Lines Matching +full:common +full:- +full:rules
1 // SPDX-License-Identifier: GPL-2.0-only
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
42 * audit_cb - call back for capability components of audit struct
51 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb()
55 * audit_caps - audit a capability
64 * Returns: 0 or ad->error on success, error code on failure
71 struct aa_ruleset *rules = list_first_entry(&profile->rules, in audit_caps() local
72 typeof(*rules), list); in audit_caps()
76 ad->error = error; in audit_caps()
81 !cap_raised(rules->caps.audit, cap))) in audit_caps()
85 cap_raised(rules->caps.kill, cap)) { in audit_caps()
87 } else if (cap_raised(rules->caps.quiet, cap) && in audit_caps()
97 if (ad->subj_cred == ent->ad_subj_cred && ktime_get_ns() <= ent->ktime_ns_expiration[cap]) { in audit_caps()
103 put_cred(ent->ad_subj_cred); in audit_caps()
104 ent->ad_subj_cred = get_cred(ad->subj_cred); in audit_caps()
105 ent->ktime_ns_expiration[cap] = ktime_get_ns() + AUDIT_CACHE_TIMEOUT_NS; in audit_caps()
113 * profile_capable - test if profile allows use of capability @cap
119 * Returns: 0 if allowed else -EPERM
124 struct aa_ruleset *rules = list_first_entry(&profile->rules, in profile_capable() local
125 typeof(*rules), list); in profile_capable()
128 if (cap_raised(rules->caps.allow, cap) && in profile_capable()
129 !cap_raised(rules->caps.denied, cap)) in profile_capable()
132 error = -EPERM; in profile_capable()
140 ad->info = "optional: no audit"; in profile_capable()
147 * aa_capable - test permission to use capability
165 ad.common.u.cap = cap; in aa_capable()