aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/capability.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/capability.h')
-rw-r--r--include/linux/capability.h25
1 files changed, 23 insertions, 2 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 9d1fe30b6f6c..e22f48c2a46f 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -53,6 +53,7 @@ typedef struct __user_cap_data_struct {
53#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX 53#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
54 54
55#define VFS_CAP_REVISION_MASK 0xFF000000 55#define VFS_CAP_REVISION_MASK 0xFF000000
56#define VFS_CAP_REVISION_SHIFT 24
56#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK 57#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
57#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 58#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
58 59
@@ -68,6 +69,9 @@ typedef struct __user_cap_data_struct {
68#define VFS_CAP_U32 VFS_CAP_U32_2 69#define VFS_CAP_U32 VFS_CAP_U32_2
69#define VFS_CAP_REVISION VFS_CAP_REVISION_2 70#define VFS_CAP_REVISION VFS_CAP_REVISION_2
70 71
72#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
73extern int file_caps_enabled;
74#endif
71 75
72struct vfs_cap_data { 76struct vfs_cap_data {
73 __le32 magic_etc; /* Little endian */ 77 __le32 magic_etc; /* Little endian */
@@ -96,6 +100,13 @@ typedef struct kernel_cap_struct {
96 __u32 cap[_KERNEL_CAPABILITY_U32S]; 100 __u32 cap[_KERNEL_CAPABILITY_U32S];
97} kernel_cap_t; 101} kernel_cap_t;
98 102
103/* exact same as vfs_cap_data but in cpu endian and always filled completely */
104struct cpu_vfs_cap_data {
105 __u32 magic_etc;
106 kernel_cap_t permitted;
107 kernel_cap_t inheritable;
108};
109
99#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) 110#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
100#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) 111#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
101 112
@@ -454,6 +465,13 @@ static inline int cap_isclear(const kernel_cap_t a)
454 return 1; 465 return 1;
455} 466}
456 467
468/*
469 * Check if "a" is a subset of "set".
470 * return 1 if ALL of the capabilities in "a" are also in "set"
471 * cap_issubset(0101, 1111) will return 1
472 * return 0 if ANY of the capabilities in "a" are not in "set"
473 * cap_issubset(1111, 0101) will return 0
474 */
457static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) 475static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
458{ 476{
459 kernel_cap_t dest; 477 kernel_cap_t dest;
@@ -501,8 +519,6 @@ extern const kernel_cap_t __cap_empty_set;
501extern const kernel_cap_t __cap_full_set; 519extern const kernel_cap_t __cap_full_set;
502extern const kernel_cap_t __cap_init_eff_set; 520extern const kernel_cap_t __cap_init_eff_set;
503 521
504kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);
505
506/** 522/**
507 * has_capability - Determine if a task has a superior capability available 523 * has_capability - Determine if a task has a superior capability available
508 * @t: The task in question 524 * @t: The task in question
@@ -514,9 +530,14 @@ kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);
514 * Note that this does not set PF_SUPERPRIV on the task. 530 * Note that this does not set PF_SUPERPRIV on the task.
515 */ 531 */
516#define has_capability(t, cap) (security_capable((t), (cap)) == 0) 532#define has_capability(t, cap) (security_capable((t), (cap)) == 0)
533#define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0)
517 534
518extern int capable(int cap); 535extern int capable(int cap);
519 536
537/* audit system wants to get cap info from files as well */
538struct dentry;
539extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
540
520#endif /* __KERNEL__ */ 541#endif /* __KERNEL__ */
521 542
522#endif /* !_LINUX_CAPABILITY_H */ 543#endif /* !_LINUX_CAPABILITY_H */
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-07 08:05:01 -0500