diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:22 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:22 -0500 |
| commit | 745ca2475a6ac596e3d8d37c2759c0fbe2586227 (patch) | |
| tree | f87c34bdfbc8542477b16a014bbb4e3b415b286a /fs/open.c | |
| parent | 88e67f3b8898c5ea81d2916dd5b8bc9c0c35ba13 (diff) | |
CRED: Pass credentials through dentry_open()
Pass credentials through dentry_open() so that the COW creds patch can have
SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
when it opens its null chardev.
The security_dentry_open() call also now takes a creds pointer, as does the
dentry_open hook in struct security_operations.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/open.c')
| -rw-r--r-- | fs/open.c | 17 |
1 files changed, 11 insertions, 6 deletions
| @@ -783,7 +783,8 @@ static inline int __get_file_write_access(struct inode *inode, | |||
| 783 | 783 | ||
| 784 | static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | 784 | static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, |
| 785 | int flags, struct file *f, | 785 | int flags, struct file *f, |
| 786 | int (*open)(struct inode *, struct file *)) | 786 | int (*open)(struct inode *, struct file *), |
| 787 | const struct cred *cred) | ||
| 787 | { | 788 | { |
| 788 | struct inode *inode; | 789 | struct inode *inode; |
| 789 | int error; | 790 | int error; |
| @@ -807,7 +808,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | |||
| 807 | f->f_op = fops_get(inode->i_fop); | 808 | f->f_op = fops_get(inode->i_fop); |
| 808 | file_move(f, &inode->i_sb->s_files); | 809 | file_move(f, &inode->i_sb->s_files); |
| 809 | 810 | ||
| 810 | error = security_dentry_open(f); | 811 | error = security_dentry_open(f, cred); |
| 811 | if (error) | 812 | if (error) |
| 812 | goto cleanup_all; | 813 | goto cleanup_all; |
| 813 | 814 | ||
| @@ -882,6 +883,8 @@ cleanup_file: | |||
| 882 | struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, | 883 | struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, |
| 883 | int (*open)(struct inode *, struct file *)) | 884 | int (*open)(struct inode *, struct file *)) |
| 884 | { | 885 | { |
| 886 | const struct cred *cred = current_cred(); | ||
| 887 | |||
| 885 | if (IS_ERR(nd->intent.open.file)) | 888 | if (IS_ERR(nd->intent.open.file)) |
| 886 | goto out; | 889 | goto out; |
| 887 | if (IS_ERR(dentry)) | 890 | if (IS_ERR(dentry)) |
| @@ -889,7 +892,7 @@ struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry | |||
| 889 | nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), | 892 | nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), |
| 890 | nd->intent.open.flags - 1, | 893 | nd->intent.open.flags - 1, |
| 891 | nd->intent.open.file, | 894 | nd->intent.open.file, |
| 892 | open); | 895 | open, cred); |
| 893 | out: | 896 | out: |
| 894 | return nd->intent.open.file; | 897 | return nd->intent.open.file; |
| 895 | out_err: | 898 | out_err: |
| @@ -908,6 +911,7 @@ EXPORT_SYMBOL_GPL(lookup_instantiate_filp); | |||
| 908 | */ | 911 | */ |
| 909 | struct file *nameidata_to_filp(struct nameidata *nd, int flags) | 912 | struct file *nameidata_to_filp(struct nameidata *nd, int flags) |
| 910 | { | 913 | { |
| 914 | const struct cred *cred = current_cred(); | ||
| 911 | struct file *filp; | 915 | struct file *filp; |
| 912 | 916 | ||
| 913 | /* Pick up the filp from the open intent */ | 917 | /* Pick up the filp from the open intent */ |
| @@ -915,7 +919,7 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags) | |||
| 915 | /* Has the filesystem initialised the file for us? */ | 919 | /* Has the filesystem initialised the file for us? */ |
| 916 | if (filp->f_path.dentry == NULL) | 920 | if (filp->f_path.dentry == NULL) |
| 917 | filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, | 921 | filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, |
| 918 | NULL); | 922 | NULL, cred); |
| 919 | else | 923 | else |
| 920 | path_put(&nd->path); | 924 | path_put(&nd->path); |
| 921 | return filp; | 925 | return filp; |
| @@ -925,7 +929,8 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags) | |||
| 925 | * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an | 929 | * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an |
| 926 | * error. | 930 | * error. |
| 927 | */ | 931 | */ |
| 928 | struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) | 932 | struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags, |
| 933 | const struct cred *cred) | ||
| 929 | { | 934 | { |
| 930 | int error; | 935 | int error; |
| 931 | struct file *f; | 936 | struct file *f; |
| @@ -950,7 +955,7 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) | |||
| 950 | return ERR_PTR(error); | 955 | return ERR_PTR(error); |
| 951 | } | 956 | } |
| 952 | 957 | ||
| 953 | return __dentry_open(dentry, mnt, flags, f, NULL); | 958 | return __dentry_open(dentry, mnt, flags, f, NULL, cred); |
| 954 | } | 959 | } |
| 955 | EXPORT_SYMBOL(dentry_open); | 960 | EXPORT_SYMBOL(dentry_open); |
| 956 | 961 | ||