--- /dev/null
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: [PATCH] apparmor: convert apparmor_inode_permission to path
+
+ patches.apparmor/add-security_path_permission added the ->path_permission
+ call. This patch converts apparmor_inode_permission to
+ apparmor_path_permission. The former is now a pass-all, which is how
+ it behaved in 2.6.26 if a NULL nameidata was passed.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+---
+ security/apparmor/lsm.c | 41 +++++++++++++++++++++++++++--------------
+ 1 file changed, 27 insertions(+), 14 deletions(-)
+
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -448,21 +448,9 @@ out:
+ return error;
+ }
+
+-static int apparmor_inode_permission(struct inode *inode, int mask,
+- struct nameidata *nd)
++static int apparmor_inode_permission(struct inode *inode, int mask)
+ {
+- int check = 0;
+-
+- if (!nd || nd->flags & (LOOKUP_PARENT | LOOKUP_CONTINUE))
+- return 0;
+- mask = aa_mask_permissions(mask);
+- if (S_ISDIR(inode->i_mode)) {
+- check |= AA_CHECK_DIR;
+- /* allow traverse accesses to directories */
+- mask &= ~MAY_EXEC;
+- }
+- return aa_permission("inode_permission", inode, nd->dentry, nd->mnt,
+- mask, check);
++ return 0;
+ }
+
+ static int apparmor_inode_setattr(struct dentry *dentry, struct vfsmount *mnt,
+@@ -656,6 +644,29 @@ static int apparmor_file_mprotect(struct
+ !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
+ }
+
++static int apparmor_path_permission(struct path *path, int mask)
++{
++ struct inode *inode;
++ int check = 0;
++
++ if (!path)
++ return 0;
++
++ inode = path->dentry->d_inode;
++
++ mask = aa_mask_permissions(mask);
++ if (S_ISDIR(inode->i_mode)) {
++ check |= AA_CHECK_DIR;
++ /* allow traverse accesses to directories */
++ mask &= ~MAY_EXEC;
++ if (!mask)
++ return 0;
++ }
++
++ return aa_permission("inode_permission", inode, path->dentry,
++ path->mnt, mask, check);
++}
++
+ static int apparmor_task_alloc_security(struct task_struct *task)
+ {
+ return aa_clone(task);
+@@ -800,6 +811,8 @@ struct security_operations apparmor_ops
+ .file_mprotect = apparmor_file_mprotect,
+ .file_lock = apparmor_file_lock,
+
++ .path_permission = apparmor_path_permission,
++
+ .task_alloc_security = apparmor_task_alloc_security,
+ .task_free_security = apparmor_task_free_security,
+ .task_post_setuid = cap_task_post_setuid,