Add a new capable interface that will be used by systems that use audit to

kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);

extern int security_capable(struct task_struct *t, int cap);

extern int security_capable_noaudit(struct task_struct *t, int cap);

/**

 * has_capability - Determine if a task has a superior capability available

 * @t: The task in question

 * Note that this does not set PF_SUPERPRIV on the task.

 */

#define has_capability(t, cap) (security_capable((t), (cap)) == 0)

#define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0)

extern int capable(int cap);

/* Maximum number of letters for an LSM name string */

#define SECURITY_NAME_MAX	10

/* If capable should audit the security request */

#define SECURITY_CAP_NOAUDIT 0

#define SECURITY_CAP_AUDIT 1

struct ctl_table;

struct audit_krule;

 * These functions are in security/capability.c and are used

 * as the default capabilities functions

 */

extern int cap_capable(struct task_struct *tsk, int cap);

extern int cap_capable(struct task_struct *tsk, int cap, int audit);

extern int cap_settime(struct timespec *ts, struct timezone *tz);

extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);

extern int cap_ptrace_traceme(struct task_struct *parent);

			    kernel_cap_t *effective,

			    kernel_cap_t *inheritable,

			    kernel_cap_t *permitted);

	int (*capable) (struct task_struct *tsk, int cap);

	int (*capable) (struct task_struct *tsk, int cap, int audit);

	int (*acct) (struct file *file);

	int (*sysctl) (struct ctl_table *table, int op);

	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);

			 kernel_cap_t *inheritable,

			 kernel_cap_t *permitted);

int security_capable(struct task_struct *tsk, int cap);

int security_capable_noaudit(struct task_struct *tsk, int cap);

int security_acct(struct file *file);

int security_sysctl(struct ctl_table *table, int op);

int security_quotactl(int cmds, int type, int id, struct super_block *sb);

static inline int security_capable(struct task_struct *tsk, int cap)

{

	return cap_capable(tsk, cap);

	return cap_capable(tsk, cap, SECURITY_CAP_AUDIT);

}

static inline int security_capable_noaudit(struct task_struct *tsk, int cap)

{

	return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT);

}

static inline int security_acct(struct file *file)

 * returns 0 when a task has a capability, but the kernel's capable()

 * returns 1 for this case.

 */

int cap_capable (struct task_struct *tsk, int cap)

int cap_capable(struct task_struct *tsk, int cap, int audit)

{

	/* Derived from include/linux/sched.h:capable. */

	if (cap_raised(tsk->cap_effective, cap))

	 * to the old permitted set. That is, if the current task

	 * does *not* possess the CAP_SETPCAP capability.

	 */

	return (cap_capable(current, CAP_SETPCAP) != 0);

	return (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0);

}

static inline int cap_limit_ptraced_target(void) { return 1; }

		    || ((current->securebits & SECURE_ALL_LOCKS

			 & ~arg2))                                    /*[2]*/

		    || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/

		    || (cap_capable(current, CAP_SETPCAP) != 0)) {    /*[4]*/

		    || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0)) { /*[4]*/

			/*

			 * [1] no changing of bits that are locked

			 * [2] no unlocking of locks

{

	int cap_sys_admin = 0;

	if (cap_capable(current, CAP_SYS_ADMIN) == 0)

	if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0)

		cap_sys_admin = 1;

	return __vm_enough_memory(mm, pages, cap_sys_admin);

}

int security_capable(struct task_struct *tsk, int cap)

{

	return security_ops->capable(tsk, cap);

	return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT);

}

int security_capable_noaudit(struct task_struct *tsk, int cap)

{

	return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT);

}

int security_acct(struct file *file)

/* Check whether a task is allowed to use a capability. */

static int task_has_capability(struct task_struct *tsk,

			       int cap)

			       int cap, int audit)

{

	struct task_security_struct *tsec;

	struct avc_audit_data ad;

	struct av_decision avd;

	u16 sclass;

	u32 av = CAP_TO_MASK(cap);

	int rc;

	tsec = tsk->security;

		       "SELinux:  out of range capability %d\n", cap);

		BUG();

	}

	return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad);

	rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, sclass, av, 0, &avd);

	if (audit == SECURITY_CAP_AUDIT)

		avc_audit(tsec->sid, tsec->sid, sclass, av, &avd, rc, &ad);

	return rc;

}

/* Check whether a task is allowed to use a system operation. */

	secondary_ops->capset_set(target, effective, inheritable, permitted);

}

static int selinux_capable(struct task_struct *tsk, int cap)

static int selinux_capable(struct task_struct *tsk, int cap, int audit)

{

	int rc;

	rc = secondary_ops->capable(tsk, cap);

	rc = secondary_ops->capable(tsk, cap, audit);

	if (rc)

		return rc;

	return task_has_capability(tsk, cap);

	return task_has_capability(tsk, cap, audit);

}

static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)

	int rc, cap_sys_admin = 0;

	struct task_security_struct *tsec = current->security;

	rc = secondary_ops->capable(current, CAP_SYS_ADMIN);

	rc = secondary_ops->capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT);

	if (rc == 0)

		rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,

					  SECCLASS_CAPABILITY,

	 * and lack of permission just means that we fall back to the

	 * in-core context value, not a denial.

	 */

	error = secondary_ops->capable(current, CAP_MAC_ADMIN);

	error = secondary_ops->capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT);

	if (!error)

		error = avc_has_perm_noaudit(tsec->sid, tsec->sid,

					     SECCLASS_CAPABILITY2,