1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
/* SPDX-License-Identifier: GPL-2.0 */
#undef TRACE_SYSTEM
#define TRACE_SYSTEM capability
#if !defined(_TRACE_CAPABILITY_H) || defined(TRACE_HEADER_MULTI_READ)
#define _TRACE_CAPABILITY_H
#include <linux/cred.h>
#include <linux/tracepoint.h>
#include <linux/user_namespace.h>
/**
* cap_capable - called after it's determined if a task has a particular
* effective capability
*
* @cred: The credentials used
* @target_ns: The user namespace of the resource being accessed
* @capable_ns: The user namespace in which the credential provides the
* capability to access the targeted resource.
* This will be NULL if ret is not 0.
* @cap: The capability to check for
* @ret: The return value of the check: 0 if it does, -ve if it does not
*
* Allows to trace calls to cap_capable in commoncap.c
*/
TRACE_EVENT(cap_capable,
TP_PROTO(const struct cred *cred, struct user_namespace *target_ns,
const struct user_namespace *capable_ns, int cap, int ret),
TP_ARGS(cred, target_ns, capable_ns, cap, ret),
TP_STRUCT__entry(
__field(const struct cred *, cred)
__field(struct user_namespace *, target_ns)
__field(const struct user_namespace *, capable_ns)
__field(int, cap)
__field(int, ret)
),
TP_fast_assign(
__entry->cred = cred;
__entry->target_ns = target_ns;
__entry->capable_ns = ret == 0 ? capable_ns : NULL;
__entry->cap = cap;
__entry->ret = ret;
),
TP_printk("cred %p, target_ns %p, capable_ns %p, cap %d, ret %d",
__entry->cred, __entry->target_ns, __entry->capable_ns, __entry->cap,
__entry->ret)
);
#endif /* _TRACE_CAPABILITY_H */
/* This part must be outside protection */
#include <trace/define_trace.h>
|
