Linaro Git Browser
Code Review Sign In
review.linaro.org / kernel / linux-linaro-stable.git / e5467859f7f79b69fc49004403009dfdba3bec53^! / . / security / apparmor / lsm.c
commite5467859f7f79b69fc49004403009dfdba3bec53[log] [tgz]
authorAl Viro <viro@zeniv.linux.org.uk>Wed May 30 13:30:51 2012 -0400
committerAl Viro <viro@zeniv.linux.org.uk>Thu May 31 13:11:54 2012 -0400
tree73b011daf79eeddd61bbcaf65cd197b5e5f6f149
parentd007794a182bc072a7b7479909dbd0d67ba341be [diff] [blame]
split ->file_mmap() into ->mmap_addr()/->mmap_file()

... i.e. file-dependent and address-dependent checks.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8430d89..8ea39aa 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c

@@ -490,17 +490,9 @@
 	return common_file_perm(op, file, mask);
 }
 
-static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
-			      unsigned long prot, unsigned long flags,
-			      unsigned long addr, unsigned long addr_only)
+static int apparmor_mmap_file(struct file *file, unsigned long reqprot,
+			      unsigned long prot, unsigned long flags)
 {
-	int rc = 0;
-
-	/* do DAC check */
-	rc = cap_mmap_addr(addr);
-	if (rc || addr_only)
-		return rc;
-
 	return common_mmap(OP_FMMAP, file, prot, flags);
 }
 
@@ -646,7 +638,8 @@
 	.file_permission =		apparmor_file_permission,
 	.file_alloc_security =		apparmor_file_alloc_security,
 	.file_free_security =		apparmor_file_free_security,
-	.file_mmap =			apparmor_file_mmap,
+	.mmap_file =			apparmor_mmap_file,
+	.mmap_addr =			cap_mmap_addr,
 	.file_mprotect =		apparmor_file_mprotect,
 	.file_lock =			apparmor_file_lock,