blob: 8e9cb9a85be64b7d525df27cd3ad5c74c74bd462 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
/*
*
* (C) COPYRIGHT ARM Limited. All rights reserved.
*
* This program is free software and is provided to you under the terms of the
* GNU General Public License version 2 as published by the Free Software
* Foundation, and any use by you of this program is subject to the terms
* of such GNU licence.
*
* A copy of the licence is included with the program, and can also be obtained
* from Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*
*/
/**
* @file mali_kbase_security.h
* Base kernel security capability APIs
*/
#ifndef _KBASE_SECURITY_H_
#define _KBASE_SECURITY_H_
/* Security flags */
#define KBASE_SEC_FLAG_NOAUDIT (0u << 0) /* Silently handle privilege failure */
#define KBASE_SEC_FLAG_AUDIT (1u << 0) /* Write audit message on privilege failure */
#define KBASE_SEC_FLAG_MASK (KBASE_SEC_FLAG_AUDIT) /* Mask of all valid flag bits */
/* List of unique capabilities that have security access privileges */
typedef enum {
/* Instrumentation Counters access privilege */
KBASE_SEC_INSTR_HW_COUNTERS_COLLECT = 1,
KBASE_SEC_MODIFY_PRIORITY
/* Add additional access privileges here */
} kbase_security_capability;
/**
* kbase_security_has_capability - determine whether a task has a particular effective capability
* @param[in] kctx The task context.
* @param[in] cap The capability to check for.
* @param[in] flags Additional configuration information
* Such as whether to write an audit message or not.
* @return MALI_TRUE if success (capability is allowed), MALI_FALSE otherwise.
*/
mali_bool kbase_security_has_capability(struct kbase_context *kctx, kbase_security_capability cap, u32 flags);
#endif /* _KBASE_SECURITY_H_ */
|