Lines Matching full:cap
51 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); in audit_cb()
58 * @cap: capability tested
67 int cap, int error) in audit_caps() argument
81 !cap_raised(rules->caps.audit, cap))) in audit_caps()
85 cap_raised(rules->caps.kill, cap)) { in audit_caps()
87 } else if (cap_raised(rules->caps.quiet, cap) && in audit_caps()
97 if (ad->subj_cred == ent->ad_subj_cred && ktime_get_ns() <= ent->ktime_ns_expiration[cap]) { in audit_caps()
105 ent->ktime_ns_expiration[cap] = ktime_get_ns() + AUDIT_CACHE_TIMEOUT_NS; in audit_caps()
113 * profile_capable - test if profile allows use of capability @cap
115 * @cap: capability to test if allowed
121 static int profile_capable(struct aa_profile *profile, int cap, in profile_capable() argument
128 if (cap_raised(rules->caps.allow, cap) && in profile_capable()
129 !cap_raised(rules->caps.denied, cap)) in profile_capable()
137 /* audit the cap request in complain mode but note that it in profile_capable()
143 return audit_caps(ad, profile, cap, error); in profile_capable()
150 * @cap: capability to be tested
158 int cap, unsigned int opts) in aa_capable() argument
165 ad.common.u.cap = cap; in aa_capable()
167 profile_capable(profile, cap, opts, &ad)); in aa_capable()