aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/commoncap.c32
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/smack/smack_lsm.c2
4 files changed, 26 insertions, 12 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 032daab449b..8430d8937af 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -497,7 +497,7 @@ static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
int rc = 0;
/* do DAC check */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
diff --git a/security/commoncap.c b/security/commoncap.c
index e771cb1b2d7..ebac3618896 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
}
/*
- * cap_file_mmap - check if able to map given addr
- * @file: unused
- * @reqprot: unused
- * @prot: unused
- * @flags: unused
+ * cap_mmap_addr - check if able to map given addr
* @addr: address attempting to be mapped
- * @addr_only: unused
*
* If the process is attempting to map memory below dac_mmap_min_addr they need
* CAP_SYS_RAWIO. The other parameters to this function are unused by the
* capability security module. Returns 0 if this mapping should be allowed
* -EPERM if not.
*/
-int cap_file_mmap(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags,
- unsigned long addr, unsigned long addr_only)
+int cap_mmap_addr(unsigned long addr)
{
int ret = 0;
@@ -986,3 +979,24 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
}
return ret;
}
+
+/*
+ * cap_file_mmap - check if able to map given addr
+ * @file: unused
+ * @reqprot: unused
+ * @prot: unused
+ * @flags: unused
+ * @addr: address attempting to be mapped
+ * @addr_only: unused
+ *
+ * If the process is attempting to map memory below dac_mmap_min_addr they need
+ * CAP_SYS_RAWIO. The other parameters to this function are unused by the
+ * capability security module. Returns 0 if this mapping should be allowed
+ * -EPERM if not.
+ */
+int cap_file_mmap(struct file *file, unsigned long reqprot,
+ unsigned long prot, unsigned long flags,
+ unsigned long addr, unsigned long addr_only)
+{
+ return cap_mmap_addr(addr);
+}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index fa2341b6833..25c125eaa3d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3104,7 +3104,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
}
/* do DAC check on address space usage */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d583c054580..a6219771876 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1199,7 +1199,7 @@ static int smack_file_mmap(struct file *file,
int rc;
/* do DAC check on address space usage */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ rc = cap_mmap_addr(addr);
if (rc || addr_only)
return rc;