diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-30 13:11:37 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-31 13:10:54 -0400 |
| commit | d007794a182bc072a7b7479909dbd0d67ba341be (patch) | |
| tree | 75aa7ccd563a0fe8b60391824c92f64098674dda | |
| parent | cf74d14c4fbce9bcc9eb62f52d721d3399a2b87f (diff) | |
split cap_mmap_addr() out of cap_file_mmap()
... switch callers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | include/linux/security.h | 3 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
| -rw-r--r-- | security/commoncap.c | 32 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 2 |
5 files changed, 28 insertions, 13 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index ab0e091ce5fa..4ad59c9fa731 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -86,6 +86,7 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | |||
| 86 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | 86 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); |
| 87 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 87 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
| 88 | extern int cap_inode_killpriv(struct dentry *dentry); | 88 | extern int cap_inode_killpriv(struct dentry *dentry); |
| 89 | extern int cap_mmap_addr(unsigned long addr); | ||
| 89 | extern int cap_file_mmap(struct file *file, unsigned long reqprot, | 90 | extern int cap_file_mmap(struct file *file, unsigned long reqprot, |
| 90 | unsigned long prot, unsigned long flags, | 91 | unsigned long prot, unsigned long flags, |
| 91 | unsigned long addr, unsigned long addr_only); | 92 | unsigned long addr, unsigned long addr_only); |
| @@ -2187,7 +2188,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot, | |||
| 2187 | unsigned long addr, | 2188 | unsigned long addr, |
| 2188 | unsigned long addr_only) | 2189 | unsigned long addr_only) |
| 2189 | { | 2190 | { |
| 2190 | return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 2191 | return cap_mmap_addr(addr); |
| 2191 | } | 2192 | } |
| 2192 | 2193 | ||
| 2193 | static inline int security_file_mprotect(struct vm_area_struct *vma, | 2194 | static inline int security_file_mprotect(struct vm_area_struct *vma, |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 032daab449b0..8430d8937afb 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -497,7 +497,7 @@ static int apparmor_file_mmap(struct file *file, unsigned long reqprot, | |||
| 497 | int rc = 0; | 497 | int rc = 0; |
| 498 | 498 | ||
| 499 | /* do DAC check */ | 499 | /* do DAC check */ |
| 500 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 500 | rc = cap_mmap_addr(addr); |
| 501 | if (rc || addr_only) | 501 | if (rc || addr_only) |
| 502 | return rc; | 502 | return rc; |
| 503 | 503 | ||
diff --git a/security/commoncap.c b/security/commoncap.c index e771cb1b2d79..ebac3618896e 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
| 958 | } | 958 | } |
| 959 | 959 | ||
| 960 | /* | 960 | /* |
| 961 | * cap_file_mmap - check if able to map given addr | 961 | * cap_mmap_addr - check if able to map given addr |
| 962 | * @file: unused | ||
| 963 | * @reqprot: unused | ||
| 964 | * @prot: unused | ||
| 965 | * @flags: unused | ||
| 966 | * @addr: address attempting to be mapped | 962 | * @addr: address attempting to be mapped |
| 967 | * @addr_only: unused | ||
| 968 | * | 963 | * |
| 969 | * If the process is attempting to map memory below dac_mmap_min_addr they need | 964 | * If the process is attempting to map memory below dac_mmap_min_addr they need |
| 970 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the | 965 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the |
| 971 | * capability security module. Returns 0 if this mapping should be allowed | 966 | * capability security module. Returns 0 if this mapping should be allowed |
| 972 | * -EPERM if not. | 967 | * -EPERM if not. |
| 973 | */ | 968 | */ |
| 974 | int cap_file_mmap(struct file *file, unsigned long reqprot, | 969 | int cap_mmap_addr(unsigned long addr) |
| 975 | unsigned long prot, unsigned long flags, | ||
| 976 | unsigned long addr, unsigned long addr_only) | ||
| 977 | { | 970 | { |
| 978 | int ret = 0; | 971 | int ret = 0; |
| 979 | 972 | ||
| @@ -986,3 +979,24 @@ int cap_file_mmap(struct file *file, unsigned long reqprot, | |||
| 986 | } | 979 | } |
| 987 | return ret; | 980 | return ret; |
| 988 | } | 981 | } |
| 982 | |||
| 983 | /* | ||
| 984 | * cap_file_mmap - check if able to map given addr | ||
| 985 | * @file: unused | ||
| 986 | * @reqprot: unused | ||
| 987 | * @prot: unused | ||
| 988 | * @flags: unused | ||
| 989 | * @addr: address attempting to be mapped | ||
| 990 | * @addr_only: unused | ||
| 991 | * | ||
| 992 | * If the process is attempting to map memory below dac_mmap_min_addr they need | ||
| 993 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the | ||
| 994 | * capability security module. Returns 0 if this mapping should be allowed | ||
| 995 | * -EPERM if not. | ||
| 996 | */ | ||
| 997 | int cap_file_mmap(struct file *file, unsigned long reqprot, | ||
| 998 | unsigned long prot, unsigned long flags, | ||
| 999 | unsigned long addr, unsigned long addr_only) | ||
| 1000 | { | ||
| 1001 | return cap_mmap_addr(addr); | ||
| 1002 | } | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fa2341b68331..25c125eaa3d8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3104,7 +3104,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
| 3104 | } | 3104 | } |
| 3105 | 3105 | ||
| 3106 | /* do DAC check on address space usage */ | 3106 | /* do DAC check on address space usage */ |
| 3107 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 3107 | rc = cap_mmap_addr(addr); |
| 3108 | if (rc || addr_only) | 3108 | if (rc || addr_only) |
| 3109 | return rc; | 3109 | return rc; |
| 3110 | 3110 | ||
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d583c0545808..a62197718768 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1199,7 +1199,7 @@ static int smack_file_mmap(struct file *file, | |||
| 1199 | int rc; | 1199 | int rc; |
| 1200 | 1200 | ||
| 1201 | /* do DAC check on address space usage */ | 1201 | /* do DAC check on address space usage */ |
| 1202 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 1202 | rc = cap_mmap_addr(addr); |
| 1203 | if (rc || addr_only) | 1203 | if (rc || addr_only) |
| 1204 | return rc; | 1204 | return rc; |
| 1205 | 1205 | ||