aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-01-08 15:19:57 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2012-01-08 15:19:57 -0500
commit972b2c719990f91eb3b2310d44ef8a2d38955a14 (patch)
treeb25a250ec5bec4b7b6355d214642d8b57c5cab32 /security
parent02550d61f49266930e674286379d3601006b2893 (diff)
parentc3aa077648e147783a7a53b409578234647db853 (diff)
Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (165 commits) reiserfs: Properly display mount options in /proc/mounts vfs: prevent remount read-only if pending removes vfs: count unlinked inodes vfs: protect remounting superblock read-only vfs: keep list of mounts for each superblock vfs: switch ->show_options() to struct dentry * vfs: switch ->show_path() to struct dentry * vfs: switch ->show_devname() to struct dentry * vfs: switch ->show_stats to struct dentry * switch security_path_chmod() to struct path * vfs: prefer ->dentry->d_sb to ->mnt->mnt_sb vfs: trim includes a bit switch mnt_namespace ->root to struct mount vfs: take /proc/*/mounts and friends to fs/proc_namespace.c vfs: opencode mntget() mnt_set_mountpoint() vfs: spread struct mount - remaining argument of next_mnt() vfs: move fsnotify junk to struct mount vfs: move mnt_devname vfs: move mnt_list to struct mount vfs: switch pnode.h macros to struct mount * ...
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/apparmorfs.c2
-rw-r--r--security/apparmor/lsm.c11
-rw-r--r--security/apparmor/path.c1
-rw-r--r--security/capability.c13
-rw-r--r--security/inode.c16
-rw-r--r--security/security.c17
-rw-r--r--security/selinux/hooks.c10
-rw-r--r--security/smack/smack_lsm.c4
-rw-r--r--security/tomoyo/audit.c4
-rw-r--r--security/tomoyo/common.h2
-rw-r--r--security/tomoyo/realpath.c9
-rw-r--r--security/tomoyo/securityfs_if.c2
-rw-r--r--security/tomoyo/tomoyo.c15
13 files changed, 46 insertions, 60 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 69ddb47787b2..e39df6d43779 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -165,7 +165,7 @@ static void __init aafs_remove(const char *name)
165 * 165 *
166 * Used aafs_remove to remove entries created with this fn. 166 * Used aafs_remove to remove entries created with this fn.
167 */ 167 */
168static int __init aafs_create(const char *name, int mask, 168static int __init aafs_create(const char *name, umode_t mask,
169 const struct file_operations *fops) 169 const struct file_operations *fops)
170{ 170{
171 struct dentry *dentry; 171 struct dentry *dentry;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 37832026e58a..2c0a0ff41399 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -262,7 +262,7 @@ static int apparmor_path_unlink(struct path *dir, struct dentry *dentry)
262} 262}
263 263
264static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, 264static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
265 int mode) 265 umode_t mode)
266{ 266{
267 return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, 267 return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
268 S_IFDIR); 268 S_IFDIR);
@@ -274,7 +274,7 @@ static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry)
274} 274}
275 275
276static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, 276static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
277 int mode, unsigned int dev) 277 umode_t mode, unsigned int dev)
278{ 278{
279 return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); 279 return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
280} 280}
@@ -344,13 +344,12 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
344 return error; 344 return error;
345} 345}
346 346
347static int apparmor_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 347static int apparmor_path_chmod(struct path *path, umode_t mode)
348 mode_t mode)
349{ 348{
350 if (!mediated_filesystem(dentry->d_inode)) 349 if (!mediated_filesystem(path->dentry->d_inode))
351 return 0; 350 return 0;
352 351
353 return common_perm_mnt_dentry(OP_CHMOD, mnt, dentry, AA_MAY_CHMOD); 352 return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
354} 353}
355 354
356static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid) 355static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid)
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index b566eba4a65c..9d070a7c3ffc 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -13,7 +13,6 @@
13 */ 13 */
14 14
15#include <linux/magic.h> 15#include <linux/magic.h>
16#include <linux/mnt_namespace.h>
17#include <linux/mount.h> 16#include <linux/mount.h>
18#include <linux/namei.h> 17#include <linux/namei.h>
19#include <linux/nsproxy.h> 18#include <linux/nsproxy.h>
diff --git a/security/capability.c b/security/capability.c
index 2984ea4f776f..3b5883b7179f 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -125,7 +125,7 @@ static int cap_inode_init_security(struct inode *inode, struct inode *dir,
125} 125}
126 126
127static int cap_inode_create(struct inode *inode, struct dentry *dentry, 127static int cap_inode_create(struct inode *inode, struct dentry *dentry,
128 int mask) 128 umode_t mask)
129{ 129{
130 return 0; 130 return 0;
131} 131}
@@ -148,7 +148,7 @@ static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
148} 148}
149 149
150static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry, 150static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
151 int mask) 151 umode_t mask)
152{ 152{
153 return 0; 153 return 0;
154} 154}
@@ -159,7 +159,7 @@ static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
159} 159}
160 160
161static int cap_inode_mknod(struct inode *inode, struct dentry *dentry, 161static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
162 int mode, dev_t dev) 162 umode_t mode, dev_t dev)
163{ 163{
164 return 0; 164 return 0;
165} 165}
@@ -235,13 +235,13 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
235} 235}
236 236
237#ifdef CONFIG_SECURITY_PATH 237#ifdef CONFIG_SECURITY_PATH
238static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, 238static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
239 unsigned int dev) 239 unsigned int dev)
240{ 240{
241 return 0; 241 return 0;
242} 242}
243 243
244static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode) 244static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
245{ 245{
246 return 0; 246 return 0;
247} 247}
@@ -279,8 +279,7 @@ static int cap_path_truncate(struct path *path)
279 return 0; 279 return 0;
280} 280}
281 281
282static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 282static int cap_path_chmod(struct path *path, umode_t mode)
283 mode_t mode)
284{ 283{
285 return 0; 284 return 0;
286} 285}
diff --git a/security/inode.c b/security/inode.c
index c4df2fbebe6b..90a70a67d835 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -56,7 +56,7 @@ static const struct file_operations default_file_ops = {
56 .llseek = noop_llseek, 56 .llseek = noop_llseek,
57}; 57};
58 58
59static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) 59static struct inode *get_inode(struct super_block *sb, umode_t mode, dev_t dev)
60{ 60{
61 struct inode *inode = new_inode(sb); 61 struct inode *inode = new_inode(sb);
62 62
@@ -85,7 +85,7 @@ static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev)
85 85
86/* SMP-safe */ 86/* SMP-safe */
87static int mknod(struct inode *dir, struct dentry *dentry, 87static int mknod(struct inode *dir, struct dentry *dentry,
88 int mode, dev_t dev) 88 umode_t mode, dev_t dev)
89{ 89{
90 struct inode *inode; 90 struct inode *inode;
91 int error = -ENOMEM; 91 int error = -ENOMEM;
@@ -102,7 +102,7 @@ static int mknod(struct inode *dir, struct dentry *dentry,
102 return error; 102 return error;
103} 103}
104 104
105static int mkdir(struct inode *dir, struct dentry *dentry, int mode) 105static int mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
106{ 106{
107 int res; 107 int res;
108 108
@@ -113,7 +113,7 @@ static int mkdir(struct inode *dir, struct dentry *dentry, int mode)
113 return res; 113 return res;
114} 114}
115 115
116static int create(struct inode *dir, struct dentry *dentry, int mode) 116static int create(struct inode *dir, struct dentry *dentry, umode_t mode)
117{ 117{
118 mode = (mode & S_IALLUGO) | S_IFREG; 118 mode = (mode & S_IALLUGO) | S_IFREG;
119 return mknod(dir, dentry, mode, 0); 119 return mknod(dir, dentry, mode, 0);
@@ -145,7 +145,7 @@ static struct file_system_type fs_type = {
145 .kill_sb = kill_litter_super, 145 .kill_sb = kill_litter_super,
146}; 146};
147 147
148static int create_by_name(const char *name, mode_t mode, 148static int create_by_name(const char *name, umode_t mode,
149 struct dentry *parent, 149 struct dentry *parent,
150 struct dentry **dentry) 150 struct dentry **dentry)
151{ 151{
@@ -159,12 +159,12 @@ static int create_by_name(const char *name, mode_t mode,
159 * have around. 159 * have around.
160 */ 160 */
161 if (!parent) 161 if (!parent)
162 parent = mount->mnt_sb->s_root; 162 parent = mount->mnt_root;
163 163
164 mutex_lock(&parent->d_inode->i_mutex); 164 mutex_lock(&parent->d_inode->i_mutex);
165 *dentry = lookup_one_len(name, parent, strlen(name)); 165 *dentry = lookup_one_len(name, parent, strlen(name));
166 if (!IS_ERR(*dentry)) { 166 if (!IS_ERR(*dentry)) {
167 if ((mode & S_IFMT) == S_IFDIR) 167 if (S_ISDIR(mode))
168 error = mkdir(parent->d_inode, *dentry, mode); 168 error = mkdir(parent->d_inode, *dentry, mode);
169 else 169 else
170 error = create(parent->d_inode, *dentry, mode); 170 error = create(parent->d_inode, *dentry, mode);
@@ -205,7 +205,7 @@ static int create_by_name(const char *name, mode_t mode,
205 * If securityfs is not enabled in the kernel, the value %-ENODEV is 205 * If securityfs is not enabled in the kernel, the value %-ENODEV is
206 * returned. 206 * returned.
207 */ 207 */
208struct dentry *securityfs_create_file(const char *name, mode_t mode, 208struct dentry *securityfs_create_file(const char *name, umode_t mode,
209 struct dentry *parent, void *data, 209 struct dentry *parent, void *data,
210 const struct file_operations *fops) 210 const struct file_operations *fops)
211{ 211{
diff --git a/security/security.c b/security/security.c
index e2f684aeb70c..214502c772ab 100644
--- a/security/security.c
+++ b/security/security.c
@@ -388,7 +388,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
388EXPORT_SYMBOL(security_old_inode_init_security); 388EXPORT_SYMBOL(security_old_inode_init_security);
389 389
390#ifdef CONFIG_SECURITY_PATH 390#ifdef CONFIG_SECURITY_PATH
391int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, 391int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
392 unsigned int dev) 392 unsigned int dev)
393{ 393{
394 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 394 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
@@ -397,7 +397,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
397} 397}
398EXPORT_SYMBOL(security_path_mknod); 398EXPORT_SYMBOL(security_path_mknod);
399 399
400int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode) 400int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
401{ 401{
402 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 402 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
403 return 0; 403 return 0;
@@ -454,12 +454,11 @@ int security_path_truncate(struct path *path)
454 return security_ops->path_truncate(path); 454 return security_ops->path_truncate(path);
455} 455}
456 456
457int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 457int security_path_chmod(struct path *path, umode_t mode)
458 mode_t mode)
459{ 458{
460 if (unlikely(IS_PRIVATE(dentry->d_inode))) 459 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
461 return 0; 460 return 0;
462 return security_ops->path_chmod(dentry, mnt, mode); 461 return security_ops->path_chmod(path, mode);
463} 462}
464 463
465int security_path_chown(struct path *path, uid_t uid, gid_t gid) 464int security_path_chown(struct path *path, uid_t uid, gid_t gid)
@@ -475,7 +474,7 @@ int security_path_chroot(struct path *path)
475} 474}
476#endif 475#endif
477 476
478int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) 477int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
479{ 478{
480 if (unlikely(IS_PRIVATE(dir))) 479 if (unlikely(IS_PRIVATE(dir)))
481 return 0; 480 return 0;
@@ -506,7 +505,7 @@ int security_inode_symlink(struct inode *dir, struct dentry *dentry,
506 return security_ops->inode_symlink(dir, dentry, old_name); 505 return security_ops->inode_symlink(dir, dentry, old_name);
507} 506}
508 507
509int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) 508int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
510{ 509{
511 if (unlikely(IS_PRIVATE(dir))) 510 if (unlikely(IS_PRIVATE(dir)))
512 return 0; 511 return 0;
@@ -521,7 +520,7 @@ int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
521 return security_ops->inode_rmdir(dir, dentry); 520 return security_ops->inode_rmdir(dir, dentry);
522} 521}
523 522
524int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 523int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
525{ 524{
526 if (unlikely(IS_PRIVATE(dir))) 525 if (unlikely(IS_PRIVATE(dir)))
527 return 0; 526 return 0;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 86305c2f555a..7cd4c3affac8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1740,7 +1740,7 @@ static inline u32 file_mask_to_av(int mode, int mask)
1740{ 1740{
1741 u32 av = 0; 1741 u32 av = 0;
1742 1742
1743 if ((mode & S_IFMT) != S_IFDIR) { 1743 if (!S_ISDIR(mode)) {
1744 if (mask & MAY_EXEC) 1744 if (mask & MAY_EXEC)
1745 av |= FILE__EXECUTE; 1745 av |= FILE__EXECUTE;
1746 if (mask & MAY_READ) 1746 if (mask & MAY_READ)
@@ -2507,7 +2507,7 @@ static int selinux_mount(char *dev_name,
2507 const struct cred *cred = current_cred(); 2507 const struct cred *cred = current_cred();
2508 2508
2509 if (flags & MS_REMOUNT) 2509 if (flags & MS_REMOUNT)
2510 return superblock_has_perm(cred, path->mnt->mnt_sb, 2510 return superblock_has_perm(cred, path->dentry->d_sb,
2511 FILESYSTEM__REMOUNT, NULL); 2511 FILESYSTEM__REMOUNT, NULL);
2512 else 2512 else
2513 return path_has_perm(cred, path, FILE__MOUNTON); 2513 return path_has_perm(cred, path, FILE__MOUNTON);
@@ -2598,7 +2598,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2598 return 0; 2598 return 0;
2599} 2599}
2600 2600
2601static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) 2601static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2602{ 2602{
2603 return may_create(dir, dentry, SECCLASS_FILE); 2603 return may_create(dir, dentry, SECCLASS_FILE);
2604} 2604}
@@ -2618,7 +2618,7 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const
2618 return may_create(dir, dentry, SECCLASS_LNK_FILE); 2618 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2619} 2619}
2620 2620
2621static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) 2621static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2622{ 2622{
2623 return may_create(dir, dentry, SECCLASS_DIR); 2623 return may_create(dir, dentry, SECCLASS_DIR);
2624} 2624}
@@ -2628,7 +2628,7 @@ static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2628 return may_link(dir, dentry, MAY_RMDIR); 2628 return may_link(dir, dentry, MAY_RMDIR);
2629} 2629}
2630 2630
2631static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 2631static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2632{ 2632{
2633 return may_create(dir, dentry, inode_mode_to_security_class(mode)); 2633 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2634} 2634}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7db62b48eb42..e8af5b0ba80f 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -406,7 +406,7 @@ static int smack_sb_statfs(struct dentry *dentry)
406static int smack_sb_mount(char *dev_name, struct path *path, 406static int smack_sb_mount(char *dev_name, struct path *path,
407 char *type, unsigned long flags, void *data) 407 char *type, unsigned long flags, void *data)
408{ 408{
409 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; 409 struct superblock_smack *sbp = path->dentry->d_sb->s_security;
410 struct smk_audit_info ad; 410 struct smk_audit_info ad;
411 411
412 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 412 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
@@ -435,7 +435,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
435 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 435 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
436 smk_ad_setfield_u_fs_path(&ad, path); 436 smk_ad_setfield_u_fs_path(&ad, path);
437 437
438 sbp = mnt->mnt_sb->s_security; 438 sbp = path.dentry->d_sb->s_security;
439 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); 439 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
440} 440}
441 441
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 075c3a6d1649..5ca47ea3049f 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -112,7 +112,7 @@ out:
112 * 112 *
113 * Returns file type string. 113 * Returns file type string.
114 */ 114 */
115static inline const char *tomoyo_filetype(const mode_t mode) 115static inline const char *tomoyo_filetype(const umode_t mode)
116{ 116{
117 switch (mode & S_IFMT) { 117 switch (mode & S_IFMT) {
118 case S_IFREG: 118 case S_IFREG:
@@ -180,7 +180,7 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
180 for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { 180 for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) {
181 struct tomoyo_mini_stat *stat; 181 struct tomoyo_mini_stat *stat;
182 unsigned int dev; 182 unsigned int dev;
183 mode_t mode; 183 umode_t mode;
184 if (!obj->stat_valid[i]) 184 if (!obj->stat_valid[i])
185 continue; 185 continue;
186 stat = &obj->stat[i]; 186 stat = &obj->stat[i];
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index ed311d7a8ce0..deeab7be5b97 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -564,7 +564,7 @@ struct tomoyo_mini_stat {
564 uid_t uid; 564 uid_t uid;
565 gid_t gid; 565 gid_t gid;
566 ino_t ino; 566 ino_t ino;
567 mode_t mode; 567 umode_t mode;
568 dev_t dev; 568 dev_t dev;
569 dev_t rdev; 569 dev_t rdev;
570}; 570};
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index d9f3ced8756e..80a09c37cac8 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -4,15 +4,8 @@
4 * Copyright (C) 2005-2011 NTT DATA CORPORATION 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION
5 */ 5 */
6 6
7#include <linux/types.h>
8#include <linux/mount.h>
9#include <linux/mnt_namespace.h>
10#include <linux/fs_struct.h>
11#include <linux/magic.h>
12#include <linux/slab.h>
13#include <net/sock.h>
14#include "common.h" 7#include "common.h"
15#include "../../fs/internal.h" 8#include <linux/magic.h>
16 9
17/** 10/**
18 * tomoyo_encode2 - Encode binary string to ascii string. 11 * tomoyo_encode2 - Encode binary string to ascii string.
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 2672ac4f3beb..482b2a5f48f0 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -224,7 +224,7 @@ static const struct file_operations tomoyo_operations = {
224 * 224 *
225 * Returns nothing. 225 * Returns nothing.
226 */ 226 */
227static void __init tomoyo_create_entry(const char *name, const mode_t mode, 227static void __init tomoyo_create_entry(const char *name, const umode_t mode,
228 struct dentry *parent, const u8 key) 228 struct dentry *parent, const u8 key)
229{ 229{
230 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 230 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 4b327b691745..620d37c159a3 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -186,7 +186,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
186 * Returns 0 on success, negative value otherwise. 186 * Returns 0 on success, negative value otherwise.
187 */ 187 */
188static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, 188static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
189 int mode) 189 umode_t mode)
190{ 190{
191 struct path path = { parent->mnt, dentry }; 191 struct path path = { parent->mnt, dentry };
192 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, 192 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
@@ -234,7 +234,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
234 * Returns 0 on success, negative value otherwise. 234 * Returns 0 on success, negative value otherwise.
235 */ 235 */
236static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, 236static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
237 int mode, unsigned int dev) 237 umode_t mode, unsigned int dev)
238{ 238{
239 struct path path = { parent->mnt, dentry }; 239 struct path path = { parent->mnt, dentry };
240 int type = TOMOYO_TYPE_CREATE; 240 int type = TOMOYO_TYPE_CREATE;
@@ -353,17 +353,14 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
353/** 353/**
354 * tomoyo_path_chmod - Target for security_path_chmod(). 354 * tomoyo_path_chmod - Target for security_path_chmod().
355 * 355 *
356 * @dentry: Pointer to "struct dentry". 356 * @path: Pointer to "struct path".
357 * @mnt: Pointer to "struct vfsmount". 357 * @mode: DAC permission mode.
358 * @mode: DAC permission mode.
359 * 358 *
360 * Returns 0 on success, negative value otherwise. 359 * Returns 0 on success, negative value otherwise.
361 */ 360 */
362static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 361static int tomoyo_path_chmod(struct path *path, umode_t mode)
363 mode_t mode)
364{ 362{
365 struct path path = { mnt, dentry }; 363 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
366 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,
367 mode & S_IALLUGO); 364 mode & S_IALLUGO);
368} 365}
369 366