diff options
author | Scott Wood <scottwood@freescale.com> | 2014-04-07 23:49:35 (GMT) |
---|---|---|
committer | Scott Wood <scottwood@freescale.com> | 2014-04-07 23:49:35 (GMT) |
commit | 62b8c978ee6b8d135d9e7953221de58000dba986 (patch) | |
tree | 683b04b2e627f6710c22c151b23c8cc9a165315e /security/apparmor/capability.c | |
parent | 78fd82238d0e5716578c326404184a27ba67fd6e (diff) | |
download | linux-fsl-qoriq-62b8c978ee6b8d135d9e7953221de58000dba986.tar.xz |
Rewind v3.13-rc3+ (78fd82238d0e5716) to v3.12
Diffstat (limited to 'security/apparmor/capability.c')
-rw-r--r-- | security/apparmor/capability.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 1101c6f..84d1f5f 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -53,7 +53,8 @@ static void audit_cb(struct audit_buffer *ab, void *va) /** * audit_caps - audit a capability - * @profile: profile being tested for confinement (NOT NULL) + * @profile: profile confining task (NOT NULL) + * @task: task capability test was performed against (NOT NULL) * @cap: capability tested * @error: error code returned by test * @@ -62,7 +63,8 @@ static void audit_cb(struct audit_buffer *ab, void *va) * * Returns: 0 or sa->error on success, error code on failure */ -static int audit_caps(struct aa_profile *profile, int cap, int error) +static int audit_caps(struct aa_profile *profile, struct task_struct *task, + int cap, int error) { struct audit_cache *ent; int type = AUDIT_APPARMOR_AUTO; @@ -71,6 +73,7 @@ static int audit_caps(struct aa_profile *profile, int cap, int error) sa.type = LSM_AUDIT_DATA_CAP; sa.aad = &aad; sa.u.cap = cap; + sa.aad->tsk = task; sa.aad->op = OP_CAPABLE; sa.aad->error = error; @@ -121,7 +124,8 @@ static int profile_capable(struct aa_profile *profile, int cap) /** * aa_capable - test permission to use capability - * @profile: profile being tested against (NOT NULL) + * @task: task doing capability test against (NOT NULL) + * @profile: profile confining @task (NOT NULL) * @cap: capability to be tested * @audit: whether an audit record should be generated * @@ -129,7 +133,8 @@ static int profile_capable(struct aa_profile *profile, int cap) * * Returns: 0 on success, or else an error code. */ -int aa_capable(struct aa_profile *profile, int cap, int audit) +int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, + int audit) { int error = profile_capable(profile, cap); @@ -139,5 +144,5 @@ int aa_capable(struct aa_profile *profile, int cap, int audit) return error; } - return audit_caps(profile, cap, error); + return audit_caps(profile, task, cap, error); } |