diff options
author | Ingo Molnar <mingo@elte.hu> | 2009-05-07 05:26:19 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-06-24 10:18:05 -0400 |
commit | 9e48858f7d36a6a3849f1d1b40c3bf5624b4ee7c (patch) | |
tree | 5d8fe586c5b1bbab36acc3b76b2b4dd1bc538968 | |
parent | 86abcf9cebf7b5ceb33facde297face5ec4d2260 (diff) |
security: rename ptrace_may_access => ptrace_access_check
The ->ptrace_may_access() methods are named confusingly - the real
ptrace_may_access() returns a bool, while these security checks have
a retval convention.
Rename it to ptrace_access_check, to reduce the confusion factor.
[ Impact: cleanup, no code changed ]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | include/linux/security.h | 14 | ||||
-rw-r--r-- | kernel/ptrace.c | 2 | ||||
-rw-r--r-- | security/capability.c | 2 | ||||
-rw-r--r-- | security/commoncap.c | 4 | ||||
-rw-r--r-- | security/security.c | 4 | ||||
-rw-r--r-- | security/selinux/hooks.c | 6 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 8 |
7 files changed, 20 insertions, 20 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 5eff459b3833..145909165dbf 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -52,7 +52,7 @@ struct audit_krule; | |||
52 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, | 52 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, |
53 | int cap, int audit); | 53 | int cap, int audit); |
54 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 54 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
55 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 55 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); |
56 | extern int cap_ptrace_traceme(struct task_struct *parent); | 56 | extern int cap_ptrace_traceme(struct task_struct *parent); |
57 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 57 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
58 | extern int cap_capset(struct cred *new, const struct cred *old, | 58 | extern int cap_capset(struct cred *new, const struct cred *old, |
@@ -1209,7 +1209,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1209 | * @alter contains the flag indicating whether changes are to be made. | 1209 | * @alter contains the flag indicating whether changes are to be made. |
1210 | * Return 0 if permission is granted. | 1210 | * Return 0 if permission is granted. |
1211 | * | 1211 | * |
1212 | * @ptrace_may_access: | 1212 | * @ptrace_access_check: |
1213 | * Check permission before allowing the current process to trace the | 1213 | * Check permission before allowing the current process to trace the |
1214 | * @child process. | 1214 | * @child process. |
1215 | * Security modules may also want to perform a process tracing check | 1215 | * Security modules may also want to perform a process tracing check |
@@ -1224,7 +1224,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1224 | * Check that the @parent process has sufficient permission to trace the | 1224 | * Check that the @parent process has sufficient permission to trace the |
1225 | * current process before allowing the current process to present itself | 1225 | * current process before allowing the current process to present itself |
1226 | * to the @parent process for tracing. | 1226 | * to the @parent process for tracing. |
1227 | * The parent process will still have to undergo the ptrace_may_access | 1227 | * The parent process will still have to undergo the ptrace_access_check |
1228 | * checks before it is allowed to trace this one. | 1228 | * checks before it is allowed to trace this one. |
1229 | * @parent contains the task_struct structure for debugger process. | 1229 | * @parent contains the task_struct structure for debugger process. |
1230 | * Return 0 if permission is granted. | 1230 | * Return 0 if permission is granted. |
@@ -1336,7 +1336,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1336 | struct security_operations { | 1336 | struct security_operations { |
1337 | char name[SECURITY_NAME_MAX + 1]; | 1337 | char name[SECURITY_NAME_MAX + 1]; |
1338 | 1338 | ||
1339 | int (*ptrace_may_access) (struct task_struct *child, unsigned int mode); | 1339 | int (*ptrace_access_check) (struct task_struct *child, unsigned int mode); |
1340 | int (*ptrace_traceme) (struct task_struct *parent); | 1340 | int (*ptrace_traceme) (struct task_struct *parent); |
1341 | int (*capget) (struct task_struct *target, | 1341 | int (*capget) (struct task_struct *target, |
1342 | kernel_cap_t *effective, | 1342 | kernel_cap_t *effective, |
@@ -1617,7 +1617,7 @@ extern int security_module_enable(struct security_operations *ops); | |||
1617 | extern int register_security(struct security_operations *ops); | 1617 | extern int register_security(struct security_operations *ops); |
1618 | 1618 | ||
1619 | /* Security operations */ | 1619 | /* Security operations */ |
1620 | int security_ptrace_may_access(struct task_struct *child, unsigned int mode); | 1620 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode); |
1621 | int security_ptrace_traceme(struct task_struct *parent); | 1621 | int security_ptrace_traceme(struct task_struct *parent); |
1622 | int security_capget(struct task_struct *target, | 1622 | int security_capget(struct task_struct *target, |
1623 | kernel_cap_t *effective, | 1623 | kernel_cap_t *effective, |
@@ -1798,10 +1798,10 @@ static inline int security_init(void) | |||
1798 | return 0; | 1798 | return 0; |
1799 | } | 1799 | } |
1800 | 1800 | ||
1801 | static inline int security_ptrace_may_access(struct task_struct *child, | 1801 | static inline int security_ptrace_access_check(struct task_struct *child, |
1802 | unsigned int mode) | 1802 | unsigned int mode) |
1803 | { | 1803 | { |
1804 | return cap_ptrace_may_access(child, mode); | 1804 | return cap_ptrace_access_check(child, mode); |
1805 | } | 1805 | } |
1806 | 1806 | ||
1807 | static inline int security_ptrace_traceme(struct task_struct *parent) | 1807 | static inline int security_ptrace_traceme(struct task_struct *parent) |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 61c78b2c07ba..9a4184e04f29 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
@@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) | |||
152 | if (!dumpable && !capable(CAP_SYS_PTRACE)) | 152 | if (!dumpable && !capable(CAP_SYS_PTRACE)) |
153 | return -EPERM; | 153 | return -EPERM; |
154 | 154 | ||
155 | return security_ptrace_may_access(task, mode); | 155 | return security_ptrace_access_check(task, mode); |
156 | } | 156 | } |
157 | 157 | ||
158 | bool ptrace_may_access(struct task_struct *task, unsigned int mode) | 158 | bool ptrace_may_access(struct task_struct *task, unsigned int mode) |
diff --git a/security/capability.c b/security/capability.c index 21b6cead6a8e..f218dd361647 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -863,7 +863,7 @@ struct security_operations default_security_ops = { | |||
863 | 863 | ||
864 | void security_fixup_ops(struct security_operations *ops) | 864 | void security_fixup_ops(struct security_operations *ops) |
865 | { | 865 | { |
866 | set_to_cap_if_null(ops, ptrace_may_access); | 866 | set_to_cap_if_null(ops, ptrace_access_check); |
867 | set_to_cap_if_null(ops, ptrace_traceme); | 867 | set_to_cap_if_null(ops, ptrace_traceme); |
868 | set_to_cap_if_null(ops, capget); | 868 | set_to_cap_if_null(ops, capget); |
869 | set_to_cap_if_null(ops, capset); | 869 | set_to_cap_if_null(ops, capset); |
diff --git a/security/commoncap.c b/security/commoncap.c index 48b7e0228fa3..aa97704564d4 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
101 | } | 101 | } |
102 | 102 | ||
103 | /** | 103 | /** |
104 | * cap_ptrace_may_access - Determine whether the current process may access | 104 | * cap_ptrace_access_check - Determine whether the current process may access |
105 | * another | 105 | * another |
106 | * @child: The process to be accessed | 106 | * @child: The process to be accessed |
107 | * @mode: The mode of attachment. | 107 | * @mode: The mode of attachment. |
@@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
109 | * Determine whether a process may access another, returning 0 if permission | 109 | * Determine whether a process may access another, returning 0 if permission |
110 | * granted, -ve if denied. | 110 | * granted, -ve if denied. |
111 | */ | 111 | */ |
112 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) | 112 | int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) |
113 | { | 113 | { |
114 | int ret = 0; | 114 | int ret = 0; |
115 | 115 | ||
diff --git a/security/security.c b/security/security.c index dc7674fbfc7a..4501c5e1f988 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -124,9 +124,9 @@ int register_security(struct security_operations *ops) | |||
124 | 124 | ||
125 | /* Security operations */ | 125 | /* Security operations */ |
126 | 126 | ||
127 | int security_ptrace_may_access(struct task_struct *child, unsigned int mode) | 127 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode) |
128 | { | 128 | { |
129 | return security_ops->ptrace_may_access(child, mode); | 129 | return security_ops->ptrace_access_check(child, mode); |
130 | } | 130 | } |
131 | 131 | ||
132 | int security_ptrace_traceme(struct task_struct *parent) | 132 | int security_ptrace_traceme(struct task_struct *parent) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d6f64783acd1..e3b4f3083dd7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1854,12 +1854,12 @@ static inline u32 open_file_to_av(struct file *file) | |||
1854 | 1854 | ||
1855 | /* Hook functions begin here. */ | 1855 | /* Hook functions begin here. */ |
1856 | 1856 | ||
1857 | static int selinux_ptrace_may_access(struct task_struct *child, | 1857 | static int selinux_ptrace_access_check(struct task_struct *child, |
1858 | unsigned int mode) | 1858 | unsigned int mode) |
1859 | { | 1859 | { |
1860 | int rc; | 1860 | int rc; |
1861 | 1861 | ||
1862 | rc = cap_ptrace_may_access(child, mode); | 1862 | rc = cap_ptrace_access_check(child, mode); |
1863 | if (rc) | 1863 | if (rc) |
1864 | return rc; | 1864 | return rc; |
1865 | 1865 | ||
@@ -5315,7 +5315,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) | |||
5315 | static struct security_operations selinux_ops = { | 5315 | static struct security_operations selinux_ops = { |
5316 | .name = "selinux", | 5316 | .name = "selinux", |
5317 | 5317 | ||
5318 | .ptrace_may_access = selinux_ptrace_may_access, | 5318 | .ptrace_access_check = selinux_ptrace_access_check, |
5319 | .ptrace_traceme = selinux_ptrace_traceme, | 5319 | .ptrace_traceme = selinux_ptrace_traceme, |
5320 | .capget = selinux_capget, | 5320 | .capget = selinux_capget, |
5321 | .capset = selinux_capset, | 5321 | .capset = selinux_capset, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0023182078c7..1c9bdbcbe3d2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack) | |||
91 | */ | 91 | */ |
92 | 92 | ||
93 | /** | 93 | /** |
94 | * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH | 94 | * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH |
95 | * @ctp: child task pointer | 95 | * @ctp: child task pointer |
96 | * @mode: ptrace attachment mode | 96 | * @mode: ptrace attachment mode |
97 | * | 97 | * |
@@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack) | |||
99 | * | 99 | * |
100 | * Do the capability checks, and require read and write. | 100 | * Do the capability checks, and require read and write. |
101 | */ | 101 | */ |
102 | static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) | 102 | static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) |
103 | { | 103 | { |
104 | int rc; | 104 | int rc; |
105 | struct smk_audit_info ad; | 105 | struct smk_audit_info ad; |
106 | char *sp, *tsp; | 106 | char *sp, *tsp; |
107 | 107 | ||
108 | rc = cap_ptrace_may_access(ctp, mode); | 108 | rc = cap_ptrace_access_check(ctp, mode); |
109 | if (rc != 0) | 109 | if (rc != 0) |
110 | return rc; | 110 | return rc; |
111 | 111 | ||
@@ -3032,7 +3032,7 @@ static void smack_release_secctx(char *secdata, u32 seclen) | |||
3032 | struct security_operations smack_ops = { | 3032 | struct security_operations smack_ops = { |
3033 | .name = "smack", | 3033 | .name = "smack", |
3034 | 3034 | ||
3035 | .ptrace_may_access = smack_ptrace_may_access, | 3035 | .ptrace_access_check = smack_ptrace_access_check, |
3036 | .ptrace_traceme = smack_ptrace_traceme, | 3036 | .ptrace_traceme = smack_ptrace_traceme, |
3037 | .syslog = smack_syslog, | 3037 | .syslog = smack_syslog, |
3038 | 3038 | ||