diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/acct.c | 3 | ||||
| -rw-r--r-- | kernel/capability.c | 10 | ||||
| -rw-r--r-- | kernel/exit.c | 6 | ||||
| -rw-r--r-- | kernel/fork.c | 7 | ||||
| -rw-r--r-- | kernel/kmod.c | 2 | ||||
| -rw-r--r-- | kernel/sched.c | 15 | ||||
| -rw-r--r-- | kernel/signal.c | 3 | ||||
| -rw-r--r-- | kernel/sys.c | 49 | ||||
| -rw-r--r-- | kernel/uid16.c | 3 |
9 files changed, 38 insertions, 60 deletions
diff --git a/kernel/acct.c b/kernel/acct.c index 5c05655094e6..1a5a5a3532ab 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -223,8 +223,7 @@ asmlinkage long sys_acct(const char *name) } } - error = security_ops->acct(file); - if (error) + if ((error = security_acct(file))) return error; spin_lock(&acct_globals.lock); diff --git a/kernel/capability.c b/kernel/capability.c index 5f61283d6196..6ced2afcc509 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -64,7 +64,7 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) data.permitted = cap_t(target->cap_permitted); data.inheritable = cap_t(target->cap_inheritable); data.effective = cap_t(target->cap_effective); - ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted); + ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted); out: read_unlock(&tasklist_lock); @@ -89,7 +89,7 @@ static inline void cap_set_pg(int pgrp, kernel_cap_t *effective, do_each_thread(g, target) { if (target->pgrp != pgrp) continue; - security_ops->capset_set(target, effective, inheritable, permitted); + security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); } @@ -106,7 +106,7 @@ static inline void cap_set_all(kernel_cap_t *effective, do_each_thread(g, target) { if (target == current || target->pid == 1) continue; - security_ops->capset_set(target, effective, inheritable, permitted); + security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); } @@ -164,7 +164,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) ret = -EPERM; - if (security_ops->capset_check(target, &effective, &inheritable, &permitted)) + if (security_capset_check(target, &effective, &inheritable, &permitted)) goto out; if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable, @@ -191,7 +191,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) else /* all procs in process group */ cap_set_pg(-pid, &effective, &inheritable, &permitted); } else { - security_ops->capset_set(target, &effective, &inheritable, &permitted); + security_capset_set(target, &effective, &inheritable, &permitted); } out: diff --git a/kernel/exit.c b/kernel/exit.c index c2b0f6eeff0f..35415c7fd1f9 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -67,7 +67,7 @@ void release_task(struct task_struct * p) wait_task_inactive(p); atomic_dec(&p->user->processes); - security_ops->task_free_security(p); + security_task_free(p); free_uid(p->user); write_lock_irq(&tasklist_lock); if (unlikely(p->ptrace)) @@ -248,7 +248,7 @@ void reparent_to_init(void) /* cpus_allowed? */ /* rt_priority? */ /* signals? */ - security_ops->task_reparent_to_init(current); + security_task_reparent_to_init(current); memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim))); current->user = INIT_USER; @@ -774,7 +774,7 @@ static int eligible_child(pid_t pid, int options, task_t *p) if (current->tgid != p->tgid && delay_group_leader(p)) return 2; - if (security_ops->task_wait(p)) + if (security_task_wait(p)) return 0; return 1; diff --git a/kernel/fork.c b/kernel/fork.c index f8620b82f8f5..cac0d734c4a3 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -682,8 +682,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD)) return ERR_PTR(-EINVAL); - retval = security_ops->task_create(clone_flags); - if (retval) + if ((retval = security_task_create(clone_flags))) goto fork_out; retval = -ENOMEM; @@ -772,7 +771,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, INIT_LIST_HEAD(&p->local_pages); retval = -ENOMEM; - if (security_ops->task_alloc_security(p)) + if (security_task_alloc(p)) goto bad_fork_cleanup; /* copy all the process information */ if (copy_semundo(clone_flags, p)) @@ -922,7 +921,7 @@ bad_fork_cleanup_files: bad_fork_cleanup_semundo: exit_semundo(p); bad_fork_cleanup_security: - security_ops->task_free_security(p); + security_task_free(p); bad_fork_cleanup: if (p->pid > 0) free_pidmap(p->pid); diff --git a/kernel/kmod.c b/kernel/kmod.c index cabf49a58d96..bf013083b24f 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -135,7 +135,7 @@ int exec_usermodehelper(char *program_path, char *argv[], char *envp[]) /* Give kmod all effective privileges.. */ curtask->euid = curtask->fsuid = 0; curtask->egid = curtask->fsgid = 0; - security_ops->task_kmod_set_label(); + security_task_kmod_set_label(); /* Allow execve args to be in kernel space. */ set_fs(KERNEL_DS); diff --git a/kernel/sched.c b/kernel/sched.c index 20d2854c0bc6..9c160cda97e9 100644 --- a/kernel/sched.c +++ b/kernel/sched.c @@ -1329,8 +1329,7 @@ asmlinkage long sys_nice(int increment) if (nice > 19) nice = 19; - retval = security_ops->task_setnice(current, nice); - if (retval) + if ((retval = security_task_setnice(current, nice))) return retval; set_user_nice(current, nice); @@ -1451,8 +1450,7 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param) !capable(CAP_SYS_NICE)) goto out_unlock; - retval = security_ops->task_setscheduler(p, policy, &lp); - if (retval) + if ((retval = security_task_setscheduler(p, policy, &lp))) goto out_unlock; array = p->array; @@ -1515,8 +1513,7 @@ asmlinkage long sys_sched_getscheduler(pid_t pid) read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (p) { - retval = security_ops->task_getscheduler(p); - if (!retval) + if (!(retval = security_task_getscheduler(p))) retval = p->policy; } read_unlock(&tasklist_lock); @@ -1545,8 +1542,7 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param) if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; lp.sched_priority = p->rt_priority; @@ -1778,8 +1774,7 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval) if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; jiffies_to_timespec(p->policy & SCHED_FIFO ? diff --git a/kernel/signal.c b/kernel/signal.c index a1187112e6de..738f15377092 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -707,8 +707,7 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int ret = -EPERM; if (bad_signal(sig, info, t)) goto out; - ret = security_ops->task_kill(t, info, sig); - if (ret) + if ((ret = security_task_kill(t, info, sig))) goto out; /* The null signal is a permissions and process existence probe. diff --git a/kernel/sys.c b/kernel/sys.c index 3c2992ac68f2..0a9d75f8a739 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -204,6 +204,7 @@ cond_syscall(sys_nfsservctl) cond_syscall(sys_quotactl) cond_syscall(sys_acct) cond_syscall(sys_lookup_dcookie) +cond_syscall(sys_security) static int set_one_prio(struct task_struct *p, int niceval, int error) { @@ -479,8 +480,7 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid) int new_egid = old_egid; int retval; - retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE))) return retval; if (rgid != (gid_t) -1) { @@ -525,8 +525,7 @@ asmlinkage long sys_setgid(gid_t gid) int old_egid = current->egid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID))) return retval; if (capable(CAP_SETGID)) @@ -599,8 +598,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; - retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE))) return retval; new_ruid = old_ruid = current->uid; @@ -638,7 +636,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) current->suid = current->euid; current->fsuid = current->euid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); } @@ -660,8 +658,7 @@ asmlinkage long sys_setuid(uid_t uid) int old_ruid, old_suid, new_ruid, new_suid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID))) return retval; old_ruid = new_ruid = current->uid; @@ -683,7 +680,7 @@ asmlinkage long sys_setuid(uid_t uid) current->fsuid = current->euid = uid; current->suid = new_suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); } @@ -698,8 +695,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) int old_suid = current->suid; int retval; - retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETUID)) { @@ -729,7 +725,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) if (suid != (uid_t) -1) current->suid = suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); } asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid) @@ -750,8 +746,7 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) { int retval; - retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETGID)) { @@ -804,8 +799,7 @@ asmlinkage long sys_setfsuid(uid_t uid) int old_fsuid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; old_fsuid = current->fsuid; @@ -821,8 +815,7 @@ asmlinkage long sys_setfsuid(uid_t uid) current->fsuid = uid; } - retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; return old_fsuid; @@ -836,8 +829,7 @@ asmlinkage long sys_setfsgid(gid_t gid) int old_fsgid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))) return retval; old_fsgid = current->fsgid; @@ -962,8 +954,7 @@ asmlinkage long sys_getpgid(pid_t pid) retval = -ESRCH; if (p) { - retval = security_ops->task_getpgid(p); - if (!retval) + if (!(retval = security_task_getpgid(p))) retval = p->pgrp; } read_unlock(&tasklist_lock); @@ -990,8 +981,7 @@ asmlinkage long sys_getsid(pid_t pid) retval = -ESRCH; if(p) { - retval = security_ops->task_getsid(p); - if (!retval) + if (!(retval = security_task_getsid(p))) retval = p->session; } read_unlock(&tasklist_lock); @@ -1072,8 +1062,7 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist) return -EINVAL; if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t))) return -EFAULT; - retval = security_ops->task_setgroups(gidsetsize, groups); - if (retval) + if ((retval = security_task_setgroups(gidsetsize, groups))) return retval; memcpy(current->groups, groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; @@ -1236,8 +1225,7 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim) return -EPERM; } - retval = security_ops->task_setrlimit(resource, &new_rlim); - if (retval) + if ((retval = security_task_setrlimit(resource, &new_rlim))) return retval; *old_rlim = new_rlim; @@ -1311,8 +1299,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, int error = 0; int sig; - error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5); - if (error) + if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5))) return error; switch (option) { diff --git a/kernel/uid16.c b/kernel/uid16.c index 63b24096f8c3..53d054061dad 100644 --- a/kernel/uid16.c +++ b/kernel/uid16.c @@ -140,8 +140,7 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist) return -EFAULT; for (i = 0 ; i < gidsetsize ; i++) new_groups[i] = (gid_t)groups[i]; - i = security_ops->task_setgroups(gidsetsize, new_groups); - if (i) + if ((i = security_task_setgroups(gidsetsize, new_groups))) return i; memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; |