Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (90 commits) AppArmor: fix build warnings for non-const use of get_task_cred selinux: convert the policy type_attr_map to flex_array AppArmor: Enable configuring and building of the AppArmor security module TOMOYO: Use pathname specified by policy rather than execve() AppArmor: update path_truncate method to latest version AppArmor: core policy routines AppArmor: policy routines for loading and unpacking policy AppArmor: mediation of non file objects AppArmor: LSM interface, and security module initialization AppArmor: Enable configuring and building of the AppArmor security module AppArmor: update Maintainer and Documentation AppArmor: functions for domain transitions AppArmor: file enforcement routines AppArmor: userspace interfaces AppArmor: dfa match engine AppArmor: contexts used in attaching policy to system objects AppArmor: basic auditing infrastructure. AppArmor: misc. base functions and defines TOMOYO: Update version to 2.3.0 TOMOYO: Fix quota check. ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-08-04 13:28:39 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-08-04 13:28:39 -0400
commit: 7e6880951da86928c7f6cecf26dcb8e8d9f826da (patch)
tree: 1ad8af6c52e06710f93847933c2720751100d668 /fs
parent: 3a09b1be53d23df780a0cd0e4087a05e2ca4a00c (diff)
parent: 77c80e6b2fd049848bfd1bdab67899ad3ac407a7 (diff)
4 files changed, 9 insertions, 12 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 3cdc5f78a406..431be0795b6b 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1016,7 +1016,7 @@ static int fuse_permission(struct inode *inode, int mask)
                   exist.  So if permissions are revoked this won't be
                   noticed immediately, only after the attribute
                   timeout has expired */
-        } else if (mask & MAY_ACCESS) {
+        } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
                err = fuse_access(inode, mask);
        } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
                if (!(inode->i_mode & S_IXUGO)) {
diff --git a/fs/namei.c b/fs/namei.c
index 868d0cb9d473..42d2d28fb827 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -282,8 +282,7 @@ int inode_permission(struct inode *inode, int mask)
        if (retval)
                return retval;
-        return security_inode_permission(inode,
+        return security_inode_permission(inode, mask);
-                        mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
 }
 /**
@@ -1484,8 +1483,7 @@ static int handle_truncate(struct path *path)
         */
        error = locks_verify_locked(inode);
        if (!error)
-                error = security_path_truncate(path, 0,
+                error = security_path_truncate(path);
-                                       ATTR_MTIME|ATTR_CTIME|ATTR_OPEN);
        if (!error) {
                error = do_truncate(path->dentry, 0,
                                    ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index e60416d3f818..832e9e239324 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1953,7 +1953,7 @@ int nfs_permission(struct inode *inode, int mask)
        if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
                goto out;
        /* Is this sys_access() ? */
-        if (mask & MAY_ACCESS)
+        if (mask & (MAY_ACCESS | MAY_CHDIR))
                goto force_lookup;
        switch (inode->i_mode & S_IFMT) {
diff --git a/fs/open.c b/fs/open.c
index 5463266db9e6..0d1fa3dc0efb 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -110,7 +110,7 @@ static long do_sys_truncate(const char __user *pathname, loff_t length)
        error = locks_verify_truncate(inode, NULL, length);
        if (!error)
-                error = security_path_truncate(&path, length, 0);
+                error = security_path_truncate(&path);
        if (!error)
                error = do_truncate(path.dentry, length, 0, NULL);
@@ -165,8 +165,7 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
        error = locks_verify_truncate(inode, file, length);
        if (!error)
-                error = security_path_truncate(&file->f_path, length,
+                error = security_path_truncate(&file->f_path);
-                                               ATTR_MTIME|ATTR_CTIME);
        if (!error)
                error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
 out_putf:
@@ -367,7 +366,7 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename)
        if (error)
                goto out;
-        error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
+        error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
        if (error)
                goto dput_and_out;
@@ -396,7 +395,7 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
        if (!S_ISDIR(inode->i_mode))
                goto out_putf;
-        error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
+        error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
        if (!error)
                set_fs_pwd(current->fs, &file->f_path);
 out_putf:
@@ -414,7 +413,7 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename)
        if (error)
                goto out;
-        error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
+        error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
        if (error)
                goto dput_and_out;
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-08-04 13:28:39 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-08-04 13:28:39 -0400
commit	7e6880951da86928c7f6cecf26dcb8e8d9f826da (patch)
tree	1ad8af6c52e06710f93847933c2720751100d668 /fs
parent	3a09b1be53d23df780a0cd0e4087a05e2ca4a00c (diff)
parent	77c80e6b2fd049848bfd1bdab67899ad3ac407a7 (diff)