356
356
#define CAP_SYSLOG 34
358
#define CAP_LAST_CAP CAP_SYSLOG
358
/* Allow triggering something that will wake the system */
360
#define CAP_WAKE_ALARM 35
363
#define CAP_LAST_CAP CAP_WAKE_ALARM
360
365
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
369
374
#ifdef __KERNEL__
377
struct user_namespace;
379
struct user_namespace *current_user_ns(void);
381
extern const kernel_cap_t __cap_empty_set;
382
extern const kernel_cap_t __cap_full_set;
383
extern const kernel_cap_t __cap_init_eff_set;
372
386
* Internal kernel functions only
404
418
# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
405
419
# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
406
# define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
407
420
# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
408
421
| CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
409
422
CAP_FS_MASK_B1 } })
414
427
#endif /* _KERNEL_CAPABILITY_U32S != 2 */
416
#define CAP_INIT_INH_SET CAP_EMPTY_SET
418
429
# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
419
# define cap_set_full(c) do { (c) = __cap_full_set; } while (0)
420
# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0)
422
431
#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
423
432
#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
530
539
cap_intersect(permitted, __cap_nfsd_set));
533
extern const kernel_cap_t __cap_empty_set;
534
extern const kernel_cap_t __cap_full_set;
535
extern const kernel_cap_t __cap_init_eff_set;
538
* has_capability - Determine if a task has a superior capability available
539
* @t: The task in question
540
* @cap: The capability to be tested for
542
* Return true if the specified task has the given superior capability
543
* currently in effect, false if not.
545
* Note that this does not set PF_SUPERPRIV on the task.
547
#define has_capability(t, cap) (security_real_capable((t), (cap)) == 0)
550
* has_capability_noaudit - Determine if a task has a superior capability available (unaudited)
551
* @t: The task in question
552
* @cap: The capability to be tested for
554
* Return true if the specified task has the given superior capability
555
* currently in effect, false if not, but don't write an audit message for the
558
* Note that this does not set PF_SUPERPRIV on the task.
560
#define has_capability_noaudit(t, cap) \
561
(security_real_capable_noaudit((t), (cap)) == 0)
563
extern int capable(int cap);
542
extern bool has_capability(struct task_struct *t, int cap);
543
extern bool has_ns_capability(struct task_struct *t,
544
struct user_namespace *ns, int cap);
545
extern bool has_capability_noaudit(struct task_struct *t, int cap);
546
extern bool capable(int cap);
547
extern bool ns_capable(struct user_namespace *ns, int cap);
548
extern bool task_ns_capable(struct task_struct *t, int cap);
549
extern bool nsown_capable(int cap);
565
551
/* audit system wants to get cap info from files as well */
567
552
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
569
554
#endif /* __KERNEL__ */