diff options
| -rw-r--r-- | fs/namei.c | 2 | ||||
| -rw-r--r-- | fs/open.c | 6 | ||||
| -rw-r--r-- | include/linux/fs.h | 2 | ||||
| -rw-r--r-- | include/linux/lsm_hooks.h | 28 | ||||
| -rw-r--r-- | include/linux/security.h | 58 | ||||
| -rw-r--r-- | net/unix/af_unix.c | 2 | ||||
| -rw-r--r-- | security/apparmor/file.c | 4 | ||||
| -rw-r--r-- | security/apparmor/include/file.h | 4 | ||||
| -rw-r--r-- | security/apparmor/include/path.h | 2 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 83 | ||||
| -rw-r--r-- | security/apparmor/path.c | 8 | ||||
| -rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima_api.c | 2 | ||||
| -rw-r--r-- | security/security.c | 28 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/common.h | 12 | ||||
| -rw-r--r-- | security/tomoyo/file.c | 10 | ||||
| -rw-r--r-- | security/tomoyo/mount.c | 4 | ||||
| -rw-r--r-- | security/tomoyo/tomoyo.c | 28 |
19 files changed, 132 insertions, 155 deletions
diff --git a/fs/namei.c b/fs/namei.c index 11f3a18d9d2d..9d193d336c9f 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -2837,7 +2837,7 @@ static inline int open_to_namei_flags(int flag) | |||
| 2837 | return flag; | 2837 | return flag; |
| 2838 | } | 2838 | } |
| 2839 | 2839 | ||
| 2840 | static int may_o_create(struct path *dir, struct dentry *dentry, umode_t mode) | 2840 | static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode) |
| 2841 | { | 2841 | { |
| 2842 | int error = security_path_mknod(dir, dentry, mode, 0); | 2842 | int error = security_path_mknod(dir, dentry, mode, 0); |
| 2843 | if (error) | 2843 | if (error) |
| @@ -65,7 +65,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, | |||
| 65 | return ret; | 65 | return ret; |
| 66 | } | 66 | } |
| 67 | 67 | ||
| 68 | long vfs_truncate(struct path *path, loff_t length) | 68 | long vfs_truncate(const struct path *path, loff_t length) |
| 69 | { | 69 | { |
| 70 | struct inode *inode; | 70 | struct inode *inode; |
| 71 | long error; | 71 | long error; |
| @@ -499,7 +499,7 @@ out: | |||
| 499 | return error; | 499 | return error; |
| 500 | } | 500 | } |
| 501 | 501 | ||
| 502 | static int chmod_common(struct path *path, umode_t mode) | 502 | static int chmod_common(const struct path *path, umode_t mode) |
| 503 | { | 503 | { |
| 504 | struct inode *inode = path->dentry->d_inode; | 504 | struct inode *inode = path->dentry->d_inode; |
| 505 | struct inode *delegated_inode = NULL; | 505 | struct inode *delegated_inode = NULL; |
| @@ -564,7 +564,7 @@ SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) | |||
| 564 | return sys_fchmodat(AT_FDCWD, filename, mode); | 564 | return sys_fchmodat(AT_FDCWD, filename, mode); |
| 565 | } | 565 | } |
| 566 | 566 | ||
| 567 | static int chown_common(struct path *path, uid_t user, gid_t group) | 567 | static int chown_common(const struct path *path, uid_t user, gid_t group) |
| 568 | { | 568 | { |
| 569 | struct inode *inode = path->dentry->d_inode; | 569 | struct inode *inode = path->dentry->d_inode; |
| 570 | struct inode *delegated_inode = NULL; | 570 | struct inode *delegated_inode = NULL; |
diff --git a/include/linux/fs.h b/include/linux/fs.h index e87245ac6941..98a18ccf3fc0 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
| @@ -2293,7 +2293,7 @@ struct filename { | |||
| 2293 | const char iname[]; | 2293 | const char iname[]; |
| 2294 | }; | 2294 | }; |
| 2295 | 2295 | ||
| 2296 | extern long vfs_truncate(struct path *, loff_t); | 2296 | extern long vfs_truncate(const struct path *, loff_t); |
| 2297 | extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, | 2297 | extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, |
| 2298 | struct file *filp); | 2298 | struct file *filp); |
| 2299 | extern int vfs_fallocate(struct file *file, int mode, loff_t offset, | 2299 | extern int vfs_fallocate(struct file *file, int mode, loff_t offset, |
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 41ab4662f95c..512fd000562b 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h | |||
| @@ -1344,10 +1344,10 @@ union security_list_options { | |||
| 1344 | int (*sb_kern_mount)(struct super_block *sb, int flags, void *data); | 1344 | int (*sb_kern_mount)(struct super_block *sb, int flags, void *data); |
| 1345 | int (*sb_show_options)(struct seq_file *m, struct super_block *sb); | 1345 | int (*sb_show_options)(struct seq_file *m, struct super_block *sb); |
| 1346 | int (*sb_statfs)(struct dentry *dentry); | 1346 | int (*sb_statfs)(struct dentry *dentry); |
| 1347 | int (*sb_mount)(const char *dev_name, struct path *path, | 1347 | int (*sb_mount)(const char *dev_name, const struct path *path, |
| 1348 | const char *type, unsigned long flags, void *data); | 1348 | const char *type, unsigned long flags, void *data); |
| 1349 | int (*sb_umount)(struct vfsmount *mnt, int flags); | 1349 | int (*sb_umount)(struct vfsmount *mnt, int flags); |
| 1350 | int (*sb_pivotroot)(struct path *old_path, struct path *new_path); | 1350 | int (*sb_pivotroot)(const struct path *old_path, const struct path *new_path); |
| 1351 | int (*sb_set_mnt_opts)(struct super_block *sb, | 1351 | int (*sb_set_mnt_opts)(struct super_block *sb, |
| 1352 | struct security_mnt_opts *opts, | 1352 | struct security_mnt_opts *opts, |
| 1353 | unsigned long kern_flags, | 1353 | unsigned long kern_flags, |
| @@ -1361,23 +1361,23 @@ union security_list_options { | |||
| 1361 | 1361 | ||
| 1362 | 1362 | ||
| 1363 | #ifdef CONFIG_SECURITY_PATH | 1363 | #ifdef CONFIG_SECURITY_PATH |
| 1364 | int (*path_unlink)(struct path *dir, struct dentry *dentry); | 1364 | int (*path_unlink)(const struct path *dir, struct dentry *dentry); |
| 1365 | int (*path_mkdir)(struct path *dir, struct dentry *dentry, | 1365 | int (*path_mkdir)(const struct path *dir, struct dentry *dentry, |
| 1366 | umode_t mode); | 1366 | umode_t mode); |
| 1367 | int (*path_rmdir)(struct path *dir, struct dentry *dentry); | 1367 | int (*path_rmdir)(const struct path *dir, struct dentry *dentry); |
| 1368 | int (*path_mknod)(struct path *dir, struct dentry *dentry, | 1368 | int (*path_mknod)(const struct path *dir, struct dentry *dentry, |
| 1369 | umode_t mode, unsigned int dev); | 1369 | umode_t mode, unsigned int dev); |
| 1370 | int (*path_truncate)(struct path *path); | 1370 | int (*path_truncate)(const struct path *path); |
| 1371 | int (*path_symlink)(struct path *dir, struct dentry *dentry, | 1371 | int (*path_symlink)(const struct path *dir, struct dentry *dentry, |
| 1372 | const char *old_name); | 1372 | const char *old_name); |
| 1373 | int (*path_link)(struct dentry *old_dentry, struct path *new_dir, | 1373 | int (*path_link)(struct dentry *old_dentry, const struct path *new_dir, |
| 1374 | struct dentry *new_dentry); | 1374 | struct dentry *new_dentry); |
| 1375 | int (*path_rename)(struct path *old_dir, struct dentry *old_dentry, | 1375 | int (*path_rename)(const struct path *old_dir, struct dentry *old_dentry, |
| 1376 | struct path *new_dir, | 1376 | const struct path *new_dir, |
| 1377 | struct dentry *new_dentry); | 1377 | struct dentry *new_dentry); |
| 1378 | int (*path_chmod)(struct path *path, umode_t mode); | 1378 | int (*path_chmod)(const struct path *path, umode_t mode); |
| 1379 | int (*path_chown)(struct path *path, kuid_t uid, kgid_t gid); | 1379 | int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid); |
| 1380 | int (*path_chroot)(struct path *path); | 1380 | int (*path_chroot)(const struct path *path); |
| 1381 | #endif | 1381 | #endif |
| 1382 | 1382 | ||
| 1383 | int (*inode_alloc_security)(struct inode *inode); | 1383 | int (*inode_alloc_security)(struct inode *inode); |
diff --git a/include/linux/security.h b/include/linux/security.h index 35ac8d9d4739..14df373ff2ca 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -228,10 +228,10 @@ int security_sb_remount(struct super_block *sb, void *data); | |||
| 228 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data); | 228 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data); |
| 229 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); | 229 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); |
| 230 | int security_sb_statfs(struct dentry *dentry); | 230 | int security_sb_statfs(struct dentry *dentry); |
| 231 | int security_sb_mount(const char *dev_name, struct path *path, | 231 | int security_sb_mount(const char *dev_name, const struct path *path, |
| 232 | const char *type, unsigned long flags, void *data); | 232 | const char *type, unsigned long flags, void *data); |
| 233 | int security_sb_umount(struct vfsmount *mnt, int flags); | 233 | int security_sb_umount(struct vfsmount *mnt, int flags); |
| 234 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); | 234 | int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); |
| 235 | int security_sb_set_mnt_opts(struct super_block *sb, | 235 | int security_sb_set_mnt_opts(struct super_block *sb, |
| 236 | struct security_mnt_opts *opts, | 236 | struct security_mnt_opts *opts, |
| 237 | unsigned long kern_flags, | 237 | unsigned long kern_flags, |
| @@ -544,7 +544,7 @@ static inline int security_sb_statfs(struct dentry *dentry) | |||
| 544 | return 0; | 544 | return 0; |
| 545 | } | 545 | } |
| 546 | 546 | ||
| 547 | static inline int security_sb_mount(const char *dev_name, struct path *path, | 547 | static inline int security_sb_mount(const char *dev_name, const struct path *path, |
| 548 | const char *type, unsigned long flags, | 548 | const char *type, unsigned long flags, |
| 549 | void *data) | 549 | void *data) |
| 550 | { | 550 | { |
| @@ -556,8 +556,8 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) | |||
| 556 | return 0; | 556 | return 0; |
| 557 | } | 557 | } |
| 558 | 558 | ||
| 559 | static inline int security_sb_pivotroot(struct path *old_path, | 559 | static inline int security_sb_pivotroot(const struct path *old_path, |
| 560 | struct path *new_path) | 560 | const struct path *new_path) |
| 561 | { | 561 | { |
| 562 | return 0; | 562 | return 0; |
| 563 | } | 563 | } |
| @@ -1456,83 +1456,83 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi | |||
| 1456 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1456 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
| 1457 | 1457 | ||
| 1458 | #ifdef CONFIG_SECURITY_PATH | 1458 | #ifdef CONFIG_SECURITY_PATH |
| 1459 | int security_path_unlink(struct path *dir, struct dentry *dentry); | 1459 | int security_path_unlink(const struct path *dir, struct dentry *dentry); |
| 1460 | int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode); | 1460 | int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); |
| 1461 | int security_path_rmdir(struct path *dir, struct dentry *dentry); | 1461 | int security_path_rmdir(const struct path *dir, struct dentry *dentry); |
| 1462 | int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, | 1462 | int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, |
| 1463 | unsigned int dev); | 1463 | unsigned int dev); |
| 1464 | int security_path_truncate(struct path *path); | 1464 | int security_path_truncate(const struct path *path); |
| 1465 | int security_path_symlink(struct path *dir, struct dentry *dentry, | 1465 | int security_path_symlink(const struct path *dir, struct dentry *dentry, |
| 1466 | const char *old_name); | 1466 | const char *old_name); |
| 1467 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, | 1467 | int security_path_link(struct dentry *old_dentry, const struct path *new_dir, |
| 1468 | struct dentry *new_dentry); | 1468 | struct dentry *new_dentry); |
| 1469 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 1469 | int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, |
| 1470 | struct path *new_dir, struct dentry *new_dentry, | 1470 | const struct path *new_dir, struct dentry *new_dentry, |
| 1471 | unsigned int flags); | 1471 | unsigned int flags); |
| 1472 | int security_path_chmod(struct path *path, umode_t mode); | 1472 | int security_path_chmod(const struct path *path, umode_t mode); |
| 1473 | int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); | 1473 | int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); |
| 1474 | int security_path_chroot(struct path *path); | 1474 | int security_path_chroot(const struct path *path); |
| 1475 | #else /* CONFIG_SECURITY_PATH */ | 1475 | #else /* CONFIG_SECURITY_PATH */ |
| 1476 | static inline int security_path_unlink(struct path *dir, struct dentry *dentry) | 1476 | static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) |
| 1477 | { | 1477 | { |
| 1478 | return 0; | 1478 | return 0; |
| 1479 | } | 1479 | } |
| 1480 | 1480 | ||
| 1481 | static inline int security_path_mkdir(struct path *dir, struct dentry *dentry, | 1481 | static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, |
| 1482 | umode_t mode) | 1482 | umode_t mode) |
| 1483 | { | 1483 | { |
| 1484 | return 0; | 1484 | return 0; |
| 1485 | } | 1485 | } |
| 1486 | 1486 | ||
| 1487 | static inline int security_path_rmdir(struct path *dir, struct dentry *dentry) | 1487 | static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) |
| 1488 | { | 1488 | { |
| 1489 | return 0; | 1489 | return 0; |
| 1490 | } | 1490 | } |
| 1491 | 1491 | ||
| 1492 | static inline int security_path_mknod(struct path *dir, struct dentry *dentry, | 1492 | static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, |
| 1493 | umode_t mode, unsigned int dev) | 1493 | umode_t mode, unsigned int dev) |
| 1494 | { | 1494 | { |
| 1495 | return 0; | 1495 | return 0; |
| 1496 | } | 1496 | } |
| 1497 | 1497 | ||
| 1498 | static inline int security_path_truncate(struct path *path) | 1498 | static inline int security_path_truncate(const struct path *path) |
| 1499 | { | 1499 | { |
| 1500 | return 0; | 1500 | return 0; |
| 1501 | } | 1501 | } |
| 1502 | 1502 | ||
| 1503 | static inline int security_path_symlink(struct path *dir, struct dentry *dentry, | 1503 | static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, |
| 1504 | const char *old_name) | 1504 | const char *old_name) |
| 1505 | { | 1505 | { |
| 1506 | return 0; | 1506 | return 0; |
| 1507 | } | 1507 | } |
| 1508 | 1508 | ||
| 1509 | static inline int security_path_link(struct dentry *old_dentry, | 1509 | static inline int security_path_link(struct dentry *old_dentry, |
| 1510 | struct path *new_dir, | 1510 | const struct path *new_dir, |
| 1511 | struct dentry *new_dentry) | 1511 | struct dentry *new_dentry) |
| 1512 | { | 1512 | { |
| 1513 | return 0; | 1513 | return 0; |
| 1514 | } | 1514 | } |
| 1515 | 1515 | ||
| 1516 | static inline int security_path_rename(struct path *old_dir, | 1516 | static inline int security_path_rename(const struct path *old_dir, |
| 1517 | struct dentry *old_dentry, | 1517 | struct dentry *old_dentry, |
| 1518 | struct path *new_dir, | 1518 | const struct path *new_dir, |
| 1519 | struct dentry *new_dentry, | 1519 | struct dentry *new_dentry, |
| 1520 | unsigned int flags) | 1520 | unsigned int flags) |
| 1521 | { | 1521 | { |
| 1522 | return 0; | 1522 | return 0; |
| 1523 | } | 1523 | } |
| 1524 | 1524 | ||
| 1525 | static inline int security_path_chmod(struct path *path, umode_t mode) | 1525 | static inline int security_path_chmod(const struct path *path, umode_t mode) |
| 1526 | { | 1526 | { |
| 1527 | return 0; | 1527 | return 0; |
| 1528 | } | 1528 | } |
| 1529 | 1529 | ||
| 1530 | static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) | 1530 | static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
| 1531 | { | 1531 | { |
| 1532 | return 0; | 1532 | return 0; |
| 1533 | } | 1533 | } |
| 1534 | 1534 | ||
| 1535 | static inline int security_path_chroot(struct path *path) | 1535 | static inline int security_path_chroot(const struct path *path) |
| 1536 | { | 1536 | { |
| 1537 | return 0; | 1537 | return 0; |
| 1538 | } | 1538 | } |
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 8269da73e9e5..80aa6a3e6817 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
| @@ -953,7 +953,7 @@ fail: | |||
| 953 | return NULL; | 953 | return NULL; |
| 954 | } | 954 | } |
| 955 | 955 | ||
| 956 | static int unix_mknod(struct dentry *dentry, struct path *path, umode_t mode, | 956 | static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mode, |
| 957 | struct path *res) | 957 | struct path *res) |
| 958 | { | 958 | { |
| 959 | int err; | 959 | int err; |
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 913f377a038a..d186674f973a 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c | |||
| @@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry) | |||
| 275 | * | 275 | * |
| 276 | * Returns: %0 else error if access denied or other error | 276 | * Returns: %0 else error if access denied or other error |
| 277 | */ | 277 | */ |
| 278 | int aa_path_perm(int op, struct aa_profile *profile, struct path *path, | 278 | int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, |
| 279 | int flags, u32 request, struct path_cond *cond) | 279 | int flags, u32 request, struct path_cond *cond) |
| 280 | { | 280 | { |
| 281 | char *buffer = NULL; | 281 | char *buffer = NULL; |
| @@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target) | |||
| 346 | * Returns: %0 if allowed else error | 346 | * Returns: %0 if allowed else error |
| 347 | */ | 347 | */ |
| 348 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | 348 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, |
| 349 | struct path *new_dir, struct dentry *new_dentry) | 349 | const struct path *new_dir, struct dentry *new_dentry) |
| 350 | { | 350 | { |
| 351 | struct path link = { new_dir->mnt, new_dentry }; | 351 | struct path link = { new_dir->mnt, new_dentry }; |
| 352 | struct path target = { new_dir->mnt, old_dentry }; | 352 | struct path target = { new_dir->mnt, old_dentry }; |
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 2c922b86bd44..4803c97d1992 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h | |||
| @@ -171,11 +171,11 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, | |||
| 171 | const char *name, struct path_cond *cond, | 171 | const char *name, struct path_cond *cond, |
| 172 | struct file_perms *perms); | 172 | struct file_perms *perms); |
| 173 | 173 | ||
| 174 | int aa_path_perm(int op, struct aa_profile *profile, struct path *path, | 174 | int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, |
| 175 | int flags, u32 request, struct path_cond *cond); | 175 | int flags, u32 request, struct path_cond *cond); |
| 176 | 176 | ||
| 177 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | 177 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, |
| 178 | struct path *new_dir, struct dentry *new_dentry); | 178 | const struct path *new_dir, struct dentry *new_dentry); |
| 179 | 179 | ||
| 180 | int aa_file_perm(int op, struct aa_profile *profile, struct file *file, | 180 | int aa_file_perm(int op, struct aa_profile *profile, struct file *file, |
| 181 | u32 request); | 181 | u32 request); |
diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h index 286ac75dc88b..73560f258784 100644 --- a/security/apparmor/include/path.h +++ b/security/apparmor/include/path.h | |||
| @@ -26,7 +26,7 @@ enum path_flags { | |||
| 26 | PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */ | 26 | PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */ |
| 27 | }; | 27 | }; |
| 28 | 28 | ||
| 29 | int aa_path_name(struct path *path, int flags, char **buffer, | 29 | int aa_path_name(const struct path *path, int flags, char **buffer, |
| 30 | const char **name, const char **info); | 30 | const char **name, const char **info); |
| 31 | 31 | ||
| 32 | #endif /* __AA_PATH_H */ | 32 | #endif /* __AA_PATH_H */ |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17b64..2660fbcf94d1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, | |||
| 149 | * | 149 | * |
| 150 | * Returns: %0 else error code if error or permission denied | 150 | * Returns: %0 else error code if error or permission denied |
| 151 | */ | 151 | */ |
| 152 | static int common_perm(int op, struct path *path, u32 mask, | 152 | static int common_perm(int op, const struct path *path, u32 mask, |
| 153 | struct path_cond *cond) | 153 | struct path_cond *cond) |
| 154 | { | 154 | { |
| 155 | struct aa_profile *profile; | 155 | struct aa_profile *profile; |
| @@ -172,7 +172,7 @@ static int common_perm(int op, struct path *path, u32 mask, | |||
| 172 | * | 172 | * |
| 173 | * Returns: %0 else error code if error or permission denied | 173 | * Returns: %0 else error code if error or permission denied |
| 174 | */ | 174 | */ |
| 175 | static int common_perm_dir_dentry(int op, struct path *dir, | 175 | static int common_perm_dir_dentry(int op, const struct path *dir, |
| 176 | struct dentry *dentry, u32 mask, | 176 | struct dentry *dentry, u32 mask, |
| 177 | struct path_cond *cond) | 177 | struct path_cond *cond) |
| 178 | { | 178 | { |
| @@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir, | |||
| 182 | } | 182 | } |
| 183 | 183 | ||
| 184 | /** | 184 | /** |
| 185 | * common_perm_mnt_dentry - common permission wrapper when mnt, dentry | 185 | * common_perm_path - common permission wrapper when mnt, dentry |
| 186 | * @op: operation being checked | 186 | * @op: operation being checked |
| 187 | * @mnt: mount point of dentry (NOT NULL) | 187 | * @path: location to check (NOT NULL) |
| 188 | * @dentry: dentry to check (NOT NULL) | ||
| 189 | * @mask: requested permissions mask | 188 | * @mask: requested permissions mask |
| 190 | * | 189 | * |
| 191 | * Returns: %0 else error code if error or permission denied | 190 | * Returns: %0 else error code if error or permission denied |
| 192 | */ | 191 | */ |
| 193 | static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, | 192 | static inline int common_perm_path(int op, const struct path *path, u32 mask) |
| 194 | struct dentry *dentry, u32 mask) | ||
| 195 | { | 193 | { |
| 196 | struct path path = { mnt, dentry }; | 194 | struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, |
| 197 | struct path_cond cond = { d_backing_inode(dentry)->i_uid, | 195 | d_backing_inode(path->dentry)->i_mode |
| 198 | d_backing_inode(dentry)->i_mode | ||
| 199 | }; | 196 | }; |
| 197 | if (!mediated_filesystem(path->dentry)) | ||
| 198 | return 0; | ||
| 200 | 199 | ||
| 201 | return common_perm(op, &path, mask, &cond); | 200 | return common_perm(op, path, mask, &cond); |
| 202 | } | 201 | } |
| 203 | 202 | ||
| 204 | /** | 203 | /** |
| @@ -210,13 +209,13 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, | |||
| 210 | * | 209 | * |
| 211 | * Returns: %0 else error code if error or permission denied | 210 | * Returns: %0 else error code if error or permission denied |
| 212 | */ | 211 | */ |
| 213 | static int common_perm_rm(int op, struct path *dir, | 212 | static int common_perm_rm(int op, const struct path *dir, |
| 214 | struct dentry *dentry, u32 mask) | 213 | struct dentry *dentry, u32 mask) |
| 215 | { | 214 | { |
| 216 | struct inode *inode = d_backing_inode(dentry); | 215 | struct inode *inode = d_backing_inode(dentry); |
| 217 | struct path_cond cond = { }; | 216 | struct path_cond cond = { }; |
| 218 | 217 | ||
| 219 | if (!inode || !dir->mnt || !mediated_filesystem(dentry)) | 218 | if (!inode || !mediated_filesystem(dentry)) |
| 220 | return 0; | 219 | return 0; |
| 221 | 220 | ||
| 222 | cond.uid = inode->i_uid; | 221 | cond.uid = inode->i_uid; |
| @@ -235,61 +234,53 @@ static int common_perm_rm(int op, struct path *dir, | |||
| 235 | * | 234 | * |
| 236 | * Returns: %0 else error code if error or permission denied | 235 | * Returns: %0 else error code if error or permission denied |
| 237 | */ | 236 | */ |
| 238 | static int common_perm_create(int op, struct path *dir, struct dentry *dentry, | 237 | static int common_perm_create(int op, const struct path *dir, |
| 239 | u32 mask, umode_t mode) | 238 | struct dentry *dentry, u32 mask, umode_t mode) |
| 240 | { | 239 | { |
| 241 | struct path_cond cond = { current_fsuid(), mode }; | 240 | struct path_cond cond = { current_fsuid(), mode }; |
| 242 | 241 | ||
| 243 | if (!dir->mnt || !mediated_filesystem(dir->dentry)) | 242 | if (!mediated_filesystem(dir->dentry)) |
| 244 | return 0; | 243 | return 0; |
| 245 | 244 | ||
| 246 | return common_perm_dir_dentry(op, dir, dentry, mask, &cond); | 245 | return common_perm_dir_dentry(op, dir, dentry, mask, &cond); |
| 247 | } | 246 | } |
| 248 | 247 | ||
| 249 | static int apparmor_path_unlink(struct path *dir, struct dentry *dentry) | 248 | static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry) |
| 250 | { | 249 | { |
| 251 | return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE); | 250 | return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE); |
| 252 | } | 251 | } |
| 253 | 252 | ||
| 254 | static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, | 253 | static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry, |
| 255 | umode_t mode) | 254 | umode_t mode) |
| 256 | { | 255 | { |
| 257 | return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, | 256 | return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, |
| 258 | S_IFDIR); | 257 | S_IFDIR); |
| 259 | } | 258 | } |
| 260 | 259 | ||
| 261 | static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry) | 260 | static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry) |
| 262 | { | 261 | { |
| 263 | return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE); | 262 | return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE); |
| 264 | } | 263 | } |
| 265 | 264 | ||
| 266 | static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, | 265 | static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry, |
| 267 | umode_t mode, unsigned int dev) | 266 | umode_t mode, unsigned int dev) |
| 268 | { | 267 | { |
| 269 | return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); | 268 | return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); |
| 270 | } | 269 | } |
| 271 | 270 | ||
| 272 | static int apparmor_path_truncate(struct path *path) | 271 | static int apparmor_path_truncate(const struct path *path) |
| 273 | { | 272 | { |
| 274 | struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, | 273 | return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); |
| 275 | d_backing_inode(path->dentry)->i_mode | ||
| 276 | }; | ||
| 277 | |||
| 278 | if (!path->mnt || !mediated_filesystem(path->dentry)) | ||
| 279 | return 0; | ||
| 280 | |||
| 281 | return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, | ||
| 282 | &cond); | ||
| 283 | } | 274 | } |
| 284 | 275 | ||
| 285 | static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, | 276 | static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry, |
| 286 | const char *old_name) | 277 | const char *old_name) |
| 287 | { | 278 | { |
| 288 | return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE, | 279 | return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE, |
| 289 | S_IFLNK); | 280 | S_IFLNK); |
| 290 | } | 281 | } |
| 291 | 282 | ||
| 292 | static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, | 283 | static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir, |
| 293 | struct dentry *new_dentry) | 284 | struct dentry *new_dentry) |
| 294 | { | 285 | { |
| 295 | struct aa_profile *profile; | 286 | struct aa_profile *profile; |
| @@ -304,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 304 | return error; | 295 | return error; |
| 305 | } | 296 | } |
| 306 | 297 | ||
| 307 | static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, | 298 | static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry, |
| 308 | struct path *new_dir, struct dentry *new_dentry) | 299 | const struct path *new_dir, struct dentry *new_dentry) |
| 309 | { | 300 | { |
| 310 | struct aa_profile *profile; | 301 | struct aa_profile *profile; |
| 311 | int error = 0; | 302 | int error = 0; |
| @@ -334,33 +325,19 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, | |||
| 334 | return error; | 325 | return error; |
| 335 | } | 326 | } |
| 336 | 327 | ||
| 337 | static int apparmor_path_chmod(struct path *path, umode_t mode) | 328 | static int apparmor_path_chmod(const struct path *path, umode_t mode) |
| 338 | { | 329 | { |
| 339 | if (!mediated_filesystem(path->dentry)) | 330 | return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD); |
| 340 | return 0; | ||
| 341 | |||
| 342 | return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); | ||
| 343 | } | 331 | } |
| 344 | 332 | ||
| 345 | static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) | 333 | static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
| 346 | { | 334 | { |
| 347 | struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, | 335 | return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN); |
| 348 | d_backing_inode(path->dentry)->i_mode | ||
| 349 | }; | ||
| 350 | |||
| 351 | if (!mediated_filesystem(path->dentry)) | ||
| 352 | return 0; | ||
| 353 | |||
| 354 | return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); | ||
| 355 | } | 336 | } |
| 356 | 337 | ||
| 357 | static int apparmor_inode_getattr(const struct path *path) | 338 | static int apparmor_inode_getattr(const struct path *path) |
| 358 | { | 339 | { |
| 359 | if (!mediated_filesystem(path->dentry)) | 340 | return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ); |
| 360 | return 0; | ||
| 361 | |||
| 362 | return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, | ||
| 363 | AA_MAY_META_READ); | ||
| 364 | } | 341 | } |
| 365 | 342 | ||
| 366 | static int apparmor_file_open(struct file *file, const struct cred *cred) | 343 | static int apparmor_file_open(struct file *file, const struct cred *cred) |
diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 71e0e3a15b9d..edddc026406b 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c | |||
| @@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen) | |||
| 53 | * When no error the path name is returned in @name which points to | 53 | * When no error the path name is returned in @name which points to |
| 54 | * to a position in @buf | 54 | * to a position in @buf |
| 55 | */ | 55 | */ |
| 56 | static int d_namespace_path(struct path *path, char *buf, int buflen, | 56 | static int d_namespace_path(const struct path *path, char *buf, int buflen, |
| 57 | char **name, int flags) | 57 | char **name, int flags) |
| 58 | { | 58 | { |
| 59 | char *res; | 59 | char *res; |
| @@ -158,7 +158,7 @@ out: | |||
| 158 | * | 158 | * |
| 159 | * Returns: %0 else error on failure | 159 | * Returns: %0 else error on failure |
| 160 | */ | 160 | */ |
| 161 | static int get_name_to_buffer(struct path *path, int flags, char *buffer, | 161 | static int get_name_to_buffer(const struct path *path, int flags, char *buffer, |
| 162 | int size, char **name, const char **info) | 162 | int size, char **name, const char **info) |
| 163 | { | 163 | { |
| 164 | int adjust = (flags & PATH_IS_DIR) ? 1 : 0; | 164 | int adjust = (flags & PATH_IS_DIR) ? 1 : 0; |
| @@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer, | |||
| 204 | * | 204 | * |
| 205 | * Returns: %0 else error code if could retrieve name | 205 | * Returns: %0 else error code if could retrieve name |
| 206 | */ | 206 | */ |
| 207 | int aa_path_name(struct path *path, int flags, char **buffer, const char **name, | 207 | int aa_path_name(const struct path *path, int flags, char **buffer, |
| 208 | const char **info) | 208 | const char **name, const char **info) |
| 209 | { | 209 | { |
| 210 | char *buf, *str = NULL; | 210 | char *buf, *str = NULL; |
| 211 | int size = 256; | 211 | int size = 256; |
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 5d0f61163d98..d3a939bf2781 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
| @@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data, | |||
| 170 | int ima_store_template(struct ima_template_entry *entry, int violation, | 170 | int ima_store_template(struct ima_template_entry *entry, int violation, |
| 171 | struct inode *inode, const unsigned char *filename); | 171 | struct inode *inode, const unsigned char *filename); |
| 172 | void ima_free_template_entry(struct ima_template_entry *entry); | 172 | void ima_free_template_entry(struct ima_template_entry *entry); |
| 173 | const char *ima_d_path(struct path *path, char **pathbuf); | 173 | const char *ima_d_path(const struct path *path, char **pathbuf); |
| 174 | 174 | ||
| 175 | /* IMA policy related functions */ | 175 | /* IMA policy related functions */ |
| 176 | int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, | 176 | int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, |
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 370e42dfc5c5..5a2218fe877a 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, | |||
| 313 | iint->flags |= IMA_AUDITED; | 313 | iint->flags |= IMA_AUDITED; |
| 314 | } | 314 | } |
| 315 | 315 | ||
| 316 | const char *ima_d_path(struct path *path, char **pathbuf) | 316 | const char *ima_d_path(const struct path *path, char **pathbuf) |
| 317 | { | 317 | { |
| 318 | char *pathname = NULL; | 318 | char *pathname = NULL; |
| 319 | 319 | ||
diff --git a/security/security.c b/security/security.c index 8c44a64f191d..d17e4a6d269c 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -302,7 +302,7 @@ int security_sb_statfs(struct dentry *dentry) | |||
| 302 | return call_int_hook(sb_statfs, 0, dentry); | 302 | return call_int_hook(sb_statfs, 0, dentry); |
| 303 | } | 303 | } |
| 304 | 304 | ||
| 305 | int security_sb_mount(const char *dev_name, struct path *path, | 305 | int security_sb_mount(const char *dev_name, const struct path *path, |
| 306 | const char *type, unsigned long flags, void *data) | 306 | const char *type, unsigned long flags, void *data) |
| 307 | { | 307 | { |
| 308 | return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); | 308 | return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); |
| @@ -313,7 +313,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags) | |||
| 313 | return call_int_hook(sb_umount, 0, mnt, flags); | 313 | return call_int_hook(sb_umount, 0, mnt, flags); |
| 314 | } | 314 | } |
| 315 | 315 | ||
| 316 | int security_sb_pivotroot(struct path *old_path, struct path *new_path) | 316 | int security_sb_pivotroot(const struct path *old_path, const struct path *new_path) |
| 317 | { | 317 | { |
| 318 | return call_int_hook(sb_pivotroot, 0, old_path, new_path); | 318 | return call_int_hook(sb_pivotroot, 0, old_path, new_path); |
| 319 | } | 319 | } |
| @@ -410,7 +410,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 410 | EXPORT_SYMBOL(security_old_inode_init_security); | 410 | EXPORT_SYMBOL(security_old_inode_init_security); |
| 411 | 411 | ||
| 412 | #ifdef CONFIG_SECURITY_PATH | 412 | #ifdef CONFIG_SECURITY_PATH |
| 413 | int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, | 413 | int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, |
| 414 | unsigned int dev) | 414 | unsigned int dev) |
| 415 | { | 415 | { |
| 416 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) | 416 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
| @@ -419,7 +419,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, | |||
| 419 | } | 419 | } |
| 420 | EXPORT_SYMBOL(security_path_mknod); | 420 | EXPORT_SYMBOL(security_path_mknod); |
| 421 | 421 | ||
| 422 | int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) | 422 | int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) |
| 423 | { | 423 | { |
| 424 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) | 424 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
| 425 | return 0; | 425 | return 0; |
| @@ -427,14 +427,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) | |||
| 427 | } | 427 | } |
| 428 | EXPORT_SYMBOL(security_path_mkdir); | 428 | EXPORT_SYMBOL(security_path_mkdir); |
| 429 | 429 | ||
| 430 | int security_path_rmdir(struct path *dir, struct dentry *dentry) | 430 | int security_path_rmdir(const struct path *dir, struct dentry *dentry) |
| 431 | { | 431 | { |
| 432 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) | 432 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
| 433 | return 0; | 433 | return 0; |
| 434 | return call_int_hook(path_rmdir, 0, dir, dentry); | 434 | return call_int_hook(path_rmdir, 0, dir, dentry); |
| 435 | } | 435 | } |
| 436 | 436 | ||
| 437 | int security_path_unlink(struct path *dir, struct dentry *dentry) | 437 | int security_path_unlink(const struct path *dir, struct dentry *dentry) |
| 438 | { | 438 | { |
| 439 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) | 439 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
| 440 | return 0; | 440 | return 0; |
| @@ -442,7 +442,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry) | |||
| 442 | } | 442 | } |
| 443 | EXPORT_SYMBOL(security_path_unlink); | 443 | EXPORT_SYMBOL(security_path_unlink); |
| 444 | 444 | ||
| 445 | int security_path_symlink(struct path *dir, struct dentry *dentry, | 445 | int security_path_symlink(const struct path *dir, struct dentry *dentry, |
| 446 | const char *old_name) | 446 | const char *old_name) |
| 447 | { | 447 | { |
| 448 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) | 448 | if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
| @@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, | |||
| 450 | return call_int_hook(path_symlink, 0, dir, dentry, old_name); | 450 | return call_int_hook(path_symlink, 0, dir, dentry, old_name); |
| 451 | } | 451 | } |
| 452 | 452 | ||
| 453 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, | 453 | int security_path_link(struct dentry *old_dentry, const struct path *new_dir, |
| 454 | struct dentry *new_dentry) | 454 | struct dentry *new_dentry) |
| 455 | { | 455 | { |
| 456 | if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) | 456 | if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) |
| @@ -458,8 +458,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 458 | return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); | 458 | return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); |
| 459 | } | 459 | } |
| 460 | 460 | ||
| 461 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 461 | int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, |
| 462 | struct path *new_dir, struct dentry *new_dentry, | 462 | const struct path *new_dir, struct dentry *new_dentry, |
| 463 | unsigned int flags) | 463 | unsigned int flags) |
| 464 | { | 464 | { |
| 465 | if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || | 465 | if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || |
| @@ -478,28 +478,28 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | |||
| 478 | } | 478 | } |
| 479 | EXPORT_SYMBOL(security_path_rename); | 479 | EXPORT_SYMBOL(security_path_rename); |
| 480 | 480 | ||
| 481 | int security_path_truncate(struct path *path) | 481 | int security_path_truncate(const struct path *path) |
| 482 | { | 482 | { |
| 483 | if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) | 483 | if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
| 484 | return 0; | 484 | return 0; |
| 485 | return call_int_hook(path_truncate, 0, path); | 485 | return call_int_hook(path_truncate, 0, path); |
| 486 | } | 486 | } |
| 487 | 487 | ||
| 488 | int security_path_chmod(struct path *path, umode_t mode) | 488 | int security_path_chmod(const struct path *path, umode_t mode) |
| 489 | { | 489 | { |
| 490 | if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) | 490 | if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
| 491 | return 0; | 491 | return 0; |
| 492 | return call_int_hook(path_chmod, 0, path, mode); | 492 | return call_int_hook(path_chmod, 0, path, mode); |
| 493 | } | 493 | } |
| 494 | 494 | ||
| 495 | int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) | 495 | int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
| 496 | { | 496 | { |
| 497 | if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) | 497 | if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
| 498 | return 0; | 498 | return 0; |
| 499 | return call_int_hook(path_chown, 0, path, uid, gid); | 499 | return call_int_hook(path_chown, 0, path, uid, gid); |
| 500 | } | 500 | } |
| 501 | 501 | ||
| 502 | int security_path_chroot(struct path *path) | 502 | int security_path_chroot(const struct path *path) |
| 503 | { | 503 | { |
| 504 | return call_int_hook(path_chroot, 0, path); | 504 | return call_int_hook(path_chroot, 0, path); |
| 505 | } | 505 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 469f5c75bd4b..3140efa76a75 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2761,7 +2761,7 @@ static int selinux_sb_statfs(struct dentry *dentry) | |||
| 2761 | } | 2761 | } |
| 2762 | 2762 | ||
| 2763 | static int selinux_mount(const char *dev_name, | 2763 | static int selinux_mount(const char *dev_name, |
| 2764 | struct path *path, | 2764 | const struct path *path, |
| 2765 | const char *type, | 2765 | const char *type, |
| 2766 | unsigned long flags, | 2766 | unsigned long flags, |
| 2767 | void *data) | 2767 | void *data) |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index f9c9fb1d56b4..361e7a284699 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
| @@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name); | |||
| 957 | const struct tomoyo_path_info *tomoyo_path_matches_group | 957 | const struct tomoyo_path_info *tomoyo_path_matches_group |
| 958 | (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); | 958 | (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); |
| 959 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | 959 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |
| 960 | struct path *path, const int flag); | 960 | const struct path *path, const int flag); |
| 961 | void tomoyo_close_control(struct tomoyo_io_buffer *head); | 961 | void tomoyo_close_control(struct tomoyo_io_buffer *head); |
| 962 | int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); | 962 | int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); |
| 963 | int tomoyo_execute_permission(struct tomoyo_request_info *r, | 963 | int tomoyo_execute_permission(struct tomoyo_request_info *r, |
| @@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, | |||
| 968 | int tomoyo_init_request_info(struct tomoyo_request_info *r, | 968 | int tomoyo_init_request_info(struct tomoyo_request_info *r, |
| 969 | struct tomoyo_domain_info *domain, | 969 | struct tomoyo_domain_info *domain, |
| 970 | const u8 index); | 970 | const u8 index); |
| 971 | int tomoyo_mkdev_perm(const u8 operation, struct path *path, | 971 | int tomoyo_mkdev_perm(const u8 operation, const struct path *path, |
| 972 | const unsigned int mode, unsigned int dev); | 972 | const unsigned int mode, unsigned int dev); |
| 973 | int tomoyo_mount_permission(const char *dev_name, struct path *path, | 973 | int tomoyo_mount_permission(const char *dev_name, const struct path *path, |
| 974 | const char *type, unsigned long flags, | 974 | const char *type, unsigned long flags, |
| 975 | void *data_page); | 975 | void *data_page); |
| 976 | int tomoyo_open_control(const u8 type, struct file *file); | 976 | int tomoyo_open_control(const u8 type, struct file *file); |
| 977 | int tomoyo_path2_perm(const u8 operation, struct path *path1, | 977 | int tomoyo_path2_perm(const u8 operation, const struct path *path1, |
| 978 | struct path *path2); | 978 | const struct path *path2); |
| 979 | int tomoyo_path_number_perm(const u8 operation, struct path *path, | 979 | int tomoyo_path_number_perm(const u8 operation, const struct path *path, |
| 980 | unsigned long number); | 980 | unsigned long number); |
| 981 | int tomoyo_path_perm(const u8 operation, const struct path *path, | 981 | int tomoyo_path_perm(const u8 operation, const struct path *path, |
| 982 | const char *target); | 982 | const char *target); |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 2367b100cc62..7041a580019e 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm, | |||
| 687 | * | 687 | * |
| 688 | * Returns 0 on success, negative value otherwise. | 688 | * Returns 0 on success, negative value otherwise. |
| 689 | */ | 689 | */ |
| 690 | int tomoyo_path_number_perm(const u8 type, struct path *path, | 690 | int tomoyo_path_number_perm(const u8 type, const struct path *path, |
| 691 | unsigned long number) | 691 | unsigned long number) |
| 692 | { | 692 | { |
| 693 | struct tomoyo_request_info r; | 693 | struct tomoyo_request_info r; |
| @@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, | |||
| 733 | * Returns 0 on success, negative value otherwise. | 733 | * Returns 0 on success, negative value otherwise. |
| 734 | */ | 734 | */ |
| 735 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | 735 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |
| 736 | struct path *path, const int flag) | 736 | const struct path *path, const int flag) |
| 737 | { | 737 | { |
| 738 | const u8 acc_mode = ACC_MODE(flag); | 738 | const u8 acc_mode = ACC_MODE(flag); |
| 739 | int error = 0; | 739 | int error = 0; |
| @@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta | |||
| 838 | * | 838 | * |
| 839 | * Returns 0 on success, negative value otherwise. | 839 | * Returns 0 on success, negative value otherwise. |
| 840 | */ | 840 | */ |
| 841 | int tomoyo_mkdev_perm(const u8 operation, struct path *path, | 841 | int tomoyo_mkdev_perm(const u8 operation, const struct path *path, |
| 842 | const unsigned int mode, unsigned int dev) | 842 | const unsigned int mode, unsigned int dev) |
| 843 | { | 843 | { |
| 844 | struct tomoyo_request_info r; | 844 | struct tomoyo_request_info r; |
| @@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, | |||
| 882 | * | 882 | * |
| 883 | * Returns 0 on success, negative value otherwise. | 883 | * Returns 0 on success, negative value otherwise. |
| 884 | */ | 884 | */ |
| 885 | int tomoyo_path2_perm(const u8 operation, struct path *path1, | 885 | int tomoyo_path2_perm(const u8 operation, const struct path *path1, |
| 886 | struct path *path2) | 886 | const struct path *path2) |
| 887 | { | 887 | { |
| 888 | int error = -ENOMEM; | 888 | int error = -ENOMEM; |
| 889 | struct tomoyo_path_info buf1; | 889 | struct tomoyo_path_info buf1; |
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 390c646013cb..14b53fb2a0cf 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c | |||
| @@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, | |||
| 73 | */ | 73 | */ |
| 74 | static int tomoyo_mount_acl(struct tomoyo_request_info *r, | 74 | static int tomoyo_mount_acl(struct tomoyo_request_info *r, |
| 75 | const char *dev_name, | 75 | const char *dev_name, |
| 76 | struct path *dir, const char *type, | 76 | const struct path *dir, const char *type, |
| 77 | unsigned long flags) | 77 | unsigned long flags) |
| 78 | { | 78 | { |
| 79 | struct tomoyo_obj_info obj = { }; | 79 | struct tomoyo_obj_info obj = { }; |
| @@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, | |||
| 184 | * | 184 | * |
| 185 | * Returns 0 on success, negative value otherwise. | 185 | * Returns 0 on success, negative value otherwise. |
| 186 | */ | 186 | */ |
| 187 | int tomoyo_mount_permission(const char *dev_name, struct path *path, | 187 | int tomoyo_mount_permission(const char *dev_name, const struct path *path, |
| 188 | const char *type, unsigned long flags, | 188 | const char *type, unsigned long flags, |
| 189 | void *data_page) | 189 | void *data_page) |
| 190 | { | 190 | { |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index cbf3df422c87..75c998700190 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path) | |||
| 150 | * | 150 | * |
| 151 | * Returns 0 on success, negative value otherwise. | 151 | * Returns 0 on success, negative value otherwise. |
| 152 | */ | 152 | */ |
| 153 | static int tomoyo_path_truncate(struct path *path) | 153 | static int tomoyo_path_truncate(const struct path *path) |
| 154 | { | 154 | { |
| 155 | return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); | 155 | return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); |
| 156 | } | 156 | } |
| @@ -163,7 +163,7 @@ static int tomoyo_path_truncate(struct path *path) | |||
| 163 | * | 163 | * |
| 164 | * Returns 0 on success, negative value otherwise. | 164 | * Returns 0 on success, negative value otherwise. |
| 165 | */ | 165 | */ |
| 166 | static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) | 166 | static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) |
| 167 | { | 167 | { |
| 168 | struct path path = { parent->mnt, dentry }; | 168 | struct path path = { parent->mnt, dentry }; |
| 169 | return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); | 169 | return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); |
| @@ -178,7 +178,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) | |||
| 178 | * | 178 | * |
| 179 | * Returns 0 on success, negative value otherwise. | 179 | * Returns 0 on success, negative value otherwise. |
| 180 | */ | 180 | */ |
| 181 | static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, | 181 | static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, |
| 182 | umode_t mode) | 182 | umode_t mode) |
| 183 | { | 183 | { |
| 184 | struct path path = { parent->mnt, dentry }; | 184 | struct path path = { parent->mnt, dentry }; |
| @@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, | |||
| 194 | * | 194 | * |
| 195 | * Returns 0 on success, negative value otherwise. | 195 | * Returns 0 on success, negative value otherwise. |
| 196 | */ | 196 | */ |
| 197 | static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) | 197 | static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) |
| 198 | { | 198 | { |
| 199 | struct path path = { parent->mnt, dentry }; | 199 | struct path path = { parent->mnt, dentry }; |
| 200 | return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); | 200 | return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); |
| @@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) | |||
| 209 | * | 209 | * |
| 210 | * Returns 0 on success, negative value otherwise. | 210 | * Returns 0 on success, negative value otherwise. |
| 211 | */ | 211 | */ |
| 212 | static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, | 212 | static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, |
| 213 | const char *old_name) | 213 | const char *old_name) |
| 214 | { | 214 | { |
| 215 | struct path path = { parent->mnt, dentry }; | 215 | struct path path = { parent->mnt, dentry }; |
| @@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, | |||
| 226 | * | 226 | * |
| 227 | * Returns 0 on success, negative value otherwise. | 227 | * Returns 0 on success, negative value otherwise. |
| 228 | */ | 228 | */ |
| 229 | static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, | 229 | static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, |
| 230 | umode_t mode, unsigned int dev) | 230 | umode_t mode, unsigned int dev) |
| 231 | { | 231 | { |
| 232 | struct path path = { parent->mnt, dentry }; | 232 | struct path path = { parent->mnt, dentry }; |
| @@ -265,7 +265,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, | |||
| 265 | * | 265 | * |
| 266 | * Returns 0 on success, negative value otherwise. | 266 | * Returns 0 on success, negative value otherwise. |
| 267 | */ | 267 | */ |
| 268 | static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, | 268 | static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, |
| 269 | struct dentry *new_dentry) | 269 | struct dentry *new_dentry) |
| 270 | { | 270 | { |
| 271 | struct path path1 = { new_dir->mnt, old_dentry }; | 271 | struct path path1 = { new_dir->mnt, old_dentry }; |
| @@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 283 | * | 283 | * |
| 284 | * Returns 0 on success, negative value otherwise. | 284 | * Returns 0 on success, negative value otherwise. |
| 285 | */ | 285 | */ |
| 286 | static int tomoyo_path_rename(struct path *old_parent, | 286 | static int tomoyo_path_rename(const struct path *old_parent, |
| 287 | struct dentry *old_dentry, | 287 | struct dentry *old_dentry, |
| 288 | struct path *new_parent, | 288 | const struct path *new_parent, |
| 289 | struct dentry *new_dentry) | 289 | struct dentry *new_dentry) |
| 290 | { | 290 | { |
| 291 | struct path path1 = { old_parent->mnt, old_dentry }; | 291 | struct path path1 = { old_parent->mnt, old_dentry }; |
| @@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, | |||
| 351 | * | 351 | * |
| 352 | * Returns 0 on success, negative value otherwise. | 352 | * Returns 0 on success, negative value otherwise. |
| 353 | */ | 353 | */ |
| 354 | static int tomoyo_path_chmod(struct path *path, umode_t mode) | 354 | static int tomoyo_path_chmod(const struct path *path, umode_t mode) |
| 355 | { | 355 | { |
| 356 | return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, | 356 | return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, |
| 357 | mode & S_IALLUGO); | 357 | mode & S_IALLUGO); |
| @@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode) | |||
| 366 | * | 366 | * |
| 367 | * Returns 0 on success, negative value otherwise. | 367 | * Returns 0 on success, negative value otherwise. |
| 368 | */ | 368 | */ |
| 369 | static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) | 369 | static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
| 370 | { | 370 | { |
| 371 | int error = 0; | 371 | int error = 0; |
| 372 | if (uid_valid(uid)) | 372 | if (uid_valid(uid)) |
| @@ -385,7 +385,7 @@ static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |||
| 385 | * | 385 | * |
| 386 | * Returns 0 on success, negative value otherwise. | 386 | * Returns 0 on success, negative value otherwise. |
| 387 | */ | 387 | */ |
| 388 | static int tomoyo_path_chroot(struct path *path) | 388 | static int tomoyo_path_chroot(const struct path *path) |
| 389 | { | 389 | { |
| 390 | return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); | 390 | return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); |
| 391 | } | 391 | } |
| @@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path) | |||
| 401 | * | 401 | * |
| 402 | * Returns 0 on success, negative value otherwise. | 402 | * Returns 0 on success, negative value otherwise. |
| 403 | */ | 403 | */ |
| 404 | static int tomoyo_sb_mount(const char *dev_name, struct path *path, | 404 | static int tomoyo_sb_mount(const char *dev_name, const struct path *path, |
| 405 | const char *type, unsigned long flags, void *data) | 405 | const char *type, unsigned long flags, void *data) |
| 406 | { | 406 | { |
| 407 | return tomoyo_mount_permission(dev_name, path, type, flags, data); | 407 | return tomoyo_mount_permission(dev_name, path, type, flags, data); |
| @@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) | |||
| 429 | * | 429 | * |
| 430 | * Returns 0 on success, negative value otherwise. | 430 | * Returns 0 on success, negative value otherwise. |
| 431 | */ | 431 | */ |
| 432 | static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) | 432 | static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) |
| 433 | { | 433 | { |
| 434 | return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); | 434 | return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); |
| 435 | } | 435 | } |