capabilities: remove all _real_ interfaces

The name security_real_capable and security_real_capable_noaudit just don't make much sense to me. Convert them to use security_capable and security_capable_noaudit. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
2024-12-29 14:21:47 +00:00 · 2012-01-03 12:25:15 -05:00 · 2012-01-03 12:25:15 -05:00 · 2920a8409d
commit 2920a8409d
parent c7eba4a975
3 changed files with 15 additions and 52 deletions
--- a/include/linux/security.h
+++ b/include/linux/security.h
@ -1670,10 +1670,6 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
 			int cap);
 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
 			     int cap);
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
 			int cap);
 int security_real_capable_noaudit(struct task_struct *tsk,
 			struct user_namespace *ns, int cap);
 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
@ -1876,27 +1872,6 @@ static inline int security_capable_noaudit(const struct cred *cred,
 	return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
 }
 static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
 {
 	int ret;
 	rcu_read_lock();
 	ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);
 	rcu_read_unlock();
 	return ret;
 }
 static inline
 int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)
 {
 	int ret;
 	rcu_read_lock();
 	ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_NOAUDIT);
 	rcu_read_unlock();
 	return ret;
 }
 static inline int security_quotactl(int cmds, int type, int id,
 				     struct super_block *sb)
 {
--- a/kernel/capability.c
+++ b/kernel/capability.c
@ -298,7 +298,11 @@ error:
 */
 bool has_capability(struct task_struct *t, int cap)
 {
-	int ret = security_real_capable(t, &init_user_ns, cap);
+	int ret;
 	rcu_read_lock();
 	ret = security_capable(__task_cred(t), &init_user_ns, cap);
 	rcu_read_unlock();
 	return (ret == 0);
 }
@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap)
 bool has_ns_capability(struct task_struct *t,
 		       struct user_namespace *ns, int cap)
 {
-	int ret = security_real_capable(t, ns, cap);
+	int ret;
 	rcu_read_lock();
 	ret = security_capable(__task_cred(t), ns, cap);
 	rcu_read_unlock();
 	return (ret == 0);
 }
@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t,
 */
 bool has_capability_noaudit(struct task_struct *t, int cap)
 {
-	int ret = security_real_capable_noaudit(t, &init_user_ns, cap);
+	int ret;
 	rcu_read_lock();
 	ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap);
 	rcu_read_unlock();
 	return (ret == 0);
 }
--- a/security/security.c
+++ b/security/security.c
@ -166,30 +166,6 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
 	return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
 }
 int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
 			  int cap)
 {
 	const struct cred *cred;
 	int ret;
 	cred = get_task_cred(tsk);
 	ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 	put_cred(cred);
 	return ret;
 }
 int security_real_capable_noaudit(struct task_struct *tsk,
 				  struct user_namespace *ns, int cap)
 {
 	const struct cred *cred;
 	int ret;
 	cred = get_task_cred(tsk);
 	ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
 	put_cred(cred);
 	return ret;
 }
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
 {
 	return security_ops->quotactl(cmds, type, id, sb);