90c436a64a
The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
48 lines
1.1 KiB
C
48 lines
1.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* AppArmor security module
|
|
*
|
|
* This file contains AppArmor capability mediation definitions.
|
|
*
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
* Copyright 2009-2013 Canonical Ltd.
|
|
*/
|
|
|
|
#ifndef __AA_CAPABILITY_H
|
|
#define __AA_CAPABILITY_H
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include "apparmorfs.h"
|
|
|
|
struct aa_label;
|
|
|
|
/* aa_caps - confinement data for capabilities
|
|
* @allowed: capabilities mask
|
|
* @audit: caps that are to be audited
|
|
* @denied: caps that are explicitly denied
|
|
* @quiet: caps that should not be audited
|
|
* @kill: caps that when requested will result in the task being killed
|
|
* @extended: caps that are subject finer grained mediation
|
|
*/
|
|
struct aa_caps {
|
|
kernel_cap_t allow;
|
|
kernel_cap_t audit;
|
|
kernel_cap_t denied;
|
|
kernel_cap_t quiet;
|
|
kernel_cap_t kill;
|
|
kernel_cap_t extended;
|
|
};
|
|
|
|
extern struct aa_sfs_entry aa_sfs_entry_caps[];
|
|
|
|
int aa_capable(const struct cred *subj_cred, struct aa_label *label,
|
|
int cap, unsigned int opts);
|
|
|
|
static inline void aa_free_cap_rules(struct aa_caps *caps)
|
|
{
|
|
/* NOP */
|
|
}
|
|
|
|
#endif /* __AA_CAPBILITY_H */
|