diff options
| author | Eric Paris <eparis@redhat.com> | 2011-04-25 12:54:27 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2011-04-25 18:13:15 -0400 |
| commit | f48b7399840b453e7282b523f535561fe9638a2d (patch) | |
| tree | 29eed009469d35473367708ea60b9c5b01fc0c5f /security/smack | |
| parent | 0dc1ba24f7fff659725eecbba2c9ad679a0954cd (diff) | |
LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE
The lsm common audit code has wacky contortions making sure which pieces
of information are set based on if it was given a path, dentry, or
inode. Split this into path and inode to get rid of some of the code
complexity.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack.h | 8 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 32 |
2 files changed, 20 insertions, 20 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index b449cfdad21c..a16925c0e91a 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -316,22 +316,22 @@ static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | |||
| 316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | 316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, |
| 317 | struct dentry *d) | 317 | struct dentry *d) |
| 318 | { | 318 | { |
| 319 | a->a.u.fs.path.dentry = d; | 319 | a->a.u.path.dentry = d; |
| 320 | } | 320 | } |
| 321 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | 321 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, |
| 322 | struct vfsmount *m) | 322 | struct vfsmount *m) |
| 323 | { | 323 | { |
| 324 | a->a.u.fs.path.mnt = m; | 324 | a->a.u.path.mnt = m; |
| 325 | } | 325 | } |
| 326 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | 326 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, |
| 327 | struct inode *i) | 327 | struct inode *i) |
| 328 | { | 328 | { |
| 329 | a->a.u.fs.inode = i; | 329 | a->a.u.inode = i; |
| 330 | } | 330 | } |
| 331 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | 331 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, |
| 332 | struct path p) | 332 | struct path p) |
| 333 | { | 333 | { |
| 334 | a->a.u.fs.path = p; | 334 | a->a.u.path = p; |
| 335 | } | 335 | } |
| 336 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | 336 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, |
| 337 | struct sock *sk) | 337 | struct sock *sk) |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 42fcb47747a3..eeb393fbf925 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -383,7 +383,7 @@ static int smack_sb_statfs(struct dentry *dentry) | |||
| 383 | int rc; | 383 | int rc; |
| 384 | struct smk_audit_info ad; | 384 | struct smk_audit_info ad; |
| 385 | 385 | ||
| 386 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 386 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 387 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 387 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 388 | 388 | ||
| 389 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); | 389 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); |
| @@ -407,7 +407,7 @@ static int smack_sb_mount(char *dev_name, struct path *path, | |||
| 407 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; | 407 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; |
| 408 | struct smk_audit_info ad; | 408 | struct smk_audit_info ad; |
| 409 | 409 | ||
| 410 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 410 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 411 | smk_ad_setfield_u_fs_path(&ad, *path); | 411 | smk_ad_setfield_u_fs_path(&ad, *path); |
| 412 | 412 | ||
| 413 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); | 413 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); |
| @@ -426,7 +426,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
| 426 | struct superblock_smack *sbp; | 426 | struct superblock_smack *sbp; |
| 427 | struct smk_audit_info ad; | 427 | struct smk_audit_info ad; |
| 428 | 428 | ||
| 429 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 429 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 430 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); | 430 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); |
| 431 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 431 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); |
| 432 | 432 | ||
| @@ -563,7 +563,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, | |||
| 563 | struct smk_audit_info ad; | 563 | struct smk_audit_info ad; |
| 564 | int rc; | 564 | int rc; |
| 565 | 565 | ||
| 566 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 566 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 567 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | 567 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); |
| 568 | 568 | ||
| 569 | isp = smk_of_inode(old_dentry->d_inode); | 569 | isp = smk_of_inode(old_dentry->d_inode); |
| @@ -592,7 +592,7 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) | |||
| 592 | struct smk_audit_info ad; | 592 | struct smk_audit_info ad; |
| 593 | int rc; | 593 | int rc; |
| 594 | 594 | ||
| 595 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 595 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 596 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 596 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 597 | 597 | ||
| 598 | /* | 598 | /* |
| @@ -623,7 +623,7 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) | |||
| 623 | struct smk_audit_info ad; | 623 | struct smk_audit_info ad; |
| 624 | int rc; | 624 | int rc; |
| 625 | 625 | ||
| 626 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 626 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 627 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 627 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 628 | 628 | ||
| 629 | /* | 629 | /* |
| @@ -663,7 +663,7 @@ static int smack_inode_rename(struct inode *old_inode, | |||
| 663 | char *isp; | 663 | char *isp; |
| 664 | struct smk_audit_info ad; | 664 | struct smk_audit_info ad; |
| 665 | 665 | ||
| 666 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 666 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 667 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | 667 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); |
| 668 | 668 | ||
| 669 | isp = smk_of_inode(old_dentry->d_inode); | 669 | isp = smk_of_inode(old_dentry->d_inode); |
| @@ -700,7 +700,7 @@ static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) | |||
| 700 | /* May be droppable after audit */ | 700 | /* May be droppable after audit */ |
| 701 | if (flags & IPERM_FLAG_RCU) | 701 | if (flags & IPERM_FLAG_RCU) |
| 702 | return -ECHILD; | 702 | return -ECHILD; |
| 703 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 703 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); |
| 704 | smk_ad_setfield_u_fs_inode(&ad, inode); | 704 | smk_ad_setfield_u_fs_inode(&ad, inode); |
| 705 | return smk_curacc(smk_of_inode(inode), mask, &ad); | 705 | return smk_curacc(smk_of_inode(inode), mask, &ad); |
| 706 | } | 706 | } |
| @@ -720,7 +720,7 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
| 720 | */ | 720 | */ |
| 721 | if (iattr->ia_valid & ATTR_FORCE) | 721 | if (iattr->ia_valid & ATTR_FORCE) |
| 722 | return 0; | 722 | return 0; |
| 723 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 723 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 724 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 724 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 725 | 725 | ||
| 726 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 726 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
| @@ -737,7 +737,7 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | |||
| 737 | { | 737 | { |
| 738 | struct smk_audit_info ad; | 738 | struct smk_audit_info ad; |
| 739 | 739 | ||
| 740 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 740 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 741 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 741 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 742 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 742 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); |
| 743 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | 743 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); |
| @@ -784,7 +784,7 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, | |||
| 784 | } else | 784 | } else |
| 785 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 785 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
| 786 | 786 | ||
| 787 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 787 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 788 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 788 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 789 | 789 | ||
| 790 | if (rc == 0) | 790 | if (rc == 0) |
| @@ -845,7 +845,7 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name) | |||
| 845 | { | 845 | { |
| 846 | struct smk_audit_info ad; | 846 | struct smk_audit_info ad; |
| 847 | 847 | ||
| 848 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 848 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 849 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 849 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 850 | 850 | ||
| 851 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | 851 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); |
| @@ -877,7 +877,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) | |||
| 877 | } else | 877 | } else |
| 878 | rc = cap_inode_removexattr(dentry, name); | 878 | rc = cap_inode_removexattr(dentry, name); |
| 879 | 879 | ||
| 880 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 880 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 881 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 881 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 882 | if (rc == 0) | 882 | if (rc == 0) |
| 883 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 883 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
| @@ -1047,7 +1047,7 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, | |||
| 1047 | int rc = 0; | 1047 | int rc = 0; |
| 1048 | struct smk_audit_info ad; | 1048 | struct smk_audit_info ad; |
| 1049 | 1049 | ||
| 1050 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1050 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1051 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1051 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1052 | 1052 | ||
| 1053 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 1053 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
| @@ -1070,7 +1070,7 @@ static int smack_file_lock(struct file *file, unsigned int cmd) | |||
| 1070 | { | 1070 | { |
| 1071 | struct smk_audit_info ad; | 1071 | struct smk_audit_info ad; |
| 1072 | 1072 | ||
| 1073 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1073 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1074 | smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); | 1074 | smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); |
| 1075 | return smk_curacc(file->f_security, MAY_WRITE, &ad); | 1075 | return smk_curacc(file->f_security, MAY_WRITE, &ad); |
| 1076 | } | 1076 | } |
| @@ -1089,7 +1089,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1089 | struct smk_audit_info ad; | 1089 | struct smk_audit_info ad; |
| 1090 | int rc; | 1090 | int rc; |
| 1091 | 1091 | ||
| 1092 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1092 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1093 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1093 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1094 | 1094 | ||
| 1095 | switch (cmd) { | 1095 | switch (cmd) { |