ChangeSet 1.803, 2002/10/17 14:08:43-07:00, greg@kroah.com
LSM: convert over the remaining security calls to the new format.
diff -Nru a/ipc/msg.c b/ipc/msg.c
--- a/ipc/msg.c Thu Oct 17 14:18:57 2002
+++ b/ipc/msg.c Thu Oct 17 14:18:57 2002
@@ -101,15 +101,14 @@
msq->q_perm.key = key;
msq->q_perm.security = NULL;
- retval = security_ops->msg_queue_alloc_security(msq);
- if (retval) {
+ if ((retval = security_msg_queue_alloc(msq))) {
kfree(msq);
return retval;
}
id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
if(id == -1) {
- security_ops->msg_queue_free_security(msq);
+ security_msg_queue_free(msq);
kfree(msq);
return -ENOSPC;
}
@@ -281,7 +280,7 @@
free_msg(msg);
}
atomic_sub(msq->q_cbytes, &msg_bytes);
- security_ops->msg_queue_free_security(msq);
+ security_msg_queue_free(msq);
kfree(msq);
}
diff -Nru a/ipc/sem.c b/ipc/sem.c
--- a/ipc/sem.c Thu Oct 17 14:18:57 2002
+++ b/ipc/sem.c Thu Oct 17 14:18:57 2002
@@ -136,15 +136,14 @@
sma->sem_perm.key = key;
sma->sem_perm.security = NULL;
- retval = security_ops->sem_alloc_security(sma);
- if (retval) {
+ if ((retval = security_sem_alloc(sma))) {
ipc_free(sma, size);
return retval;
}
id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
if(id == -1) {
- security_ops->sem_free_security(sma);
+ security_sem_free(sma);
ipc_free(sma, size);
return -ENOSPC;
}
@@ -427,7 +426,7 @@
used_sems -= sma->sem_nsems;
size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
- security_ops->sem_free_security(sma);
+ security_sem_free(sma);
ipc_free(sma, size);
}
diff -Nru a/ipc/shm.c b/ipc/shm.c
--- a/ipc/shm.c Thu Oct 17 14:18:57 2002
+++ b/ipc/shm.c Thu Oct 17 14:18:57 2002
@@ -116,7 +116,7 @@
shm_unlock(shp->id);
shmem_lock(shp->shm_file, 0);
fput (shp->shm_file);
- security_ops->shm_free_security(shp);
+ security_shm_free(shp);
kfree (shp);
}
@@ -188,8 +188,7 @@
shp->shm_flags = (shmflg & S_IRWXUGO);
shp->shm_perm.security = NULL;
- error = security_ops->shm_alloc_security(shp);
- if (error) {
+ if ((error = security_shm_alloc(shp))) {
kfree(shp);
return error;
}
@@ -222,7 +221,7 @@
no_id:
fput(file);
no_file:
- security_ops->shm_free_security(shp);
+ security_shm_free(shp);
kfree(shp);
return error;
}
diff -Nru a/ipc/util.c b/ipc/util.c
--- a/ipc/util.c Thu Oct 17 14:18:57 2002
+++ b/ipc/util.c Thu Oct 17 14:18:57 2002
@@ -264,7 +264,7 @@
!capable(CAP_IPC_OWNER))
return -1;
- return security_ops->ipc_permission(ipcp, flag);
+ return security_ipc_permission(ipcp, flag);
}
/*
diff -Nru a/kernel/acct.c b/kernel/acct.c
--- a/kernel/acct.c Thu Oct 17 14:18:57 2002
+++ b/kernel/acct.c Thu Oct 17 14:18:57 2002
@@ -223,8 +223,7 @@
}
}
- error = security_ops->acct(file);
- if (error)
+ if ((error = security_acct(file)))
return error;
spin_lock(&acct_globals.lock);
diff -Nru a/kernel/capability.c b/kernel/capability.c
--- a/kernel/capability.c Thu Oct 17 14:18:57 2002
+++ b/kernel/capability.c Thu Oct 17 14:18:57 2002
@@ -64,7 +64,7 @@
data.permitted = cap_t(target->cap_permitted);
data.inheritable = cap_t(target->cap_inheritable);
data.effective = cap_t(target->cap_effective);
- ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
+ ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
out:
read_unlock(&tasklist_lock);
@@ -89,7 +89,7 @@
do_each_thread(g, target) {
if (target->pgrp != pgrp)
continue;
- security_ops->capset_set(target, effective, inheritable, permitted);
+ security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
@@ -106,7 +106,7 @@
do_each_thread(g, target) {
if (target == current || target->pid == 1)
continue;
- security_ops->capset_set(target, effective, inheritable, permitted);
+ security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
@@ -164,7 +164,7 @@
ret = -EPERM;
- if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
+ if (security_capset_check(target, &effective, &inheritable, &permitted))
goto out;
if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
@@ -191,7 +191,7 @@
else /* all procs in process group */
cap_set_pg(-pid, &effective, &inheritable, &permitted);
} else {
- security_ops->capset_set(target, &effective, &inheritable, &permitted);
+ security_capset_set(target, &effective, &inheritable, &permitted);
}
out:
diff -Nru a/kernel/exit.c b/kernel/exit.c
--- a/kernel/exit.c Thu Oct 17 14:18:57 2002
+++ b/kernel/exit.c Thu Oct 17 14:18:57 2002
@@ -67,7 +67,7 @@
wait_task_inactive(p);
atomic_dec(&p->user->processes);
- security_ops->task_free_security(p);
+ security_task_free(p);
free_uid(p->user);
write_lock_irq(&tasklist_lock);
if (unlikely(p->ptrace))
@@ -248,7 +248,7 @@
/* cpus_allowed? */
/* rt_priority? */
/* signals? */
- security_ops->task_reparent_to_init(current);
+ security_task_reparent_to_init(current);
memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
current->user = INIT_USER;
@@ -774,7 +774,7 @@
if (current->tgid != p->tgid && delay_group_leader(p))
return 2;
- if (security_ops->task_wait(p))
+ if (security_task_wait(p))
return 0;
return 1;
diff -Nru a/kernel/fork.c b/kernel/fork.c
--- a/kernel/fork.c Thu Oct 17 14:18:57 2002
+++ b/kernel/fork.c Thu Oct 17 14:18:57 2002
@@ -682,8 +682,7 @@
if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
return ERR_PTR(-EINVAL);
- retval = security_ops->task_create(clone_flags);
- if (retval)
+ if ((retval = security_task_create(clone_flags)))
goto fork_out;
retval = -ENOMEM;
@@ -772,7 +771,7 @@
INIT_LIST_HEAD(&p->local_pages);
retval = -ENOMEM;
- if (security_ops->task_alloc_security(p))
+ if (security_task_alloc(p))
goto bad_fork_cleanup;
/* copy all the process information */
if (copy_semundo(clone_flags, p))
@@ -922,7 +921,7 @@
bad_fork_cleanup_semundo:
exit_semundo(p);
bad_fork_cleanup_security:
- security_ops->task_free_security(p);
+ security_task_free(p);
bad_fork_cleanup:
if (p->pid > 0)
free_pidmap(p->pid);
diff -Nru a/kernel/kmod.c b/kernel/kmod.c
--- a/kernel/kmod.c Thu Oct 17 14:18:57 2002
+++ b/kernel/kmod.c Thu Oct 17 14:18:57 2002
@@ -135,7 +135,7 @@
/* Give kmod all effective privileges.. */
curtask->euid = curtask->fsuid = 0;
curtask->egid = curtask->fsgid = 0;
- security_ops->task_kmod_set_label();
+ security_task_kmod_set_label();
/* Allow execve args to be in kernel space. */
set_fs(KERNEL_DS);
diff -Nru a/kernel/sched.c b/kernel/sched.c
--- a/kernel/sched.c Thu Oct 17 14:18:57 2002
+++ b/kernel/sched.c Thu Oct 17 14:18:57 2002
@@ -1329,8 +1329,7 @@
if (nice > 19)
nice = 19;
- retval = security_ops->task_setnice(current, nice);
- if (retval)
+ if ((retval = security_task_setnice(current, nice)))
return retval;
set_user_nice(current, nice);
@@ -1451,8 +1450,7 @@
!capable(CAP_SYS_NICE))
goto out_unlock;
- retval = security_ops->task_setscheduler(p, policy, &lp);
- if (retval)
+ if ((retval = security_task_setscheduler(p, policy, &lp)))
goto out_unlock;
array = p->array;
@@ -1515,8 +1513,7 @@
read_lock(&tasklist_lock);
p = find_process_by_pid(pid);
if (p) {
- retval = security_ops->task_getscheduler(p);
- if (!retval)
+ if (!(retval = security_task_getscheduler(p)))
retval = p->policy;
}
read_unlock(&tasklist_lock);
@@ -1545,8 +1542,7 @@
if (!p)
goto out_unlock;
- retval = security_ops->task_getscheduler(p);
- if (retval)
+ if ((retval = security_task_getscheduler(p)))
goto out_unlock;
lp.sched_priority = p->rt_priority;
@@ -1778,8 +1774,7 @@
if (!p)
goto out_unlock;
- retval = security_ops->task_getscheduler(p);
- if (retval)
+ if ((retval = security_task_getscheduler(p)))
goto out_unlock;
jiffies_to_timespec(p->policy & SCHED_FIFO ?
diff -Nru a/kernel/signal.c b/kernel/signal.c
--- a/kernel/signal.c Thu Oct 17 14:18:57 2002
+++ b/kernel/signal.c Thu Oct 17 14:18:57 2002
@@ -707,8 +707,7 @@
ret = -EPERM;
if (bad_signal(sig, info, t))
goto out;
- ret = security_ops->task_kill(t, info, sig);
- if (ret)
+ if ((ret = security_task_kill(t, info, sig)))
goto out;
/* The null signal is a permissions and process existence probe.
diff -Nru a/kernel/sys.c b/kernel/sys.c
--- a/kernel/sys.c Thu Oct 17 14:18:57 2002
+++ b/kernel/sys.c Thu Oct 17 14:18:57 2002
@@ -204,6 +204,7 @@
cond_syscall(sys_quotactl)
cond_syscall(sys_acct)
cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_security)
static int set_one_prio(struct task_struct *p, int niceval, int error)
{
@@ -479,8 +480,7 @@
int new_egid = old_egid;
int retval;
- retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
- if (retval)
+ if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
return retval;
if (rgid != (gid_t) -1) {
@@ -525,8 +525,7 @@
int old_egid = current->egid;
int retval;
- retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
- if (retval)
+ if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
return retval;
if (capable(CAP_SETGID))
@@ -599,8 +598,7 @@
int old_ruid, old_euid, old_suid, new_ruid, new_euid;
int retval;
- retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
- if (retval)
+ if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
return retval;
new_ruid = old_ruid = current->uid;
@@ -638,7 +636,7 @@
current->suid = current->euid;
current->fsuid = current->euid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
}
@@ -660,8 +658,7 @@
int old_ruid, old_suid, new_ruid, new_suid;
int retval;
- retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
- if (retval)
+ if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
return retval;
old_ruid = new_ruid = current->uid;
@@ -683,7 +680,7 @@
current->fsuid = current->euid = uid;
current->suid = new_suid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
}
@@ -698,8 +695,7 @@
int old_suid = current->suid;
int retval;
- retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
- if (retval)
+ if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETUID)) {
@@ -729,7 +725,7 @@
if (suid != (uid_t) -1)
current->suid = suid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
}
asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -750,8 +746,7 @@
{
int retval;
- retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
- if (retval)
+ if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETGID)) {
@@ -804,8 +799,7 @@
int old_fsuid;
int retval;
- retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
old_fsuid = current->fsuid;
@@ -821,8 +815,7 @@
current->fsuid = uid;
}
- retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
return old_fsuid;
@@ -836,8 +829,7 @@
int old_fsgid;
int retval;
- retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
return retval;
old_fsgid = current->fsgid;
@@ -962,8 +954,7 @@
retval = -ESRCH;
if (p) {
- retval = security_ops->task_getpgid(p);
- if (!retval)
+ if (!(retval = security_task_getpgid(p)))
retval = p->pgrp;
}
read_unlock(&tasklist_lock);
@@ -990,8 +981,7 @@
retval = -ESRCH;
if(p) {
- retval = security_ops->task_getsid(p);
- if (!retval)
+ if (!(retval = security_task_getsid(p)))
retval = p->session;
}
read_unlock(&tasklist_lock);
@@ -1072,8 +1062,7 @@
return -EINVAL;
if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
return -EFAULT;
- retval = security_ops->task_setgroups(gidsetsize, groups);
- if (retval)
+ if ((retval = security_task_setgroups(gidsetsize, groups)))
return retval;
memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
@@ -1236,8 +1225,7 @@
return -EPERM;
}
- retval = security_ops->task_setrlimit(resource, &new_rlim);
- if (retval)
+ if ((retval = security_task_setrlimit(resource, &new_rlim)))
return retval;
*old_rlim = new_rlim;
@@ -1311,8 +1299,7 @@
int error = 0;
int sig;
- error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
- if (error)
+ if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
return error;
switch (option) {
diff -Nru a/kernel/uid16.c b/kernel/uid16.c
--- a/kernel/uid16.c Thu Oct 17 14:18:57 2002
+++ b/kernel/uid16.c Thu Oct 17 14:18:57 2002
@@ -140,8 +140,7 @@
return -EFAULT;
for (i = 0 ; i < gidsetsize ; i++)
new_groups[i] = (gid_t)groups[i];
- i = security_ops->task_setgroups(gidsetsize, new_groups);
- if (i)
+ if ((i = security_task_setgroups(gidsetsize, new_groups)))
return i;
memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
diff -Nru a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
--- a/net/decnet/af_decnet.c Thu Oct 17 14:18:57 2002
+++ b/net/decnet/af_decnet.c Thu Oct 17 14:18:57 2002
@@ -794,7 +794,7 @@
* dn_prot_sock ? Would be nice if the capable call would go there
* too.
*/
- if (security_ops->dn_prot_sock(saddr) &&
+ if (security_dn_prot_sock(saddr) &&
!capable(CAP_NET_BIND_SERVICE) ||
saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
return -EACCES;