diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index b2c5333ed4b5..13537a49ae97 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -54,9 +54,12 @@ struct xattr; | |||
| 54 | struct xfrm_sec_ctx; | 54 | struct xfrm_sec_ctx; |
| 55 | struct mm_struct; | 55 | struct mm_struct; |
| 56 | 56 | ||
| 57 | /* Default (no) options for the capable function */ | ||
| 58 | #define CAP_OPT_NONE 0x0 | ||
| 57 | /* If capable should audit the security request */ | 59 | /* If capable should audit the security request */ |
| 58 | #define SECURITY_CAP_NOAUDIT 0 | 60 | #define CAP_OPT_NOAUDIT BIT(1) |
| 59 | #define SECURITY_CAP_AUDIT 1 | 61 | /* If capable is being called by a setid function */ |
| 62 | #define CAP_OPT_INSETID BIT(2) | ||
| 60 | 63 | ||
| 61 | /* LSM Agnostic defines for sb_set_mnt_opts */ | 64 | /* LSM Agnostic defines for sb_set_mnt_opts */ |
| 62 | #define SECURITY_LSM_NATIVE_LABELS 1 | 65 | #define SECURITY_LSM_NATIVE_LABELS 1 |
| @@ -72,7 +75,7 @@ enum lsm_event { | |||
| 72 | 75 | ||
| 73 | /* These functions are in security/commoncap.c */ | 76 | /* These functions are in security/commoncap.c */ |
| 74 | extern int cap_capable(const struct cred *cred, struct user_namespace *ns, | 77 | extern int cap_capable(const struct cred *cred, struct user_namespace *ns, |
| 75 | int cap, int audit); | 78 | int cap, unsigned int opts); |
| 76 | extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); | 79 | extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); |
| 77 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); | 80 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); |
| 78 | extern int cap_ptrace_traceme(struct task_struct *parent); | 81 | extern int cap_ptrace_traceme(struct task_struct *parent); |
| @@ -207,10 +210,10 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 207 | const kernel_cap_t *effective, | 210 | const kernel_cap_t *effective, |
| 208 | const kernel_cap_t *inheritable, | 211 | const kernel_cap_t *inheritable, |
| 209 | const kernel_cap_t *permitted); | 212 | const kernel_cap_t *permitted); |
| 210 | int security_capable(const struct cred *cred, struct user_namespace *ns, | 213 | int security_capable(const struct cred *cred, |
| 211 | int cap); | 214 | struct user_namespace *ns, |
| 212 | int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, | 215 | int cap, |
| 213 | int cap); | 216 | unsigned int opts); |
| 214 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 217 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| 215 | int security_quota_on(struct dentry *dentry); | 218 | int security_quota_on(struct dentry *dentry); |
| 216 | int security_syslog(int type); | 219 | int security_syslog(int type); |
| @@ -464,14 +467,11 @@ static inline int security_capset(struct cred *new, | |||
| 464 | } | 467 | } |
| 465 | 468 | ||
| 466 | static inline int security_capable(const struct cred *cred, | 469 | static inline int security_capable(const struct cred *cred, |
| 467 | struct user_namespace *ns, int cap) | 470 | struct user_namespace *ns, |
| 471 | int cap, | ||
| 472 | unsigned int opts) | ||
| 468 | { | 473 | { |
| 469 | return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT); | 474 | return cap_capable(cred, ns, cap, opts); |
| 470 | } | ||
| 471 | |||
| 472 | static inline int security_capable_noaudit(const struct cred *cred, | ||
| 473 | struct user_namespace *ns, int cap) { | ||
| 474 | return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); | ||
| 475 | } | 475 | } |
| 476 | 476 | ||
| 477 | static inline int security_quotactl(int cmds, int type, int id, | 477 | static inline int security_quotactl(int cmds, int type, int id, |