summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c4
-rw-r--r--security/device_cgroup.c2
-rw-r--r--security/security.c20
-rw-r--r--security/smack/smack_lsm.c8
-rw-r--r--security/yama/yama_lsm.c4
5 files changed, 18 insertions, 20 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index bf8241483..50a1a40f0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1058,14 +1058,14 @@ int cap_mmap_addr(unsigned long addr)
}
return ret;
}
-EXPORT_SYMBOL(cap_mmap_addr);
+EXPORT_SYMBOL_GPL(cap_mmap_addr);
int cap_mmap_file(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags)
{
return 0;
}
-EXPORT_SYMBOL(cap_mmap_file);
+EXPORT_SYMBOL_GPL(cap_mmap_file);
#ifdef CONFIG_SECURITY
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index b00aa761d..f88c84bf1 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -850,7 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
-EXPORT_SYMBOL(__devcgroup_inode_permission);
+EXPORT_SYMBOL_GPL(__devcgroup_inode_permission);
int devcgroup_inode_mknod(int mode, dev_t dev)
{
diff --git a/security/security.c b/security/security.c
index 54488b0f0..bc8514e27 100644
--- a/security/security.c
+++ b/security/security.c
@@ -433,7 +433,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry)
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
-EXPORT_SYMBOL(security_path_rmdir);
+EXPORT_SYMBOL_GPL(security_path_rmdir);
int security_path_unlink(struct path *dir, struct dentry *dentry)
{
@@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
return 0;
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
-EXPORT_SYMBOL(security_path_symlink);
+EXPORT_SYMBOL_GPL(security_path_symlink);
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry)
@@ -459,7 +459,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
return 0;
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
-EXPORT_SYMBOL(security_path_link);
+EXPORT_SYMBOL_GPL(security_path_link);
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir, struct dentry *new_dentry,
@@ -487,7 +487,7 @@ int security_path_truncate(struct path *path)
return 0;
return call_int_hook(path_truncate, 0, path);
}
-EXPORT_SYMBOL(security_path_truncate);
+EXPORT_SYMBOL_GPL(security_path_truncate);
int security_path_chmod(struct path *path, umode_t mode)
{
@@ -495,7 +495,7 @@ int security_path_chmod(struct path *path, umode_t mode)
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
-EXPORT_SYMBOL(security_path_chmod);
+EXPORT_SYMBOL_GPL(security_path_chmod);
int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
{
@@ -503,7 +503,7 @@ int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
-EXPORT_SYMBOL(security_path_chown);
+EXPORT_SYMBOL_GPL(security_path_chown);
int security_path_chroot(struct path *path)
{
@@ -589,7 +589,7 @@ int security_inode_readlink(struct dentry *dentry)
return 0;
return call_int_hook(inode_readlink, 0, dentry);
}
-EXPORT_SYMBOL(security_inode_readlink);
+EXPORT_SYMBOL_GPL(security_inode_readlink);
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
@@ -605,7 +605,7 @@ int security_inode_permission(struct inode *inode, int mask)
return 0;
return call_int_hook(inode_permission, 0, inode, mask);
}
-EXPORT_SYMBOL(security_inode_permission);
+EXPORT_SYMBOL_GPL(security_inode_permission);
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
@@ -744,7 +744,7 @@ int security_file_permission(struct file *file, int mask)
return fsnotify_perm(file, mask);
}
-EXPORT_SYMBOL(security_file_permission);
+EXPORT_SYMBOL_GPL(security_file_permission);
int security_file_alloc(struct file *file)
{
@@ -804,7 +804,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
return ret;
return ima_file_mmap(file, prot);
}
-EXPORT_SYMBOL(security_mmap_file);
+EXPORT_SYMBOL_GPL(security_mmap_file);
int security_mmap_addr(unsigned long addr)
{
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index ff81026f6..7c57c7fcf 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -398,12 +398,10 @@ static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
*/
static inline unsigned int smk_ptrace_mode(unsigned int mode)
{
- switch (mode) {
- case PTRACE_MODE_READ:
- return MAY_READ;
- case PTRACE_MODE_ATTACH:
+ if (mode & PTRACE_MODE_ATTACH)
return MAY_READWRITE;
- }
+ if (mode & PTRACE_MODE_READ)
+ return MAY_READ;
return 0;
}
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index d3c19c970..cb6ed1081 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -281,7 +281,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
int rc = 0;
/* require ptrace target be a child of ptracer on attach */
- if (mode == PTRACE_MODE_ATTACH) {
+ if (mode & PTRACE_MODE_ATTACH) {
switch (ptrace_scope) {
case YAMA_SCOPE_DISABLED:
/* No additional restrictions. */
@@ -307,7 +307,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
}
}
- if (rc) {
+ if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) {
printk_ratelimited(KERN_NOTICE
"ptrace of pid %d was attempted by: %s (pid %d)\n",
child->pid, current->comm, current->pid);