lsm: move the binder hook comments to security/security.c

This patch relocates the LSM hook function comments to the function
definitions, in keeping with the current kernel conventions.  This
should make the hook descriptions more easily discoverable and easier
to maintain.

While formatting changes have been done to better fit the kernel-doc
style, content changes have been kept to a minimum and limited to
text which was obviously incorrect and/or outdated.  It is expected
the future patches will improve the quality of the function header
comments.

Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index f6679fead627ccb4d9e79e55b23c65dfb6862043..0a5b3b46fc2bf1fac8752283288069c62b10d6d1 100644 (file)
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -32,28 +32,6 @@
 /**
  * union security_list_options - Linux Security Module hook function list
  *
- * @binder_set_context_mgr:
- *     Check whether @mgr is allowed to be the binder context manager.
- *     @mgr contains the struct cred for the current binder process.
- *     Return 0 if permission is granted.
- * @binder_transaction:
- *     Check whether @from is allowed to invoke a binder transaction call
- *     to @to.
- *     @from contains the struct cred for the sending process.
- *     @to contains the struct cred for the receiving process.
- *     Return 0 if permission is granted.
- * @binder_transfer_binder:
- *     Check whether @from is allowed to transfer a binder reference to @to.
- *     @from contains the struct cred for the sending process.
- *     @to contains the struct cred for the receiving process.
- *     Return 0 if permission is granted.
- * @binder_transfer_file:
- *     Check whether @from is allowed to transfer @file to @to.
- *     @from contains the struct cred for the sending process.
- *     @file contains the struct file being transferred.
- *     @to contains the struct cred for the receiving process.
- *     Return 0 if permission is granted.
- *
  * @ptrace_access_check:
  *     Check permission before allowing the current process to trace the
  *     @child process.

diff --git a/security/security.c b/security/security.c
index 83443984b11a80164d5e7ce1f0e52ecb86e1d7ce..b21154ed152feb2b26878af3a378a82e5b334fb8 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -779,23 +779,59 @@ static int lsm_superblock_alloc(struct super_block *sb)
 
 /* Security operations */
 
+/**
+ * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
+ * @mgr: task credentials of current binder process
+ *
+ * Check whether @mgr is allowed to be the binder context manager.
+ *
+ * Return: Return 0 if permission is granted.
+ */
 int security_binder_set_context_mgr(const struct cred *mgr)
 {
        return call_int_hook(binder_set_context_mgr, 0, mgr);
 }
 
+/**
+ * security_binder_transaction() - Check if a binder transaction is allowed
+ * @from: sending process
+ * @to: receiving process
+ *
+ * Check whether @from is allowed to invoke a binder transaction call to @to.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
 int security_binder_transaction(const struct cred *from,
                                const struct cred *to)
 {
        return call_int_hook(binder_transaction, 0, from, to);
 }
 
+/**
+ * security_binder_transfer_binder() - Check if a binder transfer is allowed
+ * @from: sending process
+ * @to: receiving process
+ *
+ * Check whether @from is allowed to transfer a binder reference to @to.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
 int security_binder_transfer_binder(const struct cred *from,
                                    const struct cred *to)
 {
        return call_int_hook(binder_transfer_binder, 0, from, to);
 }
 
+/**
+ * security_binder_transfer_file() - Check if a binder file xfer is allowed
+ * @from: sending process
+ * @to: receiving process
+ * @file: file being transferred
+ *
+ * Check whether @from is allowed to transfer @file to @to.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
 int security_binder_transfer_file(const struct cred *from,
                                  const struct cred *to, struct file *file)
 {