* These functions are in security/capability.c and are used
* as the default capabilities functions
*/
-extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
- struct user_namespace *ns, int cap, int audit);
+extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
+ int cap, int audit);
extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent);
* @capable:
* Check whether the @tsk process has the @cap capability in the indicated
* credentials.
- * @tsk contains the task_struct for the process.
* @cred contains the credentials to use.
* @ns contains the user namespace we want the capability in
* @cap contains the capability <include/linux/capability.h>.
const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
- int (*capable) (struct task_struct *tsk, const struct cred *cred,
- struct user_namespace *ns, int cap, int audit);
+ int (*capable) (const struct cred *cred, struct user_namespace *ns,
+ int cap, int audit);
int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
int (*quota_on) (struct dentry *dentry);
int (*syslog) (int type);
const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
int cap);
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
- int cap);
-int security_real_capable_noaudit(struct task_struct *tsk,
- struct user_namespace *ns, int cap);
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+ int cap);
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
return cap_capset(new, old, effective, inheritable, permitted);
}
-static inline int security_capable(struct user_namespace *ns,
- const struct cred *cred, int cap)
+static inline int security_capable(const struct cred *cred,
+ struct user_namespace *ns, int cap)
{
- return cap_capable(current, cred, ns, cap, SECURITY_CAP_AUDIT);
+ return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
}
-static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
-{
- int ret;
-
- rcu_read_lock();
- ret = cap_capable(tsk, __task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);
- rcu_read_unlock();
- return ret;
-}
-
-static inline
-int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)
-{
- int ret;
-
- rcu_read_lock();
- ret = cap_capable(tsk, __task_cred(tsk), ns, cap,
- SECURITY_CAP_NOAUDIT);
- rcu_read_unlock();
- return ret;
+static inline int security_capable_noaudit(const struct cred *cred,
+ struct user_namespace *ns, int cap) {
+ return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
static inline int security_quotactl(int cmds, int type, int id,