Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9e48858f authored by Ingo Molnar's avatar Ingo Molnar Committed by James Morris
Browse files

security: rename ptrace_may_access => ptrace_access_check 



The ->ptrace_may_access() methods are named confusingly - the real
ptrace_may_access() returns a bool, while these security checks have
a retval convention.

Rename it to ptrace_access_check, to reduce the confusion factor.

[ Impact: cleanup, no code changed ]

Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 86abcf9c

include/linux/security.h

+7 −7
Original line number Diff line number Diff line
@@ -52,7 +52,7 @@ struct audit_krule; 
extern int cap_capable(struct task_struct *tsk, const struct cred *cred,

		       int cap, int audit);

extern int cap_settime(struct timespec *ts, struct timezone *tz);

extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);

extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);

extern int cap_ptrace_traceme(struct task_struct *parent);

extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);

extern int cap_capset(struct cred *new, const struct cred *old,
@@ -1209,7 +1209,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 
 *	@alter contains the flag indicating whether changes are to be made.

 *	Return 0 if permission is granted.

 *

 * @ptrace_may_access:

 * @ptrace_access_check:

 *	Check permission before allowing the current process to trace the

 *	@child process.

 *	Security modules may also want to perform a process tracing check
@@ -1224,7 +1224,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 
 *	Check that the @parent process has sufficient permission to trace the

 *	current process before allowing the current process to present itself

 *	to the @parent process for tracing.

 *	The parent process will still have to undergo the ptrace_may_access

 *	The parent process will still have to undergo the ptrace_access_check

 *	checks before it is allowed to trace this one.

 *	@parent contains the task_struct structure for debugger process.

 *	Return 0 if permission is granted.
@@ -1336,7 +1336,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 
struct security_operations {

	char name[SECURITY_NAME_MAX + 1];



	int (*ptrace_may_access) (struct task_struct *child, unsigned int mode);

	int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);

	int (*ptrace_traceme) (struct task_struct *parent);

	int (*capget) (struct task_struct *target,

		       kernel_cap_t *effective,
@@ -1617,7 +1617,7 @@ extern int security_module_enable(struct security_operations *ops); 
extern int register_security(struct security_operations *ops);



/* Security operations */

int security_ptrace_may_access(struct task_struct *child, unsigned int mode);

int security_ptrace_access_check(struct task_struct *child, unsigned int mode);

int security_ptrace_traceme(struct task_struct *parent);

int security_capget(struct task_struct *target,

		    kernel_cap_t *effective,
@@ -1798,10 +1798,10 @@ static inline int security_init(void) 
	return 0;

}



static inline int security_ptrace_may_access(struct task_struct *child,

static inline int security_ptrace_access_check(struct task_struct *child,

					     unsigned int mode)

{

	return cap_ptrace_may_access(child, mode);

	return cap_ptrace_access_check(child, mode);

}



static inline int security_ptrace_traceme(struct task_struct *parent)

kernel/ptrace.c

+1 −1
Original line number Diff line number Diff line
@@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) 
	if (!dumpable && !capable(CAP_SYS_PTRACE))

		return -EPERM;



	return security_ptrace_may_access(task, mode);

	return security_ptrace_access_check(task, mode);

}



bool ptrace_may_access(struct task_struct *task, unsigned int mode)

security/capability.c

+1 −1
Original line number Diff line number Diff line
@@ -863,7 +863,7 @@ struct security_operations default_security_ops = { 


void security_fixup_ops(struct security_operations *ops)

{

	set_to_cap_if_null(ops, ptrace_may_access);

	set_to_cap_if_null(ops, ptrace_access_check);

	set_to_cap_if_null(ops, ptrace_traceme);

	set_to_cap_if_null(ops, capget);

	set_to_cap_if_null(ops, capset);

security/commoncap.c

+2 −2
Original line number Diff line number Diff line
@@ -101,7 +101,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz) 
}



/**

 * cap_ptrace_may_access - Determine whether the current process may access

 * cap_ptrace_access_check - Determine whether the current process may access

 *			   another

 * @child: The process to be accessed

 * @mode: The mode of attachment.
@@ -109,7 +109,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz) 
 * Determine whether a process may access another, returning 0 if permission

 * granted, -ve if denied.

 */

int cap_ptrace_may_access(struct task_struct *child, unsigned int mode)

int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)

{

	int ret = 0;

security/security.c

+2 −2
Original line number Diff line number Diff line
@@ -124,9 +124,9 @@ int register_security(struct security_operations *ops) 


/* Security operations */



int security_ptrace_may_access(struct task_struct *child, unsigned int mode)

int security_ptrace_access_check(struct task_struct *child, unsigned int mode)

{

	return security_ops->ptrace_may_access(child, mode);

	return security_ops->ptrace_access_check(child, mode);

}



int security_ptrace_traceme(struct task_struct *parent)