split ->file_mmap() into ->mmap_addr()/->mmap_file()

... i.e. file-dependent and address-dependent checks.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

1 files changed, 8 insertions, 7 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 25c125eaa3d8..372ec6502aa8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3083,9 +3083,7 @@ error:
         return rc;
 }
 
-static int selinux_file_mmap(struct file *file, unsigned long reqprot,
-                             unsigned long prot, unsigned long flags,
-                             unsigned long addr, unsigned long addr_only)
+static int selinux_mmap_addr(unsigned long addr)
 {
         int rc = 0;
         u32 sid = current_sid();
@@ -3104,10 +3102,12 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
         }
 
         /* do DAC check on address space usage */
-        rc = cap_mmap_addr(addr);
-        if (rc || addr_only)
-                return rc;
+        return cap_mmap_addr(addr);
+}
 
+static int selinux_mmap_file(struct file *file, unsigned long reqprot,
+                             unsigned long prot, unsigned long flags)
+{
         if (selinux_checkreqprot)
                 prot = reqprot;
 
@@ -5570,7 +5570,8 @@ static struct security_operations selinux_ops = {
         .file_alloc_security =          selinux_file_alloc_security,
         .file_free_security =           selinux_file_free_security,
         .file_ioctl =                   selinux_file_ioctl,
-        .file_mmap =                    selinux_file_mmap,
+        .mmap_file =                    selinux_mmap_file,
+        .mmap_addr =                    selinux_mmap_addr,
         .file_mprotect =                selinux_file_mprotect,
         .file_lock =                    selinux_file_lock,
         .file_fcntl =                   selinux_file_fcntl,