aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngo Molnar <mingo@elte.hu>2009-05-07 05:26:19 -0400
committerJames Morris <jmorris@namei.org>2009-06-24 10:18:05 -0400
commit9e48858f7d36a6a3849f1d1b40c3bf5624b4ee7c (patch)
tree5d8fe586c5b1bbab36acc3b76b2b4dd1bc538968
parent86abcf9cebf7b5ceb33facde297face5ec4d2260 (diff)
security: rename ptrace_may_access => ptrace_access_check
The ->ptrace_may_access() methods are named confusingly - the real ptrace_may_access() returns a bool, while these security checks have a retval convention. Rename it to ptrace_access_check, to reduce the confusion factor. [ Impact: cleanup, no code changed ] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--include/linux/security.h14
-rw-r--r--kernel/ptrace.c2
-rw-r--r--security/capability.c2
-rw-r--r--security/commoncap.c4
-rw-r--r--security/security.c4
-rw-r--r--security/selinux/hooks.c6
-rw-r--r--security/smack/smack_lsm.c8
7 files changed, 20 insertions, 20 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 5eff459b3833..145909165dbf 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -52,7 +52,7 @@ struct audit_krule;
52extern int cap_capable(struct task_struct *tsk, const struct cred *cred, 52extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
53 int cap, int audit); 53 int cap, int audit);
54extern int cap_settime(struct timespec *ts, struct timezone *tz); 54extern int cap_settime(struct timespec *ts, struct timezone *tz);
55extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); 55extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
56extern int cap_ptrace_traceme(struct task_struct *parent); 56extern int cap_ptrace_traceme(struct task_struct *parent);
57extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 57extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
58extern int cap_capset(struct cred *new, const struct cred *old, 58extern int cap_capset(struct cred *new, const struct cred *old,
@@ -1209,7 +1209,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1209 * @alter contains the flag indicating whether changes are to be made. 1209 * @alter contains the flag indicating whether changes are to be made.
1210 * Return 0 if permission is granted. 1210 * Return 0 if permission is granted.
1211 * 1211 *
1212 * @ptrace_may_access: 1212 * @ptrace_access_check:
1213 * Check permission before allowing the current process to trace the 1213 * Check permission before allowing the current process to trace the
1214 * @child process. 1214 * @child process.
1215 * Security modules may also want to perform a process tracing check 1215 * Security modules may also want to perform a process tracing check
@@ -1224,7 +1224,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1224 * Check that the @parent process has sufficient permission to trace the 1224 * Check that the @parent process has sufficient permission to trace the
1225 * current process before allowing the current process to present itself 1225 * current process before allowing the current process to present itself
1226 * to the @parent process for tracing. 1226 * to the @parent process for tracing.
1227 * The parent process will still have to undergo the ptrace_may_access 1227 * The parent process will still have to undergo the ptrace_access_check
1228 * checks before it is allowed to trace this one. 1228 * checks before it is allowed to trace this one.
1229 * @parent contains the task_struct structure for debugger process. 1229 * @parent contains the task_struct structure for debugger process.
1230 * Return 0 if permission is granted. 1230 * Return 0 if permission is granted.
@@ -1336,7 +1336,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1336struct security_operations { 1336struct security_operations {
1337 char name[SECURITY_NAME_MAX + 1]; 1337 char name[SECURITY_NAME_MAX + 1];
1338 1338
1339 int (*ptrace_may_access) (struct task_struct *child, unsigned int mode); 1339 int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
1340 int (*ptrace_traceme) (struct task_struct *parent); 1340 int (*ptrace_traceme) (struct task_struct *parent);
1341 int (*capget) (struct task_struct *target, 1341 int (*capget) (struct task_struct *target,
1342 kernel_cap_t *effective, 1342 kernel_cap_t *effective,
@@ -1617,7 +1617,7 @@ extern int security_module_enable(struct security_operations *ops);
1617extern int register_security(struct security_operations *ops); 1617extern int register_security(struct security_operations *ops);
1618 1618
1619/* Security operations */ 1619/* Security operations */
1620int security_ptrace_may_access(struct task_struct *child, unsigned int mode); 1620int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
1621int security_ptrace_traceme(struct task_struct *parent); 1621int security_ptrace_traceme(struct task_struct *parent);
1622int security_capget(struct task_struct *target, 1622int security_capget(struct task_struct *target,
1623 kernel_cap_t *effective, 1623 kernel_cap_t *effective,
@@ -1798,10 +1798,10 @@ static inline int security_init(void)
1798 return 0; 1798 return 0;
1799} 1799}
1800 1800
1801static inline int security_ptrace_may_access(struct task_struct *child, 1801static inline int security_ptrace_access_check(struct task_struct *child,
1802 unsigned int mode) 1802 unsigned int mode)
1803{ 1803{
1804 return cap_ptrace_may_access(child, mode); 1804 return cap_ptrace_access_check(child, mode);
1805} 1805}
1806 1806
1807static inline int security_ptrace_traceme(struct task_struct *parent) 1807static inline int security_ptrace_traceme(struct task_struct *parent)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 61c78b2c07ba..9a4184e04f29 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
152 if (!dumpable && !capable(CAP_SYS_PTRACE)) 152 if (!dumpable && !capable(CAP_SYS_PTRACE))
153 return -EPERM; 153 return -EPERM;
154 154
155 return security_ptrace_may_access(task, mode); 155 return security_ptrace_access_check(task, mode);
156} 156}
157 157
158bool ptrace_may_access(struct task_struct *task, unsigned int mode) 158bool ptrace_may_access(struct task_struct *task, unsigned int mode)
diff --git a/security/capability.c b/security/capability.c
index 21b6cead6a8e..f218dd361647 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -863,7 +863,7 @@ struct security_operations default_security_ops = {
863 863
864void security_fixup_ops(struct security_operations *ops) 864void security_fixup_ops(struct security_operations *ops)
865{ 865{
866 set_to_cap_if_null(ops, ptrace_may_access); 866 set_to_cap_if_null(ops, ptrace_access_check);
867 set_to_cap_if_null(ops, ptrace_traceme); 867 set_to_cap_if_null(ops, ptrace_traceme);
868 set_to_cap_if_null(ops, capget); 868 set_to_cap_if_null(ops, capget);
869 set_to_cap_if_null(ops, capset); 869 set_to_cap_if_null(ops, capset);
diff --git a/security/commoncap.c b/security/commoncap.c
index 48b7e0228fa3..aa97704564d4 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
101} 101}
102 102
103/** 103/**
104 * cap_ptrace_may_access - Determine whether the current process may access 104 * cap_ptrace_access_check - Determine whether the current process may access
105 * another 105 * another
106 * @child: The process to be accessed 106 * @child: The process to be accessed
107 * @mode: The mode of attachment. 107 * @mode: The mode of attachment.
@@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
109 * Determine whether a process may access another, returning 0 if permission 109 * Determine whether a process may access another, returning 0 if permission
110 * granted, -ve if denied. 110 * granted, -ve if denied.
111 */ 111 */
112int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) 112int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
113{ 113{
114 int ret = 0; 114 int ret = 0;
115 115
diff --git a/security/security.c b/security/security.c
index dc7674fbfc7a..4501c5e1f988 100644
--- a/security/security.c
+++ b/security/security.c
@@ -124,9 +124,9 @@ int register_security(struct security_operations *ops)
124 124
125/* Security operations */ 125/* Security operations */
126 126
127int security_ptrace_may_access(struct task_struct *child, unsigned int mode) 127int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
128{ 128{
129 return security_ops->ptrace_may_access(child, mode); 129 return security_ops->ptrace_access_check(child, mode);
130} 130}
131 131
132int security_ptrace_traceme(struct task_struct *parent) 132int security_ptrace_traceme(struct task_struct *parent)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d6f64783acd1..e3b4f3083dd7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1854,12 +1854,12 @@ static inline u32 open_file_to_av(struct file *file)
1854 1854
1855/* Hook functions begin here. */ 1855/* Hook functions begin here. */
1856 1856
1857static int selinux_ptrace_may_access(struct task_struct *child, 1857static int selinux_ptrace_access_check(struct task_struct *child,
1858 unsigned int mode) 1858 unsigned int mode)
1859{ 1859{
1860 int rc; 1860 int rc;
1861 1861
1862 rc = cap_ptrace_may_access(child, mode); 1862 rc = cap_ptrace_access_check(child, mode);
1863 if (rc) 1863 if (rc)
1864 return rc; 1864 return rc;
1865 1865
@@ -5315,7 +5315,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
5315static struct security_operations selinux_ops = { 5315static struct security_operations selinux_ops = {
5316 .name = "selinux", 5316 .name = "selinux",
5317 5317
5318 .ptrace_may_access = selinux_ptrace_may_access, 5318 .ptrace_access_check = selinux_ptrace_access_check,
5319 .ptrace_traceme = selinux_ptrace_traceme, 5319 .ptrace_traceme = selinux_ptrace_traceme,
5320 .capget = selinux_capget, 5320 .capget = selinux_capget,
5321 .capset = selinux_capset, 5321 .capset = selinux_capset,
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0023182078c7..1c9bdbcbe3d2 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
91 */ 91 */
92 92
93/** 93/**
94 * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH 94 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
95 * @ctp: child task pointer 95 * @ctp: child task pointer
96 * @mode: ptrace attachment mode 96 * @mode: ptrace attachment mode
97 * 97 *
@@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack)
99 * 99 *
100 * Do the capability checks, and require read and write. 100 * Do the capability checks, and require read and write.
101 */ 101 */
102static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) 102static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
103{ 103{
104 int rc; 104 int rc;
105 struct smk_audit_info ad; 105 struct smk_audit_info ad;
106 char *sp, *tsp; 106 char *sp, *tsp;
107 107
108 rc = cap_ptrace_may_access(ctp, mode); 108 rc = cap_ptrace_access_check(ctp, mode);
109 if (rc != 0) 109 if (rc != 0)
110 return rc; 110 return rc;
111 111
@@ -3032,7 +3032,7 @@ static void smack_release_secctx(char *secdata, u32 seclen)
3032struct security_operations smack_ops = { 3032struct security_operations smack_ops = {
3033 .name = "smack", 3033 .name = "smack",
3034 3034
3035 .ptrace_may_access = smack_ptrace_may_access, 3035 .ptrace_access_check = smack_ptrace_access_check,
3036 .ptrace_traceme = smack_ptrace_traceme, 3036 .ptrace_traceme = smack_ptrace_traceme,
3037 .syslog = smack_syslog, 3037 .syslog = smack_syslog,
3038 3038