diff options
| author | Chris Wright <chrisw@sous-sol.org> | 2006-03-25 06:07:41 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 11:22:56 -0500 |
| commit | 12b5989be10011387a9da5dee82e5c0d6f9d02e7 (patch) | |
| tree | 74da71d407bf26bf97c639bb2b473de233a736ac /include/linux/security.h | |
| parent | 77d47582c2345e071df02afaf9191641009287c4 (diff) | |
[PATCH] refactor capable() to one implementation, add __capable() helper
Move capable() to kernel/capability.c and eliminate duplicate
implementations. Add __capable() function which can be used to check for
capabiilty of any process.
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index b18eb8cfa639..3c19be35124b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -1040,6 +1040,11 @@ struct swap_info_struct; | |||
| 1040 | * @effective contains the effective capability set. | 1040 | * @effective contains the effective capability set. |
| 1041 | * @inheritable contains the inheritable capability set. | 1041 | * @inheritable contains the inheritable capability set. |
| 1042 | * @permitted contains the permitted capability set. | 1042 | * @permitted contains the permitted capability set. |
| 1043 | * @capable: | ||
| 1044 | * Check whether the @tsk process has the @cap capability. | ||
| 1045 | * @tsk contains the task_struct for the process. | ||
| 1046 | * @cap contains the capability <include/linux/capability.h>. | ||
| 1047 | * Return 0 if the capability is granted for @tsk. | ||
| 1043 | * @acct: | 1048 | * @acct: |
| 1044 | * Check permission before enabling or disabling process accounting. If | 1049 | * Check permission before enabling or disabling process accounting. If |
| 1045 | * accounting is being enabled, then @file refers to the open file used to | 1050 | * accounting is being enabled, then @file refers to the open file used to |
| @@ -1053,11 +1058,6 @@ struct swap_info_struct; | |||
| 1053 | * @table contains the ctl_table structure for the sysctl variable. | 1058 | * @table contains the ctl_table structure for the sysctl variable. |
| 1054 | * @op contains the operation (001 = search, 002 = write, 004 = read). | 1059 | * @op contains the operation (001 = search, 002 = write, 004 = read). |
| 1055 | * Return 0 if permission is granted. | 1060 | * Return 0 if permission is granted. |
| 1056 | * @capable: | ||
| 1057 | * Check whether the @tsk process has the @cap capability. | ||
| 1058 | * @tsk contains the task_struct for the process. | ||
| 1059 | * @cap contains the capability <include/linux/capability.h>. | ||
| 1060 | * Return 0 if the capability is granted for @tsk. | ||
| 1061 | * @syslog: | 1061 | * @syslog: |
| 1062 | * Check permission before accessing the kernel message ring or changing | 1062 | * Check permission before accessing the kernel message ring or changing |
| 1063 | * logging to the console. | 1063 | * logging to the console. |
| @@ -1099,9 +1099,9 @@ struct security_operations { | |||
| 1099 | kernel_cap_t * effective, | 1099 | kernel_cap_t * effective, |
| 1100 | kernel_cap_t * inheritable, | 1100 | kernel_cap_t * inheritable, |
| 1101 | kernel_cap_t * permitted); | 1101 | kernel_cap_t * permitted); |
| 1102 | int (*capable) (struct task_struct * tsk, int cap); | ||
| 1102 | int (*acct) (struct file * file); | 1103 | int (*acct) (struct file * file); |
| 1103 | int (*sysctl) (struct ctl_table * table, int op); | 1104 | int (*sysctl) (struct ctl_table * table, int op); |
| 1104 | int (*capable) (struct task_struct * tsk, int cap); | ||
| 1105 | int (*quotactl) (int cmds, int type, int id, struct super_block * sb); | 1105 | int (*quotactl) (int cmds, int type, int id, struct super_block * sb); |
| 1106 | int (*quota_on) (struct dentry * dentry); | 1106 | int (*quota_on) (struct dentry * dentry); |
| 1107 | int (*syslog) (int type); | 1107 | int (*syslog) (int type); |
| @@ -1347,6 +1347,11 @@ static inline void security_capset_set (struct task_struct *target, | |||
| 1347 | security_ops->capset_set (target, effective, inheritable, permitted); | 1347 | security_ops->capset_set (target, effective, inheritable, permitted); |
| 1348 | } | 1348 | } |
| 1349 | 1349 | ||
| 1350 | static inline int security_capable(struct task_struct *tsk, int cap) | ||
| 1351 | { | ||
| 1352 | return security_ops->capable(tsk, cap); | ||
| 1353 | } | ||
| 1354 | |||
| 1350 | static inline int security_acct (struct file *file) | 1355 | static inline int security_acct (struct file *file) |
| 1351 | { | 1356 | { |
| 1352 | return security_ops->acct (file); | 1357 | return security_ops->acct (file); |
| @@ -2050,6 +2055,11 @@ static inline void security_capset_set (struct task_struct *target, | |||
| 2050 | cap_capset_set (target, effective, inheritable, permitted); | 2055 | cap_capset_set (target, effective, inheritable, permitted); |
| 2051 | } | 2056 | } |
| 2052 | 2057 | ||
| 2058 | static inline int security_capable(struct task_struct *tsk, int cap) | ||
| 2059 | { | ||
| 2060 | return cap_capable(tsk, cap); | ||
| 2061 | } | ||
| 2062 | |||
| 2053 | static inline int security_acct (struct file *file) | 2063 | static inline int security_acct (struct file *file) |
| 2054 | { | 2064 | { |
| 2055 | return 0; | 2065 | return 0; |