diff options
author | Miklos Szeredi <mszeredi@suse.cz> | 2014-04-01 11:08:43 -0400 |
---|---|---|
committer | Miklos Szeredi <mszeredi@suse.cz> | 2014-04-01 11:08:43 -0400 |
commit | 0b3974eb04c4874e85fa1d4fc70450d12f28611d (patch) | |
tree | 146a9237225aca523fc09c954a8221fd3f080d9a | |
parent | 0a7c3937a1f23f8cb5fc77ae01661e9968a51d0c (diff) |
security: add flags to rename hooks
Add flags to security_path_rename() and security_inode_rename() hooks.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r-- | fs/cachefiles/namei.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 5 | ||||
-rw-r--r-- | include/linux/security.h | 12 | ||||
-rw-r--r-- | security/security.c | 6 |
4 files changed, 16 insertions, 9 deletions
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c index 31088a969351..6494d9f673aa 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c | |||
@@ -391,7 +391,7 @@ try_again: | |||
391 | path.dentry = dir; | 391 | path.dentry = dir; |
392 | path_to_graveyard.mnt = cache->mnt; | 392 | path_to_graveyard.mnt = cache->mnt; |
393 | path_to_graveyard.dentry = cache->graveyard; | 393 | path_to_graveyard.dentry = cache->graveyard; |
394 | ret = security_path_rename(&path, rep, &path_to_graveyard, grave); | 394 | ret = security_path_rename(&path, rep, &path_to_graveyard, grave, 0); |
395 | if (ret < 0) { | 395 | if (ret < 0) { |
396 | cachefiles_io_error(cache, "Rename security error %d", ret); | 396 | cachefiles_io_error(cache, "Rename security error %d", ret); |
397 | } else { | 397 | } else { |
diff --git a/fs/namei.c b/fs/namei.c index 0e9d186b7f77..4096d589bb3f 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -4062,7 +4062,8 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
4062 | return error; | 4062 | return error; |
4063 | } | 4063 | } |
4064 | 4064 | ||
4065 | error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); | 4065 | error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry, |
4066 | flags); | ||
4066 | if (error) | 4067 | if (error) |
4067 | return error; | 4068 | return error; |
4068 | 4069 | ||
@@ -4217,7 +4218,7 @@ retry_deleg: | |||
4217 | goto exit5; | 4218 | goto exit5; |
4218 | 4219 | ||
4219 | error = security_path_rename(&oldnd.path, old_dentry, | 4220 | error = security_path_rename(&oldnd.path, old_dentry, |
4220 | &newnd.path, new_dentry); | 4221 | &newnd.path, new_dentry, flags); |
4221 | if (error) | 4222 | if (error) |
4222 | goto exit5; | 4223 | goto exit5; |
4223 | error = vfs_rename(old_dir->d_inode, old_dentry, | 4224 | error = vfs_rename(old_dir->d_inode, old_dentry, |
diff --git a/include/linux/security.h b/include/linux/security.h index 2fc42d191f79..6478ce3252c7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1793,7 +1793,8 @@ int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) | |||
1793 | int security_inode_rmdir(struct inode *dir, struct dentry *dentry); | 1793 | int security_inode_rmdir(struct inode *dir, struct dentry *dentry); |
1794 | int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); | 1794 | int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); |
1795 | int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | 1795 | int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, |
1796 | struct inode *new_dir, struct dentry *new_dentry); | 1796 | struct inode *new_dir, struct dentry *new_dentry, |
1797 | unsigned int flags); | ||
1797 | int security_inode_readlink(struct dentry *dentry); | 1798 | int security_inode_readlink(struct dentry *dentry); |
1798 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | 1799 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); |
1799 | int security_inode_permission(struct inode *inode, int mask); | 1800 | int security_inode_permission(struct inode *inode, int mask); |
@@ -2161,7 +2162,8 @@ static inline int security_inode_mknod(struct inode *dir, | |||
2161 | static inline int security_inode_rename(struct inode *old_dir, | 2162 | static inline int security_inode_rename(struct inode *old_dir, |
2162 | struct dentry *old_dentry, | 2163 | struct dentry *old_dentry, |
2163 | struct inode *new_dir, | 2164 | struct inode *new_dir, |
2164 | struct dentry *new_dentry) | 2165 | struct dentry *new_dentry, |
2166 | unsigned int flags) | ||
2165 | { | 2167 | { |
2166 | return 0; | 2168 | return 0; |
2167 | } | 2169 | } |
@@ -2955,7 +2957,8 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, | |||
2955 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, | 2957 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, |
2956 | struct dentry *new_dentry); | 2958 | struct dentry *new_dentry); |
2957 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 2959 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, |
2958 | struct path *new_dir, struct dentry *new_dentry); | 2960 | struct path *new_dir, struct dentry *new_dentry, |
2961 | unsigned int flags); | ||
2959 | int security_path_chmod(struct path *path, umode_t mode); | 2962 | int security_path_chmod(struct path *path, umode_t mode); |
2960 | int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); | 2963 | int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); |
2961 | int security_path_chroot(struct path *path); | 2964 | int security_path_chroot(struct path *path); |
@@ -3003,7 +3006,8 @@ static inline int security_path_link(struct dentry *old_dentry, | |||
3003 | static inline int security_path_rename(struct path *old_dir, | 3006 | static inline int security_path_rename(struct path *old_dir, |
3004 | struct dentry *old_dentry, | 3007 | struct dentry *old_dentry, |
3005 | struct path *new_dir, | 3008 | struct path *new_dir, |
3006 | struct dentry *new_dentry) | 3009 | struct dentry *new_dentry, |
3010 | unsigned int flags) | ||
3007 | { | 3011 | { |
3008 | return 0; | 3012 | return 0; |
3009 | } | 3013 | } |
diff --git a/security/security.c b/security/security.c index 919cad93ac82..284fbc99aa9d 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -433,7 +433,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
433 | } | 433 | } |
434 | 434 | ||
435 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 435 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, |
436 | struct path *new_dir, struct dentry *new_dentry) | 436 | struct path *new_dir, struct dentry *new_dentry, |
437 | unsigned int flags) | ||
437 | { | 438 | { |
438 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || | 439 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || |
439 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) | 440 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) |
@@ -524,7 +525,8 @@ int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, | |||
524 | } | 525 | } |
525 | 526 | ||
526 | int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | 527 | int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, |
527 | struct inode *new_dir, struct dentry *new_dentry) | 528 | struct inode *new_dir, struct dentry *new_dentry, |
529 | unsigned int flags) | ||
528 | { | 530 | { |
529 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || | 531 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || |
530 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) | 532 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) |