Changeset View
Changeset View
Standalone View
Standalone View
head/sys/kern/sys_capability.c
| Show First 20 Lines • Show All 144 Lines • ▼ Show 20 Lines | |||||
| FEATURE(security_capabilities, "Capsicum Capabilities"); | FEATURE(security_capabilities, "Capsicum Capabilities"); | ||||
| MALLOC_DECLARE(M_FILECAPS); | MALLOC_DECLARE(M_FILECAPS); | ||||
| static inline int | static inline int | ||||
| _cap_check(const cap_rights_t *havep, const cap_rights_t *needp, | _cap_check(const cap_rights_t *havep, const cap_rights_t *needp, | ||||
| enum ktr_cap_fail_type type) | enum ktr_cap_fail_type type) | ||||
| { | { | ||||
| int i; | |||||
| for (i = 0; i < nitems(havep->cr_rights); i++) { | |||||
| if (!cap_rights_contains(havep, needp)) { | if (!cap_rights_contains(havep, needp)) { | ||||
| #ifdef KTRACE | #ifdef KTRACE | ||||
| if (KTRPOINT(curthread, KTR_CAPFAIL)) | if (KTRPOINT(curthread, KTR_CAPFAIL)) | ||||
| ktrcapfail(type, needp, havep); | ktrcapfail(type, needp, havep); | ||||
| #endif | #endif | ||||
| return (ENOTCAPABLE); | return (ENOTCAPABLE); | ||||
| } | |||||
| } | } | ||||
| return (0); | return (0); | ||||
| } | } | ||||
| /* | /* | ||||
| * Test whether a capability grants the requested rights. | * Test whether a capability grants the requested rights. | ||||
| */ | */ | ||||
| int | int | ||||
| ▲ Show 20 Lines • Show All 462 Lines • Show Last 20 Lines | |||||