diff options
| author | Eric Paris <eparis@redhat.com> | 2012-01-03 12:25:15 -0500 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2012-01-05 18:52:55 -0500 |
| commit | 2920a8409de5a51575d03deca07e5bb2be6fc98d (patch) | |
| tree | 1f16eba518068e7096b6ff200c09d3d31e285586 | |
| parent | c7eba4a97563fd8b431787f7ad623444f2da80c6 (diff) | |
capabilities: remove all _real_ interfaces
The name security_real_capable and security_real_capable_noaudit just don't
make much sense to me. Convert them to use security_capable and
security_capable_noaudit.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
| -rw-r--r-- | include/linux/security.h | 25 | ||||
| -rw-r--r-- | kernel/capability.c | 18 | ||||
| -rw-r--r-- | security/security.c | 24 |
3 files changed, 15 insertions, 52 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index caff54eee686..e345a9313a60 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -1670,10 +1670,6 @@ int security_capable(const struct cred *cred, struct user_namespace *ns, | |||
| 1670 | int cap); | 1670 | int cap); |
| 1671 | int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, | 1671 | int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, |
| 1672 | int cap); | 1672 | int cap); |
| 1673 | int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, | ||
| 1674 | int cap); | ||
| 1675 | int security_real_capable_noaudit(struct task_struct *tsk, | ||
| 1676 | struct user_namespace *ns, int cap); | ||
| 1677 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1673 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| 1678 | int security_quota_on(struct dentry *dentry); | 1674 | int security_quota_on(struct dentry *dentry); |
| 1679 | int security_syslog(int type); | 1675 | int security_syslog(int type); |
| @@ -1876,27 +1872,6 @@ static inline int security_capable_noaudit(const struct cred *cred, | |||
| 1876 | return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); | 1872 | return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); |
| 1877 | } | 1873 | } |
| 1878 | 1874 | ||
| 1879 | static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap) | ||
| 1880 | { | ||
| 1881 | int ret; | ||
| 1882 | |||
| 1883 | rcu_read_lock(); | ||
| 1884 | ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT); | ||
| 1885 | rcu_read_unlock(); | ||
| 1886 | return ret; | ||
| 1887 | } | ||
| 1888 | |||
| 1889 | static inline | ||
| 1890 | int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap) | ||
| 1891 | { | ||
| 1892 | int ret; | ||
| 1893 | |||
| 1894 | rcu_read_lock(); | ||
| 1895 | ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_NOAUDIT); | ||
| 1896 | rcu_read_unlock(); | ||
| 1897 | return ret; | ||
| 1898 | } | ||
| 1899 | |||
| 1900 | static inline int security_quotactl(int cmds, int type, int id, | 1875 | static inline int security_quotactl(int cmds, int type, int id, |
| 1901 | struct super_block *sb) | 1876 | struct super_block *sb) |
| 1902 | { | 1877 | { |
diff --git a/kernel/capability.c b/kernel/capability.c index d98392719adb..ff50ab62cfca 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -298,7 +298,11 @@ error: | |||
| 298 | */ | 298 | */ |
| 299 | bool has_capability(struct task_struct *t, int cap) | 299 | bool has_capability(struct task_struct *t, int cap) |
| 300 | { | 300 | { |
| 301 | int ret = security_real_capable(t, &init_user_ns, cap); | 301 | int ret; |
| 302 | |||
| 303 | rcu_read_lock(); | ||
| 304 | ret = security_capable(__task_cred(t), &init_user_ns, cap); | ||
| 305 | rcu_read_unlock(); | ||
| 302 | 306 | ||
| 303 | return (ret == 0); | 307 | return (ret == 0); |
| 304 | } | 308 | } |
| @@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap) | |||
| 317 | bool has_ns_capability(struct task_struct *t, | 321 | bool has_ns_capability(struct task_struct *t, |
| 318 | struct user_namespace *ns, int cap) | 322 | struct user_namespace *ns, int cap) |
| 319 | { | 323 | { |
| 320 | int ret = security_real_capable(t, ns, cap); | 324 | int ret; |
| 325 | |||
| 326 | rcu_read_lock(); | ||
| 327 | ret = security_capable(__task_cred(t), ns, cap); | ||
| 328 | rcu_read_unlock(); | ||
| 321 | 329 | ||
| 322 | return (ret == 0); | 330 | return (ret == 0); |
| 323 | } | 331 | } |
| @@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t, | |||
| 335 | */ | 343 | */ |
| 336 | bool has_capability_noaudit(struct task_struct *t, int cap) | 344 | bool has_capability_noaudit(struct task_struct *t, int cap) |
| 337 | { | 345 | { |
| 338 | int ret = security_real_capable_noaudit(t, &init_user_ns, cap); | 346 | int ret; |
| 347 | |||
| 348 | rcu_read_lock(); | ||
| 349 | ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap); | ||
| 350 | rcu_read_unlock(); | ||
| 339 | 351 | ||
| 340 | return (ret == 0); | 352 | return (ret == 0); |
| 341 | } | 353 | } |
diff --git a/security/security.c b/security/security.c index b7edaae77d1d..8900c5c4db5c 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -166,30 +166,6 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, | |||
| 166 | return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); | 166 | return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); |
| 167 | } | 167 | } |
| 168 | 168 | ||
| 169 | int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, | ||
| 170 | int cap) | ||
| 171 | { | ||
| 172 | const struct cred *cred; | ||
| 173 | int ret; | ||
| 174 | |||
| 175 | cred = get_task_cred(tsk); | ||
| 176 | ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT); | ||
| 177 | put_cred(cred); | ||
| 178 | return ret; | ||
| 179 | } | ||
| 180 | |||
| 181 | int security_real_capable_noaudit(struct task_struct *tsk, | ||
| 182 | struct user_namespace *ns, int cap) | ||
| 183 | { | ||
| 184 | const struct cred *cred; | ||
| 185 | int ret; | ||
| 186 | |||
| 187 | cred = get_task_cred(tsk); | ||
| 188 | ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); | ||
| 189 | put_cred(cred); | ||
| 190 | return ret; | ||
| 191 | } | ||
| 192 | |||
| 193 | int security_quotactl(int cmds, int type, int id, struct super_block *sb) | 169 | int security_quotactl(int cmds, int type, int id, struct super_block *sb) |
| 194 | { | 170 | { |
| 195 | return security_ops->quotactl(cmds, type, id, sb); | 171 | return security_ops->quotactl(cmds, type, id, sb); |