xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

capabilities: introduce security_capable_noaudit

Browse Source 
Exactly like security_capable except don't audit any denials.  This is for
places where the kernel may make decisions about what to do if a task has a
given capability, but which failing that capability is not a sign of a
security policy violation.  An example is checking if a task has
CAP_SYS_ADMIN to lower it's likelyhood of being killed by the oom killer.
This check is not a security violation if it is denied.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
This commit is contained in:
Eric Paris
2012-01-03 12:25:15 -05:00
parent b7e724d303
commit c7eba4a975
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
security/security.c
View File

@@ -160,6 +160,12 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
}
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int cap)
{
return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
}
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
int cap)
{