]>
Commit | Line | Data |
---|---|---|
6a930a95 BS |
1 | From: Tony Jones <tonyj@suse.de> |
2 | Subject: Pass struct vfsmount to the inode_setattr LSM hook | |
3 | ||
4 | This is needed for computing pathnames in the AppArmor LSM. | |
5 | ||
6 | Signed-off-by: Tony Jones <tonyj@suse.de> | |
7 | Signed-off-by: Andreas Gruenbacher <agruen@suse.de> | |
8 | Signed-off-by: John Johansen <jjohansen@suse.de> | |
9 | ||
10 | --- | |
11 | fs/attr.c | 4 ++-- | |
12 | fs/fat/file.c | 2 +- | |
13 | include/linux/security.h | 10 +++++++--- | |
14 | security/capability.c | 3 ++- | |
15 | security/security.c | 5 +++-- | |
16 | security/selinux/hooks.c | 5 +++-- | |
17 | security/smack/smack_lsm.c | 3 ++- | |
18 | 7 files changed, 20 insertions(+), 12 deletions(-) | |
19 | ||
20 | --- a/fs/attr.c | |
21 | +++ b/fs/attr.c | |
22 | @@ -164,13 +164,13 @@ int notify_change(struct dentry *dentry, | |
23 | down_write(&dentry->d_inode->i_alloc_sem); | |
24 | ||
25 | if (inode->i_op && inode->i_op->setattr) { | |
26 | - error = security_inode_setattr(dentry, attr); | |
27 | + error = security_inode_setattr(dentry, mnt, attr); | |
28 | if (!error) | |
29 | error = inode->i_op->setattr(dentry, attr); | |
30 | } else { | |
31 | error = inode_change_ok(inode, attr); | |
32 | if (!error) | |
33 | - error = security_inode_setattr(dentry, attr); | |
34 | + error = security_inode_setattr(dentry, mnt, attr); | |
35 | if (!error) { | |
36 | if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || | |
37 | (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) | |
38 | --- a/fs/fat/file.c | |
39 | +++ b/fs/fat/file.c | |
40 | @@ -98,7 +98,7 @@ int fat_generic_ioctl(struct inode *inod | |
41 | * out the RO attribute for checking by the security | |
42 | * module, just because it maps to a file mode. | |
43 | */ | |
44 | - err = security_inode_setattr(filp->f_path.dentry, &ia); | |
45 | + err = security_inode_setattr(filp->f_path.dentry, filp->f_path.mnt, &ia); | |
46 | if (err) | |
47 | goto up; | |
48 | ||
49 | --- a/include/linux/security.h | |
50 | +++ b/include/linux/security.h | |
51 | @@ -412,6 +412,7 @@ static inline void security_free_mnt_opt | |
52 | * file attributes change (such as when a file is truncated, chown/chmod | |
53 | * operations, transferring disk quotas, etc). | |
54 | * @dentry contains the dentry structure for the file. | |
55 | + * @mnt is the vfsmount corresponding to @dentry (may be NULL). | |
56 | * @attr is the iattr structure containing the new file attributes. | |
57 | * Return 0 if permission is granted. | |
58 | * @inode_getattr: | |
59 | @@ -1371,7 +1372,8 @@ struct security_operations { | |
60 | int (*inode_readlink) (struct dentry *dentry); | |
61 | int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); | |
62 | int (*inode_permission) (struct inode *inode, int mask); | |
63 | - int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); | |
64 | + int (*inode_setattr) (struct dentry *dentry, struct vfsmount *, | |
65 | + struct iattr *attr); | |
66 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); | |
67 | void (*inode_delete) (struct inode *inode); | |
68 | int (*inode_setxattr) (struct dentry *dentry, const char *name, | |
69 | @@ -1638,7 +1640,8 @@ int security_inode_rename(struct inode * | |
70 | int security_inode_readlink(struct dentry *dentry); | |
71 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | |
72 | int security_inode_permission(struct inode *inode, int mask); | |
73 | -int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | |
74 | +int security_inode_setattr(struct dentry *dentry, struct vfsmount *mnt, | |
75 | + struct iattr *attr); | |
76 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | |
77 | void security_inode_delete(struct inode *inode); | |
78 | int security_inode_setxattr(struct dentry *dentry, const char *name, | |
79 | @@ -2041,7 +2044,8 @@ static inline int security_inode_permiss | |
80 | } | |
81 | ||
82 | static inline int security_inode_setattr(struct dentry *dentry, | |
83 | - struct iattr *attr) | |
84 | + struct vfsmount *mnt, | |
85 | + struct iattr *attr) | |
86 | { | |
87 | return 0; | |
88 | } | |
89 | --- a/security/capability.c | |
90 | +++ b/security/capability.c | |
91 | @@ -216,7 +216,8 @@ static int cap_inode_permission(struct i | |
92 | return 0; | |
93 | } | |
94 | ||
95 | -static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |
96 | +static int cap_inode_setattr(struct dentry *dentry, struct vfsmount *mnt, | |
97 | + struct iattr *iattr) | |
98 | { | |
99 | return 0; | |
100 | } | |
101 | --- a/security/security.c | |
102 | +++ b/security/security.c | |
103 | @@ -438,11 +438,12 @@ int security_inode_permission(struct ino | |
104 | return security_ops->inode_permission(inode, mask); | |
105 | } | |
106 | ||
107 | -int security_inode_setattr(struct dentry *dentry, struct iattr *attr) | |
108 | +int security_inode_setattr(struct dentry *dentry, struct vfsmount *mnt, | |
109 | + struct iattr *attr) | |
110 | { | |
111 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | |
112 | return 0; | |
113 | - return security_ops->inode_setattr(dentry, attr); | |
114 | + return security_ops->inode_setattr(dentry, mnt, attr); | |
115 | } | |
116 | EXPORT_SYMBOL_GPL(security_inode_setattr); | |
117 | ||
118 | --- a/security/selinux/hooks.c | |
119 | +++ b/security/selinux/hooks.c | |
120 | @@ -2656,11 +2656,12 @@ static int selinux_inode_permission(stru | |
121 | open_file_mask_to_av(inode->i_mode, mask), NULL); | |
122 | } | |
123 | ||
124 | -static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |
125 | +static int selinux_inode_setattr(struct dentry *dentry, struct vfsmount *mnt, | |
126 | + struct iattr *iattr) | |
127 | { | |
128 | int rc; | |
129 | ||
130 | - rc = secondary_ops->inode_setattr(dentry, iattr); | |
131 | + rc = secondary_ops->inode_setattr(dentry, mnt, iattr); | |
132 | if (rc) | |
133 | return rc; | |
134 | ||
135 | --- a/security/smack/smack_lsm.c | |
136 | +++ b/security/smack/smack_lsm.c | |
137 | @@ -559,7 +559,8 @@ static int smack_inode_permission(struct | |
138 | * | |
139 | * Returns 0 if access is permitted, an error code otherwise | |
140 | */ | |
141 | -static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |
142 | +static int smack_inode_setattr(struct dentry *dentry, struct vfsmount *mnt, | |
143 | + struct iattr *iattr) | |
144 | { | |
145 | /* | |
146 | * Need to allow for clearing the setuid bit. |