diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-30 13:30:51 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-31 13:11:54 -0400 |
| commit | e5467859f7f79b69fc49004403009dfdba3bec53 (patch) | |
| tree | 73b011daf79eeddd61bbcaf65cd197b5e5f6f149 /security/smack/smack_lsm.c | |
| parent | d007794a182bc072a7b7479909dbd0d67ba341be (diff) | |
split ->file_mmap() into ->mmap_addr()/->mmap_file()
... i.e. file-dependent and address-dependent checks.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/smack/smack_lsm.c')
| -rw-r--r-- | security/smack/smack_lsm.c | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a62197718768..ee0bb5735f35 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1171,7 +1171,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1171 | } | 1171 | } |
| 1172 | 1172 | ||
| 1173 | /** | 1173 | /** |
| 1174 | * smack_file_mmap : | 1174 | * smack_mmap_file : |
| 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. | 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. |
| 1176 | * if mapping anonymous memory. | 1176 | * if mapping anonymous memory. |
| 1177 | * @file contains the file structure for file to map (may be NULL). | 1177 | * @file contains the file structure for file to map (may be NULL). |
| @@ -1180,10 +1180,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1180 | * @flags contains the operational flags. | 1180 | * @flags contains the operational flags. |
| 1181 | * Return 0 if permission is granted. | 1181 | * Return 0 if permission is granted. |
| 1182 | */ | 1182 | */ |
| 1183 | static int smack_file_mmap(struct file *file, | 1183 | static int smack_mmap_file(struct file *file, |
| 1184 | unsigned long reqprot, unsigned long prot, | 1184 | unsigned long reqprot, unsigned long prot, |
| 1185 | unsigned long flags, unsigned long addr, | 1185 | unsigned long flags) |
| 1186 | unsigned long addr_only) | ||
| 1187 | { | 1186 | { |
| 1188 | struct smack_known *skp; | 1187 | struct smack_known *skp; |
| 1189 | struct smack_rule *srp; | 1188 | struct smack_rule *srp; |
| @@ -1198,11 +1197,6 @@ static int smack_file_mmap(struct file *file, | |||
| 1198 | int tmay; | 1197 | int tmay; |
| 1199 | int rc; | 1198 | int rc; |
| 1200 | 1199 | ||
| 1201 | /* do DAC check on address space usage */ | ||
| 1202 | rc = cap_mmap_addr(addr); | ||
| 1203 | if (rc || addr_only) | ||
| 1204 | return rc; | ||
| 1205 | |||
| 1206 | if (file == NULL || file->f_dentry == NULL) | 1200 | if (file == NULL || file->f_dentry == NULL) |
| 1207 | return 0; | 1201 | return 0; |
| 1208 | 1202 | ||
| @@ -3482,7 +3476,8 @@ struct security_operations smack_ops = { | |||
| 3482 | .file_ioctl = smack_file_ioctl, | 3476 | .file_ioctl = smack_file_ioctl, |
| 3483 | .file_lock = smack_file_lock, | 3477 | .file_lock = smack_file_lock, |
| 3484 | .file_fcntl = smack_file_fcntl, | 3478 | .file_fcntl = smack_file_fcntl, |
| 3485 | .file_mmap = smack_file_mmap, | 3479 | .mmap_file = smack_mmap_file, |
| 3480 | .mmap_addr = cap_mmap_addr, | ||
| 3486 | .file_set_fowner = smack_file_set_fowner, | 3481 | .file_set_fowner = smack_file_set_fowner, |
| 3487 | .file_send_sigiotask = smack_file_send_sigiotask, | 3482 | .file_send_sigiotask = smack_file_send_sigiotask, |
| 3488 | .file_receive = smack_file_receive, | 3483 | .file_receive = smack_file_receive, |