1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor capability mediation definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #ifndef __AA_CAPABILITY_H 16 #define __AA_CAPABILITY_H 17 18 #include <linux/sched.h> 19 20 struct aa_profile; 21 22 /* aa_caps - confinement data for capabilities 23 * @allowed: capabilities mask 24 * @audit: caps that are to be audited 25 * @quiet: caps that should not be audited 26 * @kill: caps that when requested will result in the task being killed 27 * @extended: caps that are subject finer grained mediation 28 */ 29 struct aa_caps { 30 kernel_cap_t allow; 31 kernel_cap_t audit; 32 kernel_cap_t quiet; 33 kernel_cap_t kill; 34 kernel_cap_t extended; 35 }; 36 37 int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 38 int audit); 39 40 static inline void aa_free_cap_rules(struct aa_caps *caps) 41 { 42 /* NOP */ 43 } 44 45 #endif /* __AA_CAPBILITY_H */ 46