aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-06-13 18:37:55 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2013-06-29 04:57:14 -0400
commit13f8e9810bff12d01807b6f92329111f45218235 (patch)
treeace67a6d8e243b83226663f23b7f68eaad1fb521
parentc77cecee52e9b599da1f8ffd9170d4374c99a345 (diff)
SELinux: Institute file_path_has_perm()
Create a file_path_has_perm() function that is like path_has_perm() but instead takes a file struct that is the source of both the path and the inode (rather than getting the inode from the dentry in the path). This is then used where appropriate. This will be useful for situations like unionmount where it will be possible to have an apparently-negative dentry (eg. a fallthrough) that is open with the file struct pointing to an inode on the lower fs. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--security/selinux/hooks.c24
1 files changed, 18 insertions, 6 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5c6f2cd2d095..db1fca990a24 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1547,6 +1547,18 @@ static inline int path_has_perm(const struct cred *cred,
1547 return inode_has_perm(cred, inode, av, &ad, 0); 1547 return inode_has_perm(cred, inode, av, &ad, 0);
1548} 1548}
1549 1549
1550/* Same as path_has_perm, but uses the inode from the file struct. */
1551static inline int file_path_has_perm(const struct cred *cred,
1552 struct file *file,
1553 u32 av)
1554{
1555 struct common_audit_data ad;
1556
1557 ad.type = LSM_AUDIT_DATA_PATH;
1558 ad.u.path = file->f_path;
1559 return inode_has_perm(cred, file_inode(file), av, &ad, 0);
1560}
1561
1550/* Check whether a task can use an open file descriptor to 1562/* Check whether a task can use an open file descriptor to
1551 access an inode in a given way. Check access to the 1563 access an inode in a given way. Check access to the
1552 descriptor itself, and then use dentry_has_perm to 1564 descriptor itself, and then use dentry_has_perm to
@@ -2141,14 +2153,14 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2141 struct tty_file_private *file_priv; 2153 struct tty_file_private *file_priv;
2142 2154
2143 /* Revalidate access to controlling tty. 2155 /* Revalidate access to controlling tty.
2144 Use path_has_perm on the tty path directly rather 2156 Use file_path_has_perm on the tty path directly
2145 than using file_has_perm, as this particular open 2157 rather than using file_has_perm, as this particular
2146 file may belong to another process and we are only 2158 open file may belong to another process and we are
2147 interested in the inode-based check here. */ 2159 only interested in the inode-based check here. */
2148 file_priv = list_first_entry(&tty->tty_files, 2160 file_priv = list_first_entry(&tty->tty_files,
2149 struct tty_file_private, list); 2161 struct tty_file_private, list);
2150 file = file_priv->file; 2162 file = file_priv->file;
2151 if (path_has_perm(cred, &file->f_path, FILE__READ | FILE__WRITE)) 2163 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2152 drop_tty = 1; 2164 drop_tty = 1;
2153 } 2165 }
2154 spin_unlock(&tty_files_lock); 2166 spin_unlock(&tty_files_lock);
@@ -3259,7 +3271,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
3259 * new inode label or new policy. 3271 * new inode label or new policy.
3260 * This check is not redundant - do not remove. 3272 * This check is not redundant - do not remove.
3261 */ 3273 */
3262 return path_has_perm(cred, &file->f_path, open_file_to_av(file)); 3274 return file_path_has_perm(cred, file, open_file_to_av(file));
3263} 3275}
3264 3276
3265/* task security operations */ 3277/* task security operations */