linux 2.6.16.38 w/ vs2.0.3-rc1

[linux-2.6.git] / security / security.c

diff --git a/security/security.c b/security/security.c
index ee4e070..c5c5793 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -12,6 +12,7 @@
  */
 
 #include <linux/capability.h>
+#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
@@ -173,8 +174,34 @@ int mod_unreg_security(const char *name, struct security_operations *ops)
        return security_ops->unregister_security(name, ops);
 }
 
+/**
+ * capable - calls the currently loaded security module's capable() function with the specified capability
+ * @cap: the requested capability level.
+ *
+ * This function calls the currently loaded security module's capable()
+ * function with a pointer to the current task and the specified @cap value.
+ *
+ * This allows the security module to implement the capable function call
+ * however it chooses to.
+ */
+int capable(int cap)
+{
+       if (vx_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
+               return 0;
+       if (security_ops->capable(current, cap)) {
+               /* capability denied */
+               return 0;
+       }
+
+       /* capability granted */
+       current->flags |= PF_SUPERPRIV;
+       return 1;
+}
+
+
 EXPORT_SYMBOL_GPL(register_security);
 EXPORT_SYMBOL_GPL(unregister_security);
 EXPORT_SYMBOL_GPL(mod_reg_security);
 EXPORT_SYMBOL_GPL(mod_unreg_security);
+EXPORT_SYMBOL(capable);
 EXPORT_SYMBOL(security_ops);