SELinux: introduce path_has_perm

We currently have inode_has_perm and dentry_has_perm. dentry_has_perm just calls inode_has_perm with additional audit data. But dentry_has_perm can take either a dentry or a path. Split those to make the code obvious and to fix the previous problem where I thought dentry_has_perm always had a valid dentry and mnt. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2011-04-28 16:04:24 -0400
committer: Eric Paris <eparis@redhat.com> 2011-04-28 16:09:59 -0400
commit: 2875fa00830be62431f5ac22d8f85d57f9fa3033 (patch)
tree: 541fdb15e39711fb1ad901223d823421c7b77526
parent: a8d05c81fb238bbb18878ccfae7599ca79448dd3 (diff)
1 files changed, 30 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a6dd2bed8d7b..9f426b8a12b5 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1499,16 +1499,29 @@ static int inode_has_perm(const struct cred *cred,
   the dentry to help the auditing code to more easily generate the
   pathname if needed. */
 static inline int dentry_has_perm(const struct cred *cred,
-                                  struct vfsmount *mnt,
                                  struct dentry *dentry,
                                  u32 av)
 {
        struct inode *inode = dentry->d_inode;
        struct common_audit_data ad;
+        COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
+        ad.u.dentry = dentry;
+        return inode_has_perm(cred, inode, av, &ad, 0);
+}
+/* Same as inode_has_perm, but pass explicit audit data containing
+   the path to help the auditing code to more easily generate the
+   pathname if needed. */
+static inline int path_has_perm(const struct cred *cred,
+                                struct path *path,
+                                u32 av)
+{
+        struct inode *inode = path->dentry->d_inode;
+        struct common_audit_data ad;
        COMMON_AUDIT_DATA_INIT(&ad, PATH);
-        ad.u.path.mnt = mnt;
+        ad.u.path = *path;
-        ad.u.path.dentry = dentry;
        return inode_has_perm(cred, inode, av, &ad, 0);
 }
@@ -1896,7 +1909,7 @@ static int selinux_quota_on(struct dentry *dentry)
 {
        const struct cred *cred = current_cred();
-        return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
+        return dentry_has_perm(cred, dentry, FILE__QUOTAON);
 }
 static int selinux_syslog(int type)
@@ -2496,8 +2509,7 @@ static int selinux_mount(char *dev_name,
                return superblock_has_perm(cred, path->mnt->mnt_sb,
                                           FILESYSTEM__REMOUNT, NULL);
        else
-                return dentry_has_perm(cred, path->mnt, path->dentry,
+                return path_has_perm(cred, path, FILE__MOUNTON);
-                                       FILE__MOUNTON);
 }
 static int selinux_umount(struct vfsmount *mnt, int flags)
@@ -2630,14 +2642,14 @@ static int selinux_inode_readlink(struct dentry *dentry)
 {
        const struct cred *cred = current_cred();
-        return dentry_has_perm(cred, NULL, dentry, FILE__READ);
+        return dentry_has_perm(cred, dentry, FILE__READ);
 }
 static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
 {
        const struct cred *cred = current_cred();
-        return dentry_has_perm(cred, NULL, dentry, FILE__READ);
+        return dentry_has_perm(cred, dentry, FILE__READ);
 }
 static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags)
@@ -2680,16 +2692,20 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
        if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
                        ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
-                return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
+                return dentry_has_perm(cred, dentry, FILE__SETATTR);
-        return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
+        return dentry_has_perm(cred, dentry, FILE__WRITE);
 }
 static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 {
        const struct cred *cred = current_cred();
+        struct path path;
+        path.dentry = dentry;
+        path.mnt = mnt;
-        return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
+        return path_has_perm(cred, &path, FILE__GETATTR);
 }
 static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
@@ -2710,7 +2726,7 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
        /* Not an attribute we recognize, so just check the
           ordinary setattr permission. */
-        return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
+        return dentry_has_perm(cred, dentry, FILE__SETATTR);
 }
 static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
@@ -2797,14 +2813,14 @@ static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
 {
        const struct cred *cred = current_cred();
-        return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
+        return dentry_has_perm(cred, dentry, FILE__GETATTR);
 }
 static int selinux_inode_listxattr(struct dentry *dentry)
 {
        const struct cred *cred = current_cred();
-        return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
+        return dentry_has_perm(cred, dentry, FILE__GETATTR);
 }
 static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
author	Eric Paris <eparis@redhat.com>	2011-04-28 16:04:24 -0400
committer	Eric Paris <eparis@redhat.com>	2011-04-28 16:09:59 -0400
commit	2875fa00830be62431f5ac22d8f85d57f9fa3033 (patch)
tree	541fdb15e39711fb1ad901223d823421c7b77526
parent	a8d05c81fb238bbb18878ccfae7599ca79448dd3 (diff)