renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-11-19 16:14:13 +08:00
Code

capabilities: remove all _real_ interfaces

Browse Source 
The name security_real_capable and security_real_capable_noaudit just don't
make much sense to me.  Convert them to use security_capable and
security_capable_noaudit.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
This commit is contained in:
Eric Paris 2012-01-03 12:25:15 -05:00
parent c7eba4a975
commit 2920a8409d
3 changed files with 15 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
include/linux/security.h
View File

@ -1670,10 +1670,6 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap);
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int cap);
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
int cap);
int security_real_capable_noaudit(struct task_struct *tsk,
struct user_namespace *ns, int cap);
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
@ -1876,27 +1872,6 @@ static inline int security_capable_noaudit(const struct cred *cred,
return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
{
int ret;
rcu_read_lock();
ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);
rcu_read_unlock();
return ret;
}
static inline
int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)
{
int ret;
rcu_read_lock();
ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_NOAUDIT);
rcu_read_unlock();
return ret;
}
static inline int security_quotactl(int cmds, int type, int id,
struct super_block *sb)
{

18
kernel/capability.c
View File

@ -298,7 +298,11 @@ error:
*/
bool has_capability(struct task_struct *t, int cap)
{
int ret = security_real_capable(t, &init_user_ns, cap);
int ret;
rcu_read_lock();
ret = security_capable(__task_cred(t), &init_user_ns, cap);
rcu_read_unlock();
return (ret == 0);
}
@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap)
bool has_ns_capability(struct task_struct *t,
struct user_namespace *ns, int cap)
{
int ret = security_real_capable(t, ns, cap);
int ret;
rcu_read_lock();
ret = security_capable(__task_cred(t), ns, cap);
rcu_read_unlock();
return (ret == 0);
}
@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t,
*/
bool has_capability_noaudit(struct task_struct *t, int cap)
{
int ret = security_real_capable_noaudit(t, &init_user_ns, cap);
int ret;
rcu_read_lock();
ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap);
rcu_read_unlock();
return (ret == 0);
}

24
security/security.c
View File

@ -166,30 +166,6 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
int cap)
{
const struct cred *cred;
int ret;
cred = get_task_cred(tsk);
ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
put_cred(cred);
return ret;
}
int security_real_capable_noaudit(struct task_struct *tsk,
struct user_namespace *ns, int cap)
{
const struct cred *cred;
int ret;
cred = get_task_cred(tsk);
ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
put_cred(cred);
return ret;
}
int security_quotactl(int cmds, int type, int id, struct super_block *sb)
{
return security_ops->quotactl(cmds, type, id, sb);