split cap_mmap_addr() out of cap_file_mmap()

extern int cap_inode_removexattr(struct dentry *dentry, const char *name);

extern int cap_inode_removexattr(struct dentry *dentry, const char *name);

extern int cap_inode_need_killpriv(struct dentry *dentry);

extern int cap_inode_need_killpriv(struct dentry *dentry);

extern int cap_inode_killpriv(struct dentry *dentry);

extern int cap_inode_killpriv(struct dentry *dentry);

extern int cap_mmap_addr(unsigned long addr);

extern int cap_file_mmap(struct file *file, unsigned long reqprot,

extern int cap_file_mmap(struct file *file, unsigned long reqprot,

			 unsigned long prot, unsigned long flags,

			 unsigned long prot, unsigned long flags,

			 unsigned long addr, unsigned long addr_only);

			 unsigned long addr, unsigned long addr_only);

				     unsigned long addr,

				     unsigned long addr,

				     unsigned long addr_only)

				     unsigned long addr_only)

{

{

	return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);

	return cap_mmap_addr(addr);

}

}

static inline int security_file_mprotect(struct vm_area_struct *vma,

static inline int security_file_mprotect(struct vm_area_struct *vma,

	int rc = 0;

	int rc = 0;

	/* do DAC check */

	/* do DAC check */

	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);

	rc = cap_mmap_addr(addr);

	if (rc || addr_only)

	if (rc || addr_only)

		return rc;

		return rc;

}

}

/*

/*

 * cap_file_mmap - check if able to map given addr

 * cap_mmap_addr - check if able to map given addr

 * @file: unused

 * @reqprot: unused

 * @prot: unused

 * @flags: unused

 * @addr: address attempting to be mapped

 * @addr: address attempting to be mapped

 * @addr_only: unused

 *

 *

 * If the process is attempting to map memory below dac_mmap_min_addr they need

 * If the process is attempting to map memory below dac_mmap_min_addr they need

 * CAP_SYS_RAWIO.  The other parameters to this function are unused by the

 * CAP_SYS_RAWIO.  The other parameters to this function are unused by the

 * capability security module.  Returns 0 if this mapping should be allowed

 * capability security module.  Returns 0 if this mapping should be allowed

 * -EPERM if not.

 * -EPERM if not.

 */

 */

int cap_file_mmap(struct file *file, unsigned long reqprot,

int cap_mmap_addr(unsigned long addr)

		  unsigned long prot, unsigned long flags,

		  unsigned long addr, unsigned long addr_only)

{

{

	int ret = 0;

	int ret = 0;

	}

	}

	return ret;

	return ret;

}

}

/*

 * cap_file_mmap - check if able to map given addr

 * @file: unused

 * @reqprot: unused

 * @prot: unused

 * @flags: unused

 * @addr: address attempting to be mapped

 * @addr_only: unused

 *

 * If the process is attempting to map memory below dac_mmap_min_addr they need

 * CAP_SYS_RAWIO.  The other parameters to this function are unused by the

 * capability security module.  Returns 0 if this mapping should be allowed

 * -EPERM if not.

 */

int cap_file_mmap(struct file *file, unsigned long reqprot,

		  unsigned long prot, unsigned long flags,

		  unsigned long addr, unsigned long addr_only)

{

	return cap_mmap_addr(addr);

}

	}

	}

	/* do DAC check on address space usage */

	/* do DAC check on address space usage */

	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);

	rc = cap_mmap_addr(addr);

	if (rc || addr_only)

	if (rc || addr_only)

		return rc;

		return rc;

	int rc;

	int rc;

	/* do DAC check on address space usage */

	/* do DAC check on address space usage */

	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);

	rc = cap_mmap_addr(addr);

	if (rc || addr_only)

	if (rc || addr_only)

		return rc;

		return rc;