mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-09 06:43:09 +00:00
capabilities: remove all _real_ interfaces
The name security_real_capable and security_real_capable_noaudit just don't make much sense to me. Convert them to use security_capable and security_capable_noaudit. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
This commit is contained in:
parent
c7eba4a975
commit
2920a8409d
@ -1670,10 +1670,6 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
|
||||
int cap);
|
||||
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
|
||||
int cap);
|
||||
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
|
||||
int cap);
|
||||
int security_real_capable_noaudit(struct task_struct *tsk,
|
||||
struct user_namespace *ns, int cap);
|
||||
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
|
||||
int security_quota_on(struct dentry *dentry);
|
||||
int security_syslog(int type);
|
||||
@ -1876,27 +1872,6 @@ static inline int security_capable_noaudit(const struct cred *cred,
|
||||
return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
|
||||
}
|
||||
|
||||
static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
|
||||
{
|
||||
int ret;
|
||||
|
||||
rcu_read_lock();
|
||||
ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);
|
||||
rcu_read_unlock();
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline
|
||||
int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)
|
||||
{
|
||||
int ret;
|
||||
|
||||
rcu_read_lock();
|
||||
ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_NOAUDIT);
|
||||
rcu_read_unlock();
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline int security_quotactl(int cmds, int type, int id,
|
||||
struct super_block *sb)
|
||||
{
|
||||
|
@ -298,7 +298,11 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
|
||||
*/
|
||||
bool has_capability(struct task_struct *t, int cap)
|
||||
{
|
||||
int ret = security_real_capable(t, &init_user_ns, cap);
|
||||
int ret;
|
||||
|
||||
rcu_read_lock();
|
||||
ret = security_capable(__task_cred(t), &init_user_ns, cap);
|
||||
rcu_read_unlock();
|
||||
|
||||
return (ret == 0);
|
||||
}
|
||||
@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap)
|
||||
bool has_ns_capability(struct task_struct *t,
|
||||
struct user_namespace *ns, int cap)
|
||||
{
|
||||
int ret = security_real_capable(t, ns, cap);
|
||||
int ret;
|
||||
|
||||
rcu_read_lock();
|
||||
ret = security_capable(__task_cred(t), ns, cap);
|
||||
rcu_read_unlock();
|
||||
|
||||
return (ret == 0);
|
||||
}
|
||||
@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t,
|
||||
*/
|
||||
bool has_capability_noaudit(struct task_struct *t, int cap)
|
||||
{
|
||||
int ret = security_real_capable_noaudit(t, &init_user_ns, cap);
|
||||
int ret;
|
||||
|
||||
rcu_read_lock();
|
||||
ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap);
|
||||
rcu_read_unlock();
|
||||
|
||||
return (ret == 0);
|
||||
}
|
||||
|
@ -166,30 +166,6 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
|
||||
return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
|
||||
}
|
||||
|
||||
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
|
||||
int cap)
|
||||
{
|
||||
const struct cred *cred;
|
||||
int ret;
|
||||
|
||||
cred = get_task_cred(tsk);
|
||||
ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
|
||||
put_cred(cred);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int security_real_capable_noaudit(struct task_struct *tsk,
|
||||
struct user_namespace *ns, int cap)
|
||||
{
|
||||
const struct cred *cred;
|
||||
int ret;
|
||||
|
||||
cred = get_task_cred(tsk);
|
||||
ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
|
||||
put_cred(cred);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int security_quotactl(int cmds, int type, int id, struct super_block *sb)
|
||||
{
|
||||
return security_ops->quotactl(cmds, type, id, sb);
|
||||
|
Loading…
Reference in New Issue
Block a user