summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-01-03 12:25:15 -0500
committerEric Paris <eparis@redhat.com>2012-01-05 18:52:53 -0500
commitb7e724d303b684655e4ca3dabd5a6840ad19012d (patch)
tree5474d8d49d61ade4c5e306a0485a835587237bf4
parent6a9de49115d5ff9871d953af1a5c8249e1585731 (diff)
capabilities: reverse arguments to security_capable
security_capable takes ns, cred, cap. But the LSM capable() hook takes cred, ns, cap. The capability helper functions also take cred, ns, cap. Rather than flip argument order just to flip it back, leave them alone. Heck, this should be a little faster since argument will be in the right place! Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--drivers/pci/pci-sysfs.c2
-rw-r--r--include/linux/security.h6
-rw-r--r--kernel/capability.c2
-rw-r--r--security/security.c2
4 files changed, 6 insertions, 6 deletions
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 7bcf12adced..a4457ab6134 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -431,7 +431,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */
- if (security_capable(&init_user_ns, filp->f_cred, CAP_SYS_ADMIN) == 0) {
+ if (security_capable(filp->f_cred, &init_user_ns, CAP_SYS_ADMIN) == 0) {
size = dev->cfg_size;
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
size = 128;
diff --git a/include/linux/security.h b/include/linux/security.h
index 4921163b275..ee969ff40a2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1666,7 +1666,7 @@ int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap);
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
int cap);
@@ -1863,8 +1863,8 @@ static inline int security_capset(struct cred *new,
return cap_capset(new, old, effective, inheritable, permitted);
}
-static inline int security_capable(struct user_namespace *ns,
- const struct cred *cred, int cap)
+static inline int security_capable(const struct cred *cred,
+ struct user_namespace *ns, int cap)
{
return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
}
diff --git a/kernel/capability.c b/kernel/capability.c
index 283c529f8b1..d98392719ad 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -374,7 +374,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
BUG();
}
- if (security_capable(ns, current_cred(), cap) == 0) {
+ if (security_capable(current_cred(), ns, cap) == 0) {
current->flags |= PF_SUPERPRIV;
return true;
}
diff --git a/security/security.c b/security/security.c
index 9ae68c64455..b9e57f4fc44 100644
--- a/security/security.c
+++ b/security/security.c
@@ -154,7 +154,7 @@ int security_capset(struct cred *new, const struct cred *old,
effective, inheritable, permitted);
}
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap)
{
return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);