/security/apparmor/ |
D | capability.c | 49 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb() 65 int cap, int error) in audit_caps() argument 75 !cap_raised(profile->caps.audit, cap))) in audit_caps() 79 cap_raised(profile->caps.kill, cap)) { in audit_caps() 81 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps() 90 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps() 98 cap_raise(ent->caps, cap); in audit_caps() 114 static int profile_capable(struct aa_profile *profile, int cap, in profile_capable() argument 119 if (cap_raised(profile->caps.allow, cap) && in profile_capable() 120 !cap_raised(profile->caps.denied, cap)) in profile_capable() [all …]
|
D | policy_unpack.c | 773 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile() 775 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile() 777 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) in unpack_profile() 779 if (!unpack_u32(e, &tmpcap.cap[0], NULL)) in unpack_profile() 785 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile() 787 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile() 789 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) in unpack_profile() 791 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) in unpack_profile() 800 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) in unpack_profile() 802 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) in unpack_profile()
|
D | lsm.c | 171 int cap, unsigned int opts) in apparmor_capable() argument 178 error = aa_capable(label, cap, opts); in apparmor_capable()
|
/security/ |
D | commoncap.c | 66 int cap, unsigned int opts) in cap_capable() 77 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable() 345 static bool is_v2header(size_t size, const struct vfs_cap_data *cap) in is_v2header() argument 349 return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_2; in is_v2header() 352 static bool is_v3header(size_t size, const struct vfs_cap_data *cap) in is_v3header() argument 356 return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_3; in is_v3header() 378 struct vfs_cap_data *cap; in cap_inode_getsecurity() local 401 cap = (struct vfs_cap_data *) tmpbuf; in cap_inode_getsecurity() 402 if (is_v2header((size_t) ret, cap)) { in cap_inode_getsecurity() 404 } else if (is_v3header((size_t) ret, cap)) { in cap_inode_getsecurity() [all …]
|
D | lsm_audit.c | 230 audit_log_format(ab, " capability=%d ", a->u.cap); in dump_common_audit_data()
|
D | security.c | 726 int cap, in security_capable() argument 729 return call_int_hook(capable, 0, cred, ns, cap, opts); in security_capable()
|
/security/safesetid/ |
D | lsm.c | 65 int cap, in safesetid_security_capable() argument 69 if (cap != CAP_SETUID) in safesetid_security_capable()
|
/security/smack/ |
D | smack_access.c | 631 bool smack_privileged_cred(int cap, const struct cred *cred) in smack_privileged_cred() argument 638 rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE); in smack_privileged_cred() 668 bool smack_privileged(int cap) in smack_privileged() argument 676 return smack_privileged_cred(cap, current_cred()); in smack_privileged()
|
D | smack.h | 308 bool smack_privileged(int cap); 309 bool smack_privileged_cred(int cap, const struct cred *cred);
|
/security/apparmor/include/ |
D | capability.h | 39 int aa_capable(struct aa_label *label, int cap, unsigned int opts);
|
/security/selinux/ |
D | hooks.c | 1650 int cap, unsigned int opts, bool initns) in cred_has_capability() argument 1656 u32 av = CAP_TO_MASK(cap); in cred_has_capability() 1660 ad.u.cap = cap; in cred_has_capability() 1662 switch (CAP_TO_INDEX(cap)) { in cred_has_capability() 1670 pr_err("SELinux: out of range capability %d\n", cap); in cred_has_capability() 2191 int cap, unsigned int opts) in selinux_capable() argument 2193 return cred_has_capability(cred, cap, opts, ns == &init_user_ns); in selinux_capable()
|