Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
Kernel
提交
d007794a
K
Kernel
项目概览
openeuler
/
Kernel
1 年多 前同步成功
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
Kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
d007794a
编写于
5月 30, 2012
作者:
A
Al Viro
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
split cap_mmap_addr() out of cap_file_mmap()
... switch callers. Signed-off-by:
N
Al Viro
<
viro@zeniv.linux.org.uk
>
上级
cf74d14c
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
28 addition
and
13 deletion
+28
-13
include/linux/security.h
include/linux/security.h
+2
-1
security/apparmor/lsm.c
security/apparmor/lsm.c
+1
-1
security/commoncap.c
security/commoncap.c
+23
-9
security/selinux/hooks.c
security/selinux/hooks.c
+1
-1
security/smack/smack_lsm.c
security/smack/smack_lsm.c
+1
-1
未找到文件。
include/linux/security.h
浏览文件 @
d007794a
...
...
@@ -86,6 +86,7 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
extern
int
cap_inode_removexattr
(
struct
dentry
*
dentry
,
const
char
*
name
);
extern
int
cap_inode_need_killpriv
(
struct
dentry
*
dentry
);
extern
int
cap_inode_killpriv
(
struct
dentry
*
dentry
);
extern
int
cap_mmap_addr
(
unsigned
long
addr
);
extern
int
cap_file_mmap
(
struct
file
*
file
,
unsigned
long
reqprot
,
unsigned
long
prot
,
unsigned
long
flags
,
unsigned
long
addr
,
unsigned
long
addr_only
);
...
...
@@ -2187,7 +2188,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
unsigned
long
addr
,
unsigned
long
addr_only
)
{
return
cap_
file_mmap
(
file
,
reqprot
,
prot
,
flags
,
addr
,
addr_only
);
return
cap_
mmap_addr
(
addr
);
}
static
inline
int
security_file_mprotect
(
struct
vm_area_struct
*
vma
,
...
...
security/apparmor/lsm.c
浏览文件 @
d007794a
...
...
@@ -497,7 +497,7 @@ static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
int
rc
=
0
;
/* do DAC check */
rc
=
cap_
file_mmap
(
file
,
reqprot
,
prot
,
flags
,
addr
,
addr_only
);
rc
=
cap_
mmap_addr
(
addr
);
if
(
rc
||
addr_only
)
return
rc
;
...
...
security/commoncap.c
浏览文件 @
d007794a
...
...
@@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
}
/*
* cap_file_mmap - check if able to map given addr
* @file: unused
* @reqprot: unused
* @prot: unused
* @flags: unused
* cap_mmap_addr - check if able to map given addr
* @addr: address attempting to be mapped
* @addr_only: unused
*
* If the process is attempting to map memory below dac_mmap_min_addr they need
* CAP_SYS_RAWIO. The other parameters to this function are unused by the
* capability security module. Returns 0 if this mapping should be allowed
* -EPERM if not.
*/
int
cap_file_mmap
(
struct
file
*
file
,
unsigned
long
reqprot
,
unsigned
long
prot
,
unsigned
long
flags
,
unsigned
long
addr
,
unsigned
long
addr_only
)
int
cap_mmap_addr
(
unsigned
long
addr
)
{
int
ret
=
0
;
...
...
@@ -986,3 +979,24 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
}
return
ret
;
}
/*
* cap_file_mmap - check if able to map given addr
* @file: unused
* @reqprot: unused
* @prot: unused
* @flags: unused
* @addr: address attempting to be mapped
* @addr_only: unused
*
* If the process is attempting to map memory below dac_mmap_min_addr they need
* CAP_SYS_RAWIO. The other parameters to this function are unused by the
* capability security module. Returns 0 if this mapping should be allowed
* -EPERM if not.
*/
int
cap_file_mmap
(
struct
file
*
file
,
unsigned
long
reqprot
,
unsigned
long
prot
,
unsigned
long
flags
,
unsigned
long
addr
,
unsigned
long
addr_only
)
{
return
cap_mmap_addr
(
addr
);
}
security/selinux/hooks.c
浏览文件 @
d007794a
...
...
@@ -3104,7 +3104,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
}
/* do DAC check on address space usage */
rc
=
cap_
file_mmap
(
file
,
reqprot
,
prot
,
flags
,
addr
,
addr_only
);
rc
=
cap_
mmap_addr
(
addr
);
if
(
rc
||
addr_only
)
return
rc
;
...
...
security/smack/smack_lsm.c
浏览文件 @
d007794a
...
...
@@ -1199,7 +1199,7 @@ static int smack_file_mmap(struct file *file,
int
rc
;
/* do DAC check on address space usage */
rc
=
cap_
file_mmap
(
file
,
reqprot
,
prot
,
flags
,
addr
,
addr_only
);
rc
=
cap_
mmap_addr
(
addr
);
if
(
rc
||
addr_only
)
return
rc
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录