diff options
| author | David Howells <dhowells@redhat.com> | 2015-01-29 07:02:31 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2015-02-22 11:38:39 -0500 |
| commit | 7ac2856d99e8038d356767c81ef7f2e85d366441 (patch) | |
| tree | f56b9d59ecbeeb69da6d4d7c2aeaa1cd7418b988 | |
| parent | 44bdb5e5f6382ba88f7678d6f535f879324522ae (diff) | |
Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb
mediated_filesystem() should use dentry->d_sb not dentry->d_inode->i_sb and
should avoid file_inode() also since it is really dealing with the path.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | security/apparmor/include/apparmor.h | 4 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 20 |
2 files changed, 12 insertions, 12 deletions
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 97130f88838b..e4ea62663866 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h | |||
| @@ -112,9 +112,9 @@ static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa, | |||
| 112 | return aa_dfa_next(dfa, start, 0); | 112 | return aa_dfa_next(dfa, start, 0); |
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | static inline bool mediated_filesystem(struct inode *inode) | 115 | static inline bool mediated_filesystem(struct dentry *dentry) |
| 116 | { | 116 | { |
| 117 | return !(inode->i_sb->s_flags & MS_NOUSER); | 117 | return !(dentry->d_sb->s_flags & MS_NOUSER); |
| 118 | } | 118 | } |
| 119 | 119 | ||
| 120 | #endif /* __APPARMOR_H */ | 120 | #endif /* __APPARMOR_H */ |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 65ca451a764d..107db88b1d5f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -226,7 +226,7 @@ static int common_perm_rm(int op, struct path *dir, | |||
| 226 | struct inode *inode = dentry->d_inode; | 226 | struct inode *inode = dentry->d_inode; |
| 227 | struct path_cond cond = { }; | 227 | struct path_cond cond = { }; |
| 228 | 228 | ||
| 229 | if (!inode || !dir->mnt || !mediated_filesystem(inode)) | 229 | if (!inode || !dir->mnt || !mediated_filesystem(dentry)) |
| 230 | return 0; | 230 | return 0; |
| 231 | 231 | ||
| 232 | cond.uid = inode->i_uid; | 232 | cond.uid = inode->i_uid; |
| @@ -250,7 +250,7 @@ static int common_perm_create(int op, struct path *dir, struct dentry *dentry, | |||
| 250 | { | 250 | { |
| 251 | struct path_cond cond = { current_fsuid(), mode }; | 251 | struct path_cond cond = { current_fsuid(), mode }; |
| 252 | 252 | ||
| 253 | if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode)) | 253 | if (!dir->mnt || !mediated_filesystem(dir->dentry)) |
| 254 | return 0; | 254 | return 0; |
| 255 | 255 | ||
| 256 | return common_perm_dir_dentry(op, dir, dentry, mask, &cond); | 256 | return common_perm_dir_dentry(op, dir, dentry, mask, &cond); |
| @@ -285,7 +285,7 @@ static int apparmor_path_truncate(struct path *path) | |||
| 285 | path->dentry->d_inode->i_mode | 285 | path->dentry->d_inode->i_mode |
| 286 | }; | 286 | }; |
| 287 | 287 | ||
| 288 | if (!path->mnt || !mediated_filesystem(path->dentry->d_inode)) | 288 | if (!path->mnt || !mediated_filesystem(path->dentry)) |
| 289 | return 0; | 289 | return 0; |
| 290 | 290 | ||
| 291 | return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, | 291 | return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, |
| @@ -305,7 +305,7 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 305 | struct aa_profile *profile; | 305 | struct aa_profile *profile; |
| 306 | int error = 0; | 306 | int error = 0; |
| 307 | 307 | ||
| 308 | if (!mediated_filesystem(old_dentry->d_inode)) | 308 | if (!mediated_filesystem(old_dentry)) |
| 309 | return 0; | 309 | return 0; |
| 310 | 310 | ||
| 311 | profile = aa_current_profile(); | 311 | profile = aa_current_profile(); |
| @@ -320,7 +320,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, | |||
| 320 | struct aa_profile *profile; | 320 | struct aa_profile *profile; |
| 321 | int error = 0; | 321 | int error = 0; |
| 322 | 322 | ||
| 323 | if (!mediated_filesystem(old_dentry->d_inode)) | 323 | if (!mediated_filesystem(old_dentry)) |
| 324 | return 0; | 324 | return 0; |
| 325 | 325 | ||
| 326 | profile = aa_current_profile(); | 326 | profile = aa_current_profile(); |
| @@ -346,7 +346,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, | |||
| 346 | 346 | ||
| 347 | static int apparmor_path_chmod(struct path *path, umode_t mode) | 347 | static int apparmor_path_chmod(struct path *path, umode_t mode) |
| 348 | { | 348 | { |
| 349 | if (!mediated_filesystem(path->dentry->d_inode)) | 349 | if (!mediated_filesystem(path->dentry)) |
| 350 | return 0; | 350 | return 0; |
| 351 | 351 | ||
| 352 | return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); | 352 | return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); |
| @@ -358,7 +358,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |||
| 358 | path->dentry->d_inode->i_mode | 358 | path->dentry->d_inode->i_mode |
| 359 | }; | 359 | }; |
| 360 | 360 | ||
| 361 | if (!mediated_filesystem(path->dentry->d_inode)) | 361 | if (!mediated_filesystem(path->dentry)) |
| 362 | return 0; | 362 | return 0; |
| 363 | 363 | ||
| 364 | return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); | 364 | return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); |
| @@ -366,7 +366,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |||
| 366 | 366 | ||
| 367 | static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 367 | static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
| 368 | { | 368 | { |
| 369 | if (!mediated_filesystem(dentry->d_inode)) | 369 | if (!mediated_filesystem(dentry)) |
| 370 | return 0; | 370 | return 0; |
| 371 | 371 | ||
| 372 | return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, | 372 | return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, |
| @@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred) | |||
| 379 | struct aa_profile *profile; | 379 | struct aa_profile *profile; |
| 380 | int error = 0; | 380 | int error = 0; |
| 381 | 381 | ||
| 382 | if (!mediated_filesystem(file_inode(file))) | 382 | if (!mediated_filesystem(file->f_path.dentry)) |
| 383 | return 0; | 383 | return 0; |
| 384 | 384 | ||
| 385 | /* If in exec, permission is handled by bprm hooks. | 385 | /* If in exec, permission is handled by bprm hooks. |
| @@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask) | |||
| 432 | BUG_ON(!fprofile); | 432 | BUG_ON(!fprofile); |
| 433 | 433 | ||
| 434 | if (!file->f_path.mnt || | 434 | if (!file->f_path.mnt || |
| 435 | !mediated_filesystem(file_inode(file))) | 435 | !mediated_filesystem(file->f_path.dentry)) |
| 436 | return 0; | 436 | return 0; |
| 437 | 437 | ||
| 438 | profile = __aa_current_profile(); | 438 | profile = __aa_current_profile(); |