xref: /kernel/linux/linux-5.10/security/commoncap.c

167  * Determine whether the nominated task is permitted to trace the current
194  * @permitted: The place to record the permitted set
200 	       kernel_cap_t *inheritable, kernel_cap_t *permitted)
209 	*permitted   = cred->cap_permitted;
216  * permitted set.  Returns 1 if they are limited, 0 if they are not.
235  * @permitted: A pointer to the proposed new permitted capabilities set
245 	       const kernel_cap_t *permitted)
261 	if (!cap_issubset(*permitted, old->cap_permitted))
265 	if (!cap_issubset(*effective, *permitted))
270 	new->cap_permitted   = *permitted;
273 	 * Mask off ambient bits that are no longer both permitted and
277 					 cap_intersect(*permitted,
565 		__u32 permitted = caps->permitted.cap[i];
573 			(new->cap_bset.cap[i] & permitted) |
576 		if (permitted & ~new->cap_permitted.cap[i])
584 	 * missing some "forced" (aka file-permitted) capabilities.
654 		cpu_caps->permitted.cap[i] = le32_to_cpu(caps->data[i].permitted);
658 	cpu_caps->permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
813 	       __cap_gained(permitted, new, old)) ||
851 	if (__cap_gained(permitted, new, old))
861 	if ((is_setid || __cap_gained(permitted, new, old)) &&
914 	      __cap_grew(permitted, ambient, new))))
992  * cap_emulate_setxuid() fixes the effective / permitted capabilities of
996  *  {r,e,s}uid != 0, the permitted and effective capabilities are
1003  *  capabilities are set to the permitted capabilities.
1012  * calls setuid() and switches away from uid==0. Both permitted and
1121  * cap_task_setscheduler - Detemine if scheduler policy change is permitted
1124  * Detemine if the requested scheduler policy change is permitted for the
1133  * cap_task_ioprio - Detemine if I/O priority change is permitted
1137  * Detemine if the requested I/O priority change is permitted for the specified
1146  * cap_task_ioprio - Detemine if task priority change is permitted
1150  * Detemine if the requested task priority change is permitted for the
1316  * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted
1321  * task is permitted, returning 1 if permission is granted, 0 if not.

Indexes created Thu Nov 07 10:32:03 CST 2024