summaryrefslogtreecommitdiff
path: root/security/apparmor/capability.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/capability.c')
-rw-r--r--security/apparmor/capability.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 35979a832994..0b7d2b1086c9 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -140,6 +140,7 @@ static int profile_capable(struct aa_profile *profile, int cap,
/**
* aa_capable - test permission to use capability
+ * @subj_cread: cred we are testing capability against
* @label: label being tested for capability (NOT NULL)
* @cap: capability to be tested
* @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
@@ -148,12 +149,14 @@ static int profile_capable(struct aa_profile *profile, int cap,
*
* Returns: 0 on success, or else an error code.
*/
-int aa_capable(struct aa_label *label, int cap, unsigned int opts)
+int aa_capable(const struct cred *subj_cred, struct aa_label *label,
+ int cap, unsigned int opts)
{
struct aa_profile *profile;
int error = 0;
DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_CAP, AA_CLASS_CAP, OP_CAPABLE);
+ ad.subj_cred = subj_cred;
ad.common.u.cap = cap;
error = fn_for_each_confined(label, profile,
profile_capable(profile, cap, opts, &ad));
generated by cgit (git 2.34.1) at 2025-03-19 16:43:47 +0000