]>
Commit | Line | Data |
---|---|---|
8f69975d BS |
1 | From: Tony Jones <tonyj@suse.de> |
2 | Subject: Pass struct vfsmount to the inode_getxattr LSM hook | |
3 | ||
4 | This is needed for computing pathnames in the AppArmor LSM. | |
5 | ||
6 | Signed-off-by: Tony Jones <tonyj@suse.de> | |
7 | Signed-off-by: Andreas Gruenbacher <agruen@suse.de> | |
8 | Signed-off-by: John Johansen <jjohansen@suse.de> | |
9 | ||
10 | --- | |
11 | fs/xattr.c | 2 +- | |
12 | include/linux/security.h | 11 +++++++---- | |
13 | security/capability.c | 3 ++- | |
14 | security/security.c | 5 +++-- | |
15 | security/selinux/hooks.c | 3 ++- | |
16 | security/smack/smack_lsm.c | 4 +++- | |
17 | 6 files changed, 18 insertions(+), 10 deletions(-) | |
18 | ||
19 | --- a/fs/xattr.c | |
20 | +++ b/fs/xattr.c | |
21 | @@ -141,7 +141,7 @@ vfs_getxattr(struct dentry *dentry, stru | |
22 | if (error) | |
23 | return error; | |
24 | ||
25 | - error = security_inode_getxattr(dentry, name); | |
26 | + error = security_inode_getxattr(dentry, mnt, name); | |
27 | if (error) | |
28 | return error; | |
29 | ||
30 | --- a/include/linux/security.h | |
31 | +++ b/include/linux/security.h | |
32 | @@ -446,7 +446,7 @@ static inline void security_free_mnt_opt | |
33 | * @value identified by @name for @dentry and @mnt. | |
34 | * @inode_getxattr: | |
35 | * Check permission before obtaining the extended attributes | |
36 | - * identified by @name for @dentry. | |
37 | + * identified by @name for @dentry and @mnt. | |
38 | * Return 0 if permission is granted. | |
39 | * @inode_listxattr: | |
40 | * Check permission before obtaining the list of extended attribute | |
41 | @@ -1400,7 +1400,8 @@ struct security_operations { | |
42 | struct vfsmount *mnt, | |
43 | const char *name, const void *value, | |
44 | size_t size, int flags); | |
45 | - int (*inode_getxattr) (struct dentry *dentry, const char *name); | |
46 | + int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt, | |
47 | + const char *name); | |
48 | int (*inode_listxattr) (struct dentry *dentry); | |
49 | int (*inode_removexattr) (struct dentry *dentry, const char *name); | |
50 | int (*inode_need_killpriv) (struct dentry *dentry); | |
51 | @@ -1676,7 +1677,8 @@ int security_inode_setxattr(struct dentr | |
52 | void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt, | |
53 | const char *name, const void *value, | |
54 | size_t size, int flags); | |
55 | -int security_inode_getxattr(struct dentry *dentry, const char *name); | |
56 | +int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, | |
57 | + const char *name); | |
58 | int security_inode_listxattr(struct dentry *dentry); | |
59 | int security_inode_removexattr(struct dentry *dentry, const char *name); | |
60 | int security_inode_need_killpriv(struct dentry *dentry); | |
61 | @@ -2113,7 +2115,8 @@ static inline void security_inode_post_s | |
62 | { } | |
63 | ||
64 | static inline int security_inode_getxattr(struct dentry *dentry, | |
65 | - const char *name) | |
66 | + struct vfsmount *mnt, | |
67 | + const char *name) | |
68 | { | |
69 | return 0; | |
70 | } | |
71 | --- a/security/capability.c | |
72 | +++ b/security/capability.c | |
73 | @@ -241,7 +241,8 @@ static void cap_inode_post_setxattr(stru | |
74 | { | |
75 | } | |
76 | ||
77 | -static int cap_inode_getxattr(struct dentry *dentry, const char *name) | |
78 | +static int cap_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, | |
79 | + const char *name) | |
80 | { | |
81 | return 0; | |
82 | } | |
83 | --- a/security/security.c | |
84 | +++ b/security/security.c | |
85 | @@ -491,11 +491,12 @@ void security_inode_post_setxattr(struct | |
86 | flags); | |
87 | } | |
88 | ||
89 | -int security_inode_getxattr(struct dentry *dentry, const char *name) | |
90 | +int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, | |
91 | + const char *name) | |
92 | { | |
93 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | |
94 | return 0; | |
95 | - return security_ops->inode_getxattr(dentry, name); | |
96 | + return security_ops->inode_getxattr(dentry, mnt, name); | |
97 | } | |
98 | ||
99 | int security_inode_listxattr(struct dentry *dentry) | |
100 | --- a/security/selinux/hooks.c | |
101 | +++ b/security/selinux/hooks.c | |
102 | @@ -2796,7 +2796,8 @@ static void selinux_inode_post_setxattr( | |
103 | return; | |
104 | } | |
105 | ||
106 | -static int selinux_inode_getxattr(struct dentry *dentry, const char *name) | |
107 | +static int selinux_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, | |
108 | + const char *name) | |
109 | { | |
110 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | |
111 | } | |
112 | --- a/security/smack/smack_lsm.c | |
113 | +++ b/security/smack/smack_lsm.c | |
114 | @@ -673,11 +673,13 @@ static void smack_inode_post_setxattr(st | |
115 | /* | |
116 | * smack_inode_getxattr - Smack check on getxattr | |
117 | * @dentry: the object | |
118 | + * @mnt: unused | |
119 | * @name: unused | |
120 | * | |
121 | * Returns 0 if access is permitted, an error code otherwise | |
122 | */ | |
123 | -static int smack_inode_getxattr(struct dentry *dentry, const char *name) | |
124 | +static int smack_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, | |
125 | + const char *name) | |
126 | { | |
127 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); | |
128 | } |