提交 d007794a 编写于 作者: A Al Viro

split cap_mmap_addr() out of cap_file_mmap()

... switch callers.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
上级 cf74d14c
......@@ -86,6 +86,7 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
extern int cap_mmap_addr(unsigned long addr);
extern int cap_file_mmap(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags,
unsigned long addr, unsigned long addr_only);
......@@ -2187,7 +2188,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
unsigned long addr,
unsigned long addr_only)
{
return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
return cap_mmap_addr(addr);
}
static inline int security_file_mprotect(struct vm_area_struct *vma,
......
......@@ -497,7 +497,7 @@ static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
int rc = 0;
/* do DAC check */
rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
......
......@@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
}
/*
* cap_file_mmap - check if able to map given addr
* @file: unused
* @reqprot: unused
* @prot: unused
* @flags: unused
* cap_mmap_addr - check if able to map given addr
* @addr: address attempting to be mapped
* @addr_only: unused
*
* If the process is attempting to map memory below dac_mmap_min_addr they need
* CAP_SYS_RAWIO. The other parameters to this function are unused by the
* capability security module. Returns 0 if this mapping should be allowed
* -EPERM if not.
*/
int cap_file_mmap(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags,
unsigned long addr, unsigned long addr_only)
int cap_mmap_addr(unsigned long addr)
{
int ret = 0;
......@@ -986,3 +979,24 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
}
return ret;
}
/*
* cap_file_mmap - check if able to map given addr
* @file: unused
* @reqprot: unused
* @prot: unused
* @flags: unused
* @addr: address attempting to be mapped
* @addr_only: unused
*
* If the process is attempting to map memory below dac_mmap_min_addr they need
* CAP_SYS_RAWIO. The other parameters to this function are unused by the
* capability security module. Returns 0 if this mapping should be allowed
* -EPERM if not.
*/
int cap_file_mmap(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags,
unsigned long addr, unsigned long addr_only)
{
return cap_mmap_addr(addr);
}
......@@ -3104,7 +3104,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
}
/* do DAC check on address space usage */
rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
......
......@@ -1199,7 +1199,7 @@ static int smack_file_mmap(struct file *file,
int rc;
/* do DAC check on address space usage */
rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册