diff options
Diffstat (limited to 'security/apparmor/capability.c')
| -rw-r--r-- | security/apparmor/capability.c | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 84d1f5f53877..1101c6f64bb7 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c | |||
| @@ -53,8 +53,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) | |||
| 53 | 53 | ||
| 54 | /** | 54 | /** |
| 55 | * audit_caps - audit a capability | 55 | * audit_caps - audit a capability |
| 56 | * @profile: profile confining task (NOT NULL) | 56 | * @profile: profile being tested for confinement (NOT NULL) |
| 57 | * @task: task capability test was performed against (NOT NULL) | ||
| 58 | * @cap: capability tested | 57 | * @cap: capability tested |
| 59 | * @error: error code returned by test | 58 | * @error: error code returned by test |
| 60 | * | 59 | * |
| @@ -63,8 +62,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) | |||
| 63 | * | 62 | * |
| 64 | * Returns: 0 or sa->error on success, error code on failure | 63 | * Returns: 0 or sa->error on success, error code on failure |
| 65 | */ | 64 | */ |
| 66 | static int audit_caps(struct aa_profile *profile, struct task_struct *task, | 65 | static int audit_caps(struct aa_profile *profile, int cap, int error) |
| 67 | int cap, int error) | ||
| 68 | { | 66 | { |
| 69 | struct audit_cache *ent; | 67 | struct audit_cache *ent; |
| 70 | int type = AUDIT_APPARMOR_AUTO; | 68 | int type = AUDIT_APPARMOR_AUTO; |
| @@ -73,7 +71,6 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task, | |||
| 73 | sa.type = LSM_AUDIT_DATA_CAP; | 71 | sa.type = LSM_AUDIT_DATA_CAP; |
| 74 | sa.aad = &aad; | 72 | sa.aad = &aad; |
| 75 | sa.u.cap = cap; | 73 | sa.u.cap = cap; |
| 76 | sa.aad->tsk = task; | ||
| 77 | sa.aad->op = OP_CAPABLE; | 74 | sa.aad->op = OP_CAPABLE; |
| 78 | sa.aad->error = error; | 75 | sa.aad->error = error; |
| 79 | 76 | ||
| @@ -124,8 +121,7 @@ static int profile_capable(struct aa_profile *profile, int cap) | |||
| 124 | 121 | ||
| 125 | /** | 122 | /** |
| 126 | * aa_capable - test permission to use capability | 123 | * aa_capable - test permission to use capability |
| 127 | * @task: task doing capability test against (NOT NULL) | 124 | * @profile: profile being tested against (NOT NULL) |
| 128 | * @profile: profile confining @task (NOT NULL) | ||
| 129 | * @cap: capability to be tested | 125 | * @cap: capability to be tested |
| 130 | * @audit: whether an audit record should be generated | 126 | * @audit: whether an audit record should be generated |
| 131 | * | 127 | * |
| @@ -133,8 +129,7 @@ static int profile_capable(struct aa_profile *profile, int cap) | |||
| 133 | * | 129 | * |
| 134 | * Returns: 0 on success, or else an error code. | 130 | * Returns: 0 on success, or else an error code. |
| 135 | */ | 131 | */ |
| 136 | int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, | 132 | int aa_capable(struct aa_profile *profile, int cap, int audit) |
| 137 | int audit) | ||
| 138 | { | 133 | { |
| 139 | int error = profile_capable(profile, cap); | 134 | int error = profile_capable(profile, cap); |
| 140 | 135 | ||
| @@ -144,5 +139,5 @@ int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, | |||
| 144 | return error; | 139 | return error; |
| 145 | } | 140 | } |
| 146 | 141 | ||
| 147 | return audit_caps(profile, task, cap, error); | 142 | return audit_caps(profile, cap, error); |
| 148 | } | 143 | } |