]>
Commit | Line | Data |
---|---|---|
8f69975d BS |
1 | From: Tony Jones <tonyj@suse.de> |
2 | Subject: Pass struct vfsmount to the inode_listxattr LSM hook | |
3 | ||
4 | This is needed for computing pathnames in the AppArmor LSM. | |
5 | ||
6 | Signed-off-by: Tony Jones <tonyj@suse.de> | |
7 | Signed-off-by: Andreas Gruenbacher <agruen@suse.de> | |
8 | Signed-off-by: John Johansen <jjohansen@suse.de> | |
9 | ||
10 | --- | |
11 | fs/xattr.c | 2 +- | |
12 | include/linux/security.h | 9 +++++---- | |
13 | security/capability.c | 2 +- | |
14 | security/security.c | 4 ++-- | |
15 | security/selinux/hooks.c | 2 +- | |
16 | 5 files changed, 10 insertions(+), 9 deletions(-) | |
17 | ||
18 | --- a/fs/xattr.c | |
19 | +++ b/fs/xattr.c | |
20 | @@ -174,7 +174,7 @@ vfs_listxattr(struct dentry *dentry, str | |
21 | struct inode *inode = dentry->d_inode; | |
22 | ssize_t error; | |
23 | ||
24 | - error = security_inode_listxattr(dentry); | |
25 | + error = security_inode_listxattr(dentry, mnt); | |
26 | if (error) | |
27 | return error; | |
28 | error = -EOPNOTSUPP; | |
29 | --- a/include/linux/security.h | |
30 | +++ b/include/linux/security.h | |
31 | @@ -450,7 +450,7 @@ static inline void security_free_mnt_opt | |
32 | * Return 0 if permission is granted. | |
33 | * @inode_listxattr: | |
34 | * Check permission before obtaining the list of extended attribute | |
35 | - * names for @dentry. | |
36 | + * names for @dentry and @mnt. | |
37 | * Return 0 if permission is granted. | |
38 | * @inode_removexattr: | |
39 | * Check permission before removing the extended attribute | |
40 | @@ -1402,7 +1402,7 @@ struct security_operations { | |
41 | size_t size, int flags); | |
42 | int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt, | |
43 | const char *name); | |
44 | - int (*inode_listxattr) (struct dentry *dentry); | |
45 | + int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt); | |
46 | int (*inode_removexattr) (struct dentry *dentry, const char *name); | |
47 | int (*inode_need_killpriv) (struct dentry *dentry); | |
48 | int (*inode_killpriv) (struct dentry *dentry); | |
49 | @@ -1679,7 +1679,7 @@ void security_inode_post_setxattr(struct | |
50 | size_t size, int flags); | |
51 | int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, | |
52 | const char *name); | |
53 | -int security_inode_listxattr(struct dentry *dentry); | |
54 | +int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt); | |
55 | int security_inode_removexattr(struct dentry *dentry, const char *name); | |
56 | int security_inode_need_killpriv(struct dentry *dentry); | |
57 | int security_inode_killpriv(struct dentry *dentry); | |
58 | @@ -2121,7 +2121,8 @@ static inline int security_inode_getxatt | |
59 | return 0; | |
60 | } | |
61 | ||
62 | -static inline int security_inode_listxattr(struct dentry *dentry) | |
63 | +static inline int security_inode_listxattr(struct dentry *dentry, | |
64 | + struct vfsmount *mnt) | |
65 | { | |
66 | return 0; | |
67 | } | |
68 | --- a/security/capability.c | |
69 | +++ b/security/capability.c | |
70 | @@ -247,7 +247,7 @@ static int cap_inode_getxattr(struct den | |
71 | return 0; | |
72 | } | |
73 | ||
74 | -static int cap_inode_listxattr(struct dentry *dentry) | |
75 | +static int cap_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt) | |
76 | { | |
77 | return 0; | |
78 | } | |
79 | --- a/security/security.c | |
80 | +++ b/security/security.c | |
81 | @@ -499,11 +499,11 @@ int security_inode_getxattr(struct dentr | |
82 | return security_ops->inode_getxattr(dentry, mnt, name); | |
83 | } | |
84 | ||
85 | -int security_inode_listxattr(struct dentry *dentry) | |
86 | +int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt) | |
87 | { | |
88 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | |
89 | return 0; | |
90 | - return security_ops->inode_listxattr(dentry); | |
91 | + return security_ops->inode_listxattr(dentry, mnt); | |
92 | } | |
93 | ||
94 | int security_inode_removexattr(struct dentry *dentry, const char *name) | |
95 | --- a/security/selinux/hooks.c | |
96 | +++ b/security/selinux/hooks.c | |
97 | @@ -2802,7 +2802,7 @@ static int selinux_inode_getxattr(struct | |
98 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | |
99 | } | |
100 | ||
101 | -static int selinux_inode_listxattr(struct dentry *dentry) | |
102 | +static int selinux_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt) | |
103 | { | |
104 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | |
105 | } |