]>
Commit | Line | Data |
---|---|---|
8f69975d BS |
1 | From: Tony Jones <tonyj@suse.de> |
2 | Subject: Pass struct vfsmount to the inode_unlink LSM hook | |
3 | ||
4 | This is needed for computing pathnames in the AppArmor LSM. | |
5 | ||
6 | Signed-off-by: Tony Jones <tonyj@suse.de> | |
7 | Signed-off-by: Andreas Gruenbacher <agruen@suse.de> | |
8 | Signed-off-by: John Johansen <jjohansen@suse.de> | |
9 | ||
10 | --- | |
11 | fs/namei.c | 2 +- | |
12 | include/linux/security.h | 10 +++++++--- | |
13 | security/capability.c | 3 ++- | |
14 | security/security.c | 5 +++-- | |
15 | security/selinux/hooks.c | 5 +++-- | |
16 | security/smack/smack_lsm.c | 4 +++- | |
17 | 6 files changed, 19 insertions(+), 10 deletions(-) | |
18 | ||
19 | --- a/fs/namei.c | |
20 | +++ b/fs/namei.c | |
21 | @@ -2264,7 +2264,7 @@ int vfs_unlink(struct inode *dir, struct | |
22 | if (d_mountpoint(dentry)) | |
23 | error = -EBUSY; | |
24 | else { | |
25 | - error = security_inode_unlink(dir, dentry); | |
26 | + error = security_inode_unlink(dir, dentry, mnt); | |
27 | if (!error) | |
28 | error = dir->i_op->unlink(dir, dentry); | |
29 | } | |
30 | --- a/include/linux/security.h | |
31 | +++ b/include/linux/security.h | |
32 | @@ -352,6 +352,7 @@ static inline void security_free_mnt_opt | |
33 | * Check the permission to remove a hard link to a file. | |
34 | * @dir contains the inode structure of parent directory of the file. | |
35 | * @dentry contains the dentry structure for file to be unlinked. | |
36 | + * @mnt is the vfsmount corresponding to @dentry (may be NULL). | |
37 | * Return 0 if permission is granted. | |
38 | * @inode_symlink: | |
39 | * Check the permission to create a symbolic link to a file. | |
40 | @@ -1368,7 +1369,8 @@ struct security_operations { | |
41 | int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt, | |
42 | struct inode *dir, struct dentry *new_dentry, | |
43 | struct vfsmount *new_mnt); | |
44 | - int (*inode_unlink) (struct inode *dir, struct dentry *dentry); | |
45 | + int (*inode_unlink) (struct inode *dir, struct dentry *dentry, | |
46 | + struct vfsmount *mnt); | |
47 | int (*inode_symlink) (struct inode *dir, struct dentry *dentry, | |
48 | struct vfsmount *mnt, const char *old_name); | |
49 | int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, | |
50 | @@ -1640,7 +1642,8 @@ int security_inode_create(struct inode * | |
51 | int security_inode_link(struct dentry *old_dentry, struct vfsmount *old_mnt, | |
52 | struct inode *dir, struct dentry *new_dentry, | |
53 | struct vfsmount *new_mnt); | |
54 | -int security_inode_unlink(struct inode *dir, struct dentry *dentry); | |
55 | +int security_inode_unlink(struct inode *dir, struct dentry *dentry, | |
56 | + struct vfsmount *mnt); | |
57 | int security_inode_symlink(struct inode *dir, struct dentry *dentry, | |
58 | struct vfsmount *mnt, const char *old_name); | |
59 | int security_inode_mkdir(struct inode *dir, struct dentry *dentry, | |
60 | @@ -2003,7 +2006,8 @@ static inline int security_inode_link(st | |
61 | } | |
62 | ||
63 | static inline int security_inode_unlink(struct inode *dir, | |
64 | - struct dentry *dentry) | |
65 | + struct dentry *dentry, | |
66 | + struct vfsmount *mnt) | |
67 | { | |
68 | return 0; | |
69 | } | |
70 | --- a/security/capability.c | |
71 | +++ b/security/capability.c | |
72 | @@ -167,7 +167,8 @@ static int cap_inode_link(struct dentry | |
73 | return 0; | |
74 | } | |
75 | ||
76 | -static int cap_inode_unlink(struct inode *inode, struct dentry *dentry) | |
77 | +static int cap_inode_unlink(struct inode *inode, struct dentry *dentry, | |
78 | + struct vfsmount *mnt) | |
79 | { | |
80 | return 0; | |
81 | } | |
82 | --- a/security/security.c | |
83 | +++ b/security/security.c | |
84 | @@ -376,11 +376,12 @@ int security_inode_link(struct dentry *o | |
85 | new_dentry, new_mnt); | |
86 | } | |
87 | ||
88 | -int security_inode_unlink(struct inode *dir, struct dentry *dentry) | |
89 | +int security_inode_unlink(struct inode *dir, struct dentry *dentry, | |
90 | + struct vfsmount *mnt) | |
91 | { | |
92 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | |
93 | return 0; | |
94 | - return security_ops->inode_unlink(dir, dentry); | |
95 | + return security_ops->inode_unlink(dir, dentry, mnt); | |
96 | } | |
97 | ||
98 | int security_inode_symlink(struct inode *dir, struct dentry *dentry, | |
99 | --- a/security/selinux/hooks.c | |
100 | +++ b/security/selinux/hooks.c | |
101 | @@ -2587,11 +2587,12 @@ static int selinux_inode_link(struct den | |
102 | return may_link(dir, old_dentry, MAY_LINK); | |
103 | } | |
104 | ||
105 | -static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) | |
106 | +static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry, | |
107 | + struct vfsmount *mnt) | |
108 | { | |
109 | int rc; | |
110 | ||
111 | - rc = secondary_ops->inode_unlink(dir, dentry); | |
112 | + rc = secondary_ops->inode_unlink(dir, dentry, mnt); | |
113 | if (rc) | |
114 | return rc; | |
115 | return may_link(dir, dentry, MAY_UNLINK); | |
116 | --- a/security/smack/smack_lsm.c | |
117 | +++ b/security/smack/smack_lsm.c | |
118 | @@ -454,11 +454,13 @@ static int smack_inode_link(struct dentr | |
119 | * smack_inode_unlink - Smack check on inode deletion | |
120 | * @dir: containing directory object | |
121 | * @dentry: file to unlink | |
122 | + * @mnt: vfsmount of file to unlink | |
123 | * | |
124 | * Returns 0 if current can write the containing directory | |
125 | * and the object, error code otherwise | |
126 | */ | |
127 | -static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) | |
128 | +static int smack_inode_unlink(struct inode *dir, struct dentry *dentry, | |
129 | + struct vfsmount *mnt) | |
130 | { | |
131 | struct inode *ip = dentry->d_inode; | |
132 | int rc; |