summaryrefslogtreecommitdiff
path: root/security/commoncap.c
diff options
context:
space:
mode:
authorXu Kuohai <xukuohai@huawei.com>2024-07-24 10:06:58 +0800
committerPaul Moore <paul@paul-moore.com>2024-07-31 14:46:51 -0400
commitbe72a57527fde6c80061c5f9d0e28762eb817b03 (patch)
treeabefde6ce06f167ce75f8f3802fc227934cdb9c8 /security/commoncap.c
parent61a1dcdceb44d79e5ab511295791b88ea178c045 (diff)
lsm: Refactor return value of LSM hook vm_enough_memory
To be consistent with most LSM hooks, convert the return value of hook vm_enough_memory to 0 or a negative error code. Before: - Hook vm_enough_memory returns 1 if permission is granted, 0 if not. - LSM_RET_DEFAULT(vm_enough_memory_mm) is 1. After: - Hook vm_enough_memory reutrns 0 if permission is granted, negative error code if not. - LSM_RET_DEFAULT(vm_enough_memory_mm) is 0. Signed-off-by: Xu Kuohai <xukuohai@huawei.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/commoncap.c')
-rw-r--r--security/commoncap.c11
1 files changed, 3 insertions, 8 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 162d96b3a676..cefad323a0b1 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1396,17 +1396,12 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
* Determine whether the allocation of a new virtual mapping by the current
* task is permitted.
*
- * Return: 1 if permission is granted, 0 if not.
+ * Return: 0 if permission granted, negative error code if not.
*/
int cap_vm_enough_memory(struct mm_struct *mm, long pages)
{
- int cap_sys_admin = 0;
-
- if (cap_capable(current_cred(), &init_user_ns,
- CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) == 0)
- cap_sys_admin = 1;
-
- return cap_sys_admin;
+ return cap_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
+ CAP_OPT_NOAUDIT);
}
/**