Inicio Explorar Axuda
Rexistro Iniciar sesión
phyus
/
linux-vybrid_public
8
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

capabilities: reverse arguments to security_capable

security_capable takes ns, cred, cap.  But the LSM capable() hook takes
cred, ns, cap.  The capability helper functions also take cred, ns, cap.
Rather than flip argument order just to flip it back, leave them alone.
Heck, this should be a little faster since argument will be in the right
place!

Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris %!s(int64=13) %!d(string=hai) anos
pai
6a9de49115
achega
b7e724d303
Modificáronse 4 ficheiros con 6 adicións e 6 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 1 1
      drivers/pci/pci-sysfs.c
  2. 3 3
      include/linux/security.h
  3. 1 1
      kernel/capability.c
  4. 1 1
      security/security.c

+ 1 - 1
drivers/pci/pci-sysfs.c
Ver ficheiro 

@@ -431,7 +431,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
 
 	u8 *data = (u8*) buf;
 
 	u8 *data = (u8*) buf;
 
 
 
 	/* Several chips lock up trying to read undefined config space */
 
 	/* Several chips lock up trying to read undefined config space */
 
-	if (security_capable(&init_user_ns, filp->f_cred, CAP_SYS_ADMIN) == 0) {
 
+	if (security_capable(filp->f_cred, &init_user_ns, CAP_SYS_ADMIN) == 0) {
 
 		size = dev->cfg_size;
 
 		size = dev->cfg_size;
 
 	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
 
 	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
 
 		size = 128;
 
 		size = 128;

+ 3 - 3
include/linux/security.h
Ver ficheiro 

@@ -1666,7 +1666,7 @@ int security_capset(struct cred *new, const struct cred *old,
 
 		    const kernel_cap_t *effective,
 
 		    const kernel_cap_t *effective,
 
 		    const kernel_cap_t *inheritable,
 
 		    const kernel_cap_t *inheritable,
 
 		    const kernel_cap_t *permitted);
 
 		    const kernel_cap_t *permitted);
 
-int security_capable(struct user_namespace *ns, const struct cred *cred,
 
+int security_capable(const struct cred *cred, struct user_namespace *ns,
 
 			int cap);
 
 			int cap);
 
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
 
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
 
 			int cap);
 
 			int cap);
 
@@ -1863,8 +1863,8 @@ static inline int security_capset(struct cred *new,
 
 	return cap_capset(new, old, effective, inheritable, permitted);
 
 	return cap_capset(new, old, effective, inheritable, permitted);
 
 }
 
 }
 
 
 
-static inline int security_capable(struct user_namespace *ns,
 
-				   const struct cred *cred, int cap)
 
+static inline int security_capable(const struct cred *cred,
 
+				   struct user_namespace *ns, int cap)
 
 {
 
 {
 
 	return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 
 	return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 
 }
 
 }

+ 1 - 1
kernel/capability.c
Ver ficheiro 

@@ -374,7 +374,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
 
 		BUG();
 
 		BUG();
 
 	}
 
 	}
 
 
 
-	if (security_capable(ns, current_cred(), cap) == 0) {
 
+	if (security_capable(current_cred(), ns, cap) == 0) {
 
 		current->flags |= PF_SUPERPRIV;
 
 		current->flags |= PF_SUPERPRIV;
 
 		return true;
 
 		return true;
 
 	}
 
 	}

+ 1 - 1
security/security.c
Ver ficheiro 

@@ -154,7 +154,7 @@ int security_capset(struct cred *new, const struct cred *old,
 
 				    effective, inheritable, permitted);
 
 				    effective, inheritable, permitted);
 
 }
 
 }
 
 
 
-int security_capable(struct user_namespace *ns, const struct cred *cred,
 
+int security_capable(const struct cred *cred, struct user_namespace *ns,
 
 		     int cap)
 
 		     int cap)
 
 {
 
 {
 
 	return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 
 	return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);