summaryrefslogtreecommitdiff
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2012-05-30 13:30:51 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2012-05-31 13:11:54 -0400
commite5467859f7f79b69fc49004403009dfdba3bec53 (patch)
tree73b011daf79eeddd61bbcaf65cd197b5e5f6f149 /include/linux/security.h
parentd007794a182bc072a7b7479909dbd0d67ba341be (diff)
split ->file_mmap() into ->mmap_addr()/->mmap_file()
... i.e. file-dependent and address-dependent checks. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h36
1 files changed, 20 insertions, 16 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 4ad59c9fa731..f1bae0963ddc 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -87,9 +87,8 @@ extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
extern int cap_mmap_addr(unsigned long addr);
-extern int cap_file_mmap(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags,
- unsigned long addr, unsigned long addr_only);
+extern int cap_mmap_file(struct file *file, unsigned long reqprot,
+ unsigned long prot, unsigned long flags);
extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
@@ -587,15 +586,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* simple integer value. When @arg represents a user space pointer, it
* should never be used by the security module.
* Return 0 if permission is granted.
- * @file_mmap :
+ * @mmap_addr :
+ * Check permissions for a mmap operation at @addr.
+ * @addr contains virtual address that will be used for the operation.
+ * Return 0 if permission is granted.
+ * @mmap_file :
* Check permissions for a mmap operation. The @file may be NULL, e.g.
* if mapping anonymous memory.
* @file contains the file structure for file to map (may be NULL).
* @reqprot contains the protection requested by the application.
* @prot contains the protection that will be applied by the kernel.
* @flags contains the operational flags.
- * @addr contains virtual address that will be used for the operation.
- * @addr_only contains a boolean: 0 if file-backed VMA, otherwise 1.
* Return 0 if permission is granted.
* @file_mprotect:
* Check permissions before changing memory access permissions.
@@ -1482,10 +1483,10 @@ struct security_operations {
void (*file_free_security) (struct file *file);
int (*file_ioctl) (struct file *file, unsigned int cmd,
unsigned long arg);
- int (*file_mmap) (struct file *file,
+ int (*mmap_addr) (unsigned long addr);
+ int (*mmap_file) (struct file *file,
unsigned long reqprot, unsigned long prot,
- unsigned long flags, unsigned long addr,
- unsigned long addr_only);
+ unsigned long flags);
int (*file_mprotect) (struct vm_area_struct *vma,
unsigned long reqprot,
unsigned long prot);
@@ -1744,9 +1745,9 @@ int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
void security_file_free(struct file *file);
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
-int security_file_mmap(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags,
- unsigned long addr, unsigned long addr_only);
+int security_mmap_file(struct file *file, unsigned long reqprot,
+ unsigned long prot, unsigned long flags);
+int security_mmap_addr(unsigned long addr);
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int security_file_lock(struct file *file, unsigned int cmd);
@@ -2182,11 +2183,14 @@ static inline int security_file_ioctl(struct file *file, unsigned int cmd,
return 0;
}
-static inline int security_file_mmap(struct file *file, unsigned long reqprot,
+static inline int security_mmap_file(struct file *file, unsigned long reqprot,
unsigned long prot,
- unsigned long flags,
- unsigned long addr,
- unsigned long addr_only)
+ unsigned long flags)
+{
+ return 0;
+}
+
+static inline int security_mmap_addr(unsigned long addr)
{
return cap_mmap_addr(addr);
}