Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\capability.c Create Date:2022-07-28 19:50:29
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:profile_capable - test if profile allows use of capability @cap*@profile: profile being enforced (NOT NULL, NOT unconfined)*@cap: capability to test if allowed*@opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated*@sa: audit data (MAY BE

Proto:static int profile_capable(struct aa_profile *profile, int cap, unsigned int opts, struct common_audit_data *sa)

Type:int

Parameter:

TypeParameterName
struct aa_profile *profile
intcap
unsigned intopts
struct common_audit_data *sa
119  If cap_raised(allow, cap) && Not cap_raised(denied, cap) Then error = 0
122  Else error = -EPERM
125  If opts & If capable should audit the security request Then
126  If Not COMPLAIN_MODE(profile) Then Return error
131  info = "optional: no audit"
134  Return audit_caps - audit a capability*@sa: audit data*@profile: profile being tested for confinement (NOT NULL)*@cap: capability tested*@error: error code returned by test* Do auditing of capability and handle, audit/complain/kill modes switching
Caller
NameDescribe
aa_capableaa_capable - test permission to use capability*@label: label being tested for capability (NOT NULL)*@cap: capability to be tested*@opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated* Look up capability in profile capability set.