Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

security: rename ptrace_may_access => ptrace_access_check

Browse source 
The ->ptrace_may_access() methods are named confusingly - the real
ptrace_may_access() returns a bool, while these security checks have
a retval convention.

Rename it to ptrace_access_check, to reduce the confusion factor.

[ Impact: cleanup, no code changed ]

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Ingo Molnar 2009-05-07 19:26:19 +10:00 committed by James Morris
parent 86abcf9ceb
commit 9e48858f7d
7 changed files with 20 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
include/linux/security.h
View file

@ -52,7 +52,7 @@ struct audit_krule;
extern int cap_capable(struct task_struct *tsk, const struct cred *cred, extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
int cap, int audit); int cap, int audit);
extern int cap_settime(struct timespec *ts, struct timezone *tz); extern int cap_settime(struct timespec *ts, struct timezone *tz);
extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_ptrace_traceme(struct task_struct *parent);
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
extern int cap_capset(struct cred *new, const struct cred *old, extern int cap_capset(struct cred *new, const struct cred *old,
@ -1209,7 +1209,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @alter contains the flag indicating whether changes are to be made. * @alter contains the flag indicating whether changes are to be made.
* Return 0 if permission is granted. * Return 0 if permission is granted.
* *
* @ptrace_may_access: * @ptrace_access_check:
* Check permission before allowing the current process to trace the * Check permission before allowing the current process to trace the
* @child process. * @child process.
* Security modules may also want to perform a process tracing check * Security modules may also want to perform a process tracing check
@ -1224,7 +1224,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Check that the @parent process has sufficient permission to trace the * Check that the @parent process has sufficient permission to trace the
* current process before allowing the current process to present itself * current process before allowing the current process to present itself
* to the @parent process for tracing. * to the @parent process for tracing.
* The parent process will still have to undergo the ptrace_may_access * The parent process will still have to undergo the ptrace_access_check
* checks before it is allowed to trace this one. * checks before it is allowed to trace this one.
* @parent contains the task_struct structure for debugger process. * @parent contains the task_struct structure for debugger process.
* Return 0 if permission is granted. * Return 0 if permission is granted.
@ -1336,7 +1336,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
struct security_operations { struct security_operations {
char name[SECURITY_NAME_MAX + 1]; char name[SECURITY_NAME_MAX + 1];
int (*ptrace_may_access) (struct task_struct *child, unsigned int mode); int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
int (*ptrace_traceme) (struct task_struct *parent); int (*ptrace_traceme) (struct task_struct *parent);
int (*capget) (struct task_struct *target, int (*capget) (struct task_struct *target,
kernel_cap_t *effective, kernel_cap_t *effective,
@ -1617,7 +1617,7 @@ extern int security_module_enable(struct security_operations *ops);
extern int register_security(struct security_operations *ops); extern int register_security(struct security_operations *ops);
/* Security operations */ /* Security operations */
int security_ptrace_may_access(struct task_struct *child, unsigned int mode); int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
int security_ptrace_traceme(struct task_struct *parent); int security_ptrace_traceme(struct task_struct *parent);
int security_capget(struct task_struct *target, int security_capget(struct task_struct *target,
kernel_cap_t *effective, kernel_cap_t *effective,
@ -1798,10 +1798,10 @@ static inline int security_init(void)
return 0; return 0;
} }
static inline int security_ptrace_may_access(struct task_struct *child, static inline int security_ptrace_access_check(struct task_struct *child,
unsigned int mode) unsigned int mode)
{ {
return cap_ptrace_may_access(child, mode); return cap_ptrace_access_check(child, mode);
} }
static inline int security_ptrace_traceme(struct task_struct *parent) static inline int security_ptrace_traceme(struct task_struct *parent)

2
kernel/ptrace.c
View file

@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
if (!dumpable && !capable(CAP_SYS_PTRACE)) if (!dumpable && !capable(CAP_SYS_PTRACE))
return -EPERM; return -EPERM;
return security_ptrace_may_access(task, mode); return security_ptrace_access_check(task, mode);
} }
bool ptrace_may_access(struct task_struct *task, unsigned int mode) bool ptrace_may_access(struct task_struct *task, unsigned int mode)

2
security/capability.c
View file

@ -863,7 +863,7 @@ struct security_operations default_security_ops = {
void security_fixup_ops(struct security_operations *ops) void security_fixup_ops(struct security_operations *ops)
{ {
set_to_cap_if_null(ops, ptrace_may_access); set_to_cap_if_null(ops, ptrace_access_check);
set_to_cap_if_null(ops, ptrace_traceme); set_to_cap_if_null(ops, ptrace_traceme);
set_to_cap_if_null(ops, capget); set_to_cap_if_null(ops, capget);
set_to_cap_if_null(ops, capset); set_to_cap_if_null(ops, capset);

4
security/commoncap.c
View file

@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
} }
/** /**
* cap_ptrace_may_access - Determine whether the current process may access * cap_ptrace_access_check - Determine whether the current process may access
* another * another
* @child: The process to be accessed * @child: The process to be accessed
* @mode: The mode of attachment. * @mode: The mode of attachment.
@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
* Determine whether a process may access another, returning 0 if permission * Determine whether a process may access another, returning 0 if permission
* granted, -ve if denied. * granted, -ve if denied.
*/ */
int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
{ {
int ret = 0; int ret = 0;

4
security/security.c
View file

@ -124,9 +124,9 @@ int register_security(struct security_operations *ops)
/* Security operations */ /* Security operations */
int security_ptrace_may_access(struct task_struct *child, unsigned int mode) int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{ {
return security_ops->ptrace_may_access(child, mode); return security_ops->ptrace_access_check(child, mode);
} }
int security_ptrace_traceme(struct task_struct *parent) int security_ptrace_traceme(struct task_struct *parent)

6
security/selinux/hooks.c
View file

@ -1854,12 +1854,12 @@ static inline u32 open_file_to_av(struct file *file)
/* Hook functions begin here. */ /* Hook functions begin here. */
static int selinux_ptrace_may_access(struct task_struct *child, static int selinux_ptrace_access_check(struct task_struct *child,
unsigned int mode) unsigned int mode)
{ {
int rc; int rc;
rc = cap_ptrace_may_access(child, mode); rc = cap_ptrace_access_check(child, mode);
if (rc) if (rc)
return rc; return rc;
@ -5315,7 +5315,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
static struct security_operations selinux_ops = { static struct security_operations selinux_ops = {
.name = "selinux", .name = "selinux",
.ptrace_may_access = selinux_ptrace_may_access, .ptrace_access_check = selinux_ptrace_access_check,
.ptrace_traceme = selinux_ptrace_traceme, .ptrace_traceme = selinux_ptrace_traceme,
.capget = selinux_capget, .capget = selinux_capget,
.capset = selinux_capset, .capset = selinux_capset,

8
security/smack/smack_lsm.c
View file

@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
*/ */
/** /**
* smack_ptrace_may_access - Smack approval on PTRACE_ATTACH * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
* @ctp: child task pointer * @ctp: child task pointer
* @mode: ptrace attachment mode * @mode: ptrace attachment mode
* *
@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack)
* *
* Do the capability checks, and require read and write. * Do the capability checks, and require read and write.
*/ */
static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
{ {
int rc; int rc;
struct smk_audit_info ad; struct smk_audit_info ad;
char *sp, *tsp; char *sp, *tsp;
rc = cap_ptrace_may_access(ctp, mode); rc = cap_ptrace_access_check(ctp, mode);
if (rc != 0) if (rc != 0)
return rc; return rc;
@ -3032,7 +3032,7 @@ static void smack_release_secctx(char *secdata, u32 seclen)
struct security_operations smack_ops = { struct security_operations smack_ops = {
.name = "smack", .name = "smack",
.ptrace_may_access = smack_ptrace_may_access, .ptrace_access_check = smack_ptrace_access_check,
.ptrace_traceme = smack_ptrace_traceme, .ptrace_traceme = smack_ptrace_traceme,
.syslog = smack_syslog, .syslog = smack_syslog,