diff options
author | Kentaro Takeda <takedakn@nttdata.co.jp> | 2008-12-16 23:24:15 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-31 18:07:37 -0500 |
commit | be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d (patch) | |
tree | 3a770f4cc676efeba443b28caa1ad195eeff49bc /fs | |
parent | 6a94cb73064c952255336cc57731904174b2c58f (diff) |
introduce new LSM hooks where vfsmount is available.
Add new LSM hooks for path-based checks. Call them on directory-modifying
operations at the points where we still know the vfsmount involved.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namei.c | 36 | ||||
-rw-r--r-- | fs/open.c | 5 |
2 files changed, 41 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c index af3783fff1de..ab441af4196b 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1556,6 +1556,9 @@ int may_open(struct nameidata *nd, int acc_mode, int flag) | |||
1556 | * Refuse to truncate files with mandatory locks held on them. | 1556 | * Refuse to truncate files with mandatory locks held on them. |
1557 | */ | 1557 | */ |
1558 | error = locks_verify_locked(inode); | 1558 | error = locks_verify_locked(inode); |
1559 | if (!error) | ||
1560 | error = security_path_truncate(&nd->path, 0, | ||
1561 | ATTR_MTIME|ATTR_CTIME|ATTR_OPEN); | ||
1559 | if (!error) { | 1562 | if (!error) { |
1560 | DQUOT_INIT(inode); | 1563 | DQUOT_INIT(inode); |
1561 | 1564 | ||
@@ -1586,7 +1589,11 @@ static int __open_namei_create(struct nameidata *nd, struct path *path, | |||
1586 | 1589 | ||
1587 | if (!IS_POSIXACL(dir->d_inode)) | 1590 | if (!IS_POSIXACL(dir->d_inode)) |
1588 | mode &= ~current->fs->umask; | 1591 | mode &= ~current->fs->umask; |
1592 | error = security_path_mknod(&nd->path, path->dentry, mode, 0); | ||
1593 | if (error) | ||
1594 | goto out_unlock; | ||
1589 | error = vfs_create(dir->d_inode, path->dentry, mode, nd); | 1595 | error = vfs_create(dir->d_inode, path->dentry, mode, nd); |
1596 | out_unlock: | ||
1590 | mutex_unlock(&dir->d_inode->i_mutex); | 1597 | mutex_unlock(&dir->d_inode->i_mutex); |
1591 | dput(nd->path.dentry); | 1598 | dput(nd->path.dentry); |
1592 | nd->path.dentry = path->dentry; | 1599 | nd->path.dentry = path->dentry; |
@@ -1999,6 +2006,9 @@ asmlinkage long sys_mknodat(int dfd, const char __user *filename, int mode, | |||
1999 | error = mnt_want_write(nd.path.mnt); | 2006 | error = mnt_want_write(nd.path.mnt); |
2000 | if (error) | 2007 | if (error) |
2001 | goto out_dput; | 2008 | goto out_dput; |
2009 | error = security_path_mknod(&nd.path, dentry, mode, dev); | ||
2010 | if (error) | ||
2011 | goto out_drop_write; | ||
2002 | switch (mode & S_IFMT) { | 2012 | switch (mode & S_IFMT) { |
2003 | case 0: case S_IFREG: | 2013 | case 0: case S_IFREG: |
2004 | error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd); | 2014 | error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd); |
@@ -2011,6 +2021,7 @@ asmlinkage long sys_mknodat(int dfd, const char __user *filename, int mode, | |||
2011 | error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0); | 2021 | error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0); |
2012 | break; | 2022 | break; |
2013 | } | 2023 | } |
2024 | out_drop_write: | ||
2014 | mnt_drop_write(nd.path.mnt); | 2025 | mnt_drop_write(nd.path.mnt); |
2015 | out_dput: | 2026 | out_dput: |
2016 | dput(dentry); | 2027 | dput(dentry); |
@@ -2070,7 +2081,11 @@ asmlinkage long sys_mkdirat(int dfd, const char __user *pathname, int mode) | |||
2070 | error = mnt_want_write(nd.path.mnt); | 2081 | error = mnt_want_write(nd.path.mnt); |
2071 | if (error) | 2082 | if (error) |
2072 | goto out_dput; | 2083 | goto out_dput; |
2084 | error = security_path_mkdir(&nd.path, dentry, mode); | ||
2085 | if (error) | ||
2086 | goto out_drop_write; | ||
2073 | error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); | 2087 | error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); |
2088 | out_drop_write: | ||
2074 | mnt_drop_write(nd.path.mnt); | 2089 | mnt_drop_write(nd.path.mnt); |
2075 | out_dput: | 2090 | out_dput: |
2076 | dput(dentry); | 2091 | dput(dentry); |
@@ -2180,7 +2195,11 @@ static long do_rmdir(int dfd, const char __user *pathname) | |||
2180 | error = mnt_want_write(nd.path.mnt); | 2195 | error = mnt_want_write(nd.path.mnt); |
2181 | if (error) | 2196 | if (error) |
2182 | goto exit3; | 2197 | goto exit3; |
2198 | error = security_path_rmdir(&nd.path, dentry); | ||
2199 | if (error) | ||
2200 | goto exit4; | ||
2183 | error = vfs_rmdir(nd.path.dentry->d_inode, dentry); | 2201 | error = vfs_rmdir(nd.path.dentry->d_inode, dentry); |
2202 | exit4: | ||
2184 | mnt_drop_write(nd.path.mnt); | 2203 | mnt_drop_write(nd.path.mnt); |
2185 | exit3: | 2204 | exit3: |
2186 | dput(dentry); | 2205 | dput(dentry); |
@@ -2265,7 +2284,11 @@ static long do_unlinkat(int dfd, const char __user *pathname) | |||
2265 | error = mnt_want_write(nd.path.mnt); | 2284 | error = mnt_want_write(nd.path.mnt); |
2266 | if (error) | 2285 | if (error) |
2267 | goto exit2; | 2286 | goto exit2; |
2287 | error = security_path_unlink(&nd.path, dentry); | ||
2288 | if (error) | ||
2289 | goto exit3; | ||
2268 | error = vfs_unlink(nd.path.dentry->d_inode, dentry); | 2290 | error = vfs_unlink(nd.path.dentry->d_inode, dentry); |
2291 | exit3: | ||
2269 | mnt_drop_write(nd.path.mnt); | 2292 | mnt_drop_write(nd.path.mnt); |
2270 | exit2: | 2293 | exit2: |
2271 | dput(dentry); | 2294 | dput(dentry); |
@@ -2346,7 +2369,11 @@ asmlinkage long sys_symlinkat(const char __user *oldname, | |||
2346 | error = mnt_want_write(nd.path.mnt); | 2369 | error = mnt_want_write(nd.path.mnt); |
2347 | if (error) | 2370 | if (error) |
2348 | goto out_dput; | 2371 | goto out_dput; |
2372 | error = security_path_symlink(&nd.path, dentry, from); | ||
2373 | if (error) | ||
2374 | goto out_drop_write; | ||
2349 | error = vfs_symlink(nd.path.dentry->d_inode, dentry, from); | 2375 | error = vfs_symlink(nd.path.dentry->d_inode, dentry, from); |
2376 | out_drop_write: | ||
2350 | mnt_drop_write(nd.path.mnt); | 2377 | mnt_drop_write(nd.path.mnt); |
2351 | out_dput: | 2378 | out_dput: |
2352 | dput(dentry); | 2379 | dput(dentry); |
@@ -2443,7 +2470,11 @@ asmlinkage long sys_linkat(int olddfd, const char __user *oldname, | |||
2443 | error = mnt_want_write(nd.path.mnt); | 2470 | error = mnt_want_write(nd.path.mnt); |
2444 | if (error) | 2471 | if (error) |
2445 | goto out_dput; | 2472 | goto out_dput; |
2473 | error = security_path_link(old_path.dentry, &nd.path, new_dentry); | ||
2474 | if (error) | ||
2475 | goto out_drop_write; | ||
2446 | error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry); | 2476 | error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry); |
2477 | out_drop_write: | ||
2447 | mnt_drop_write(nd.path.mnt); | 2478 | mnt_drop_write(nd.path.mnt); |
2448 | out_dput: | 2479 | out_dput: |
2449 | dput(new_dentry); | 2480 | dput(new_dentry); |
@@ -2679,8 +2710,13 @@ asmlinkage long sys_renameat(int olddfd, const char __user *oldname, | |||
2679 | error = mnt_want_write(oldnd.path.mnt); | 2710 | error = mnt_want_write(oldnd.path.mnt); |
2680 | if (error) | 2711 | if (error) |
2681 | goto exit5; | 2712 | goto exit5; |
2713 | error = security_path_rename(&oldnd.path, old_dentry, | ||
2714 | &newnd.path, new_dentry); | ||
2715 | if (error) | ||
2716 | goto exit6; | ||
2682 | error = vfs_rename(old_dir->d_inode, old_dentry, | 2717 | error = vfs_rename(old_dir->d_inode, old_dentry, |
2683 | new_dir->d_inode, new_dentry); | 2718 | new_dir->d_inode, new_dentry); |
2719 | exit6: | ||
2684 | mnt_drop_write(oldnd.path.mnt); | 2720 | mnt_drop_write(oldnd.path.mnt); |
2685 | exit5: | 2721 | exit5: |
2686 | dput(new_dentry); | 2722 | dput(new_dentry); |
@@ -272,6 +272,8 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) | |||
272 | goto put_write_and_out; | 272 | goto put_write_and_out; |
273 | 273 | ||
274 | error = locks_verify_truncate(inode, NULL, length); | 274 | error = locks_verify_truncate(inode, NULL, length); |
275 | if (!error) | ||
276 | error = security_path_truncate(&path, length, 0); | ||
275 | if (!error) { | 277 | if (!error) { |
276 | DQUOT_INIT(inode); | 278 | DQUOT_INIT(inode); |
277 | error = do_truncate(path.dentry, length, 0, NULL); | 279 | error = do_truncate(path.dentry, length, 0, NULL); |
@@ -329,6 +331,9 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) | |||
329 | 331 | ||
330 | error = locks_verify_truncate(inode, file, length); | 332 | error = locks_verify_truncate(inode, file, length); |
331 | if (!error) | 333 | if (!error) |
334 | error = security_path_truncate(&file->f_path, length, | ||
335 | ATTR_MTIME|ATTR_CTIME); | ||
336 | if (!error) | ||
332 | error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); | 337 | error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
333 | out_putf: | 338 | out_putf: |
334 | fput(file); | 339 | fput(file); |