| /security/apparmor/ |
| D | capability.c | 49 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb()
65 int cap, int error) in audit_caps() argument
75 !cap_raised(profile->caps.audit, cap))) in audit_caps()
79 cap_raised(profile->caps.kill, cap)) { in audit_caps()
81 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
90 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
98 cap_raise(ent->caps, cap); in audit_caps()
114 static int profile_capable(struct aa_profile *profile, int cap, in profile_capable() argument
119 if (cap_raised(profile->caps.allow, cap) && in profile_capable()
120 !cap_raised(profile->caps.denied, cap)) in profile_capable()
[all …]
|
| D | policy_unpack.c | 769 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
771 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile()
773 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) in unpack_profile()
775 if (!unpack_u32(e, &tmpcap.cap[0], NULL)) in unpack_profile()
781 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
783 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile()
785 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) in unpack_profile()
787 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) in unpack_profile()
796 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) in unpack_profile()
798 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) in unpack_profile()
|
| D | lsm.c | 171 int cap, unsigned int opts) in apparmor_capable() argument
178 error = aa_capable(label, cap, opts); in apparmor_capable()
|
| /security/ |
| D | commoncap.c | 66 int cap, unsigned int opts) in cap_capable()
77 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
345 static bool is_v2header(size_t size, const struct vfs_cap_data *cap) in is_v2header() argument
349 return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_2; in is_v2header()
352 static bool is_v3header(size_t size, const struct vfs_cap_data *cap) in is_v3header() argument
356 return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_3; in is_v3header()
377 struct vfs_cap_data *cap; in cap_inode_getsecurity() local
398 cap = (struct vfs_cap_data *) tmpbuf; in cap_inode_getsecurity()
399 if (is_v2header((size_t) ret, cap)) { in cap_inode_getsecurity()
407 } else if (!is_v3header((size_t) ret, cap)) { in cap_inode_getsecurity()
[all …]
|
| D | lsm_audit.c | 230 audit_log_format(ab, " capability=%d ", a->u.cap); in dump_common_audit_data()
|
| D | security.c | 726 int cap, in security_capable() argument
729 return call_int_hook(capable, 0, cred, ns, cap, opts); in security_capable()
|
| /security/safesetid/ |
| D | lsm.c | 65 int cap, in safesetid_security_capable() argument
69 if (cap != CAP_SETUID) in safesetid_security_capable()
|
| /security/smack/ |
| D | smack_access.c | 632 bool smack_privileged_cred(int cap, const struct cred *cred) in smack_privileged_cred() argument
639 rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE); in smack_privileged_cred()
669 bool smack_privileged(int cap) in smack_privileged() argument
677 return smack_privileged_cred(cap, current_cred()); in smack_privileged()
|
| D | smack.h | 311 bool smack_privileged(int cap);
312 bool smack_privileged_cred(int cap, const struct cred *cred);
|
| /security/apparmor/include/ |
| D | capability.h | 39 int aa_capable(struct aa_label *label, int cap, unsigned int opts);
|
| /security/selinux/ |
| D | hooks.c | 1633 int cap, unsigned int opts, bool initns) in cred_has_capability() argument
1639 u32 av = CAP_TO_MASK(cap); in cred_has_capability()
1643 ad.u.cap = cap; in cred_has_capability()
1645 switch (CAP_TO_INDEX(cap)) { in cred_has_capability()
1653 pr_err("SELinux: out of range capability %d\n", cap); in cred_has_capability()
2180 int cap, unsigned int opts) in selinux_capable() argument
2182 return cred_has_capability(cred, cap, opts, ns == &init_user_ns); in selinux_capable()
|