diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-09-09 16:01:44 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-09 16:57:28 -0400 |
commit | a74574aafea3a63add3251047601611111f44562 (patch) | |
tree | a8f4a809589513c666c6f5518cbe84f50ee5523e | |
parent | 570bc1c2e5ccdb408081e77507a385dc7ebed7fa (diff) |
[PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks
This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks as
they are obsoleted by the new inode_init_security hook that enables atomic
inode security labeling.
If anyone sees any reason to retain these hooks, please speak now. Also,
is anyone using the post_rename/link hooks; if not, those could also be
removed.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/namei.c | 16 | ||||
-rw-r--r-- | include/linux/security.h | 90 | ||||
-rw-r--r-- | security/dummy.c | 28 | ||||
-rw-r--r-- | security/selinux/hooks.c | 111 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 1 |
5 files changed, 4 insertions, 242 deletions
diff --git a/fs/namei.c b/fs/namei.c index 145e852c4bd0..993a65a7d570 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1316,10 +1316,8 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
1316 | return error; | 1316 | return error; |
1317 | DQUOT_INIT(dir); | 1317 | DQUOT_INIT(dir); |
1318 | error = dir->i_op->create(dir, dentry, mode, nd); | 1318 | error = dir->i_op->create(dir, dentry, mode, nd); |
1319 | if (!error) { | 1319 | if (!error) |
1320 | fsnotify_create(dir, dentry->d_name.name); | 1320 | fsnotify_create(dir, dentry->d_name.name); |
1321 | security_inode_post_create(dir, dentry, mode); | ||
1322 | } | ||
1323 | return error; | 1321 | return error; |
1324 | } | 1322 | } |
1325 | 1323 | ||
@@ -1635,10 +1633,8 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | |||
1635 | 1633 | ||
1636 | DQUOT_INIT(dir); | 1634 | DQUOT_INIT(dir); |
1637 | error = dir->i_op->mknod(dir, dentry, mode, dev); | 1635 | error = dir->i_op->mknod(dir, dentry, mode, dev); |
1638 | if (!error) { | 1636 | if (!error) |
1639 | fsnotify_create(dir, dentry->d_name.name); | 1637 | fsnotify_create(dir, dentry->d_name.name); |
1640 | security_inode_post_mknod(dir, dentry, mode, dev); | ||
1641 | } | ||
1642 | return error; | 1638 | return error; |
1643 | } | 1639 | } |
1644 | 1640 | ||
@@ -1708,10 +1704,8 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
1708 | 1704 | ||
1709 | DQUOT_INIT(dir); | 1705 | DQUOT_INIT(dir); |
1710 | error = dir->i_op->mkdir(dir, dentry, mode); | 1706 | error = dir->i_op->mkdir(dir, dentry, mode); |
1711 | if (!error) { | 1707 | if (!error) |
1712 | fsnotify_mkdir(dir, dentry->d_name.name); | 1708 | fsnotify_mkdir(dir, dentry->d_name.name); |
1713 | security_inode_post_mkdir(dir,dentry, mode); | ||
1714 | } | ||
1715 | return error; | 1709 | return error; |
1716 | } | 1710 | } |
1717 | 1711 | ||
@@ -1947,10 +1941,8 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, i | |||
1947 | 1941 | ||
1948 | DQUOT_INIT(dir); | 1942 | DQUOT_INIT(dir); |
1949 | error = dir->i_op->symlink(dir, dentry, oldname); | 1943 | error = dir->i_op->symlink(dir, dentry, oldname); |
1950 | if (!error) { | 1944 | if (!error) |
1951 | fsnotify_create(dir, dentry->d_name.name); | 1945 | fsnotify_create(dir, dentry->d_name.name); |
1952 | security_inode_post_symlink(dir, dentry, oldname); | ||
1953 | } | ||
1954 | return error; | 1946 | return error; |
1955 | } | 1947 | } |
1956 | 1948 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index d4f3b7a94ea6..875225bf8986 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -275,12 +275,6 @@ struct swap_info_struct; | |||
275 | * @dentry contains the dentry structure for the file to be created. | 275 | * @dentry contains the dentry structure for the file to be created. |
276 | * @mode contains the file mode of the file to be created. | 276 | * @mode contains the file mode of the file to be created. |
277 | * Return 0 if permission is granted. | 277 | * Return 0 if permission is granted. |
278 | * @inode_post_create: | ||
279 | * Set the security attributes on a newly created regular file. This hook | ||
280 | * is called after a file has been successfully created. | ||
281 | * @dir contains the inode structure of the parent directory of the new file. | ||
282 | * @dentry contains the the dentry structure for the newly created file. | ||
283 | * @mode contains the file mode. | ||
284 | * @inode_link: | 278 | * @inode_link: |
285 | * Check permission before creating a new hard link to a file. | 279 | * Check permission before creating a new hard link to a file. |
286 | * @old_dentry contains the dentry structure for an existing link to the file. | 280 | * @old_dentry contains the dentry structure for an existing link to the file. |
@@ -303,13 +297,6 @@ struct swap_info_struct; | |||
303 | * @dentry contains the dentry structure of the symbolic link. | 297 | * @dentry contains the dentry structure of the symbolic link. |
304 | * @old_name contains the pathname of file. | 298 | * @old_name contains the pathname of file. |
305 | * Return 0 if permission is granted. | 299 | * Return 0 if permission is granted. |
306 | * @inode_post_symlink: | ||
307 | * @dir contains the inode structure of the parent directory of the new link. | ||
308 | * @dentry contains the dentry structure of new symbolic link. | ||
309 | * @old_name contains the pathname of file. | ||
310 | * Set security attributes for a newly created symbolic link. Note that | ||
311 | * @dentry->d_inode may be NULL, since the filesystem might not | ||
312 | * instantiate the dentry (e.g. NFS). | ||
313 | * @inode_mkdir: | 300 | * @inode_mkdir: |
314 | * Check permissions to create a new directory in the existing directory | 301 | * Check permissions to create a new directory in the existing directory |
315 | * associated with inode strcture @dir. | 302 | * associated with inode strcture @dir. |
@@ -317,11 +304,6 @@ struct swap_info_struct; | |||
317 | * @dentry contains the dentry structure of new directory. | 304 | * @dentry contains the dentry structure of new directory. |
318 | * @mode contains the mode of new directory. | 305 | * @mode contains the mode of new directory. |
319 | * Return 0 if permission is granted. | 306 | * Return 0 if permission is granted. |
320 | * @inode_post_mkdir: | ||
321 | * Set security attributes on a newly created directory. | ||
322 | * @dir contains the inode structure of parent of the directory to be created. | ||
323 | * @dentry contains the dentry structure of new directory. | ||
324 | * @mode contains the mode of new directory. | ||
325 | * @inode_rmdir: | 307 | * @inode_rmdir: |
326 | * Check the permission to remove a directory. | 308 | * Check the permission to remove a directory. |
327 | * @dir contains the inode structure of parent of the directory to be removed. | 309 | * @dir contains the inode structure of parent of the directory to be removed. |
@@ -337,13 +319,6 @@ struct swap_info_struct; | |||
337 | * @mode contains the mode of the new file. | 319 | * @mode contains the mode of the new file. |
338 | * @dev contains the the device number. | 320 | * @dev contains the the device number. |
339 | * Return 0 if permission is granted. | 321 | * Return 0 if permission is granted. |
340 | * @inode_post_mknod: | ||
341 | * Set security attributes on a newly created special file (or socket or | ||
342 | * fifo file created via the mknod system call). | ||
343 | * @dir contains the inode structure of parent of the new node. | ||
344 | * @dentry contains the dentry structure of the new node. | ||
345 | * @mode contains the mode of the new node. | ||
346 | * @dev contains the the device number. | ||
347 | * @inode_rename: | 322 | * @inode_rename: |
348 | * Check for permission to rename a file or directory. | 323 | * Check for permission to rename a file or directory. |
349 | * @old_dir contains the inode structure for parent of the old link. | 324 | * @old_dir contains the inode structure for parent of the old link. |
@@ -1103,8 +1078,6 @@ struct security_operations { | |||
1103 | char **name, void **value, size_t *len); | 1078 | char **name, void **value, size_t *len); |
1104 | int (*inode_create) (struct inode *dir, | 1079 | int (*inode_create) (struct inode *dir, |
1105 | struct dentry *dentry, int mode); | 1080 | struct dentry *dentry, int mode); |
1106 | void (*inode_post_create) (struct inode *dir, | ||
1107 | struct dentry *dentry, int mode); | ||
1108 | int (*inode_link) (struct dentry *old_dentry, | 1081 | int (*inode_link) (struct dentry *old_dentry, |
1109 | struct inode *dir, struct dentry *new_dentry); | 1082 | struct inode *dir, struct dentry *new_dentry); |
1110 | void (*inode_post_link) (struct dentry *old_dentry, | 1083 | void (*inode_post_link) (struct dentry *old_dentry, |
@@ -1112,17 +1085,10 @@ struct security_operations { | |||
1112 | int (*inode_unlink) (struct inode *dir, struct dentry *dentry); | 1085 | int (*inode_unlink) (struct inode *dir, struct dentry *dentry); |
1113 | int (*inode_symlink) (struct inode *dir, | 1086 | int (*inode_symlink) (struct inode *dir, |
1114 | struct dentry *dentry, const char *old_name); | 1087 | struct dentry *dentry, const char *old_name); |
1115 | void (*inode_post_symlink) (struct inode *dir, | ||
1116 | struct dentry *dentry, | ||
1117 | const char *old_name); | ||
1118 | int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); | 1088 | int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); |
1119 | void (*inode_post_mkdir) (struct inode *dir, struct dentry *dentry, | ||
1120 | int mode); | ||
1121 | int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); | 1089 | int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); |
1122 | int (*inode_mknod) (struct inode *dir, struct dentry *dentry, | 1090 | int (*inode_mknod) (struct inode *dir, struct dentry *dentry, |
1123 | int mode, dev_t dev); | 1091 | int mode, dev_t dev); |
1124 | void (*inode_post_mknod) (struct inode *dir, struct dentry *dentry, | ||
1125 | int mode, dev_t dev); | ||
1126 | int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, | 1092 | int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, |
1127 | struct inode *new_dir, struct dentry *new_dentry); | 1093 | struct inode *new_dir, struct dentry *new_dentry); |
1128 | void (*inode_post_rename) (struct inode *old_dir, | 1094 | void (*inode_post_rename) (struct inode *old_dir, |
@@ -1484,15 +1450,6 @@ static inline int security_inode_create (struct inode *dir, | |||
1484 | return security_ops->inode_create (dir, dentry, mode); | 1450 | return security_ops->inode_create (dir, dentry, mode); |
1485 | } | 1451 | } |
1486 | 1452 | ||
1487 | static inline void security_inode_post_create (struct inode *dir, | ||
1488 | struct dentry *dentry, | ||
1489 | int mode) | ||
1490 | { | ||
1491 | if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode))) | ||
1492 | return; | ||
1493 | security_ops->inode_post_create (dir, dentry, mode); | ||
1494 | } | ||
1495 | |||
1496 | static inline int security_inode_link (struct dentry *old_dentry, | 1453 | static inline int security_inode_link (struct dentry *old_dentry, |
1497 | struct inode *dir, | 1454 | struct inode *dir, |
1498 | struct dentry *new_dentry) | 1455 | struct dentry *new_dentry) |
@@ -1528,15 +1485,6 @@ static inline int security_inode_symlink (struct inode *dir, | |||
1528 | return security_ops->inode_symlink (dir, dentry, old_name); | 1485 | return security_ops->inode_symlink (dir, dentry, old_name); |
1529 | } | 1486 | } |
1530 | 1487 | ||
1531 | static inline void security_inode_post_symlink (struct inode *dir, | ||
1532 | struct dentry *dentry, | ||
1533 | const char *old_name) | ||
1534 | { | ||
1535 | if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode))) | ||
1536 | return; | ||
1537 | security_ops->inode_post_symlink (dir, dentry, old_name); | ||
1538 | } | ||
1539 | |||
1540 | static inline int security_inode_mkdir (struct inode *dir, | 1488 | static inline int security_inode_mkdir (struct inode *dir, |
1541 | struct dentry *dentry, | 1489 | struct dentry *dentry, |
1542 | int mode) | 1490 | int mode) |
@@ -1546,15 +1494,6 @@ static inline int security_inode_mkdir (struct inode *dir, | |||
1546 | return security_ops->inode_mkdir (dir, dentry, mode); | 1494 | return security_ops->inode_mkdir (dir, dentry, mode); |
1547 | } | 1495 | } |
1548 | 1496 | ||
1549 | static inline void security_inode_post_mkdir (struct inode *dir, | ||
1550 | struct dentry *dentry, | ||
1551 | int mode) | ||
1552 | { | ||
1553 | if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode))) | ||
1554 | return; | ||
1555 | security_ops->inode_post_mkdir (dir, dentry, mode); | ||
1556 | } | ||
1557 | |||
1558 | static inline int security_inode_rmdir (struct inode *dir, | 1497 | static inline int security_inode_rmdir (struct inode *dir, |
1559 | struct dentry *dentry) | 1498 | struct dentry *dentry) |
1560 | { | 1499 | { |
@@ -1572,15 +1511,6 @@ static inline int security_inode_mknod (struct inode *dir, | |||
1572 | return security_ops->inode_mknod (dir, dentry, mode, dev); | 1511 | return security_ops->inode_mknod (dir, dentry, mode, dev); |
1573 | } | 1512 | } |
1574 | 1513 | ||
1575 | static inline void security_inode_post_mknod (struct inode *dir, | ||
1576 | struct dentry *dentry, | ||
1577 | int mode, dev_t dev) | ||
1578 | { | ||
1579 | if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode))) | ||
1580 | return; | ||
1581 | security_ops->inode_post_mknod (dir, dentry, mode, dev); | ||
1582 | } | ||
1583 | |||
1584 | static inline int security_inode_rename (struct inode *old_dir, | 1514 | static inline int security_inode_rename (struct inode *old_dir, |
1585 | struct dentry *old_dentry, | 1515 | struct dentry *old_dentry, |
1586 | struct inode *new_dir, | 1516 | struct inode *new_dir, |
@@ -2220,11 +2150,6 @@ static inline int security_inode_create (struct inode *dir, | |||
2220 | return 0; | 2150 | return 0; |
2221 | } | 2151 | } |
2222 | 2152 | ||
2223 | static inline void security_inode_post_create (struct inode *dir, | ||
2224 | struct dentry *dentry, | ||
2225 | int mode) | ||
2226 | { } | ||
2227 | |||
2228 | static inline int security_inode_link (struct dentry *old_dentry, | 2153 | static inline int security_inode_link (struct dentry *old_dentry, |
2229 | struct inode *dir, | 2154 | struct inode *dir, |
2230 | struct dentry *new_dentry) | 2155 | struct dentry *new_dentry) |
@@ -2250,11 +2175,6 @@ static inline int security_inode_symlink (struct inode *dir, | |||
2250 | return 0; | 2175 | return 0; |
2251 | } | 2176 | } |
2252 | 2177 | ||
2253 | static inline void security_inode_post_symlink (struct inode *dir, | ||
2254 | struct dentry *dentry, | ||
2255 | const char *old_name) | ||
2256 | { } | ||
2257 | |||
2258 | static inline int security_inode_mkdir (struct inode *dir, | 2178 | static inline int security_inode_mkdir (struct inode *dir, |
2259 | struct dentry *dentry, | 2179 | struct dentry *dentry, |
2260 | int mode) | 2180 | int mode) |
@@ -2262,11 +2182,6 @@ static inline int security_inode_mkdir (struct inode *dir, | |||
2262 | return 0; | 2182 | return 0; |
2263 | } | 2183 | } |
2264 | 2184 | ||
2265 | static inline void security_inode_post_mkdir (struct inode *dir, | ||
2266 | struct dentry *dentry, | ||
2267 | int mode) | ||
2268 | { } | ||
2269 | |||
2270 | static inline int security_inode_rmdir (struct inode *dir, | 2185 | static inline int security_inode_rmdir (struct inode *dir, |
2271 | struct dentry *dentry) | 2186 | struct dentry *dentry) |
2272 | { | 2187 | { |
@@ -2280,11 +2195,6 @@ static inline int security_inode_mknod (struct inode *dir, | |||
2280 | return 0; | 2195 | return 0; |
2281 | } | 2196 | } |
2282 | 2197 | ||
2283 | static inline void security_inode_post_mknod (struct inode *dir, | ||
2284 | struct dentry *dentry, | ||
2285 | int mode, dev_t dev) | ||
2286 | { } | ||
2287 | |||
2288 | static inline int security_inode_rename (struct inode *old_dir, | 2198 | static inline int security_inode_rename (struct inode *old_dir, |
2289 | struct dentry *old_dentry, | 2199 | struct dentry *old_dentry, |
2290 | struct inode *new_dir, | 2200 | struct inode *new_dir, |
diff --git a/security/dummy.c b/security/dummy.c index e8a00fa80469..5083314e14b1 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -270,12 +270,6 @@ static int dummy_inode_create (struct inode *inode, struct dentry *dentry, | |||
270 | return 0; | 270 | return 0; |
271 | } | 271 | } |
272 | 272 | ||
273 | static void dummy_inode_post_create (struct inode *inode, struct dentry *dentry, | ||
274 | int mask) | ||
275 | { | ||
276 | return; | ||
277 | } | ||
278 | |||
279 | static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, | 273 | static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, |
280 | struct dentry *new_dentry) | 274 | struct dentry *new_dentry) |
281 | { | 275 | { |
@@ -300,24 +294,12 @@ static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry, | |||
300 | return 0; | 294 | return 0; |
301 | } | 295 | } |
302 | 296 | ||
303 | static void dummy_inode_post_symlink (struct inode *inode, | ||
304 | struct dentry *dentry, const char *name) | ||
305 | { | ||
306 | return; | ||
307 | } | ||
308 | |||
309 | static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry, | 297 | static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry, |
310 | int mask) | 298 | int mask) |
311 | { | 299 | { |
312 | return 0; | 300 | return 0; |
313 | } | 301 | } |
314 | 302 | ||
315 | static void dummy_inode_post_mkdir (struct inode *inode, struct dentry *dentry, | ||
316 | int mask) | ||
317 | { | ||
318 | return; | ||
319 | } | ||
320 | |||
321 | static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry) | 303 | static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry) |
322 | { | 304 | { |
323 | return 0; | 305 | return 0; |
@@ -329,12 +311,6 @@ static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry, | |||
329 | return 0; | 311 | return 0; |
330 | } | 312 | } |
331 | 313 | ||
332 | static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry, | ||
333 | int mode, dev_t dev) | ||
334 | { | ||
335 | return; | ||
336 | } | ||
337 | |||
338 | static int dummy_inode_rename (struct inode *old_inode, | 314 | static int dummy_inode_rename (struct inode *old_inode, |
339 | struct dentry *old_dentry, | 315 | struct dentry *old_dentry, |
340 | struct inode *new_inode, | 316 | struct inode *new_inode, |
@@ -894,17 +870,13 @@ void security_fixup_ops (struct security_operations *ops) | |||
894 | set_to_dummy_if_null(ops, inode_free_security); | 870 | set_to_dummy_if_null(ops, inode_free_security); |
895 | set_to_dummy_if_null(ops, inode_init_security); | 871 | set_to_dummy_if_null(ops, inode_init_security); |
896 | set_to_dummy_if_null(ops, inode_create); | 872 | set_to_dummy_if_null(ops, inode_create); |
897 | set_to_dummy_if_null(ops, inode_post_create); | ||
898 | set_to_dummy_if_null(ops, inode_link); | 873 | set_to_dummy_if_null(ops, inode_link); |
899 | set_to_dummy_if_null(ops, inode_post_link); | 874 | set_to_dummy_if_null(ops, inode_post_link); |
900 | set_to_dummy_if_null(ops, inode_unlink); | 875 | set_to_dummy_if_null(ops, inode_unlink); |
901 | set_to_dummy_if_null(ops, inode_symlink); | 876 | set_to_dummy_if_null(ops, inode_symlink); |
902 | set_to_dummy_if_null(ops, inode_post_symlink); | ||
903 | set_to_dummy_if_null(ops, inode_mkdir); | 877 | set_to_dummy_if_null(ops, inode_mkdir); |
904 | set_to_dummy_if_null(ops, inode_post_mkdir); | ||
905 | set_to_dummy_if_null(ops, inode_rmdir); | 878 | set_to_dummy_if_null(ops, inode_rmdir); |
906 | set_to_dummy_if_null(ops, inode_mknod); | 879 | set_to_dummy_if_null(ops, inode_mknod); |
907 | set_to_dummy_if_null(ops, inode_post_mknod); | ||
908 | set_to_dummy_if_null(ops, inode_rename); | 880 | set_to_dummy_if_null(ops, inode_rename); |
909 | set_to_dummy_if_null(ops, inode_post_rename); | 881 | set_to_dummy_if_null(ops, inode_post_rename); |
910 | set_to_dummy_if_null(ops, inode_readlink); | 882 | set_to_dummy_if_null(ops, inode_readlink); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 265f33d3af9b..c9c20828be79 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1265,91 +1265,6 @@ static int inode_security_set_sid(struct inode *inode, u32 sid) | |||
1265 | return 0; | 1265 | return 0; |
1266 | } | 1266 | } |
1267 | 1267 | ||
1268 | /* Set the security attributes on a newly created file. */ | ||
1269 | static int post_create(struct inode *dir, | ||
1270 | struct dentry *dentry) | ||
1271 | { | ||
1272 | |||
1273 | struct task_security_struct *tsec; | ||
1274 | struct inode *inode; | ||
1275 | struct inode_security_struct *dsec; | ||
1276 | struct superblock_security_struct *sbsec; | ||
1277 | struct inode_security_struct *isec; | ||
1278 | u32 newsid; | ||
1279 | char *context; | ||
1280 | unsigned int len; | ||
1281 | int rc; | ||
1282 | |||
1283 | tsec = current->security; | ||
1284 | dsec = dir->i_security; | ||
1285 | sbsec = dir->i_sb->s_security; | ||
1286 | |||
1287 | inode = dentry->d_inode; | ||
1288 | if (!inode) { | ||
1289 | /* Some file system types (e.g. NFS) may not instantiate | ||
1290 | a dentry for all create operations (e.g. symlink), | ||
1291 | so we have to check to see if the inode is non-NULL. */ | ||
1292 | printk(KERN_WARNING "post_create: no inode, dir (dev=%s, " | ||
1293 | "ino=%ld)\n", dir->i_sb->s_id, dir->i_ino); | ||
1294 | return 0; | ||
1295 | } | ||
1296 | |||
1297 | isec = inode->i_security; | ||
1298 | |||
1299 | if (isec->security_attr_init) | ||
1300 | return 0; | ||
1301 | |||
1302 | if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { | ||
1303 | newsid = tsec->create_sid; | ||
1304 | } else { | ||
1305 | rc = security_transition_sid(tsec->sid, dsec->sid, | ||
1306 | inode_mode_to_security_class(inode->i_mode), | ||
1307 | &newsid); | ||
1308 | if (rc) { | ||
1309 | printk(KERN_WARNING "post_create: " | ||
1310 | "security_transition_sid failed, rc=%d (dev=%s " | ||
1311 | "ino=%ld)\n", | ||
1312 | -rc, inode->i_sb->s_id, inode->i_ino); | ||
1313 | return rc; | ||
1314 | } | ||
1315 | } | ||
1316 | |||
1317 | rc = inode_security_set_sid(inode, newsid); | ||
1318 | if (rc) { | ||
1319 | printk(KERN_WARNING "post_create: inode_security_set_sid " | ||
1320 | "failed, rc=%d (dev=%s ino=%ld)\n", | ||
1321 | -rc, inode->i_sb->s_id, inode->i_ino); | ||
1322 | return rc; | ||
1323 | } | ||
1324 | |||
1325 | if (sbsec->behavior == SECURITY_FS_USE_XATTR && | ||
1326 | inode->i_op->setxattr) { | ||
1327 | /* Use extended attributes. */ | ||
1328 | rc = security_sid_to_context(newsid, &context, &len); | ||
1329 | if (rc) { | ||
1330 | printk(KERN_WARNING "post_create: sid_to_context " | ||
1331 | "failed, rc=%d (dev=%s ino=%ld)\n", | ||
1332 | -rc, inode->i_sb->s_id, inode->i_ino); | ||
1333 | return rc; | ||
1334 | } | ||
1335 | down(&inode->i_sem); | ||
1336 | rc = inode->i_op->setxattr(dentry, | ||
1337 | XATTR_NAME_SELINUX, | ||
1338 | context, len, 0); | ||
1339 | up(&inode->i_sem); | ||
1340 | kfree(context); | ||
1341 | if (rc < 0) { | ||
1342 | printk(KERN_WARNING "post_create: setxattr failed, " | ||
1343 | "rc=%d (dev=%s ino=%ld)\n", | ||
1344 | -rc, inode->i_sb->s_id, inode->i_ino); | ||
1345 | return rc; | ||
1346 | } | ||
1347 | } | ||
1348 | |||
1349 | return 0; | ||
1350 | } | ||
1351 | |||
1352 | |||
1353 | /* Hook functions begin here. */ | 1268 | /* Hook functions begin here. */ |
1354 | 1269 | ||
1355 | static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) | 1270 | static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) |
@@ -2076,8 +1991,6 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2076 | *len = clen; | 1991 | *len = clen; |
2077 | } | 1992 | } |
2078 | 1993 | ||
2079 | isec->security_attr_init = 1; | ||
2080 | |||
2081 | return 0; | 1994 | return 0; |
2082 | } | 1995 | } |
2083 | 1996 | ||
@@ -2086,11 +1999,6 @@ static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int ma | |||
2086 | return may_create(dir, dentry, SECCLASS_FILE); | 1999 | return may_create(dir, dentry, SECCLASS_FILE); |
2087 | } | 2000 | } |
2088 | 2001 | ||
2089 | static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask) | ||
2090 | { | ||
2091 | post_create(dir, dentry); | ||
2092 | } | ||
2093 | |||
2094 | static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) | 2002 | static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) |
2095 | { | 2003 | { |
2096 | int rc; | 2004 | int rc; |
@@ -2121,21 +2029,11 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const | |||
2121 | return may_create(dir, dentry, SECCLASS_LNK_FILE); | 2029 | return may_create(dir, dentry, SECCLASS_LNK_FILE); |
2122 | } | 2030 | } |
2123 | 2031 | ||
2124 | static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name) | ||
2125 | { | ||
2126 | post_create(dir, dentry); | ||
2127 | } | ||
2128 | |||
2129 | static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) | 2032 | static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) |
2130 | { | 2033 | { |
2131 | return may_create(dir, dentry, SECCLASS_DIR); | 2034 | return may_create(dir, dentry, SECCLASS_DIR); |
2132 | } | 2035 | } |
2133 | 2036 | ||
2134 | static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask) | ||
2135 | { | ||
2136 | post_create(dir, dentry); | ||
2137 | } | ||
2138 | |||
2139 | static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) | 2037 | static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) |
2140 | { | 2038 | { |
2141 | return may_link(dir, dentry, MAY_RMDIR); | 2039 | return may_link(dir, dentry, MAY_RMDIR); |
@@ -2152,11 +2050,6 @@ static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mod | |||
2152 | return may_create(dir, dentry, inode_mode_to_security_class(mode)); | 2050 | return may_create(dir, dentry, inode_mode_to_security_class(mode)); |
2153 | } | 2051 | } |
2154 | 2052 | ||
2155 | static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | ||
2156 | { | ||
2157 | post_create(dir, dentry); | ||
2158 | } | ||
2159 | |||
2160 | static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, | 2053 | static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, |
2161 | struct inode *new_inode, struct dentry *new_dentry) | 2054 | struct inode *new_inode, struct dentry *new_dentry) |
2162 | { | 2055 | { |
@@ -4363,17 +4256,13 @@ static struct security_operations selinux_ops = { | |||
4363 | .inode_free_security = selinux_inode_free_security, | 4256 | .inode_free_security = selinux_inode_free_security, |
4364 | .inode_init_security = selinux_inode_init_security, | 4257 | .inode_init_security = selinux_inode_init_security, |
4365 | .inode_create = selinux_inode_create, | 4258 | .inode_create = selinux_inode_create, |
4366 | .inode_post_create = selinux_inode_post_create, | ||
4367 | .inode_link = selinux_inode_link, | 4259 | .inode_link = selinux_inode_link, |
4368 | .inode_post_link = selinux_inode_post_link, | 4260 | .inode_post_link = selinux_inode_post_link, |
4369 | .inode_unlink = selinux_inode_unlink, | 4261 | .inode_unlink = selinux_inode_unlink, |
4370 | .inode_symlink = selinux_inode_symlink, | 4262 | .inode_symlink = selinux_inode_symlink, |
4371 | .inode_post_symlink = selinux_inode_post_symlink, | ||
4372 | .inode_mkdir = selinux_inode_mkdir, | 4263 | .inode_mkdir = selinux_inode_mkdir, |
4373 | .inode_post_mkdir = selinux_inode_post_mkdir, | ||
4374 | .inode_rmdir = selinux_inode_rmdir, | 4264 | .inode_rmdir = selinux_inode_rmdir, |
4375 | .inode_mknod = selinux_inode_mknod, | 4265 | .inode_mknod = selinux_inode_mknod, |
4376 | .inode_post_mknod = selinux_inode_post_mknod, | ||
4377 | .inode_rename = selinux_inode_rename, | 4266 | .inode_rename = selinux_inode_rename, |
4378 | .inode_post_rename = selinux_inode_post_rename, | 4267 | .inode_post_rename = selinux_inode_post_rename, |
4379 | .inode_readlink = selinux_inode_readlink, | 4268 | .inode_readlink = selinux_inode_readlink, |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index c515bc0b58a1..887937c8134a 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -46,7 +46,6 @@ struct inode_security_struct { | |||
46 | unsigned char initialized; /* initialization flag */ | 46 | unsigned char initialized; /* initialization flag */ |
47 | struct semaphore sem; | 47 | struct semaphore sem; |
48 | unsigned char inherit; /* inherit SID from parent entry */ | 48 | unsigned char inherit; /* inherit SID from parent entry */ |
49 | unsigned char security_attr_init; /* security attributes init flag */ | ||
50 | }; | 49 | }; |
51 | 50 | ||
52 | struct file_security_struct { | 51 | struct file_security_struct { |