Home
last modified time | relevance | path

Searched refs:cap (Results 1 – 11 of 11) sorted by relevance

/security/apparmor/
Dcapability.c49 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb()
65 int cap, int error) in audit_caps() argument
75 !cap_raised(profile->caps.audit, cap))) in audit_caps()
79 cap_raised(profile->caps.kill, cap)) { in audit_caps()
81 } else if (cap_raised(profile->caps.quiet, cap) && in audit_caps()
90 if (profile == ent->profile && cap_raised(ent->caps, cap)) { in audit_caps()
98 cap_raise(ent->caps, cap); in audit_caps()
114 static int profile_capable(struct aa_profile *profile, int cap, in profile_capable() argument
119 if (cap_raised(profile->caps.allow, cap) && in profile_capable()
120 !cap_raised(profile->caps.denied, cap)) in profile_capable()
[all …]
Dpolicy_unpack.c782 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
784 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile()
786 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) in unpack_profile()
788 if (!unpack_u32(e, &tmpcap.cap[0], NULL)) in unpack_profile()
794 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
796 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile()
798 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) in unpack_profile()
800 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) in unpack_profile()
809 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) in unpack_profile()
811 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) in unpack_profile()
Dlsm.c181 int cap, unsigned int opts) in apparmor_capable() argument
188 error = aa_capable(label, cap, opts); in apparmor_capable()
/security/
Dcommoncap.c66 int cap, unsigned int opts) in cap_capable()
77 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; in cap_capable()
345 static bool is_v2header(size_t size, const struct vfs_cap_data *cap) in is_v2header() argument
349 return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_2; in is_v2header()
352 static bool is_v3header(size_t size, const struct vfs_cap_data *cap) in is_v3header() argument
356 return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_3; in is_v3header()
378 struct vfs_cap_data *cap; in cap_inode_getsecurity() local
401 cap = (struct vfs_cap_data *) tmpbuf; in cap_inode_getsecurity()
402 if (is_v2header((size_t) ret, cap)) { in cap_inode_getsecurity()
404 } else if (is_v3header((size_t) ret, cap)) { in cap_inode_getsecurity()
[all …]
Dlsm_audit.c230 audit_log_format(ab, " capability=%d ", a->u.cap); in dump_common_audit_data()
Dsecurity.c745 int cap, in security_capable() argument
748 return call_int_hook(capable, 0, cred, ns, cap, opts); in security_capable()
/security/safesetid/
Dlsm.c92 int cap, in safesetid_security_capable() argument
96 if (cap != CAP_SETUID && cap != CAP_SETGID) in safesetid_security_capable()
113 switch (cap) { in safesetid_security_capable()
/security/smack/
Dsmack_access.c650 bool smack_privileged_cred(int cap, const struct cred *cred) in smack_privileged_cred() argument
657 rc = cap_capable(cred, &init_user_ns, cap, CAP_OPT_NONE); in smack_privileged_cred()
687 bool smack_privileged(int cap) in smack_privileged() argument
696 return smack_privileged_cred(cap, current_cred()); in smack_privileged()
Dsmack.h298 bool smack_privileged(int cap);
299 bool smack_privileged_cred(int cap, const struct cred *cred);
/security/apparmor/include/
Dcapability.h39 int aa_capable(struct aa_label *label, int cap, unsigned int opts);
/security/selinux/
Dhooks.c1602 int cap, unsigned int opts, bool initns) in cred_has_capability() argument
1608 u32 av = CAP_TO_MASK(cap); in cred_has_capability()
1612 ad.u.cap = cap; in cred_has_capability()
1614 switch (CAP_TO_INDEX(cap)) { in cred_has_capability()
1622 pr_err("SELinux: out of range capability %d\n", cap); in cred_has_capability()
2143 int cap, unsigned int opts) in selinux_capable() argument
2145 return cred_has_capability(cred, cap, opts, ns == &init_user_ns); in selinux_capable()