aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@suse.cz>2014-04-01 11:08:43 -0400
committerMiklos Szeredi <mszeredi@suse.cz>2014-04-01 11:08:43 -0400
commit0b3974eb04c4874e85fa1d4fc70450d12f28611d (patch)
tree146a9237225aca523fc09c954a8221fd3f080d9a
parent0a7c3937a1f23f8cb5fc77ae01661e9968a51d0c (diff)
security: add flags to rename hooks
Add flags to security_path_rename() and security_inode_rename() hooks. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Reviewed-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r--fs/cachefiles/namei.c2
-rw-r--r--fs/namei.c5
-rw-r--r--include/linux/security.h12
-rw-r--r--security/security.c6
4 files changed, 16 insertions, 9 deletions
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index 31088a969351..6494d9f673aa 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -391,7 +391,7 @@ try_again:
391 path.dentry = dir; 391 path.dentry = dir;
392 path_to_graveyard.mnt = cache->mnt; 392 path_to_graveyard.mnt = cache->mnt;
393 path_to_graveyard.dentry = cache->graveyard; 393 path_to_graveyard.dentry = cache->graveyard;
394 ret = security_path_rename(&path, rep, &path_to_graveyard, grave); 394 ret = security_path_rename(&path, rep, &path_to_graveyard, grave, 0);
395 if (ret < 0) { 395 if (ret < 0) {
396 cachefiles_io_error(cache, "Rename security error %d", ret); 396 cachefiles_io_error(cache, "Rename security error %d", ret);
397 } else { 397 } else {
diff --git a/fs/namei.c b/fs/namei.c
index 0e9d186b7f77..4096d589bb3f 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4062,7 +4062,8 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
4062 return error; 4062 return error;
4063 } 4063 }
4064 4064
4065 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); 4065 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry,
4066 flags);
4066 if (error) 4067 if (error)
4067 return error; 4068 return error;
4068 4069
@@ -4217,7 +4218,7 @@ retry_deleg:
4217 goto exit5; 4218 goto exit5;
4218 4219
4219 error = security_path_rename(&oldnd.path, old_dentry, 4220 error = security_path_rename(&oldnd.path, old_dentry,
4220 &newnd.path, new_dentry); 4221 &newnd.path, new_dentry, flags);
4221 if (error) 4222 if (error)
4222 goto exit5; 4223 goto exit5;
4223 error = vfs_rename(old_dir->d_inode, old_dentry, 4224 error = vfs_rename(old_dir->d_inode, old_dentry,
diff --git a/include/linux/security.h b/include/linux/security.h
index 2fc42d191f79..6478ce3252c7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1793,7 +1793,8 @@ int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1793int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 1793int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1794int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 1794int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
1795int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 1795int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1796 struct inode *new_dir, struct dentry *new_dentry); 1796 struct inode *new_dir, struct dentry *new_dentry,
1797 unsigned int flags);
1797int security_inode_readlink(struct dentry *dentry); 1798int security_inode_readlink(struct dentry *dentry);
1798int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); 1799int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1799int security_inode_permission(struct inode *inode, int mask); 1800int security_inode_permission(struct inode *inode, int mask);
@@ -2161,7 +2162,8 @@ static inline int security_inode_mknod(struct inode *dir,
2161static inline int security_inode_rename(struct inode *old_dir, 2162static inline int security_inode_rename(struct inode *old_dir,
2162 struct dentry *old_dentry, 2163 struct dentry *old_dentry,
2163 struct inode *new_dir, 2164 struct inode *new_dir,
2164 struct dentry *new_dentry) 2165 struct dentry *new_dentry,
2166 unsigned int flags)
2165{ 2167{
2166 return 0; 2168 return 0;
2167} 2169}
@@ -2955,7 +2957,8 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
2955int security_path_link(struct dentry *old_dentry, struct path *new_dir, 2957int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2956 struct dentry *new_dentry); 2958 struct dentry *new_dentry);
2957int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 2959int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2958 struct path *new_dir, struct dentry *new_dentry); 2960 struct path *new_dir, struct dentry *new_dentry,
2961 unsigned int flags);
2959int security_path_chmod(struct path *path, umode_t mode); 2962int security_path_chmod(struct path *path, umode_t mode);
2960int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); 2963int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
2961int security_path_chroot(struct path *path); 2964int security_path_chroot(struct path *path);
@@ -3003,7 +3006,8 @@ static inline int security_path_link(struct dentry *old_dentry,
3003static inline int security_path_rename(struct path *old_dir, 3006static inline int security_path_rename(struct path *old_dir,
3004 struct dentry *old_dentry, 3007 struct dentry *old_dentry,
3005 struct path *new_dir, 3008 struct path *new_dir,
3006 struct dentry *new_dentry) 3009 struct dentry *new_dentry,
3010 unsigned int flags)
3007{ 3011{
3008 return 0; 3012 return 0;
3009} 3013}
diff --git a/security/security.c b/security/security.c
index 919cad93ac82..284fbc99aa9d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -433,7 +433,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
433} 433}
434 434
435int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 435int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
436 struct path *new_dir, struct dentry *new_dentry) 436 struct path *new_dir, struct dentry *new_dentry,
437 unsigned int flags)
437{ 438{
438 if (unlikely(IS_PRIVATE(old_dentry->d_inode) || 439 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
439 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) 440 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
@@ -524,7 +525,8 @@ int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
524} 525}
525 526
526int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 527int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
527 struct inode *new_dir, struct dentry *new_dentry) 528 struct inode *new_dir, struct dentry *new_dentry,
529 unsigned int flags)
528{ 530{
529 if (unlikely(IS_PRIVATE(old_dentry->d_inode) || 531 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
530 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) 532 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))