summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/linux/security.h3
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/commoncap.c32
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/smack/smack_lsm.c2
5 files changed, 28 insertions, 13 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index ab0e091ce5fa..4ad59c9fa731 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -86,6 +86,7 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
+extern int cap_mmap_addr(unsigned long addr);
extern int cap_file_mmap(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags,
unsigned long addr, unsigned long addr_only);
@@ -2187,7 +2188,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
unsigned long addr,
unsigned long addr_only)
{
- return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ return cap_mmap_addr(addr);
}
static inline int security_file_mprotect(struct vm_area_struct *vma,
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 032daab449b0..8430d8937afb 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -497,7 +497,7 @@ static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
int rc = 0;
/* do DAC check */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
diff --git a/security/commoncap.c b/security/commoncap.c
index e771cb1b2d79..ebac3618896e 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
}
/*
- * cap_file_mmap - check if able to map given addr
- * @file: unused
- * @reqprot: unused
- * @prot: unused
- * @flags: unused
+ * cap_mmap_addr - check if able to map given addr
* @addr: address attempting to be mapped
- * @addr_only: unused
*
* If the process is attempting to map memory below dac_mmap_min_addr they need
* CAP_SYS_RAWIO. The other parameters to this function are unused by the
* capability security module. Returns 0 if this mapping should be allowed
* -EPERM if not.
*/
-int cap_file_mmap(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags,
- unsigned long addr, unsigned long addr_only)
+int cap_mmap_addr(unsigned long addr)
{
int ret = 0;
@@ -986,3 +979,24 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
}
return ret;
}
+
+/*
+ * cap_file_mmap - check if able to map given addr
+ * @file: unused
+ * @reqprot: unused
+ * @prot: unused
+ * @flags: unused
+ * @addr: address attempting to be mapped
+ * @addr_only: unused
+ *
+ * If the process is attempting to map memory below dac_mmap_min_addr they need
+ * CAP_SYS_RAWIO. The other parameters to this function are unused by the
+ * capability security module. Returns 0 if this mapping should be allowed
+ * -EPERM if not.
+ */
+int cap_file_mmap(struct file *file, unsigned long reqprot,
+ unsigned long prot, unsigned long flags,
+ unsigned long addr, unsigned long addr_only)
+{
+ return cap_mmap_addr(addr);
+}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index fa2341b68331..25c125eaa3d8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3104,7 +3104,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
}
/* do DAC check on address space usage */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d583c0545808..a62197718768 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1199,7 +1199,7 @@ static int smack_file_mmap(struct file *file,
int rc;
/* do DAC check on address space usage */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;