security: rename ptrace_may_access => ptrace_access_check
The ->ptrace_may_access() methods are named confusingly - the real ptrace_may_access() returns a bool, while these security checks have a retval convention. Rename it to ptrace_access_check, to reduce the confusion factor. [ Impact: cleanup, no code changed ] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
86abcf9ceb
commit
9e48858f7d
7 changed files with 20 additions and 20 deletions
|
@ -52,7 +52,7 @@ struct audit_krule;
|
|||
extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
|
||||
int cap, int audit);
|
||||
extern int cap_settime(struct timespec *ts, struct timezone *tz);
|
||||
extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
|
||||
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
|
||||
extern int cap_ptrace_traceme(struct task_struct *parent);
|
||||
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
|
||||
extern int cap_capset(struct cred *new, const struct cred *old,
|
||||
|
@ -1209,7 +1209,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* @alter contains the flag indicating whether changes are to be made.
|
||||
* Return 0 if permission is granted.
|
||||
*
|
||||
* @ptrace_may_access:
|
||||
* @ptrace_access_check:
|
||||
* Check permission before allowing the current process to trace the
|
||||
* @child process.
|
||||
* Security modules may also want to perform a process tracing check
|
||||
|
@ -1224,7 +1224,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* Check that the @parent process has sufficient permission to trace the
|
||||
* current process before allowing the current process to present itself
|
||||
* to the @parent process for tracing.
|
||||
* The parent process will still have to undergo the ptrace_may_access
|
||||
* The parent process will still have to undergo the ptrace_access_check
|
||||
* checks before it is allowed to trace this one.
|
||||
* @parent contains the task_struct structure for debugger process.
|
||||
* Return 0 if permission is granted.
|
||||
|
@ -1336,7 +1336,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
struct security_operations {
|
||||
char name[SECURITY_NAME_MAX + 1];
|
||||
|
||||
int (*ptrace_may_access) (struct task_struct *child, unsigned int mode);
|
||||
int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
|
||||
int (*ptrace_traceme) (struct task_struct *parent);
|
||||
int (*capget) (struct task_struct *target,
|
||||
kernel_cap_t *effective,
|
||||
|
@ -1617,7 +1617,7 @@ extern int security_module_enable(struct security_operations *ops);
|
|||
extern int register_security(struct security_operations *ops);
|
||||
|
||||
/* Security operations */
|
||||
int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
|
||||
int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
|
||||
int security_ptrace_traceme(struct task_struct *parent);
|
||||
int security_capget(struct task_struct *target,
|
||||
kernel_cap_t *effective,
|
||||
|
@ -1798,10 +1798,10 @@ static inline int security_init(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_ptrace_may_access(struct task_struct *child,
|
||||
static inline int security_ptrace_access_check(struct task_struct *child,
|
||||
unsigned int mode)
|
||||
{
|
||||
return cap_ptrace_may_access(child, mode);
|
||||
return cap_ptrace_access_check(child, mode);
|
||||
}
|
||||
|
||||
static inline int security_ptrace_traceme(struct task_struct *parent)
|
||||
|
|
|
@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
|
|||
if (!dumpable && !capable(CAP_SYS_PTRACE))
|
||||
return -EPERM;
|
||||
|
||||
return security_ptrace_may_access(task, mode);
|
||||
return security_ptrace_access_check(task, mode);
|
||||
}
|
||||
|
||||
bool ptrace_may_access(struct task_struct *task, unsigned int mode)
|
||||
|
|
|
@ -863,7 +863,7 @@ struct security_operations default_security_ops = {
|
|||
|
||||
void security_fixup_ops(struct security_operations *ops)
|
||||
{
|
||||
set_to_cap_if_null(ops, ptrace_may_access);
|
||||
set_to_cap_if_null(ops, ptrace_access_check);
|
||||
set_to_cap_if_null(ops, ptrace_traceme);
|
||||
set_to_cap_if_null(ops, capget);
|
||||
set_to_cap_if_null(ops, capset);
|
||||
|
|
|
@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
|
|||
}
|
||||
|
||||
/**
|
||||
* cap_ptrace_may_access - Determine whether the current process may access
|
||||
* cap_ptrace_access_check - Determine whether the current process may access
|
||||
* another
|
||||
* @child: The process to be accessed
|
||||
* @mode: The mode of attachment.
|
||||
|
@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
|
|||
* Determine whether a process may access another, returning 0 if permission
|
||||
* granted, -ve if denied.
|
||||
*/
|
||||
int cap_ptrace_may_access(struct task_struct *child, unsigned int mode)
|
||||
int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
|
|
|
@ -124,9 +124,9 @@ int register_security(struct security_operations *ops)
|
|||
|
||||
/* Security operations */
|
||||
|
||||
int security_ptrace_may_access(struct task_struct *child, unsigned int mode)
|
||||
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
|
||||
{
|
||||
return security_ops->ptrace_may_access(child, mode);
|
||||
return security_ops->ptrace_access_check(child, mode);
|
||||
}
|
||||
|
||||
int security_ptrace_traceme(struct task_struct *parent)
|
||||
|
|
|
@ -1854,12 +1854,12 @@ static inline u32 open_file_to_av(struct file *file)
|
|||
|
||||
/* Hook functions begin here. */
|
||||
|
||||
static int selinux_ptrace_may_access(struct task_struct *child,
|
||||
static int selinux_ptrace_access_check(struct task_struct *child,
|
||||
unsigned int mode)
|
||||
{
|
||||
int rc;
|
||||
|
||||
rc = cap_ptrace_may_access(child, mode);
|
||||
rc = cap_ptrace_access_check(child, mode);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
|
@ -5315,7 +5315,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
|
|||
static struct security_operations selinux_ops = {
|
||||
.name = "selinux",
|
||||
|
||||
.ptrace_may_access = selinux_ptrace_may_access,
|
||||
.ptrace_access_check = selinux_ptrace_access_check,
|
||||
.ptrace_traceme = selinux_ptrace_traceme,
|
||||
.capget = selinux_capget,
|
||||
.capset = selinux_capset,
|
||||
|
|
|
@ -91,7 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
|
|||
*/
|
||||
|
||||
/**
|
||||
* smack_ptrace_may_access - Smack approval on PTRACE_ATTACH
|
||||
* smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
|
||||
* @ctp: child task pointer
|
||||
* @mode: ptrace attachment mode
|
||||
*
|
||||
|
@ -99,13 +99,13 @@ struct inode_smack *new_inode_smack(char *smack)
|
|||
*
|
||||
* Do the capability checks, and require read and write.
|
||||
*/
|
||||
static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
|
||||
static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
|
||||
{
|
||||
int rc;
|
||||
struct smk_audit_info ad;
|
||||
char *sp, *tsp;
|
||||
|
||||
rc = cap_ptrace_may_access(ctp, mode);
|
||||
rc = cap_ptrace_access_check(ctp, mode);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
|
||||
|
@ -3032,7 +3032,7 @@ static void smack_release_secctx(char *secdata, u32 seclen)
|
|||
struct security_operations smack_ops = {
|
||||
.name = "smack",
|
||||
|
||||
.ptrace_may_access = smack_ptrace_may_access,
|
||||
.ptrace_access_check = smack_ptrace_access_check,
|
||||
.ptrace_traceme = smack_ptrace_traceme,
|
||||
.syslog = smack_syslog,
|
||||
|
||||
|
|
Loading…
Reference in a new issue