1 // SPDX-License-Identifier: GPL-2.0-only
7  * Copyright (C) 1998-2008 Novell/SUSE
8  * Copyright 2009-2010 Canonical Ltd.
40  * audit_cb - call back for capability components of audit struct
49 	audit_log_untrustedstring(ab, capability_names[sa->u.cap]);  in audit_cb()
53  * audit_caps - audit a capability
57  * @error: error code returned by test
62  * Returns: 0 or ad->error on success,  error code on failure
67 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in audit_caps()  local
68 						    typeof(*rules), list);  in audit_caps()
72 	ad->error = error;  in audit_caps()
75 		/* test if auditing is being forced */  in audit_caps()
77 			   !cap_raised(rules->caps.audit, cap)))  in audit_caps()
81 		   cap_raised(rules->caps.kill, cap)) {  in audit_caps()
83 	} else if (cap_raised(rules->caps.quiet, cap) &&  in audit_caps()
92 	if (profile == ent->profile && cap_raised(ent->caps, cap)) {  in audit_caps()
98 		aa_put_profile(ent->profile);  in audit_caps()
99 		ent->profile = aa_get_profile(profile);  in audit_caps()
100 		cap_raise(ent->caps, cap);  in audit_caps()
108  * profile_capable - test if profile allows use of capability @cap
110  * @cap: capability to test if allowed
114  * Returns: 0 if allowed else -EPERM
119 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in profile_capable()  local
120 						    typeof(*rules), list);  in profile_capable()
123 	if (cap_raised(rules->caps.allow, cap) &&  in profile_capable()
124 	    !cap_raised(rules->caps.denied, cap))  in profile_capable()
127 		error = -EPERM;  in profile_capable()
135 		ad->info = "optional: no audit";  in profile_capable()
142  * aa_capable - test permission to use capability