diff options
| author | Eric Paris <eparis@redhat.com> | 2012-04-04 13:45:40 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:22:50 -0400 |
| commit | 83d498569e9a7a4b92c4c5d3566f2d6a604f28c9 (patch) | |
| tree | e0d77f21bda5bec5ace52b3fa557f87b1bb57631 | |
| parent | 95dbf739313f09c8d859bde1373bc264ef979337 (diff) | |
SELinux: rename dentry_open to file_open
dentry_open takes a file, rename it to file_open
Signed-off-by: Eric Paris <eparis@redhat.com>
| -rw-r--r-- | fs/open.c | 2 | ||||
| -rw-r--r-- | include/linux/security.h | 13 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 4 | ||||
| -rw-r--r-- | security/capability.c | 4 | ||||
| -rw-r--r-- | security/security.c | 4 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 6 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 6 | ||||
| -rw-r--r-- | security/tomoyo/tomoyo.c | 6 |
8 files changed, 21 insertions, 24 deletions
| @@ -681,7 +681,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | |||
| 681 | 681 | ||
| 682 | f->f_op = fops_get(inode->i_fop); | 682 | f->f_op = fops_get(inode->i_fop); |
| 683 | 683 | ||
| 684 | error = security_dentry_open(f, cred); | 684 | error = security_file_open(f, cred); |
| 685 | if (error) | 685 | if (error) |
| 686 | goto cleanup_all; | 686 | goto cleanup_all; |
| 687 | 687 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index 673afbb8238a..de412ea29aac 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -639,10 +639,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 639 | * to receive an open file descriptor via socket IPC. | 639 | * to receive an open file descriptor via socket IPC. |
| 640 | * @file contains the file structure being received. | 640 | * @file contains the file structure being received. |
| 641 | * Return 0 if permission is granted. | 641 | * Return 0 if permission is granted. |
| 642 | * | 642 | * @file_open |
| 643 | * Security hook for dentry | ||
| 644 | * | ||
| 645 | * @dentry_open | ||
| 646 | * Save open-time permission checking state for later use upon | 643 | * Save open-time permission checking state for later use upon |
| 647 | * file_permission, and recheck access if anything has changed | 644 | * file_permission, and recheck access if anything has changed |
| 648 | * since inode_permission. | 645 | * since inode_permission. |
| @@ -1497,7 +1494,7 @@ struct security_operations { | |||
| 1497 | int (*file_send_sigiotask) (struct task_struct *tsk, | 1494 | int (*file_send_sigiotask) (struct task_struct *tsk, |
| 1498 | struct fown_struct *fown, int sig); | 1495 | struct fown_struct *fown, int sig); |
| 1499 | int (*file_receive) (struct file *file); | 1496 | int (*file_receive) (struct file *file); |
| 1500 | int (*dentry_open) (struct file *file, const struct cred *cred); | 1497 | int (*file_open) (struct file *file, const struct cred *cred); |
| 1501 | 1498 | ||
| 1502 | int (*task_create) (unsigned long clone_flags); | 1499 | int (*task_create) (unsigned long clone_flags); |
| 1503 | void (*task_free) (struct task_struct *task); | 1500 | void (*task_free) (struct task_struct *task); |
| @@ -1756,7 +1753,7 @@ int security_file_set_fowner(struct file *file); | |||
| 1756 | int security_file_send_sigiotask(struct task_struct *tsk, | 1753 | int security_file_send_sigiotask(struct task_struct *tsk, |
| 1757 | struct fown_struct *fown, int sig); | 1754 | struct fown_struct *fown, int sig); |
| 1758 | int security_file_receive(struct file *file); | 1755 | int security_file_receive(struct file *file); |
| 1759 | int security_dentry_open(struct file *file, const struct cred *cred); | 1756 | int security_file_open(struct file *file, const struct cred *cred); |
| 1760 | int security_task_create(unsigned long clone_flags); | 1757 | int security_task_create(unsigned long clone_flags); |
| 1761 | void security_task_free(struct task_struct *task); | 1758 | void security_task_free(struct task_struct *task); |
| 1762 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); | 1759 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); |
| @@ -2227,8 +2224,8 @@ static inline int security_file_receive(struct file *file) | |||
| 2227 | return 0; | 2224 | return 0; |
| 2228 | } | 2225 | } |
| 2229 | 2226 | ||
| 2230 | static inline int security_dentry_open(struct file *file, | 2227 | static inline int security_file_open(struct file *file, |
| 2231 | const struct cred *cred) | 2228 | const struct cred *cred) |
| 2232 | { | 2229 | { |
| 2233 | return 0; | 2230 | return 0; |
| 2234 | } | 2231 | } |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ad05d391974d..02fddcd4c647 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -373,7 +373,7 @@ static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | |||
| 373 | AA_MAY_META_READ); | 373 | AA_MAY_META_READ); |
| 374 | } | 374 | } |
| 375 | 375 | ||
| 376 | static int apparmor_dentry_open(struct file *file, const struct cred *cred) | 376 | static int apparmor_file_open(struct file *file, const struct cred *cred) |
| 377 | { | 377 | { |
| 378 | struct aa_file_cxt *fcxt = file->f_security; | 378 | struct aa_file_cxt *fcxt = file->f_security; |
| 379 | struct aa_profile *profile; | 379 | struct aa_profile *profile; |
| @@ -640,9 +640,9 @@ static struct security_operations apparmor_ops = { | |||
| 640 | .path_chmod = apparmor_path_chmod, | 640 | .path_chmod = apparmor_path_chmod, |
| 641 | .path_chown = apparmor_path_chown, | 641 | .path_chown = apparmor_path_chown, |
| 642 | .path_truncate = apparmor_path_truncate, | 642 | .path_truncate = apparmor_path_truncate, |
| 643 | .dentry_open = apparmor_dentry_open, | ||
| 644 | .inode_getattr = apparmor_inode_getattr, | 643 | .inode_getattr = apparmor_inode_getattr, |
| 645 | 644 | ||
| 645 | .file_open = apparmor_file_open, | ||
| 646 | .file_permission = apparmor_file_permission, | 646 | .file_permission = apparmor_file_permission, |
| 647 | .file_alloc_security = apparmor_file_alloc_security, | 647 | .file_alloc_security = apparmor_file_alloc_security, |
| 648 | .file_free_security = apparmor_file_free_security, | 648 | .file_free_security = apparmor_file_free_security, |
diff --git a/security/capability.c b/security/capability.c index 5bb21b1c448c..fca889676c5e 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -348,7 +348,7 @@ static int cap_file_receive(struct file *file) | |||
| 348 | return 0; | 348 | return 0; |
| 349 | } | 349 | } |
| 350 | 350 | ||
| 351 | static int cap_dentry_open(struct file *file, const struct cred *cred) | 351 | static int cap_file_open(struct file *file, const struct cred *cred) |
| 352 | { | 352 | { |
| 353 | return 0; | 353 | return 0; |
| 354 | } | 354 | } |
| @@ -956,7 +956,7 @@ void __init security_fixup_ops(struct security_operations *ops) | |||
| 956 | set_to_cap_if_null(ops, file_set_fowner); | 956 | set_to_cap_if_null(ops, file_set_fowner); |
| 957 | set_to_cap_if_null(ops, file_send_sigiotask); | 957 | set_to_cap_if_null(ops, file_send_sigiotask); |
| 958 | set_to_cap_if_null(ops, file_receive); | 958 | set_to_cap_if_null(ops, file_receive); |
| 959 | set_to_cap_if_null(ops, dentry_open); | 959 | set_to_cap_if_null(ops, file_open); |
| 960 | set_to_cap_if_null(ops, task_create); | 960 | set_to_cap_if_null(ops, task_create); |
| 961 | set_to_cap_if_null(ops, task_free); | 961 | set_to_cap_if_null(ops, task_free); |
| 962 | set_to_cap_if_null(ops, cred_alloc_blank); | 962 | set_to_cap_if_null(ops, cred_alloc_blank); |
diff --git a/security/security.c b/security/security.c index bf619ffc9a4d..5497a57fba01 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -701,11 +701,11 @@ int security_file_receive(struct file *file) | |||
| 701 | return security_ops->file_receive(file); | 701 | return security_ops->file_receive(file); |
| 702 | } | 702 | } |
| 703 | 703 | ||
| 704 | int security_dentry_open(struct file *file, const struct cred *cred) | 704 | int security_file_open(struct file *file, const struct cred *cred) |
| 705 | { | 705 | { |
| 706 | int ret; | 706 | int ret; |
| 707 | 707 | ||
| 708 | ret = security_ops->dentry_open(file, cred); | 708 | ret = security_ops->file_open(file, cred); |
| 709 | if (ret) | 709 | if (ret) |
| 710 | return ret; | 710 | return ret; |
| 711 | 711 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f7d7e779c7f3..dc15f16a357c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2973,7 +2973,7 @@ static int selinux_file_permission(struct file *file, int mask) | |||
| 2973 | 2973 | ||
| 2974 | if (sid == fsec->sid && fsec->isid == isec->sid && | 2974 | if (sid == fsec->sid && fsec->isid == isec->sid && |
| 2975 | fsec->pseqno == avc_policy_seqno()) | 2975 | fsec->pseqno == avc_policy_seqno()) |
| 2976 | /* No change since dentry_open check. */ | 2976 | /* No change since file_open check. */ |
| 2977 | return 0; | 2977 | return 0; |
| 2978 | 2978 | ||
| 2979 | return selinux_revalidate_file_permission(file, mask); | 2979 | return selinux_revalidate_file_permission(file, mask); |
| @@ -3232,7 +3232,7 @@ static int selinux_file_receive(struct file *file) | |||
| 3232 | return file_has_perm(cred, file, file_to_av(file)); | 3232 | return file_has_perm(cred, file, file_to_av(file)); |
| 3233 | } | 3233 | } |
| 3234 | 3234 | ||
| 3235 | static int selinux_dentry_open(struct file *file, const struct cred *cred) | 3235 | static int selinux_file_open(struct file *file, const struct cred *cred) |
| 3236 | { | 3236 | { |
| 3237 | struct file_security_struct *fsec; | 3237 | struct file_security_struct *fsec; |
| 3238 | struct inode *inode; | 3238 | struct inode *inode; |
| @@ -5596,7 +5596,7 @@ static struct security_operations selinux_ops = { | |||
| 5596 | .file_send_sigiotask = selinux_file_send_sigiotask, | 5596 | .file_send_sigiotask = selinux_file_send_sigiotask, |
| 5597 | .file_receive = selinux_file_receive, | 5597 | .file_receive = selinux_file_receive, |
| 5598 | 5598 | ||
| 5599 | .dentry_open = selinux_dentry_open, | 5599 | .file_open = selinux_file_open, |
| 5600 | 5600 | ||
| 5601 | .task_create = selinux_task_create, | 5601 | .task_create = selinux_task_create, |
| 5602 | .cred_alloc_blank = selinux_cred_alloc_blank, | 5602 | .cred_alloc_blank = selinux_cred_alloc_blank, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 81c03a597112..8ef0199ebca1 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1349,7 +1349,7 @@ static int smack_file_receive(struct file *file) | |||
| 1349 | } | 1349 | } |
| 1350 | 1350 | ||
| 1351 | /** | 1351 | /** |
| 1352 | * smack_dentry_open - Smack dentry open processing | 1352 | * smack_file_open - Smack dentry open processing |
| 1353 | * @file: the object | 1353 | * @file: the object |
| 1354 | * @cred: unused | 1354 | * @cred: unused |
| 1355 | * | 1355 | * |
| @@ -1357,7 +1357,7 @@ static int smack_file_receive(struct file *file) | |||
| 1357 | * | 1357 | * |
| 1358 | * Returns 0 | 1358 | * Returns 0 |
| 1359 | */ | 1359 | */ |
| 1360 | static int smack_dentry_open(struct file *file, const struct cred *cred) | 1360 | static int smack_file_open(struct file *file, const struct cred *cred) |
| 1361 | { | 1361 | { |
| 1362 | struct inode_smack *isp = file->f_path.dentry->d_inode->i_security; | 1362 | struct inode_smack *isp = file->f_path.dentry->d_inode->i_security; |
| 1363 | 1363 | ||
| @@ -3538,7 +3538,7 @@ struct security_operations smack_ops = { | |||
| 3538 | .file_send_sigiotask = smack_file_send_sigiotask, | 3538 | .file_send_sigiotask = smack_file_send_sigiotask, |
| 3539 | .file_receive = smack_file_receive, | 3539 | .file_receive = smack_file_receive, |
| 3540 | 3540 | ||
| 3541 | .dentry_open = smack_dentry_open, | 3541 | .file_open = smack_file_open, |
| 3542 | 3542 | ||
| 3543 | .cred_alloc_blank = smack_cred_alloc_blank, | 3543 | .cred_alloc_blank = smack_cred_alloc_blank, |
| 3544 | .cred_free = smack_cred_free, | 3544 | .cred_free = smack_cred_free, |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 620d37c159a3..c2d04a50f76a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -319,14 +319,14 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, | |||
| 319 | } | 319 | } |
| 320 | 320 | ||
| 321 | /** | 321 | /** |
| 322 | * tomoyo_dentry_open - Target for security_dentry_open(). | 322 | * tomoyo_file_open - Target for security_file_open(). |
| 323 | * | 323 | * |
| 324 | * @f: Pointer to "struct file". | 324 | * @f: Pointer to "struct file". |
| 325 | * @cred: Pointer to "struct cred". | 325 | * @cred: Pointer to "struct cred". |
| 326 | * | 326 | * |
| 327 | * Returns 0 on success, negative value otherwise. | 327 | * Returns 0 on success, negative value otherwise. |
| 328 | */ | 328 | */ |
| 329 | static int tomoyo_dentry_open(struct file *f, const struct cred *cred) | 329 | static int tomoyo_file_open(struct file *f, const struct cred *cred) |
| 330 | { | 330 | { |
| 331 | int flags = f->f_flags; | 331 | int flags = f->f_flags; |
| 332 | /* Don't check read permission here if called from do_execve(). */ | 332 | /* Don't check read permission here if called from do_execve(). */ |
| @@ -510,7 +510,7 @@ static struct security_operations tomoyo_security_ops = { | |||
| 510 | .bprm_set_creds = tomoyo_bprm_set_creds, | 510 | .bprm_set_creds = tomoyo_bprm_set_creds, |
| 511 | .bprm_check_security = tomoyo_bprm_check_security, | 511 | .bprm_check_security = tomoyo_bprm_check_security, |
| 512 | .file_fcntl = tomoyo_file_fcntl, | 512 | .file_fcntl = tomoyo_file_fcntl, |
| 513 | .dentry_open = tomoyo_dentry_open, | 513 | .file_open = tomoyo_file_open, |
| 514 | .path_truncate = tomoyo_path_truncate, | 514 | .path_truncate = tomoyo_path_truncate, |
| 515 | .path_unlink = tomoyo_path_unlink, | 515 | .path_unlink = tomoyo_path_unlink, |
| 516 | .path_mkdir = tomoyo_path_mkdir, | 516 | .path_mkdir = tomoyo_path_mkdir, |