Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security

* 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: capabilities: remove __cap_full_set definition security: remove the security_netlink_recv hook as it is equivalent to capable() ptrace: do not audit capability check when outputing /proc/pid/stat capabilities: remove task_ns_* functions capabitlies: ns_capable can use the cap helpers rather than lsm call capabilities: style only - move capable below ns_capable capabilites: introduce new has_ns_capabilities_noaudit capabilities: call has_ns_capability from has_capability capabilities: remove all _real_ interfaces capabilities: introduce security_capable_noaudit capabilities: reverse arguments to security_capable capabilities: remove the task from capable LSM hook entirely selinux: sparse fix: fix several warnings in the security server cod selinux: sparse fix: fix warnings in netlink code selinux: sparse fix: eliminate warnings for selinuxfs selinux: sparse fix: declare selinux_disable() in security.h selinux: sparse fix: move selinux_complete_init selinux: sparse fix: make selinux_secmark_refcount static SELinux: Fix RCU deref check warning in sel_netport_insert() Manually fix up a semantic mis-merge wrt security_netlink_recv(): - the interface was removed in commit fd7784615248 ("security: remove the security_netlink_recv hook as it is equivalent to capable()") - a new user of it appeared in commit a38f7907b926 ("crypto: Add userspace configuration API") causing no automatic merge conflict, but Eric Paris pointed out the issue.
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-01-14 21:36:33 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-01-14 21:36:33 -0500
commit: c49c41a4134679cecb77362e7f6b59acb6320aa7 (patch)
tree: 45e690c036ca5846a48c8be67945d1d841b2d96d /security/security.c
parent: 892d208bcf79e4e1058707786a7b6d486697cd78 (diff)
parent: f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5 (diff)
1 files changed, 5 insertions, 30 deletions
diff --git a/security/security.c b/security/security.c
index 214502c772ab..d7542493454d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -155,35 +155,16 @@ int security_capset(struct cred *new, const struct cred *old,
                                    effective, inheritable, permitted);
 }
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
                     int cap)
 {
-        return security_ops->capable(current, cred, ns, cap,
+        return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
-                                     SECURITY_CAP_AUDIT);
 }
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
-                          int cap)
+                             int cap)
 {
-        const struct cred *cred;
+        return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
-        int ret;
-        cred = get_task_cred(tsk);
-        ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT);
-        put_cred(cred);
-        return ret;
-}
-int security_real_capable_noaudit(struct task_struct *tsk,
-                                  struct user_namespace *ns, int cap)
-{
-        const struct cred *cred;
-        int ret;
-        cred = get_task_cred(tsk);
-        ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT);
-        put_cred(cred);
-        return ret;
 }
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -994,12 +975,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb)
        return security_ops->netlink_send(sk, skb);
 }
-int security_netlink_recv(struct sk_buff *skb, int cap)
-{
-        return security_ops->netlink_recv(skb, cap);
-}
-EXPORT_SYMBOL(security_netlink_recv);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
        return security_ops->secid_to_secctx(secid, secdata, seclen);
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-01-14 21:36:33 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-01-14 21:36:33 -0500
commit	c49c41a4134679cecb77362e7f6b59acb6320aa7 (patch)
tree	45e690c036ca5846a48c8be67945d1d841b2d96d /security/security.c
parent	892d208bcf79e4e1058707786a7b6d486697cd78 (diff)
parent	f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5 (diff)

diff --git a/security/security.c b/security/security.c index 214502c772ab..d7542493454d 100644 --- a/security/security.c +++ b/security/security.c
@@ -155,35 +155,16 @@ int security_capset(struct cred new, const struct cred old,
155	effective, inheritable, permitted);	155	effective, inheritable, permitted);
156	}	156	}
157		157
158	int security_capable(struct user_namespace ns, const struct cred cred,	158	int security_capable(const struct cred cred, struct user_namespace ns,
159	int cap)	159	int cap)
160	{	160	{
161	return security_ops->capable(current, cred, ns, cap,	161	return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
162	SECURITY_CAP_AUDIT);
163	}	162	}
164		163
165	int security_real_capable(struct task_struct tsk, struct user_namespace ns,	164	int security_capable_noaudit(const struct cred cred, struct user_namespace ns,
166	int cap)	165	int cap)
167	{	166	{
168	const struct cred *cred;	167	return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
169	int ret;
170
171	cred = get_task_cred(tsk);
172	ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT);
173	put_cred(cred);
174	return ret;
175	}
176
177	int security_real_capable_noaudit(struct task_struct *tsk,
178	struct user_namespace *ns, int cap)
179	{
180	const struct cred *cred;
181	int ret;
182
183	cred = get_task_cred(tsk);
184	ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT);
185	put_cred(cred);
186	return ret;
187	}	168	}
188		169
189	int security_quotactl(int cmds, int type, int id, struct super_block *sb)	170	int security_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -994,12 +975,6 @@ int security_netlink_send(struct sock sk, struct sk_buff skb)
994	return security_ops->netlink_send(sk, skb);	975	return security_ops->netlink_send(sk, skb);
995	}	976	}
996		977
997	int security_netlink_recv(struct sk_buff *skb, int cap)
998	{
999	return security_ops->netlink_recv(skb, cap);
1000	}
1001	EXPORT_SYMBOL(security_netlink_recv);
1002
1003	int security_secid_to_secctx(u32 secid, char *secdata, u32 seclen)	978	int security_secid_to_secctx(u32 secid, char *secdata, u32 seclen)
1004	{	979	{
1005	return security_ops->secid_to_secctx(secid, secdata, seclen);	980	return security_ops->secid_to_secctx(secid, secdata, seclen);