diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-26 23:16:07 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-26 23:16:07 -0500 |
| commit | d895cb1af15c04c522a25c79cc429076987c089b (patch) | |
| tree | 895dc9157e28f603d937a58be664e4e440d5530c /security/selinux | |
| parent | 9626357371b519f2b955fef399647181034a77fe (diff) | |
| parent | d3d009cb965eae7e002ea5badf603ea8f4c34915 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs pile (part one) from Al Viro:
"Assorted stuff - cleaning namei.c up a bit, fixing ->d_name/->d_parent
locking violations, etc.
The most visible changes here are death of FS_REVAL_DOT (replaced with
"has ->d_weak_revalidate()") and a new helper getting from struct file
to inode. Some bits of preparation to xattr method interface changes.
Misc patches by various people sent this cycle *and* ocfs2 fixes from
several cycles ago that should've been upstream right then.
PS: the next vfs pile will be xattr stuff."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)
saner proc_get_inode() calling conventions
proc: avoid extra pde_put() in proc_fill_super()
fs: change return values from -EACCES to -EPERM
fs/exec.c: make bprm_mm_init() static
ocfs2/dlm: use GFP_ATOMIC inside a spin_lock
ocfs2: fix possible use-after-free with AIO
ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path
get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero
target: writev() on single-element vector is pointless
export kernel_write(), convert open-coded instances
fs: encode_fh: return FILEID_INVALID if invalid fid_type
kill f_vfsmnt
vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op
nfsd: handle vfs_getattr errors in acl protocol
switch vfs_getattr() to struct path
default SET_PERSONALITY() in linux/elf.h
ceph: prepopulate inodes only when request is aborted
d_hash_and_lookup(): export, switch open-coded instances
9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()
9p: split dropping the acls from v9fs_set_create_acl()
...
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 10 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 20 |
2 files changed, 13 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ef26e9611ffb..84b591711eec 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1528,7 +1528,7 @@ static int file_has_perm(const struct cred *cred, | |||
| 1528 | u32 av) | 1528 | u32 av) |
| 1529 | { | 1529 | { |
| 1530 | struct file_security_struct *fsec = file->f_security; | 1530 | struct file_security_struct *fsec = file->f_security; |
| 1531 | struct inode *inode = file->f_path.dentry->d_inode; | 1531 | struct inode *inode = file_inode(file); |
| 1532 | struct common_audit_data ad; | 1532 | struct common_audit_data ad; |
| 1533 | u32 sid = cred_sid(cred); | 1533 | u32 sid = cred_sid(cred); |
| 1534 | int rc; | 1534 | int rc; |
| @@ -1957,7 +1957,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 1957 | struct task_security_struct *new_tsec; | 1957 | struct task_security_struct *new_tsec; |
| 1958 | struct inode_security_struct *isec; | 1958 | struct inode_security_struct *isec; |
| 1959 | struct common_audit_data ad; | 1959 | struct common_audit_data ad; |
| 1960 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 1960 | struct inode *inode = file_inode(bprm->file); |
| 1961 | int rc; | 1961 | int rc; |
| 1962 | 1962 | ||
| 1963 | rc = cap_bprm_set_creds(bprm); | 1963 | rc = cap_bprm_set_creds(bprm); |
| @@ -2929,7 +2929,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) | |||
| 2929 | static int selinux_revalidate_file_permission(struct file *file, int mask) | 2929 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
| 2930 | { | 2930 | { |
| 2931 | const struct cred *cred = current_cred(); | 2931 | const struct cred *cred = current_cred(); |
| 2932 | struct inode *inode = file->f_path.dentry->d_inode; | 2932 | struct inode *inode = file_inode(file); |
| 2933 | 2933 | ||
| 2934 | /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ | 2934 | /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ |
| 2935 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) | 2935 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) |
| @@ -2941,7 +2941,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) | |||
| 2941 | 2941 | ||
| 2942 | static int selinux_file_permission(struct file *file, int mask) | 2942 | static int selinux_file_permission(struct file *file, int mask) |
| 2943 | { | 2943 | { |
| 2944 | struct inode *inode = file->f_path.dentry->d_inode; | 2944 | struct inode *inode = file_inode(file); |
| 2945 | struct file_security_struct *fsec = file->f_security; | 2945 | struct file_security_struct *fsec = file->f_security; |
| 2946 | struct inode_security_struct *isec = inode->i_security; | 2946 | struct inode_security_struct *isec = inode->i_security; |
| 2947 | u32 sid = current_sid(); | 2947 | u32 sid = current_sid(); |
| @@ -3218,7 +3218,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred) | |||
| 3218 | struct inode_security_struct *isec; | 3218 | struct inode_security_struct *isec; |
| 3219 | 3219 | ||
| 3220 | fsec = file->f_security; | 3220 | fsec = file->f_security; |
| 3221 | isec = file->f_path.dentry->d_inode->i_security; | 3221 | isec = file_inode(file)->i_security; |
| 3222 | /* | 3222 | /* |
| 3223 | * Save inode label and policy sequence number | 3223 | * Save inode label and policy sequence number |
| 3224 | * at open-time so that selinux_file_permission | 3224 | * at open-time so that selinux_file_permission |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 3a6e8731646c..ff427733c290 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -202,7 +202,7 @@ static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, | |||
| 202 | { | 202 | { |
| 203 | char tmpbuf[TMPBUFLEN]; | 203 | char tmpbuf[TMPBUFLEN]; |
| 204 | ssize_t length; | 204 | ssize_t length; |
| 205 | ino_t ino = filp->f_path.dentry->d_inode->i_ino; | 205 | ino_t ino = file_inode(filp)->i_ino; |
| 206 | int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? | 206 | int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? |
| 207 | security_get_reject_unknown() : !security_get_allow_unknown(); | 207 | security_get_reject_unknown() : !security_get_allow_unknown(); |
| 208 | 208 | ||
| @@ -671,7 +671,7 @@ static ssize_t (*write_op[])(struct file *, char *, size_t) = { | |||
| 671 | 671 | ||
| 672 | static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) | 672 | static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) |
| 673 | { | 673 | { |
| 674 | ino_t ino = file->f_path.dentry->d_inode->i_ino; | 674 | ino_t ino = file_inode(file)->i_ino; |
| 675 | char *data; | 675 | char *data; |
| 676 | ssize_t rv; | 676 | ssize_t rv; |
| 677 | 677 | ||
| @@ -1042,8 +1042,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
| 1042 | ssize_t length; | 1042 | ssize_t length; |
| 1043 | ssize_t ret; | 1043 | ssize_t ret; |
| 1044 | int cur_enforcing; | 1044 | int cur_enforcing; |
| 1045 | struct inode *inode = filep->f_path.dentry->d_inode; | 1045 | unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; |
| 1046 | unsigned index = inode->i_ino & SEL_INO_MASK; | ||
| 1047 | const char *name = filep->f_path.dentry->d_name.name; | 1046 | const char *name = filep->f_path.dentry->d_name.name; |
| 1048 | 1047 | ||
| 1049 | mutex_lock(&sel_mutex); | 1048 | mutex_lock(&sel_mutex); |
| @@ -1077,8 +1076,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
| 1077 | char *page = NULL; | 1076 | char *page = NULL; |
| 1078 | ssize_t length; | 1077 | ssize_t length; |
| 1079 | int new_value; | 1078 | int new_value; |
| 1080 | struct inode *inode = filep->f_path.dentry->d_inode; | 1079 | unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; |
| 1081 | unsigned index = inode->i_ino & SEL_INO_MASK; | ||
| 1082 | const char *name = filep->f_path.dentry->d_name.name; | 1080 | const char *name = filep->f_path.dentry->d_name.name; |
| 1083 | 1081 | ||
| 1084 | mutex_lock(&sel_mutex); | 1082 | mutex_lock(&sel_mutex); |
| @@ -1486,13 +1484,11 @@ static int sel_make_avc_files(struct dentry *dir) | |||
| 1486 | static ssize_t sel_read_initcon(struct file *file, char __user *buf, | 1484 | static ssize_t sel_read_initcon(struct file *file, char __user *buf, |
| 1487 | size_t count, loff_t *ppos) | 1485 | size_t count, loff_t *ppos) |
| 1488 | { | 1486 | { |
| 1489 | struct inode *inode; | ||
| 1490 | char *con; | 1487 | char *con; |
| 1491 | u32 sid, len; | 1488 | u32 sid, len; |
| 1492 | ssize_t ret; | 1489 | ssize_t ret; |
| 1493 | 1490 | ||
| 1494 | inode = file->f_path.dentry->d_inode; | 1491 | sid = file_inode(file)->i_ino&SEL_INO_MASK; |
| 1495 | sid = inode->i_ino&SEL_INO_MASK; | ||
| 1496 | ret = security_sid_to_context(sid, &con, &len); | 1492 | ret = security_sid_to_context(sid, &con, &len); |
| 1497 | if (ret) | 1493 | if (ret) |
| 1498 | return ret; | 1494 | return ret; |
| @@ -1553,7 +1549,7 @@ static inline u32 sel_ino_to_perm(unsigned long ino) | |||
| 1553 | static ssize_t sel_read_class(struct file *file, char __user *buf, | 1549 | static ssize_t sel_read_class(struct file *file, char __user *buf, |
| 1554 | size_t count, loff_t *ppos) | 1550 | size_t count, loff_t *ppos) |
| 1555 | { | 1551 | { |
| 1556 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1552 | unsigned long ino = file_inode(file)->i_ino; |
| 1557 | char res[TMPBUFLEN]; | 1553 | char res[TMPBUFLEN]; |
| 1558 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); | 1554 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); |
| 1559 | return simple_read_from_buffer(buf, count, ppos, res, len); | 1555 | return simple_read_from_buffer(buf, count, ppos, res, len); |
| @@ -1567,7 +1563,7 @@ static const struct file_operations sel_class_ops = { | |||
| 1567 | static ssize_t sel_read_perm(struct file *file, char __user *buf, | 1563 | static ssize_t sel_read_perm(struct file *file, char __user *buf, |
| 1568 | size_t count, loff_t *ppos) | 1564 | size_t count, loff_t *ppos) |
| 1569 | { | 1565 | { |
| 1570 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1566 | unsigned long ino = file_inode(file)->i_ino; |
| 1571 | char res[TMPBUFLEN]; | 1567 | char res[TMPBUFLEN]; |
| 1572 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); | 1568 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); |
| 1573 | return simple_read_from_buffer(buf, count, ppos, res, len); | 1569 | return simple_read_from_buffer(buf, count, ppos, res, len); |
| @@ -1584,7 +1580,7 @@ static ssize_t sel_read_policycap(struct file *file, char __user *buf, | |||
| 1584 | int value; | 1580 | int value; |
| 1585 | char tmpbuf[TMPBUFLEN]; | 1581 | char tmpbuf[TMPBUFLEN]; |
| 1586 | ssize_t length; | 1582 | ssize_t length; |
| 1587 | unsigned long i_ino = file->f_path.dentry->d_inode->i_ino; | 1583 | unsigned long i_ino = file_inode(file)->i_ino; |
| 1588 | 1584 | ||
| 1589 | value = security_policycap_supported(i_ino & SEL_INO_MASK); | 1585 | value = security_policycap_supported(i_ino & SEL_INO_MASK); |
| 1590 | length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); | 1586 | length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); |