summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2022-12-13 12:28:51 +0100
committerChristian Brauner (Microsoft) <brauner@kernel.org>2022-12-13 12:28:51 +0100
commit2c05bf3aa0741f4f3c72432db7801371dbbcf289 (patch)
tree006299bcc8cec080b3db815b3176c47615af7596 /security/integrity
parentMerge tag 'nfsd-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux (diff)
downloadlinux-2c05bf3aa0741f4f3c72432db7801371dbbcf289.tar.xz
linux-2c05bf3aa0741f4f3c72432db7801371dbbcf289.zip
mnt_idmapping: move ima-only helpers to ima
The vfs{g,u}id_{gt,lt}_* helpers are currently not needed outside of ima and we shouldn't incentivize people to use them by placing them into the header. Let's just define them locally in the one file in ima where they are used. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_policy.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 54c475f98ce1..edd95ba02c11 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -71,6 +71,30 @@ struct ima_rule_opt_list {
char *items[];
};
+/*
+ * These comparators are needed nowhere outside of ima so just define them here.
+ * This pattern should hopefully never be needed outside of ima.
+ */
+static inline bool vfsuid_gt_kuid(vfsuid_t vfsuid, kuid_t kuid)
+{
+ return __vfsuid_val(vfsuid) > __kuid_val(kuid);
+}
+
+static inline bool vfsgid_gt_kgid(vfsgid_t vfsgid, kgid_t kgid)
+{
+ return __vfsgid_val(vfsgid) > __kgid_val(kgid);
+}
+
+static inline bool vfsuid_lt_kuid(vfsuid_t vfsuid, kuid_t kuid)
+{
+ return __vfsuid_val(vfsuid) < __kuid_val(kuid);
+}
+
+static inline bool vfsgid_lt_kgid(vfsgid_t vfsgid, kgid_t kgid)
+{
+ return __vfsgid_val(vfsgid) < __kgid_val(kgid);
+}
+
struct ima_rule_entry {
struct list_head list;
int action;