capability.h 1.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * AppArmor security module
  4. *
  5. * This file contains AppArmor capability mediation definitions.
  6. *
  7. * Copyright (C) 1998-2008 Novell/SUSE
  8. * Copyright 2009-2013 Canonical Ltd.
  9. */
  10. #ifndef __AA_CAPABILITY_H
  11. #define __AA_CAPABILITY_H
  12. #include <linux/sched.h>
  13. #include "apparmorfs.h"
  14. struct aa_label;
  15. /* aa_caps - confinement data for capabilities
  16. * @allowed: capabilities mask
  17. * @audit: caps that are to be audited
  18. * @denied: caps that are explicitly denied
  19. * @quiet: caps that should not be audited
  20. * @kill: caps that when requested will result in the task being killed
  21. * @extended: caps that are subject finer grained mediation
  22. */
  23. struct aa_caps {
  24. kernel_cap_t allow;
  25. kernel_cap_t audit;
  26. kernel_cap_t denied;
  27. kernel_cap_t quiet;
  28. kernel_cap_t kill;
  29. kernel_cap_t extended;
  30. };
  31. extern struct aa_sfs_entry aa_sfs_entry_caps[];
  32. kernel_cap_t aa_profile_capget(struct aa_profile *profile);
  33. int aa_capable(const struct cred *subj_cred, struct aa_label *label,
  34. int cap, unsigned int opts);
  35. static inline void aa_free_cap_rules(struct aa_caps *caps)
  36. {
  37. /* NOP */
  38. }
  39. #endif /* __AA_CAPBILITY_H */