security: remove unused parameter from security_task_setscheduler()
All security modules shouldn't change sched_param parameter of security_task_setscheduler(). This is not only meaningless, but also make a harmful result if caller pass a static variable. This patch remove policy and sched_param parameter from security_task_setscheduler() becuase none of security module is using it. Cc: James Morris <jmorris@namei.org> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
KOSAKI Motohiro
James Morris
parent
9b3056cca0
commit
b0ae198113
|
|
@ -103,7 +103,7 @@ asmlinkage long mipsmt_sys_sched_setaffinity(pid_t pid, unsigned int len,
|
||||||
if (!check_same_owner(p) && !capable(CAP_SYS_NICE))
|
if (!check_same_owner(p) && !capable(CAP_SYS_NICE))
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
|
|
||||||
retval = security_task_setscheduler(p, 0, NULL);
|
retval = security_task_setscheduler(p)
|
||||||
if (retval)
|
if (retval)
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -74,7 +74,7 @@ extern int cap_file_mmap(struct file *file, unsigned long reqprot,
|
||||||
extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
|
extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
|
||||||
extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
|
extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||||
unsigned long arg4, unsigned long arg5);
|
unsigned long arg4, unsigned long arg5);
|
||||||
extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
|
extern int cap_task_setscheduler(struct task_struct *p);
|
||||||
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
|
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
|
||||||
extern int cap_task_setnice(struct task_struct *p, int nice);
|
extern int cap_task_setnice(struct task_struct *p, int nice);
|
||||||
extern int cap_syslog(int type, bool from_file);
|
extern int cap_syslog(int type, bool from_file);
|
||||||
|
|
@ -1501,8 +1501,7 @@ struct security_operations {
|
||||||
int (*task_getioprio) (struct task_struct *p);
|
int (*task_getioprio) (struct task_struct *p);
|
||||||
int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
|
int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
|
||||||
struct rlimit *new_rlim);
|
struct rlimit *new_rlim);
|
||||||
int (*task_setscheduler) (struct task_struct *p, int policy,
|
int (*task_setscheduler) (struct task_struct *p);
|
||||||
struct sched_param *lp);
|
|
||||||
int (*task_getscheduler) (struct task_struct *p);
|
int (*task_getscheduler) (struct task_struct *p);
|
||||||
int (*task_movememory) (struct task_struct *p);
|
int (*task_movememory) (struct task_struct *p);
|
||||||
int (*task_kill) (struct task_struct *p,
|
int (*task_kill) (struct task_struct *p,
|
||||||
|
|
@ -1752,8 +1751,7 @@ int security_task_setioprio(struct task_struct *p, int ioprio);
|
||||||
int security_task_getioprio(struct task_struct *p);
|
int security_task_getioprio(struct task_struct *p);
|
||||||
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
|
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
|
||||||
struct rlimit *new_rlim);
|
struct rlimit *new_rlim);
|
||||||
int security_task_setscheduler(struct task_struct *p,
|
int security_task_setscheduler(struct task_struct *p);
|
||||||
int policy, struct sched_param *lp);
|
|
||||||
int security_task_getscheduler(struct task_struct *p);
|
int security_task_getscheduler(struct task_struct *p);
|
||||||
int security_task_movememory(struct task_struct *p);
|
int security_task_movememory(struct task_struct *p);
|
||||||
int security_task_kill(struct task_struct *p, struct siginfo *info,
|
int security_task_kill(struct task_struct *p, struct siginfo *info,
|
||||||
|
|
@ -2320,11 +2318,9 @@ static inline int security_task_setrlimit(struct task_struct *p,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_task_setscheduler(struct task_struct *p,
|
static inline int security_task_setscheduler(struct task_struct *p)
|
||||||
int policy,
|
|
||||||
struct sched_param *lp)
|
|
||||||
{
|
{
|
||||||
return cap_task_setscheduler(p, policy, lp);
|
return cap_task_setscheduler(p);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_task_getscheduler(struct task_struct *p)
|
static inline int security_task_getscheduler(struct task_struct *p)
|
||||||
|
|
|
||||||
|
|
@ -1397,7 +1397,7 @@ static int cpuset_can_attach(struct cgroup_subsys *ss, struct cgroup *cont,
|
||||||
if (tsk->flags & PF_THREAD_BOUND)
|
if (tsk->flags & PF_THREAD_BOUND)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
ret = security_task_setscheduler(tsk, 0, NULL);
|
ret = security_task_setscheduler(tsk);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
if (threadgroup) {
|
if (threadgroup) {
|
||||||
|
|
@ -1405,7 +1405,7 @@ static int cpuset_can_attach(struct cgroup_subsys *ss, struct cgroup *cont,
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
list_for_each_entry_rcu(c, &tsk->thread_group, thread_group) {
|
list_for_each_entry_rcu(c, &tsk->thread_group, thread_group) {
|
||||||
ret = security_task_setscheduler(c, 0, NULL);
|
ret = security_task_setscheduler(c);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
return ret;
|
return ret;
|
||||||
|
|
|
||||||
|
|
@ -4645,7 +4645,7 @@ recheck:
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user) {
|
if (user) {
|
||||||
retval = security_task_setscheduler(p, policy, param);
|
retval = security_task_setscheduler(p);
|
||||||
if (retval)
|
if (retval)
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
@ -4887,7 +4887,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
|
||||||
if (!check_same_owner(p) && !capable(CAP_SYS_NICE))
|
if (!check_same_owner(p) && !capable(CAP_SYS_NICE))
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
|
|
||||||
retval = security_task_setscheduler(p, 0, NULL);
|
retval = security_task_setscheduler(p);
|
||||||
if (retval)
|
if (retval)
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -719,14 +719,11 @@ static int cap_safe_nice(struct task_struct *p)
|
||||||
/**
|
/**
|
||||||
* cap_task_setscheduler - Detemine if scheduler policy change is permitted
|
* cap_task_setscheduler - Detemine if scheduler policy change is permitted
|
||||||
* @p: The task to affect
|
* @p: The task to affect
|
||||||
* @policy: The policy to effect
|
|
||||||
* @lp: The parameters to the scheduling policy
|
|
||||||
*
|
*
|
||||||
* Detemine if the requested scheduler policy change is permitted for the
|
* Detemine if the requested scheduler policy change is permitted for the
|
||||||
* specified task, returning 0 if permission is granted, -ve if denied.
|
* specified task, returning 0 if permission is granted, -ve if denied.
|
||||||
*/
|
*/
|
||||||
int cap_task_setscheduler(struct task_struct *p, int policy,
|
int cap_task_setscheduler(struct task_struct *p)
|
||||||
struct sched_param *lp)
|
|
||||||
{
|
{
|
||||||
return cap_safe_nice(p);
|
return cap_safe_nice(p);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -778,10 +778,9 @@ int security_task_setrlimit(struct task_struct *p, unsigned int resource,
|
||||||
return security_ops->task_setrlimit(p, resource, new_rlim);
|
return security_ops->task_setrlimit(p, resource, new_rlim);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_task_setscheduler(struct task_struct *p,
|
int security_task_setscheduler(struct task_struct *p)
|
||||||
int policy, struct sched_param *lp)
|
|
||||||
{
|
{
|
||||||
return security_ops->task_setscheduler(p, policy, lp);
|
return security_ops->task_setscheduler(p);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_task_getscheduler(struct task_struct *p)
|
int security_task_getscheduler(struct task_struct *p)
|
||||||
|
|
|
||||||
|
|
@ -3354,11 +3354,11 @@ static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
|
static int selinux_task_setscheduler(struct task_struct *p)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = cap_task_setscheduler(p, policy, lp);
|
rc = cap_task_setscheduler(p);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1281,12 +1281,11 @@ static int smack_task_getioprio(struct task_struct *p)
|
||||||
*
|
*
|
||||||
* Return 0 if read access is permitted
|
* Return 0 if read access is permitted
|
||||||
*/
|
*/
|
||||||
static int smack_task_setscheduler(struct task_struct *p, int policy,
|
static int smack_task_setscheduler(struct task_struct *p)
|
||||||
struct sched_param *lp)
|
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = cap_task_setscheduler(p, policy, lp);
|
rc = cap_task_setscheduler(p);
|
||||||
if (rc == 0)
|
if (rc == 0)
|
||||||
rc = smk_curacc_on_task(p, MAY_WRITE);
|
rc = smk_curacc_on_task(p, MAY_WRITE);
|
||||||
return rc;
|
return rc;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue