dd0c6e86f6
Mediation is based off of the cred but auditing includes the current task which may not be related to the actual request. Signed-off-by: John Johansen <john.johansen@canonical.com>
48 lines
1.1 KiB
C
48 lines
1.1 KiB
C
/*
|
|
* AppArmor security module
|
|
*
|
|
* This file contains AppArmor capability mediation definitions.
|
|
*
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
* Copyright 2009-2013 Canonical Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation, version 2 of the
|
|
* License.
|
|
*/
|
|
|
|
#ifndef __AA_CAPABILITY_H
|
|
#define __AA_CAPABILITY_H
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include "apparmorfs.h"
|
|
|
|
struct aa_profile;
|
|
|
|
/* aa_caps - confinement data for capabilities
|
|
* @allowed: capabilities mask
|
|
* @audit: caps that are to be audited
|
|
* @quiet: caps that should not be audited
|
|
* @kill: caps that when requested will result in the task being killed
|
|
* @extended: caps that are subject finer grained mediation
|
|
*/
|
|
struct aa_caps {
|
|
kernel_cap_t allow;
|
|
kernel_cap_t audit;
|
|
kernel_cap_t quiet;
|
|
kernel_cap_t kill;
|
|
kernel_cap_t extended;
|
|
};
|
|
|
|
extern struct aa_fs_entry aa_fs_entry_caps[];
|
|
|
|
int aa_capable(struct aa_profile *profile, int cap, int audit);
|
|
|
|
static inline void aa_free_cap_rules(struct aa_caps *caps)
|
|
{
|
|
/* NOP */
|
|
}
|
|
|
|
#endif /* __AA_CAPBILITY_H */
|