Commit 267ebfd6 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman

Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5

into kroah.com:/home/greg/linux/BK/lsm-2.5
parents 9179a307 efdddf70
......@@ -719,8 +719,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -160,8 +160,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -1101,8 +1101,7 @@ sys_ptrace (long request, pid_t pid, unsigned long addr, unsigned long data,
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
current->ptrace |= PT_PTRACED;
ret = 0;
......
......@@ -166,8 +166,7 @@ int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -59,8 +59,7 @@ int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -48,8 +48,7 @@ int sys32_ptrace(long request, long pid, unsigned long addr, unsigned long data)
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -53,6 +53,7 @@
#include <linux/mman.h>
#include <linux/sysctl.h>
#include <linux/binfmts.h>
#include <linux/security.h>
#include <asm/types.h>
#include <asm/ipc.h>
......@@ -3520,8 +3521,7 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
if ((retval = bprm.envc) < 0)
goto out_mm;
retval = security_ops->bprm_alloc_security(&bprm);
if (retval)
if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
......@@ -3544,7 +3544,7 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
retval = search_binary_handler(&bprm,regs);
if (retval >= 0) {
/* execve success */
security_ops->bprm_free_security(&bprm);
security_bprm_free(&bprm);
return retval;
}
......@@ -3557,7 +3557,7 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
}
if (bprm.security)
security_ops->bprm_free_security(&bprm);
security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
......
......@@ -330,8 +330,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
ret = -EPERM;
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -32,6 +32,7 @@
#include <linux/errno.h>
#include <linux/ptrace.h>
#include <linux/user.h>
#include <linux/security.h>
#include <asm/segment.h>
#include <asm/page.h>
......@@ -568,8 +569,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
ret = -EPERM;
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -291,8 +291,7 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
pt_error_return(regs, EPERM);
goto out;
}
ret = security_ops->ptrace(current->parent, current);
if (ret) {
if ((ret = security_ptrace(current->parent, current))) {
pt_error_return(regs, -ret);
goto out;
}
......
......@@ -140,8 +140,7 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
pt_error_return(regs, EPERM);
goto out;
}
ret = security_ops->ptrace(current->parent, current);
if (ret) {
if ((ret = security_ptrace(current->parent, current))) {
pt_error_return(regs, -ret);
goto out;
}
......
......@@ -2967,8 +2967,7 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs)
if ((retval = bprm.envc) < 0)
goto out_mm;
retval = security_ops->bprm_alloc_security(&bprm);
if (retval)
if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
......@@ -2991,7 +2990,7 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs)
retval = search_binary_handler(&bprm, regs);
if (retval >= 0) {
/* execve success */
security_ops->bprm_free_security(&bprm);
security_bprm_free(&bprm);
return retval;
}
......@@ -3004,7 +3003,7 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs)
}
if (bprm.security)
security_ops->bprm_free_security(&bprm);
security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
......
......@@ -33,8 +33,7 @@ int sys_ptrace(long request, long pid, long addr, long data)
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if(ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
......
......@@ -178,8 +178,7 @@ asmlinkage long sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
ret = security_ops->ptrace(current->parent, current);
if (ret)
if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
......
......@@ -7,6 +7,8 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/limits.h>
#include <linux/stat.h>
#include "fs.h"
static struct driver_dir_entry class_dir;
......
......@@ -4,6 +4,8 @@
#include <linux/device.h>
#include <linux/slab.h>
#include <linux/limits.h>
#include <linux/errno.h>
#include "fs.h"
/**
......
......@@ -153,13 +153,12 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
}
if (inode->i_op && inode->i_op->setattr) {
error = security_ops->inode_setattr(dentry, attr);
if (!error)
if (!(error = security_inode_setattr(dentry, attr)))
error = inode->i_op->setattr(dentry, attr);
} else {
error = inode_change_ok(inode, attr);
if (!error)
error = security_ops->inode_setattr(dentry, attr);
error = security_inode_setattr(dentry, attr);
if (!error) {
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
......
......@@ -69,6 +69,7 @@
#include <linux/init.h>
#include <linux/module.h>
#include <linux/proc_fs.h>
#include <linux/security.h>
#include <asm/uaccess.h>
......@@ -1305,8 +1306,7 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path)
error = -EIO;
if (!f->f_op || !f->f_op->read || !f->f_op->write)
goto out_f;
error = security_ops->quota_on(f);
if (error)
if ((error = security_quota_on(f)))
goto out_f;
inode = f->f_dentry->d_inode;
error = -EACCES;
......
......@@ -43,6 +43,7 @@
#include <linux/namei.h>
#include <linux/proc_fs.h>
#include <linux/ptrace.h>
#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
......@@ -818,8 +819,7 @@ int prepare_binprm(struct linux_binprm *bprm)
}
/* fill in binprm security blob */
retval = security_ops->bprm_set_security(bprm);
if (retval)
if ((retval = security_bprm_set(bprm)))
return retval;
memset(bprm->buf,0,BINPRM_BUF_SIZE);
......@@ -867,7 +867,7 @@ void compute_creds(struct linux_binprm *bprm)
if(do_unlock)
unlock_kernel();
security_ops->bprm_compute_creds(bprm);
security_bprm_compute_creds(bprm);
}
void remove_arg_zero(struct linux_binprm *bprm)
......@@ -936,8 +936,7 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
}
}
#endif
retval = security_ops->bprm_check_security(bprm);
if (retval)
if ((retval = security_bprm_check(bprm)))
return retval;
/* kernel module loader fixup */
......@@ -1033,8 +1032,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs
if ((retval = bprm.envc) < 0)
goto out_mm;
retval = security_ops->bprm_alloc_security(&bprm);
if (retval)
if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
......@@ -1057,7 +1055,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs
retval = search_binary_handler(&bprm,regs);
if (retval >= 0) {
/* execve success */
security_ops->bprm_free_security(&bprm);
security_bprm_free(&bprm);
return retval;
}
......@@ -1070,7 +1068,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs
}
if (bprm.security)
security_ops->bprm_free_security(&bprm);
security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
......
......@@ -274,8 +274,7 @@ int f_setown(struct file *filp, unsigned long arg, int force)
{
int err;
err = security_ops->file_set_fowner(filp);
if (err)
if ((err = security_file_set_fowner(filp)))
return err;
f_modown(filp, arg, current->uid, current->euid, force);
......@@ -368,8 +367,7 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
if (!filp)
goto out;
err = security_ops->file_fcntl(filp, cmd, arg);
if (err) {
if ((err = security_file_fcntl(filp, cmd, arg))) {
fput(filp);
return err;
}
......@@ -392,8 +390,7 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg
if (!filp)
goto out;
err = security_ops->file_fcntl(filp, cmd, arg);
if (err) {
if ((err = security_file_fcntl(filp, cmd, arg))) {
fput(filp);
return err;
}
......@@ -444,7 +441,7 @@ static void send_sigio_to_task(struct task_struct *p,
if (!sigio_perm(p, fown))
return;
if (security_ops->file_send_sigiotask(p, fown, fd, reason))
if (security_file_send_sigiotask(p, fown, fd, reason))
return;
switch (fown->signum) {
......
......@@ -46,7 +46,7 @@ struct file * get_empty_filp(void)
files_stat.nr_free_files--;
new_one:
memset(f, 0, sizeof(*f));
if (security_ops->file_alloc_security(f)) {
if (security_file_alloc(f)) {
list_add(&f->f_list, &free_list);
files_stat.nr_free_files++;
file_list_unlock();
......@@ -127,7 +127,7 @@ void __fput(struct file * file)
if (file->f_op && file->f_op->release)
file->f_op->release(inode, file);
security_ops->file_free_security(file);
security_file_free(file);
fops_put(file->f_op);
if (file->f_mode & FMODE_WRITE)
put_write_access(inode);
......@@ -160,7 +160,7 @@ struct file * fget(unsigned int fd)
void put_filp(struct file *file)
{
if(atomic_dec_and_test(&file->f_count)) {
security_ops->file_free_security(file);
security_file_free(file);
file_list_lock();
list_del(&file->f_list);
list_add(&file->f_list, &free_list);
......
......@@ -120,7 +120,7 @@ static struct inode *alloc_inode(struct super_block *sb)
inode->i_bdev = NULL;
inode->i_cdev = NULL;
inode->i_security = NULL;
if (security_ops->inode_alloc_security(inode)) {
if (security_inode_alloc(inode)) {
if (inode->i_sb->s_op->destroy_inode)
inode->i_sb->s_op->destroy_inode(inode);
else
......@@ -146,7 +146,7 @@ static void destroy_inode(struct inode *inode)
{
if (inode_has_buffers(inode))
BUG();
security_ops->inode_free_security(inode);
security_inode_free(inode);
if (inode->i_sb->s_op->destroy_inode) {
inode->i_sb->s_op->destroy_inode(inode);
} else {
......@@ -922,7 +922,7 @@ void generic_delete_inode(struct inode *inode)
if (inode->i_data.nrpages)
truncate_inode_pages(&inode->i_data, 0);
security_ops->inode_delete(inode);
security_inode_delete(inode);
if (op && op->delete_inode) {
void (*delete)(struct inode *) = op->delete_inode;
......
......@@ -59,8 +59,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
goto out;
error = 0;
error = security_ops->file_ioctl(filp, cmd, arg);
if (error) {
if ((error = security_file_ioctl(filp, cmd, arg))) {
fput(filp);
goto out;
}
......
......@@ -122,6 +122,7 @@
#include <linux/timer.h>
#include <linux/time.h>
#include <linux/fs.h>
#include <linux/security.h>
#include <asm/semaphore.h>
#include <asm/uaccess.h>
......@@ -1174,8 +1175,7 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
error = security_ops->file_lock(filp, arg);
if (error)
if ((error = security_file_lock(filp, arg)))
return error;
lock_kernel();
......@@ -1288,8 +1288,7 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
if (error)
goto out_putf;
error = security_ops->file_lock(filp, cmd);
if (error)
if ((error = security_file_lock(filp, cmd)))
goto out_free;
for (;;) {
......@@ -1438,8 +1437,7 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
goto out;
}
error = security_ops->file_lock(filp, file_lock->fl_type);
if (error)
if ((error = security_file_lock(filp, file_lock->fl_type)))
goto out;
if (filp->f_op && filp->f_op->lock != NULL) {
......@@ -1578,8 +1576,7 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
goto out;
}
error = security_ops->file_lock(filp, file_lock->fl_type);
if (error)
if ((error = security_file_lock(filp, file_lock->fl_type)))
goto out;
if (filp->f_op && filp->f_op->lock != NULL) {
......
......@@ -218,7 +218,7 @@ int permission(struct inode * inode,int mask)
if (retval)
return retval;
return security_ops->inode_permission(inode, mask);
return security_inode_permission(inode, mask);
}
/*
......@@ -340,7 +340,7 @@ static inline int exec_permission_lite(struct inode *inode)
return -EACCES;
ok:
return security_ops->inode_permission_lite(inode, MAY_EXEC);
return security_inode_permission_lite(inode, MAY_EXEC);
}
/*
......@@ -374,7 +374,7 @@ static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, i
dput(dentry);
else {
result = dentry;
security_ops->inode_post_lookup(dir, result);
security_inode_post_lookup(dir, result);
}
}
up(&dir->i_sem);
......@@ -413,8 +413,7 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
current->state = TASK_RUNNING;
schedule();
}
err = security_ops->inode_follow_link(dentry, nd);
if (err)
if ((err = security_inode_follow_link(dentry, nd)))
goto loop;
current->link_count++;
current->total_link_count++;
......@@ -918,7 +917,7 @@ struct dentry * lookup_hash(struct qstr *name, struct dentry * base)
dentry = inode->i_op->lookup(inode, new);
if (!dentry) {
dentry = new;
security_ops->inode_post_lookup(inode, dentry);
security_inode_post_lookup(inode, dentry);
} else
dput(new);
}
......@@ -1125,14 +1124,13 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode)
return -EACCES; /* shouldn't it be ENOSYS? */
mode &= S_IALLUGO;
mode |= S_IFREG;
error = security_ops->inode_create(dir, dentry, mode);
if (error)
if ((error = security_inode_create(dir, dentry, mode)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->create(dir, dentry, mode);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
security_ops->inode_post_create(dir, dentry, mode);
security_inode_post_create(dir, dentry, mode);
}
return error;
}
......@@ -1344,8 +1342,7 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
*/
error = security_ops->inode_follow_link(dentry, nd);
if (error)
if ((error = security_inode_follow_link(dentry, nd)))
goto exit_dput;
UPDATE_ATIME(dentry->d_inode);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
......@@ -1410,15 +1407,14 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
if (!dir->i_op || !dir->i_op->mknod)
return -EPERM;
error = security_ops->inode_mknod(dir, dentry, mode, dev);
if (error)
if ((error = security_inode_mknod(dir, dentry, mode, dev)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->mknod(dir, dentry, mode, dev);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
security_ops->inode_post_mknod(dir, dentry, mode, dev);
security_inode_post_mknod(dir, dentry, mode, dev);
}
return error;
}
......@@ -1478,15 +1474,14 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
return -EPERM;
mode &= (S_IRWXUGO|S_ISVTX);
error = security_ops->inode_mkdir(dir, dentry, mode);
if (error)
if ((error = security_inode_mkdir(dir, dentry, mode)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->mkdir(dir, dentry, mode);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
security_ops->inode_post_mkdir(dir,dentry, mode);
security_inode_post_mkdir(dir,dentry, mode);
}
return error;
}
......@@ -1570,8 +1565,7 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry)
if (d_mountpoint(dentry))
error = -EBUSY;
else {
error = security_ops->inode_rmdir(dir, dentry);
if (!error) {
if (!(error = security_inode_rmdir(dir, dentry))) {
error = dir->i_op->rmdir(dir, dentry);
if (!error)
dentry->d_inode->i_flags |= S_DEAD;
......@@ -1644,10 +1638,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry)
if (d_mountpoint(dentry))
error = -EBUSY;
else {
error = security_ops->inode_unlink(dir, dentry);
if (!error) {
if (!(error = security_inode_unlink(dir, dentry)))
error = dir->i_op->unlink(dir, dentry);
}
}
up(&dentry->d_inode->i_sem);
if (!error) {
......@@ -1709,15 +1701,14 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
if (!dir->i_op || !dir->i_op->symlink)
return -EPERM;
error = security_ops->inode_symlink(dir, dentry, oldname);
if (error)
if ((error = security_inode_symlink(dir, dentry, oldname)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->symlink(dir, dentry, oldname);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
security_ops->inode_post_symlink(dir, dentry, oldname);
security_inode_post_symlink(dir, dentry, oldname);
}
return error;
}
......@@ -1780,8 +1771,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
if (S_ISDIR(old_dentry->d_inode->i_mode))
return -EPERM;
error = security_ops->inode_link(old_dentry, dir, new_dentry);
if (error)
if ((error = security_inode_link(old_dentry, dir, new_dentry)))
return error;
down(&old_dentry->d_inode->i_sem);
......@@ -1790,7 +1780,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
up(&old_dentry->d_inode->i_sem);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
security_ops->inode_post_link(old_dentry, dir, new_dentry);
security_inode_post_link(old_dentry, dir, new_dentry);
}
return error;
}
......@@ -1889,8 +1879,7 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
return error;
}
error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
if (error)
if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
return error;
target = new_dentry->d_inode;
......@@ -1912,8 +1901,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
}
if (!error) {
d_move(old_dentry,new_dentry);
security_ops->inode_post_rename(old_dir, old_dentry,
new_dir, new_dentry);
security_inode_post_rename(old_dir, old_dentry,
new_dir, new_dentry);
}
return error;
}
......@@ -1924,8 +1913,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
struct inode *target;
int error;
error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
if (error)
if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
return error;
dget(new_dentry);
......@@ -1940,7 +1928,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
/* The following d_move() should become unconditional */
if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
d_move(old_dentry, new_dentry);
security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
}
if (target)
up(&target->i_sem);
......
......@@ -19,6 +19,7 @@
#include <linux/seq_file.h>
#include <linux/namespace.h>
#include <linux/namei.h>
#include <linux/security.h>
#include <asm/uaccess.h>
......@@ -288,8 +289,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
struct super_block * sb = mnt->mnt_sb;
int retval = 0;
retval = security_ops->sb_umount(mnt, flags);
if (retval)
if ((retval = security_sb_umount(mnt, flags)))
return retval;
/*
......@@ -341,7 +341,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
DQUOT_OFF(sb);
acct_auto_close(sb);
unlock_kernel();
security_ops->sb_umount_close(mnt);
security_sb_umount_close(mnt);
spin_lock(&dcache_lock);
}
retval = -EBUSY;
......@@ -352,7 +352,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
}
spin_unlock(&dcache_lock);
if (retval)
security_ops->sb_umount_busy(mnt);
security_sb_umount_busy(mnt);
up_write(&current->namespace->sem);
return retval;
}
......@@ -470,8 +470,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
if (IS_DEADDIR(nd->dentry->d_inode))
goto out_unlock;
err = security_ops->sb_check_sb(mnt, nd);
if (err)
if ((err = security_sb_check_sb(mnt, nd)))
goto out_unlock;
spin_lock(&dcache_lock);
......@@ -487,7 +486,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
out_unlock:
up(&nd->dentry->d_inode->i_sem);
if (!err)
security_ops->sb_post_addmount(mnt, nd);
security_sb_post_addmount(mnt, nd);
return err;
}
......@@ -558,7 +557,7 @@ static int do_remount(struct nameidata *nd,int flags,int mnt_flags,void *data)
nd->mnt->mnt_flags=mnt_flags;
up_write(&sb->s_umount);
if (!err)
security_ops->sb_post_remount(nd->mnt, flags, data);
security_sb_post_remount(nd->mnt, flags, data);
return err;
}
......@@ -741,8 +740,7 @@ long do_mount(char * dev_name, char * dir_name, char *type_page,
if (retval)
return retval;
retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page);
if (retval)
if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
goto dput_out;
if (flags & MS_REMOUNT)
......@@ -939,8 +937,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
if (error)
goto out1;
error = security_ops->sb_pivotroot(&old_nd, &new_nd);
if (error) {
if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
path_release(&old_nd);
goto out1;
}
......@@ -989,7 +986,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
attach_mnt(new_nd.mnt, &root_parent);
spin_unlock(&dcache_lock);
chroot_fs_refs(&user_nd, &new_nd);
security_ops->sb_post_pivotroot(&user_nd, &new_nd);
security_sb_post_pivotroot(&user_nd, &new_nd);
error = 0;
path_release(&root_parent);
path_release(&parent_nd);
......
......@@ -30,8 +30,7 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf)
retval = -ENOSYS;
if (sb->s_op && sb->s_op->statfs) {
memset(buf, 0, sizeof(struct statfs));
retval = security_ops->sb_statfs(sb);
if (retval)
if ((retval = security_sb_statfs(sb)))
return retval;
retval = sb->s_op->statfs(sb, buf);
}
......
......@@ -28,6 +28,7 @@
#include <linux/namespace.h>
#include <linux/mm.h>
#include <linux/smp_lock.h>
#include <linux/security.h>
/*
* For hysterical raisins we keep the same inumbers as in the old procfs.
......@@ -394,7 +395,7 @@ static struct file_operations proc_info_file_operations = {
};
#define MAY_PTRACE(p) \
(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0))
static int mem_open(struct inode* inode, struct file* file)
......
......@@ -98,7 +98,7 @@ static int check_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
return security_ops->quotactl (cmd, type, id, sb);
return security_quotactl (cmd, type, id, sb);
}
/* Resolve device pathname to superblock */
......
......@@ -193,8 +193,7 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos)
ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
if (!ret) {
ret = security_ops->file_permission (file, MAY_READ);
if (!ret) {
if (!(ret = security_file_permission (file, MAY_READ))) {
if (file->f_op->read)
ret = file->f_op->read(file, buf, count, pos);
else
......@@ -233,8 +232,7 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos)
ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
if (!ret) {
ret = security_ops->file_permission (file, MAY_WRITE);
if (!ret) {
if (!(ret = security_file_permission (file, MAY_WRITE))) {
if (file->f_op->write)
ret = file->f_op->write(file, buf, count, pos);
else
......@@ -465,8 +463,7 @@ sys_readv(unsigned long fd, const struct iovec *vector, unsigned long nr_segs)
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_READ) &&
(file->f_op->readv || file->f_op->read)) {
ret = security_ops->file_permission (file, MAY_READ);
if (!ret)
if (!(ret = security_file_permission (file, MAY_READ)))
ret = do_readv_writev(READ, file, vector, nr_segs);
}
fput(file);
......@@ -488,8 +485,7 @@ sys_writev(unsigned long fd, const struct iovec * vector, unsigned long nr_segs)
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_WRITE) &&
(file->f_op->writev || file->f_op->write)) {
ret = security_ops->file_permission (file, MAY_WRITE);
if (!ret)
if (!(ret = security_file_permission (file, MAY_WRITE)))
ret = do_readv_writev(WRITE, file, vector, nr_segs);
}
fput(file);
......
......@@ -11,6 +11,7 @@
#include <linux/file.h>
#include <linux/smp_lock.h>
#include <linux/fs.h>
#include <linux/security.h>
#include <asm/uaccess.h>
......@@ -21,8 +22,7 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf)
if (!file->f_op || !file->f_op->readdir)
goto out;
res = security_ops->file_permission(file, MAY_READ);
if (res)
if ((res = security_file_permission(file, MAY_READ)))
goto out;
down(&inode->i_sem);
......
......@@ -39,8 +39,7 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
struct inode *inode = dentry->d_inode;
int retval;
retval = security_ops->inode_getattr(mnt, dentry);
if (retval)
if ((retval = security_inode_getattr(mnt, dentry)))
return retval;
if (inode->i_op->getattr)
......@@ -238,8 +237,7 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz)
error = -EINVAL;
if (inode->i_op && inode->i_op->readlink) {
error = security_ops->inode_readlink(nd.dentry);
if (!error) {
if (!(error = security_inode_readlink(nd.dentry))) {
UPDATE_ATIME(inode);
error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
}
......
......@@ -28,9 +28,9 @@
#include <linux/quotaops.h>
#include <linux/namei.h>
#include <linux/buffer_head.h> /* for fsync_super() */
#include <linux/security.h>
#include <asm/uaccess.h>
#include <linux/security.h>
void get_filesystem(struct file_system_type *fs);
void put_filesystem(struct file_system_type *fs);
......@@ -50,7 +50,7 @@ static struct super_block *alloc_super(void)
struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER);
if (s) {
memset(s, 0, sizeof(struct super_block));
if (security_ops->sb_alloc_security(s)) {
if (security_sb_alloc(s)) {
kfree(s);
s = NULL;
goto out;
......@@ -84,7 +84,7 @@ static struct super_block *alloc_super(void)
*/
static inline void destroy_super(struct super_block *s)
{
security_ops->sb_free_security(s);
security_sb_free(s);
kfree(s);
}
......
......@@ -13,6 +13,7 @@
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
#include <linux/security.h>
#include <asm/uaccess.h>
/*
......@@ -85,9 +86,7 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags)
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
error = security_ops->inode_setxattr(d, kname, kvalue,
size, flags);
if (error)
if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
......@@ -163,8 +162,7 @@ getxattr(struct dentry *d, char *name, void *value, size_t size)
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
error = security_ops->inode_getxattr(d, kname);
if (error)
if ((error = security_inode_getxattr(d, kname)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
......@@ -236,8 +234,7 @@ listxattr(struct dentry *d, char *list, size_t size)
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
error = security_ops->inode_listxattr(d);
if (error)
if ((error = security_inode_listxattr(d)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->listxattr(d, klist, size);
......@@ -311,8 +308,7 @@ removexattr(struct dentry *d, char *name)
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
error = security_ops->inode_removexattr(d, kname);
if (error)
if ((error = security_inode_removexattr(d, kname)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->removexattr(d, kname);
......
......@@ -586,9 +586,9 @@ extern int request_irq(unsigned int,
unsigned long, const char *, void *);
extern void free_irq(unsigned int, void *);
/* capable prototype and code moved to security.[hc] */
#include <linux/security.h>
#if 0
#ifndef CONFIG_SECURITY
/* capable prototype and code are in security.[hc] if CONFIG_SECURITY */
static inline int capable(int cap)
{
if (cap_raised(current->cap_effective, cap)) {
......@@ -597,7 +597,7 @@ static inline int capable(int cap)
}
return 0;
}
#endif /* if 0 */
#endif
/*
* Routines for handling mm_structs
......
This diff is collapsed.
......@@ -12,6 +12,7 @@
#include <linux/init.h>
#include <linux/suspend.h>
#include <linux/root_dev.h>
#include <linux/security.h>
#include <linux/nfs_fs.h>
#include <linux/nfs_fs_sb.h>
......@@ -799,7 +800,7 @@ void prepare_namespace(void)
sys_umount("/dev", 0);
sys_mount(".", "/", NULL, MS_MOVE, NULL);
sys_chroot(".");
security_ops->sb_post_mountroot();
security_sb_post_mountroot();
mount_devfs_fs ();
}
......
......@@ -101,15 +101,14 @@ static int newque (key_t key, int msgflg)
msq->q_perm.key = key;
msq->q_perm.security = NULL;
retval = security_ops->msg_queue_alloc_security(msq);
if (retval) {
if ((retval = security_msg_queue_alloc(msq))) {
kfree(msq);
return retval;
}
id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
if(id == -1) {
security_ops->msg_queue_free_security(msq);
security_msg_queue_free(msq);
kfree(msq);
return -ENOSPC;
}
......@@ -281,7 +280,7 @@ static void freeque (int id)
free_msg(msg);
}
atomic_sub(msq->q_cbytes, &msg_bytes);
security_ops->msg_queue_free_security(msq);
security_msg_queue_free(msq);
kfree(msq);
}
......
......@@ -136,15 +136,14 @@ static int newary (key_t key, int nsems, int semflg)
sma->sem_perm.key = key;
sma->sem_perm.security = NULL;
retval = security_ops->sem_alloc_security(sma);
if (retval) {
if ((retval = security_sem_alloc(sma))) {
ipc_free(sma, size);
return retval;
}
id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
if(id == -1) {
security_ops->sem_free_security(sma);
security_sem_free(sma);
ipc_free(sma, size);
return -ENOSPC;
}
......@@ -427,7 +426,7 @@ static void freeary (int id)
used_sems -= sma->sem_nsems;
size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
security_ops->sem_free_security(sma);
security_sem_free(sma);
ipc_free(sma, size);
}
......
......@@ -116,7 +116,7 @@ static void shm_destroy (struct shmid_kernel *shp)
shm_unlock(shp->id);
shmem_lock(shp->shm_file, 0);
fput (shp->shm_file);
security_ops->shm_free_security(shp);
security_shm_free(shp);
kfree (shp);
}
......@@ -188,8 +188,7 @@ static int newseg (key_t key, int shmflg, size_t size)
shp->shm_flags = (shmflg & S_IRWXUGO);
shp->shm_perm.security = NULL;
error = security_ops->shm_alloc_security(shp);
if (error) {
if ((error = security_shm_alloc(shp))) {
kfree(shp);
return error;
}
......@@ -222,7 +221,7 @@ static int newseg (key_t key, int shmflg, size_t size)
no_id:
fput(file);
no_file:
security_ops->shm_free_security(shp);
security_shm_free(shp);
kfree(shp);
return error;
}
......
......@@ -264,7 +264,7 @@ int ipcperms (struct kern_ipc_perm *ipcp, short flag)
!capable(CAP_IPC_OWNER))
return -1;
return security_ops->ipc_permission(ipcp, flag);
return security_ipc_permission(ipcp, flag);
}
/*
......
......@@ -49,6 +49,7 @@
#include <linux/acct.h>
#include <linux/file.h>
#include <linux/tty.h>
#include <linux/security.h>
#include <asm/uaccess.h>
/*
......@@ -222,8 +223,7 @@ asmlinkage long sys_acct(const char *name)
}
}
error = security_ops->acct(file);
if (error)
if ((error = security_acct(file)))
return error;
spin_lock(&acct_globals.lock);
......
......@@ -8,6 +8,7 @@
*/
#include <linux/mm.h>
#include <linux/security.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
......@@ -63,7 +64,7 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
data.permitted = cap_t(target->cap_permitted);
data.inheritable = cap_t(target->cap_inheritable);
data.effective = cap_t(target->cap_effective);
ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
out:
read_unlock(&tasklist_lock);
......@@ -88,7 +89,7 @@ static inline void cap_set_pg(int pgrp, kernel_cap_t *effective,
do_each_thread(g, target) {
if (target->pgrp != pgrp)
continue;
security_ops->capset_set(target, effective, inheritable, permitted);
security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
......@@ -105,7 +106,7 @@ static inline void cap_set_all(kernel_cap_t *effective,
do_each_thread(g, target) {
if (target == current || target->pid == 1)
continue;
security_ops->capset_set(target, effective, inheritable, permitted);
security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
......@@ -163,7 +164,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
ret = -EPERM;
if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
if (security_capset_check(target, &effective, &inheritable, &permitted))
goto out;
if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
......@@ -190,7 +191,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
else /* all procs in process group */
cap_set_pg(-pid, &effective, &inheritable, &permitted);
} else {
security_ops->capset_set(target, &effective, &inheritable, &permitted);
security_capset_set(target, &effective, &inheritable, &permitted);
}
out:
......
......@@ -67,7 +67,7 @@ void release_task(struct task_struct * p)
wait_task_inactive(p);
atomic_dec(&p->user->processes);
security_ops->task_free_security(p);
security_task_free(p);
free_uid(p->user);
write_lock_irq(&tasklist_lock);
if (unlikely(p->ptrace))
......@@ -248,7 +248,7 @@ void reparent_to_init(void)
/* cpus_allowed? */
/* rt_priority? */
/* signals? */
security_ops->task_reparent_to_init(current);
security_task_reparent_to_init(current);
memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
current->user = INIT_USER;
......@@ -774,7 +774,7 @@ static int eligible_child(pid_t pid, int options, task_t *p)
if (current->tgid != p->tgid && delay_group_leader(p))
return 2;
if (security_ops->task_wait(p))
if (security_task_wait(p))
return 0;
return 1;
......
......@@ -682,8 +682,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
return ERR_PTR(-EINVAL);
retval = security_ops->task_create(clone_flags);
if (retval)
if ((retval = security_task_create(clone_flags)))
goto fork_out;
retval = -ENOMEM;
......@@ -772,7 +771,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
INIT_LIST_HEAD(&p->local_pages);
retval = -ENOMEM;
if (security_ops->task_alloc_security(p))
if (security_task_alloc(p))
goto bad_fork_cleanup;
/* copy all the process information */
if (copy_semundo(clone_flags, p))
......@@ -930,7 +929,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
bad_fork_cleanup_semundo:
exit_semundo(p);
bad_fork_cleanup_security:
security_ops->task_free_security(p);
security_task_free(p);
bad_fork_cleanup:
if (p->pid > 0)
free_pidmap(p->pid);
......
......@@ -29,6 +29,7 @@
#include <linux/completion.h>
#include <linux/file.h>
#include <linux/workqueue.h>
#include <linux/security.h>
#include <asm/uaccess.h>
......@@ -134,7 +135,7 @@ int exec_usermodehelper(char *program_path, char *argv[], char *envp[])
/* Give kmod all effective privileges.. */
curtask->euid = curtask->fsuid = 0;
curtask->egid = curtask->fsgid = 0;
security_ops->task_kmod_set_label();
security_task_kmod_set_label();
/* Allow execve args to be in kernel space. */
set_fs(KERNEL_DS);
......
......@@ -14,6 +14,7 @@
#include <linux/pagemap.h>
#include <linux/smp_lock.h>
#include <linux/ptrace.h>
#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/uaccess.h>
......@@ -100,8 +101,7 @@ int ptrace_attach(struct task_struct *task)
/* the same process cannot be attached many times */
if (task->ptrace & PT_PTRACED)
goto bad;
retval = security_ops->ptrace(current, task);
if (retval)
if ((retval = security_ptrace(current, task)))
goto bad;
/* Go */
......
......@@ -1329,8 +1329,7 @@ asmlinkage long sys_nice(int increment)
if (nice > 19)
nice = 19;
retval = security_ops->task_setnice(current, nice);
if (retval)
if ((retval = security_task_setnice(current, nice)))
return retval;
set_user_nice(current, nice);
......@@ -1451,8 +1450,7 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param)
!capable(CAP_SYS_NICE))
goto out_unlock;
retval = security_ops->task_setscheduler(p, policy, &lp);
if (retval)
if ((retval = security_task_setscheduler(p, policy, &lp)))
goto out_unlock;
array = p->array;
......@@ -1515,8 +1513,7 @@ asmlinkage long sys_sched_getscheduler(pid_t pid)
read_lock(&tasklist_lock);
p = find_process_by_pid(pid);
if (p) {
retval = security_ops->task_getscheduler(p);
if (!retval)
if (!(retval = security_task_getscheduler(p)))
retval = p->policy;
}
read_unlock(&tasklist_lock);
......@@ -1545,8 +1542,7 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param)
if (!p)
goto out_unlock;
retval = security_ops->task_getscheduler(p);
if (retval)
if ((retval = security_task_getscheduler(p)))
goto out_unlock;
lp.sched_priority = p->rt_priority;
......@@ -1778,8 +1774,7 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval)
if (!p)
goto out_unlock;
retval = security_ops->task_getscheduler(p);
if (retval)
if ((retval = security_task_getscheduler(p)))
goto out_unlock;
jiffies_to_timespec(p->policy & SCHED_FIFO ?
......
......@@ -18,6 +18,7 @@
#include <linux/fs.h>
#include <linux/tty.h>
#include <linux/binfmts.h>
#include <linux/security.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/siginfo.h>
......@@ -706,8 +707,7 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int
ret = -EPERM;
if (bad_signal(sig, info, t))
goto out;
ret = security_ops->task_kill(t, info, sig);
if (ret)
if ((ret = security_task_kill(t, info, sig)))
goto out;
/* The null signal is a permissions and process existence probe.
......
......@@ -204,6 +204,7 @@ cond_syscall(sys_nfsservctl)
cond_syscall(sys_quotactl)
cond_syscall(sys_acct)
cond_syscall(sys_lookup_dcookie)
cond_syscall(sys_security)
static int set_one_prio(struct task_struct *p, int niceval, int error)
{
......@@ -479,8 +480,7 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
int new_egid = old_egid;
int retval;
retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
if (retval)
if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
return retval;
if (rgid != (gid_t) -1) {
......@@ -525,8 +525,7 @@ asmlinkage long sys_setgid(gid_t gid)
int old_egid = current->egid;
int retval;
retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
if (retval)
if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
return retval;
if (capable(CAP_SETGID))
......@@ -599,8 +598,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
int old_ruid, old_euid, old_suid, new_ruid, new_euid;
int retval;
retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
if (retval)
if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
return retval;
new_ruid = old_ruid = current->uid;
......@@ -638,7 +636,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
current->suid = current->euid;
current->fsuid = current->euid;
return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
}
......@@ -660,8 +658,7 @@ asmlinkage long sys_setuid(uid_t uid)
int old_ruid, old_suid, new_ruid, new_suid;
int retval;
retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
if (retval)
if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
return retval;
old_ruid = new_ruid = current->uid;
......@@ -683,7 +680,7 @@ asmlinkage long sys_setuid(uid_t uid)
current->fsuid = current->euid = uid;
current->suid = new_suid;
return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
}
......@@ -698,8 +695,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
int old_suid = current->suid;
int retval;
retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
if (retval)
if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETUID)) {
......@@ -729,7 +725,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
if (suid != (uid_t) -1)
current->suid = suid;
return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
}
asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
......@@ -750,8 +746,7 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
{
int retval;
retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
if (retval)
if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETGID)) {
......@@ -804,8 +799,7 @@ asmlinkage long sys_setfsuid(uid_t uid)
int old_fsuid;
int retval;
retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
if (retval)
if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
old_fsuid = current->fsuid;
......@@ -821,8 +815,7 @@ asmlinkage long sys_setfsuid(uid_t uid)
current->fsuid = uid;
}
retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
if (retval)
if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
return old_fsuid;
......@@ -836,8 +829,7 @@ asmlinkage long sys_setfsgid(gid_t gid)
int old_fsgid;
int retval;
retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
if (retval)
if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
return retval;
old_fsgid = current->fsgid;
......@@ -962,8 +954,7 @@ asmlinkage long sys_getpgid(pid_t pid)
retval = -ESRCH;
if (p) {
retval = security_ops->task_getpgid(p);
if (!retval)
if (!(retval = security_task_getpgid(p)))
retval = p->pgrp;
}
read_unlock(&tasklist_lock);
......@@ -990,8 +981,7 @@ asmlinkage long sys_getsid(pid_t pid)
retval = -ESRCH;
if(p) {
retval = security_ops->task_getsid(p);
if (!retval)
if (!(retval = security_task_getsid(p)))
retval = p->session;
}
read_unlock(&tasklist_lock);
......@@ -1072,8 +1062,7 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
return -EINVAL;
if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
return -EFAULT;
retval = security_ops->task_setgroups(gidsetsize, groups);
if (retval)
if ((retval = security_task_setgroups(gidsetsize, groups)))
return retval;
memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
......@@ -1236,8 +1225,7 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
return -EPERM;
}
retval = security_ops->task_setrlimit(resource, &new_rlim);
if (retval)
if ((retval = security_task_setrlimit(resource, &new_rlim)))
return retval;
*old_rlim = new_rlim;
......@@ -1311,8 +1299,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
int error = 0;
int sig;
error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
if (error)
if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
return error;
switch (option) {
......
......@@ -140,8 +140,7 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
return -EFAULT;
for (i = 0 ; i < gidsetsize ; i++)
new_groups[i] = (gid_t)groups[i];
i = security_ops->task_setgroups(gidsetsize, new_groups);
if (i)
if ((i = security_task_setgroups(gidsetsize, new_groups)))
return i;
memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
......
......@@ -502,8 +502,7 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
}
}
error = security_ops->file_mmap(file, prot, flags);
if (error)
if ((error = security_file_mmap(file, prot, flags)))
return error;
/* Clear old maps */
......
......@@ -262,8 +262,7 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
goto out;
}
error = security_ops->file_mprotect(vma, prot);
if (error)
if ((error = security_file_mprotect(vma, prot)))
goto out;
if (vma->vm_end > end) {
......
......@@ -217,8 +217,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
{
int new_fd;
err = security_ops->file_receive(fp[i]);
if (err)
if ((err = security_file_receive(fp[i])))
break;
err = get_unused_fd();
if (err < 0)
......
......@@ -797,7 +797,7 @@ static int dn_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
* dn_prot_sock ? Would be nice if the capable call would go there
* too.
*/
if (security_ops->dn_prot_sock(saddr) &&
if (security_dn_prot_sock(saddr) &&
!capable(CAP_NET_BIND_SERVICE) ||
saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
return -EACCES;
......
CONFIG_SECURITY
This enables the ability to have different security modules
in the kernel. If this option is not selected, the default
capabilities functionality will be enabled.
If you are unsure how to answer this questions, answer N.
CONFIG_SECURITY_CAPABILITIES
This enables the "default" Linux capabilities functionality.
If you are unsure how to answer this question, answer Y.
......
......@@ -3,5 +3,5 @@
#
mainmenu_option next_comment
comment 'Security options'
define_bool CONFIG_SECURITY_CAPABILITIES y
define_bool CONFIG_SECURITY n
endmenu
......@@ -3,11 +3,15 @@
#
# Objects that export symbols
export-objs := security.o
export-objs := security.o capability.o
# Object file lists
obj-y := security.o dummy.o
# if we don't select a security model, use the default capabilities
ifneq ($(CONFIG_SECURITY),y)
obj-y += capability.o
endif
# Object file lists
obj-$(CONFIG_SECURITY) += security.o dummy.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
include $(TOPDIR)/Rules.make
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment