capabilities: reverse arguments to security_capable

security_capable takes ns, cred, cap. But the LSM capable() hook takes cred, ns, cap. The capability helper functions also take cred, ns, cap. Rather than flip argument order just to flip it back, leave them alone. Heck, this should be a little faster since argument will be in the right place! Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-01-03 12:25:15 -0500
committer: Eric Paris <eparis@redhat.com> 2012-01-05 18:52:53 -0500
commit: b7e724d303b684655e4ca3dabd5a6840ad19012d (patch)
tree: 5474d8d49d61ade4c5e306a0485a835587237bf4
parent: 6a9de49115d5ff9871d953af1a5c8249e1585731 (diff)
4 files changed, 6 insertions, 6 deletions
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 7bcf12adced7..a4457ab61342 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -431,7 +431,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
        u8 *data = (u8*) buf;
        /* Several chips lock up trying to read undefined config space */
-        if (security_capable(&init_user_ns, filp->f_cred, CAP_SYS_ADMIN) == 0) {
+        if (security_capable(filp->f_cred, &init_user_ns, CAP_SYS_ADMIN) == 0) {
                size = dev->cfg_size;
        } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
                size = 128;
diff --git a/include/linux/security.h b/include/linux/security.h
index 4921163b2752..ee969ff40a26 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1666,7 +1666,7 @@ int security_capset(struct cred *new, const struct cred *old,
                    const kernel_cap_t *effective,
                    const kernel_cap_t *inheritable,
                    const kernel_cap_t *permitted);
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
                        int cap);
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
                        int cap);
@@ -1863,8 +1863,8 @@ static inline int security_capset(struct cred *new,
        return cap_capset(new, old, effective, inheritable, permitted);
 }
-static inline int security_capable(struct user_namespace *ns,
+static inline int security_capable(const struct cred *cred,
-                                   const struct cred *cred, int cap)
+                                   struct user_namespace *ns, int cap)
 {
        return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 }
diff --git a/kernel/capability.c b/kernel/capability.c
index 283c529f8b1c..d98392719adb 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -374,7 +374,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
                BUG();
        }
-        if (security_capable(ns, current_cred(), cap) == 0) {
+        if (security_capable(current_cred(), ns, cap) == 0) {
                current->flags |= PF_SUPERPRIV;
                return true;
        }
diff --git a/security/security.c b/security/security.c
index 9ae68c64455e..b9e57f4fc44a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -154,7 +154,7 @@ int security_capset(struct cred *new, const struct cred *old,
                                    effective, inheritable, permitted);
 }
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
                     int cap)
 {
        return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
author	Eric Paris <eparis@redhat.com>	2012-01-03 12:25:15 -0500
committer	Eric Paris <eparis@redhat.com>	2012-01-05 18:52:53 -0500
commit	b7e724d303b684655e4ca3dabd5a6840ad19012d (patch)
tree	5474d8d49d61ade4c5e306a0485a835587237bf4
parent	6a9de49115d5ff9871d953af1a5c8249e1585731 (diff)

diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 7bcf12adced7..a4457ab61342 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c
@@ -431,7 +431,7 @@ pci_read_config(struct file filp, struct kobject kobj,
431	u8 data = (u8) buf;	431	u8 data = (u8) buf;
432		432
433	/* Several chips lock up trying to read undefined config space */	433	/* Several chips lock up trying to read undefined config space */
434	if (security_capable(&init_user_ns, filp->f_cred, CAP_SYS_ADMIN) == 0) {	434	if (security_capable(filp->f_cred, &init_user_ns, CAP_SYS_ADMIN) == 0) {
435	size = dev->cfg_size;	435	size = dev->cfg_size;
436	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {	436	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
437	size = 128;	437	size = 128;


diff --git a/include/linux/security.h b/include/linux/security.h index 4921163b2752..ee969ff40a26 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -1666,7 +1666,7 @@ int security_capset(struct cred new, const struct cred old,
1666	const kernel_cap_t *effective,	1666	const kernel_cap_t *effective,
1667	const kernel_cap_t *inheritable,	1667	const kernel_cap_t *inheritable,
1668	const kernel_cap_t *permitted);	1668	const kernel_cap_t *permitted);
1669	int security_capable(struct user_namespace ns, const struct cred cred,	1669	int security_capable(const struct cred cred, struct user_namespace ns,
1670	int cap);	1670	int cap);
1671	int security_real_capable(struct task_struct tsk, struct user_namespace ns,	1671	int security_real_capable(struct task_struct tsk, struct user_namespace ns,
1672	int cap);	1672	int cap);
@@ -1863,8 +1863,8 @@ static inline int security_capset(struct cred *new,
1863	return cap_capset(new, old, effective, inheritable, permitted);	1863	return cap_capset(new, old, effective, inheritable, permitted);
1864	}	1864	}
1865		1865
1866	static inline int security_capable(struct user_namespace *ns,	1866	static inline int security_capable(const struct cred *cred,
1867	const struct cred *cred, int cap)	1867	struct user_namespace *ns, int cap)
1868	{	1868	{
1869	return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);	1869	return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
1870	}	1870	}


diff --git a/kernel/capability.c b/kernel/capability.c index 283c529f8b1c..d98392719adb 100644 --- a/kernel/capability.c +++ b/kernel/capability.c
@@ -374,7 +374,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
374	BUG();	374	BUG();
375	}	375	}
376		376
377	if (security_capable(ns, current_cred(), cap) == 0) {	377	if (security_capable(current_cred(), ns, cap) == 0) {
378	current->flags \|= PF_SUPERPRIV;	378	current->flags \|= PF_SUPERPRIV;
379	return true;	379	return true;
380	}	380	}


diff --git a/security/security.c b/security/security.c index 9ae68c64455e..b9e57f4fc44a 100644 --- a/security/security.c +++ b/security/security.c
@@ -154,7 +154,7 @@ int security_capset(struct cred new, const struct cred old,
154	effective, inheritable, permitted);	154	effective, inheritable, permitted);
155	}	155	}
156		156
157	int security_capable(struct user_namespace ns, const struct cred cred,	157	int security_capable(const struct cred cred, struct user_namespace ns,
158	int cap)	158	int cap)
159	{	159	{
160	return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);	160	return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);