diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 06:38:01 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 12:16:47 -0500 |
| commit | 1429b3eca23818f87f9fa569a15d9816de81f698 (patch) | |
| tree | 3100f009ec8863ee4692ee197b8e0c16c11258e6 /security/integrity | |
| parent | b65a9cfc2c38eebc33533280b8ad5841caee8b6e (diff) | |
Untangling ima mess, part 3: kill dead code in ima
Kill the 'update' argument of ima_path_check(), kill
dead code in ima.
Current rules: ima counters are bumped at the same time
when the file switches from put_filp() fodder to fput()
one. Which happens exactly in two places - alloc_file()
and __dentry_open(). Nothing else needs to do that at
all.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/integrity')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 52 |
1 files changed, 4 insertions, 48 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e041233b4d2a..16dc57d247d0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -50,19 +50,12 @@ static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) | |||
| 50 | } | 50 | } |
| 51 | 51 | ||
| 52 | /* | 52 | /* |
| 53 | * Update the counts given open flags instead of fmode | ||
| 54 | */ | ||
| 55 | static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) | ||
| 56 | { | ||
| 57 | ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); | ||
| 58 | } | ||
| 59 | |||
| 60 | /* | ||
| 61 | * Decrement ima counts | 53 | * Decrement ima counts |
| 62 | */ | 54 | */ |
| 63 | static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, | 55 | static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, |
| 64 | fmode_t mode) | 56 | struct file *file) |
| 65 | { | 57 | { |
| 58 | mode_t mode = file->f_mode; | ||
| 66 | BUG_ON(!mutex_is_locked(&iint->mutex)); | 59 | BUG_ON(!mutex_is_locked(&iint->mutex)); |
| 67 | 60 | ||
| 68 | iint->opencount--; | 61 | iint->opencount--; |
| @@ -92,12 +85,6 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, | |||
| 92 | } | 85 | } |
| 93 | } | 86 | } |
| 94 | 87 | ||
| 95 | static void ima_dec_counts_flags(struct ima_iint_cache *iint, | ||
| 96 | struct inode *inode, int flags) | ||
| 97 | { | ||
| 98 | ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); | ||
| 99 | } | ||
| 100 | |||
| 101 | /** | 88 | /** |
| 102 | * ima_file_free - called on __fput() | 89 | * ima_file_free - called on __fput() |
| 103 | * @file: pointer to file structure being freed | 90 | * @file: pointer to file structure being freed |
| @@ -117,7 +104,7 @@ void ima_file_free(struct file *file) | |||
| 117 | return; | 104 | return; |
| 118 | 105 | ||
| 119 | mutex_lock(&iint->mutex); | 106 | mutex_lock(&iint->mutex); |
| 120 | ima_dec_counts(iint, inode, file->f_mode); | 107 | ima_dec_counts(iint, inode, file); |
| 121 | mutex_unlock(&iint->mutex); | 108 | mutex_unlock(&iint->mutex); |
| 122 | kref_put(&iint->refcount, iint_free); | 109 | kref_put(&iint->refcount, iint_free); |
| 123 | } | 110 | } |
| @@ -183,7 +170,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, | |||
| 183 | * Always return 0 and audit dentry_open failures. | 170 | * Always return 0 and audit dentry_open failures. |
| 184 | * (Return code will be based upon measurement appraisal.) | 171 | * (Return code will be based upon measurement appraisal.) |
| 185 | */ | 172 | */ |
| 186 | int ima_path_check(struct path *path, int mask, int update_counts) | 173 | int ima_path_check(struct path *path, int mask) |
| 187 | { | 174 | { |
| 188 | struct inode *inode = path->dentry->d_inode; | 175 | struct inode *inode = path->dentry->d_inode; |
| 189 | struct ima_iint_cache *iint; | 176 | struct ima_iint_cache *iint; |
| @@ -197,8 +184,6 @@ int ima_path_check(struct path *path, int mask, int update_counts) | |||
| 197 | return 0; | 184 | return 0; |
| 198 | 185 | ||
| 199 | mutex_lock(&iint->mutex); | 186 | mutex_lock(&iint->mutex); |
| 200 | if (update_counts) | ||
| 201 | ima_inc_counts_flags(iint, mask); | ||
| 202 | 187 | ||
| 203 | rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); | 188 | rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); |
| 204 | if (rc < 0) | 189 | if (rc < 0) |
| @@ -269,35 +254,6 @@ out: | |||
| 269 | } | 254 | } |
| 270 | 255 | ||
| 271 | /* | 256 | /* |
| 272 | * ima_counts_put - decrement file counts | ||
| 273 | * | ||
| 274 | * File counts are incremented in ima_path_check. On file open | ||
| 275 | * error, such as ETXTBSY, decrement the counts to prevent | ||
| 276 | * unnecessary imbalance messages. | ||
| 277 | */ | ||
| 278 | void ima_counts_put(struct path *path, int mask) | ||
| 279 | { | ||
| 280 | struct inode *inode = path->dentry->d_inode; | ||
| 281 | struct ima_iint_cache *iint; | ||
| 282 | |||
| 283 | /* The inode may already have been freed, freeing the iint | ||
| 284 | * with it. Verify the inode is not NULL before dereferencing | ||
| 285 | * it. | ||
| 286 | */ | ||
| 287 | if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) | ||
| 288 | return; | ||
| 289 | iint = ima_iint_find_get(inode); | ||
| 290 | if (!iint) | ||
| 291 | return; | ||
| 292 | |||
| 293 | mutex_lock(&iint->mutex); | ||
| 294 | ima_dec_counts_flags(iint, inode, mask); | ||
| 295 | mutex_unlock(&iint->mutex); | ||
| 296 | |||
| 297 | kref_put(&iint->refcount, iint_free); | ||
| 298 | } | ||
| 299 | |||
| 300 | /* | ||
| 301 | * ima_counts_get - increment file counts | 257 | * ima_counts_get - increment file counts |
| 302 | * | 258 | * |
| 303 | * - for IPC shm and shmat file. | 259 | * - for IPC shm and shmat file. |