capabilities: remove all _real_ interfaces

The name security_real_capable and security_real_capable_noaudit just don't
make much sense to me.  Convert them to use security_capable and
security_capable_noaudit.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>

diff --git a/include/linux/security.h b/include/linux/security.h
index caff54eee68653d95d53c077ba8094563032eeaf..e345a9313a60a98d97f9b818117b040d277e99bc 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1670,10 +1670,6 @@ int security_capable(const struct cred *cred, struct user_namespace *ns,
                        int cap);
 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
                             int cap);
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
-                       int cap);
-int security_real_capable_noaudit(struct task_struct *tsk,
-                       struct user_namespace *ns, int cap);
 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
@@ -1876,27 +1872,6 @@ static inline int security_capable_noaudit(const struct cred *cred,
        return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
 }
 
-static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)
-{
-       int ret;
-
-       rcu_read_lock();
-       ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);
-       rcu_read_unlock();
-       return ret;
-}
-
-static inline
-int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)
-{
-       int ret;
-
-       rcu_read_lock();
-       ret = cap_capable(__task_cred(tsk), ns, cap, SECURITY_CAP_NOAUDIT);
-       rcu_read_unlock();
-       return ret;
-}
-
 static inline int security_quotactl(int cmds, int type, int id,
                                     struct super_block *sb)
 {

diff --git a/kernel/capability.c b/kernel/capability.c
index d98392719adbf82c9ae129f34fb3ee2241b5c87a..ff50ab62cfca1f0b6ab0131400d9f4f840f6ce66 100644 (file)
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -298,7 +298,11 @@ error:
  */
 bool has_capability(struct task_struct *t, int cap)
 {
-       int ret = security_real_capable(t, &init_user_ns, cap);
+       int ret;
+
+       rcu_read_lock();
+       ret = security_capable(__task_cred(t), &init_user_ns, cap);
+       rcu_read_unlock();
 
        return (ret == 0);
 }
@@ -317,7 +321,11 @@ bool has_capability(struct task_struct *t, int cap)
 bool has_ns_capability(struct task_struct *t,
                       struct user_namespace *ns, int cap)
 {
-       int ret = security_real_capable(t, ns, cap);
+       int ret;
+
+       rcu_read_lock();
+       ret = security_capable(__task_cred(t), ns, cap);
+       rcu_read_unlock();
 
        return (ret == 0);
 }
@@ -335,7 +343,11 @@ bool has_ns_capability(struct task_struct *t,
  */
 bool has_capability_noaudit(struct task_struct *t, int cap)
 {
-       int ret = security_real_capable_noaudit(t, &init_user_ns, cap);
+       int ret;
+
+       rcu_read_lock();
+       ret = security_capable_noaudit(__task_cred(t), &init_user_ns, cap);
+       rcu_read_unlock();
 
        return (ret == 0);
 }

diff --git a/security/security.c b/security/security.c
index b7edaae77d1d2b022213c43fabbde56e5cd83add..8900c5c4db5c5a754d61b62fb4b5112d7337edcc 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -166,30 +166,6 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
        return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
 }
 
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
-                         int cap)
-{
-       const struct cred *cred;
-       int ret;
-
-       cred = get_task_cred(tsk);
-       ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
-       put_cred(cred);
-       return ret;
-}
-
-int security_real_capable_noaudit(struct task_struct *tsk,
-                                 struct user_namespace *ns, int cap)
-{
-       const struct cred *cred;
-       int ret;
-
-       cred = get_task_cred(tsk);
-       ret = security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
-       put_cred(cred);
-       return ret;
-}
-
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
 {
        return security_ops->quotactl(cmds, type, id, sb);