summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/linux/security.h25
-rw-r--r--kernel/capability.c18
-rw-r--r--security/security.c24
3 files changed, 15 insertions, 52 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index caff54eee686..e345a9313a60 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1670,10 +1670,6 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap);
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int cap);
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
- int cap);
-int security_real_capable_noaudit(struct task_struct *tsk,
- struct user_namespace *ns, int cap);
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
@@ -1876,27 +1872,6 @@ static inline int security_capable_noaudit(const struct cred *cred,
return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
-static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
-{
- int ret;
-
- rcu_read_lock();
- ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);
- rcu_read_unlock();
- return ret;
-}
-
-static inline
-int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)
-{
- int ret;
-
- rcu_read_lock();
- ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_NOAUDIT);
- rcu_read_unlock();
- return ret;
-}
-
static inline int security_quotactl(int cmds, int type, int id,
struct super_block *sb)
{
diff --git a/kernel/capability.c b/kernel/capability.c
index d98392719adb..ff50ab62cfca 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -298,7 +298,11 @@ error:
*/
bool has_capability(struct task_struct *t, int cap)
{
- int ret = security_real_capable(t, &init_user_ns, cap);
+ int ret;
+
+ rcu_read_lock();
+ ret = security_capable(__task_cred(t), &init_user_ns, cap);
+ rcu_read_unlock();
return (ret == 0);
}
@@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap)
bool has_ns_capability(struct task_struct *t,
struct user_namespace *ns, int cap)
{
- int ret = security_real_capable(t, ns, cap);
+ int ret;
+
+ rcu_read_lock();
+ ret = security_capable(__task_cred(t), ns, cap);
+ rcu_read_unlock();
return (ret == 0);
}
@@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t,
*/
bool has_capability_noaudit(struct task_struct *t, int cap)
{
- int ret = security_real_capable_noaudit(t, &init_user_ns, cap);
+ int ret;
+
+ rcu_read_lock();
+ ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap);
+ rcu_read_unlock();
return (ret == 0);
}
diff --git a/security/security.c b/security/security.c
index b7edaae77d1d..8900c5c4db5c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -166,30 +166,6 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
- int cap)
-{
- const struct cred *cred;
- int ret;
-
- cred = get_task_cred(tsk);
- ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
- put_cred(cred);
- return ret;
-}
-
-int security_real_capable_noaudit(struct task_struct *tsk,
- struct user_namespace *ns, int cap)
-{
- const struct cred *cred;
- int ret;
-
- cred = get_task_cred(tsk);
- ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
- put_cred(cred);
- return ret;
-}
-
int security_quotactl(int cmds, int type, int id, struct super_block *sb)
{
return security_ops->quotactl(cmds, type, id, sb);