diff options
| author | Kacper <kacper@mail.openlinux.dev> | 2025-12-25 19:24:38 +0100 |
|---|---|---|
| committer | Kacper <kacper@mail.openlinux.dev> | 2025-12-25 20:35:03 +0100 |
| commit | a984eb367c032dbe2577f01238c3d1268526be70 (patch) | |
| tree | 437fef40379b2758b129ccea39df3570fa2d145e /include/arch/x86_64/linux/securebits.h | |
| parent | 8834571b202cf4dc9c649cfb096c213b6ecf1566 (diff) | |
Clang-tidy fixes
Diffstat (limited to 'include/arch/x86_64/linux/securebits.h')
| -rw-r--r-- | include/arch/x86_64/linux/securebits.h | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/include/arch/x86_64/linux/securebits.h b/include/arch/x86_64/linux/securebits.h index 6606366a..8cfaf799 100644 --- a/include/arch/x86_64/linux/securebits.h +++ b/include/arch/x86_64/linux/securebits.h @@ -29,9 +29,8 @@ #define SECURE_NO_SETUID_FIXUP 2 #define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */ -#define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP)) -#define SECBIT_NO_SETUID_FIXUP_LOCKED \ - (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)) +#define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP)) +#define SECBIT_NO_SETUID_FIXUP_LOCKED (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)) /* When set, a process can retain its capabilities even after transitioning to a non-root user (the set-uid fixup suppressed by @@ -48,38 +47,29 @@ #define SECURE_NO_CAP_AMBIENT_RAISE 6 #define SECURE_NO_CAP_AMBIENT_RAISE_LOCKED 7 /* make bit-6 immutable */ -#define SECBIT_NO_CAP_AMBIENT_RAISE (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE)) -#define SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED \ - (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED)) +#define SECBIT_NO_CAP_AMBIENT_RAISE (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE)) +#define SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED)) /* See Documentation/userspace-api/check_exec.rst */ #define SECURE_EXEC_RESTRICT_FILE 8 #define SECURE_EXEC_RESTRICT_FILE_LOCKED 9 /* make bit-8 immutable */ -#define SECBIT_EXEC_RESTRICT_FILE (issecure_mask(SECURE_EXEC_RESTRICT_FILE)) -#define SECBIT_EXEC_RESTRICT_FILE_LOCKED \ - (issecure_mask(SECURE_EXEC_RESTRICT_FILE_LOCKED)) +#define SECBIT_EXEC_RESTRICT_FILE (issecure_mask(SECURE_EXEC_RESTRICT_FILE)) +#define SECBIT_EXEC_RESTRICT_FILE_LOCKED (issecure_mask(SECURE_EXEC_RESTRICT_FILE_LOCKED)) /* See Documentation/userspace-api/check_exec.rst */ #define SECURE_EXEC_DENY_INTERACTIVE 10 #define SECURE_EXEC_DENY_INTERACTIVE_LOCKED 11 /* make bit-10 immutable */ -#define SECBIT_EXEC_DENY_INTERACTIVE \ - (issecure_mask(SECURE_EXEC_DENY_INTERACTIVE)) -#define SECBIT_EXEC_DENY_INTERACTIVE_LOCKED \ - (issecure_mask(SECURE_EXEC_DENY_INTERACTIVE_LOCKED)) - -#define SECURE_ALL_BITS \ - (issecure_mask(SECURE_NOROOT) | \ - issecure_mask(SECURE_NO_SETUID_FIXUP) | \ - issecure_mask(SECURE_KEEP_CAPS) | \ - issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE) | \ - issecure_mask(SECURE_EXEC_RESTRICT_FILE) | \ +#define SECBIT_EXEC_DENY_INTERACTIVE (issecure_mask(SECURE_EXEC_DENY_INTERACTIVE)) +#define SECBIT_EXEC_DENY_INTERACTIVE_LOCKED (issecure_mask(SECURE_EXEC_DENY_INTERACTIVE_LOCKED)) + +#define SECURE_ALL_BITS \ + (issecure_mask(SECURE_NOROOT) | issecure_mask(SECURE_NO_SETUID_FIXUP) | issecure_mask(SECURE_KEEP_CAPS) | \ + issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE) | issecure_mask(SECURE_EXEC_RESTRICT_FILE) | \ issecure_mask(SECURE_EXEC_DENY_INTERACTIVE)) #define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1) -#define SECURE_ALL_UNPRIVILEGED \ - (issecure_mask(SECURE_EXEC_RESTRICT_FILE) | \ - issecure_mask(SECURE_EXEC_DENY_INTERACTIVE)) +#define SECURE_ALL_UNPRIVILEGED (issecure_mask(SECURE_EXEC_RESTRICT_FILE) | issecure_mask(SECURE_EXEC_DENY_INTERACTIVE)) #endif /* _LINUX_SECUREBITS_H */ |