] & permitted) | in bprm_caps_from_vfs_caps()
360 (new->cap_inheritable.cap[i] & inheritable); in bprm_caps_from_vfs_caps()
362 if (permitted & ~new->cap_permitted.cap[i]) in bprm_caps_from_vfs_caps()
[all …]
|
| D | security.c | 181 int cap) in security_capable() argument
183 return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); in security_capable()
187 int cap) in security_capable_noaudit() argument
189 return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); in security_capable_noaudit()
|
| D | lsm_audit.c | 230 audit_log_format(ab, " capability=%d ", a->u.cap); in dump_common_audit_data()
|
| /security/apparmor/include/ |
| D | capability.h | 37 int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
|
| /security/selinux/ |
| D | hooks.c | 1458 int cap, int audit) in cred_has_capability() argument
1465 u32 av = CAP_TO_MASK(cap); in cred_has_capability()
1471 ad.u.cap = cap; in cred_has_capability()
1473 switch (CAP_TO_INDEX(cap)) { in cred_has_capability()
1482 "SELinux: out of range capability %d\n", cap); in cred_has_capability()
1987 int cap, int audit) in selinux_capable() argument
1991 rc = cap_capable(cred, ns, cap, audit); in selinux_capable()
1995 return cred_has_capability(cred, cap, audit); in selinux_capable()
|