1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * AppArmor security module |
4 | * |
5 | * This file contains AppArmor capability mediation definitions. |
6 | * |
7 | * Copyright (C) 1998-2008 Novell/SUSE |
8 | * Copyright 2009-2013 Canonical Ltd. |
9 | */ |
10 | |
11 | #ifndef __AA_CAPABILITY_H |
12 | #define __AA_CAPABILITY_H |
13 | |
14 | #include <linux/sched.h> |
15 | |
16 | #include "apparmorfs.h" |
17 | |
18 | struct aa_label; |
19 | |
20 | /* aa_caps - confinement data for capabilities |
21 | * @allowed: capabilities mask |
22 | * @audit: caps that are to be audited |
23 | * @denied: caps that are explicitly denied |
24 | * @quiet: caps that should not be audited |
25 | * @kill: caps that when requested will result in the task being killed |
26 | * @extended: caps that are subject finer grained mediation |
27 | */ |
28 | struct aa_caps { |
29 | kernel_cap_t allow; |
30 | kernel_cap_t audit; |
31 | kernel_cap_t denied; |
32 | kernel_cap_t quiet; |
33 | kernel_cap_t kill; |
34 | kernel_cap_t extended; |
35 | }; |
36 | |
37 | extern struct aa_sfs_entry aa_sfs_entry_caps[]; |
38 | |
39 | int aa_capable(const struct cred *subj_cred, struct aa_label *label, |
40 | int cap, unsigned int opts); |
41 | |
42 | static inline void aa_free_cap_rules(struct aa_caps *caps) |
43 | { |
44 | /* NOP */ |
45 | } |
46 | |
47 | #endif /* __AA_CAPBILITY_H */ |
48 | |