ChangeSet 1.892, 2002/11/26 11:29:49-08:00, greg@kroah.com Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5 into kroah.com:/home/greg/linux/BK/lsm-2.5 diff -Nru a/arch/ppc/kernel/misc.S b/arch/ppc/kernel/misc.S --- a/arch/ppc/kernel/misc.S Tue Nov 26 14:02:05 2002 +++ b/arch/ppc/kernel/misc.S Tue Nov 26 14:02:05 2002 @@ -1006,6 +1006,7 @@ mr r31,r4 /* argument */ ori r3,r5,CLONE_VM /* flags */ oris r3,r3,CLONE_UNTRACED>>16 + li r4,0 /* new sp (unused) */ li r0,__NR_clone sc cmpi 0,r3,0 /* parent or child? */ diff -Nru a/fs/file_table.c b/fs/file_table.c --- a/fs/file_table.c Tue Nov 26 14:02:05 2002 +++ b/fs/file_table.c Tue Nov 26 14:02:05 2002 @@ -48,7 +48,7 @@ files_stat.nr_free_files--; new_one: memset(f, 0, sizeof(*f)); - if (security_ops->file_alloc_security(f)) { + if (security_file_alloc(f)) { list_add(&f->f_list, &free_list); files_stat.nr_free_files++; file_list_unlock(); @@ -136,7 +136,7 @@ if (file->f_op && file->f_op->release) file->f_op->release(inode, file); - security_ops->file_free_security(file); + security_file_free(file); fops_put(file->f_op); if (file->f_mode & FMODE_WRITE) put_write_access(inode); @@ -169,7 +169,7 @@ void put_filp(struct file *file) { if(atomic_dec_and_test(&file->f_count)) { - security_ops->file_free_security(file); + security_file_free(file); file_list_lock(); list_del(&file->f_list); list_add(&file->f_list, &free_list); diff -Nru a/fs/proc/base.c b/fs/proc/base.c --- a/fs/proc/base.c Tue Nov 26 14:02:05 2002 +++ b/fs/proc/base.c Tue Nov 26 14:02:05 2002 @@ -30,6 +30,7 @@ #include #include #include +#include /* * For hysterical raisins we keep the same inumbers as in the old procfs. @@ -416,7 +417,7 @@ }; #define MAY_PTRACE(p) \ -(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0)) +(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0)) static int mem_open(struct inode* inode, struct file* file) diff -Nru a/include/linux/sched.h b/include/linux/sched.h --- a/include/linux/sched.h Tue Nov 26 14:02:05 2002 +++ b/include/linux/sched.h Tue Nov 26 14:02:05 2002 @@ -538,9 +538,11 @@ : on_sig_stack(sp) ? SS_ONSTACK : 0); } -/* capable prototype and code moved to security.[hc] */ -#include -#if 0 + +#ifdef CONFIG_SECURITY +/* code is in security.c */ +extern int capable(int cap); +#else static inline int capable(int cap) { if (cap_raised(current->cap_effective, cap)) { @@ -549,7 +551,7 @@ } return 0; } -#endif /* if 0 */ +#endif /* * Routines for handling mm_structs diff -Nru a/init/do_mounts.c b/init/do_mounts.c --- a/init/do_mounts.c Tue Nov 26 14:02:05 2002 +++ b/init/do_mounts.c Tue Nov 26 14:02:05 2002 @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -888,7 +889,7 @@ sys_umount("/dev", 0); sys_mount(".", "/", NULL, MS_MOVE, NULL); sys_chroot("."); - security_ops->sb_post_mountroot(); + security_sb_post_mountroot(); mount_devfs_fs (); } diff -Nru a/kernel/exit.c b/kernel/exit.c --- a/kernel/exit.c Tue Nov 26 14:02:05 2002 +++ b/kernel/exit.c Tue Nov 26 14:02:05 2002 @@ -68,7 +68,7 @@ wait_task_inactive(p); atomic_dec(&p->user->processes); - security_ops->task_free_security(p); + security_task_free(p); free_uid(p->user); write_lock_irq(&tasklist_lock); if (unlikely(p->ptrace)) @@ -249,7 +249,7 @@ /* cpus_allowed? */ /* rt_priority? */ /* signals? */ - security_ops->task_reparent_to_init(current); + security_task_reparent_to_init(current); memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim))); current->user = INIT_USER; @@ -787,7 +787,7 @@ if (current->tgid != p->tgid && delay_group_leader(p)) return 2; - if (security_ops->task_wait(p)) + if (security_task_wait(p)) return 0; return 1; diff -Nru a/kernel/fork.c b/kernel/fork.c --- a/kernel/fork.c Tue Nov 26 14:02:05 2002 +++ b/kernel/fork.c Tue Nov 26 14:02:05 2002 @@ -717,8 +717,7 @@ if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD)) return ERR_PTR(-EINVAL); - retval = security_ops->task_create(clone_flags); - if (retval) + if ((retval = security_task_create(clone_flags))) goto fork_out; retval = -ENOMEM; @@ -802,7 +801,7 @@ p->core_waiter = 0; retval = -ENOMEM; - if (security_ops->task_alloc_security(p)) + if (security_task_alloc(p)) goto bad_fork_cleanup; /* copy all the process information */ if (copy_semundo(clone_flags, p)) @@ -955,7 +954,7 @@ bad_fork_cleanup_semundo: exit_semundo(p); bad_fork_cleanup_security: - security_ops->task_free_security(p); + security_task_free(p); bad_fork_cleanup: if (p->pid > 0) free_pidmap(p->pid); diff -Nru a/kernel/sched.c b/kernel/sched.c --- a/kernel/sched.c Tue Nov 26 14:02:05 2002 +++ b/kernel/sched.c Tue Nov 26 14:02:05 2002 @@ -1348,8 +1348,7 @@ if (nice > 19) nice = 19; - retval = security_ops->task_setnice(current, nice); - if (retval) + if ((retval = security_task_setnice(current, nice))) return retval; set_user_nice(current, nice); @@ -1470,8 +1469,7 @@ !capable(CAP_SYS_NICE)) goto out_unlock; - retval = security_ops->task_setscheduler(p, policy, &lp); - if (retval) + if ((retval = security_task_setscheduler(p, policy, &lp))) goto out_unlock; array = p->array; @@ -1534,8 +1532,7 @@ read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (p) { - retval = security_ops->task_getscheduler(p); - if (!retval) + if (!(retval = security_task_getscheduler(p))) retval = p->policy; } read_unlock(&tasklist_lock); @@ -1564,8 +1561,7 @@ if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; lp.sched_priority = p->rt_priority; @@ -1824,8 +1820,7 @@ if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; jiffies_to_timespec(p->policy & SCHED_FIFO ? diff -Nru a/kernel/sys.c b/kernel/sys.c --- a/kernel/sys.c Tue Nov 26 14:02:05 2002 +++ b/kernel/sys.c Tue Nov 26 14:02:05 2002 @@ -485,8 +485,7 @@ int new_egid = old_egid; int retval; - retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE))) return retval; if (rgid != (gid_t) -1) { @@ -531,8 +530,7 @@ int old_egid = current->egid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID))) return retval; if (capable(CAP_SETGID)) @@ -605,8 +603,7 @@ int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; - retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE))) return retval; new_ruid = old_ruid = current->uid; @@ -644,7 +641,7 @@ current->suid = current->euid; current->fsuid = current->euid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); } @@ -666,8 +663,7 @@ int old_ruid, old_suid, new_ruid, new_suid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID))) return retval; old_ruid = new_ruid = current->uid; @@ -689,7 +685,7 @@ current->fsuid = current->euid = uid; current->suid = new_suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); } @@ -704,8 +700,7 @@ int old_suid = current->suid; int retval; - retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETUID)) { @@ -735,7 +730,7 @@ if (suid != (uid_t) -1) current->suid = suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); } asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid) @@ -756,8 +751,7 @@ { int retval; - retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETGID)) { @@ -810,8 +804,7 @@ int old_fsuid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; old_fsuid = current->fsuid; @@ -827,8 +820,7 @@ current->fsuid = uid; } - retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; return old_fsuid; @@ -842,8 +834,7 @@ int old_fsgid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))) return retval; old_fsgid = current->fsgid; @@ -968,8 +959,7 @@ retval = -ESRCH; if (p) { - retval = security_ops->task_getpgid(p); - if (!retval) + if (!(retval = security_task_getpgid(p))) retval = p->pgrp; } read_unlock(&tasklist_lock); @@ -996,8 +986,7 @@ retval = -ESRCH; if(p) { - retval = security_ops->task_getsid(p); - if (!retval) + if (!(retval = security_task_getsid(p))) retval = p->session; } read_unlock(&tasklist_lock); @@ -1078,8 +1067,7 @@ return -EINVAL; if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t))) return -EFAULT; - retval = security_ops->task_setgroups(gidsetsize, groups); - if (retval) + if ((retval = security_task_setgroups(gidsetsize, groups))) return retval; memcpy(current->groups, groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; @@ -1242,8 +1230,7 @@ return -EPERM; } - retval = security_ops->task_setrlimit(resource, &new_rlim); - if (retval) + if ((retval = security_task_setrlimit(resource, &new_rlim))) return retval; *old_rlim = new_rlim; @@ -1317,8 +1304,7 @@ int error = 0; int sig; - error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5); - if (error) + if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5))) return error; switch (option) {