diff options
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack.h | 2 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 53 | ||||
-rw-r--r-- | security/smack/smackfs.c | 2 |
3 files changed, 11 insertions, 46 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 262dad8..b8c1a86 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -276,8 +276,6 @@ extern struct mutex smack_known_lock; extern struct list_head smack_known_list; extern struct list_head smk_netlbladdr_list; -extern struct security_operations smack_ops; - #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4313bf4..5eae42c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -436,17 +436,11 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, */ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) { - int rc; struct smack_known *skp; - rc = cap_ptrace_access_check(ctp, mode); - if (rc != 0) - return rc; - skp = smk_of_task_struct(ctp); - rc = smk_ptrace_rule_check(current, skp, mode, __func__); - return rc; + return smk_ptrace_rule_check(current, skp, mode, __func__); } /** @@ -462,10 +456,6 @@ static int smack_ptrace_traceme(struct task_struct *ptp) int rc; struct smack_known *skp; - rc = cap_ptrace_traceme(ptp); - if (rc != 0) - return rc; - skp = smk_of_task(current_security()); rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); @@ -721,10 +711,6 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) struct inode_smack *isp; int rc; - rc = cap_bprm_set_creds(bprm); - if (rc != 0) - return rc; - if (bprm->cred_prepared) return 0; @@ -779,12 +765,11 @@ static void smack_bprm_committing_creds(struct linux_binprm *bprm) static int smack_bprm_secureexec(struct linux_binprm *bprm) { struct task_smack *tsp = current_security(); - int ret = cap_bprm_secureexec(bprm); - if (!ret && (tsp->smk_task != tsp->smk_forked)) - ret = 1; + if (tsp->smk_task != tsp->smk_forked) + return 1; - return ret; + return 0; } /* @@ -1934,12 +1919,7 @@ static void smack_task_getsecid(struct task_struct *p, u32 *secid) */ static int smack_task_setnice(struct task_struct *p, int nice) { - int rc; - - rc = cap_task_setnice(p, nice); - if (rc == 0) - rc = smk_curacc_on_task(p, MAY_WRITE, __func__); - return rc; + return smk_curacc_on_task(p, MAY_WRITE, __func__); } /** @@ -1951,12 +1931,7 @@ static int smack_task_setnice(struct task_struct *p, int nice) */ static int smack_task_setioprio(struct task_struct *p, int ioprio) { - int rc; - - rc = cap_task_setioprio(p, ioprio); - if (rc == 0) - rc = smk_curacc_on_task(p, MAY_WRITE, __func__); - return rc; + return smk_curacc_on_task(p, MAY_WRITE, __func__); } /** @@ -1980,12 +1955,7 @@ static int smack_task_getioprio(struct task_struct *p) */ static int smack_task_setscheduler(struct task_struct *p) { - int rc; - - rc = cap_task_setscheduler(p); - if (rc == 0) - rc = smk_curacc_on_task(p, MAY_WRITE, __func__); - return rc; + return smk_curacc_on_task(p, MAY_WRITE, __func__); } /** @@ -4266,9 +4236,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } -struct security_operations smack_ops = { - LSM_HOOK_INIT(name, "smack"), - +struct security_hook_list smack_hooks[] = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), LSM_HOOK_INIT(syslog, smack_syslog), @@ -4451,7 +4419,7 @@ static __init int smack_init(void) struct cred *cred; struct task_smack *tsp; - if (!security_module_enable(&smack_ops)) + if (!security_module_enable("smack")) return 0; smack_enabled = 1; @@ -4481,8 +4449,7 @@ static __init int smack_init(void) /* * Register with LSM */ - if (register_security(&smack_ops)) - panic("smack: Unable to register with kernel.\n"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks)); return 0; } diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index d968298..4aa12c8 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2547,7 +2547,7 @@ static int __init init_smk_fs(void) int err; int rc; - if (!security_module_enable(&smack_ops)) + if (!security_module_enable("smack")) return 0; err = smk_init_sysfs(); |