1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor capability mediation definitions.
6
 *
7
 * Copyright (C) 1998-2008 Novell/SUSE
8
 * Copyright 2009-2013 Canonical Ltd.
9
 */
10

11
#ifndef __AA_CAPABILITY_H
12
#define __AA_CAPABILITY_H
13

14
#include <linux/sched.h>
15

16
#include "apparmorfs.h"
17

18
struct aa_label;
19

20
/* aa_caps - confinement data for capabilities
21
 * @allowed: capabilities mask
22
 * @audit: caps that are to be audited
23
 * @denied: caps that are explicitly denied
24
 * @quiet: caps that should not be audited
25
 * @kill: caps that when requested will result in the task being killed
26
 * @extended: caps that are subject finer grained mediation
27
 */
28
struct aa_caps {
29
	kernel_cap_t allow;
30
	kernel_cap_t audit;
31
	kernel_cap_t denied;
32
	kernel_cap_t quiet;
33
	kernel_cap_t kill;
34
	kernel_cap_t extended;
35
};
36

37
extern struct aa_sfs_entry aa_sfs_entry_caps[];
38

39
kernel_cap_t aa_profile_capget(struct aa_profile *profile);
40
int aa_capable(const struct cred *subj_cred, struct aa_label *label,
41
	       int cap, unsigned int opts);
42

43
static inline void aa_free_cap_rules(struct aa_caps *caps)
44
{
45
	/* NOP */
46
}
47

48
#endif /* __AA_CAPBILITY_H */
49

50