aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2015-01-29 07:02:31 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2015-02-22 11:38:39 -0500
commit7ac2856d99e8038d356767c81ef7f2e85d366441 (patch)
treef56b9d59ecbeeb69da6d4d7c2aeaa1cd7418b988 /security
parent44bdb5e5f6382ba88f7678d6f535f879324522ae (diff)
Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb
mediated_filesystem() should use dentry->d_sb not dentry->d_inode->i_sb and should avoid file_inode() also since it is really dealing with the path. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/include/apparmor.h4
-rw-r--r--security/apparmor/lsm.c20
2 files changed, 12 insertions, 12 deletions
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 97130f88838b..e4ea62663866 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -112,9 +112,9 @@ static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
112 return aa_dfa_next(dfa, start, 0); 112 return aa_dfa_next(dfa, start, 0);
113} 113}
114 114
115static inline bool mediated_filesystem(struct inode *inode) 115static inline bool mediated_filesystem(struct dentry *dentry)
116{ 116{
117 return !(inode->i_sb->s_flags & MS_NOUSER); 117 return !(dentry->d_sb->s_flags & MS_NOUSER);
118} 118}
119 119
120#endif /* __APPARMOR_H */ 120#endif /* __APPARMOR_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 65ca451a764d..107db88b1d5f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -226,7 +226,7 @@ static int common_perm_rm(int op, struct path *dir,
226 struct inode *inode = dentry->d_inode; 226 struct inode *inode = dentry->d_inode;
227 struct path_cond cond = { }; 227 struct path_cond cond = { };
228 228
229 if (!inode || !dir->mnt || !mediated_filesystem(inode)) 229 if (!inode || !dir->mnt || !mediated_filesystem(dentry))
230 return 0; 230 return 0;
231 231
232 cond.uid = inode->i_uid; 232 cond.uid = inode->i_uid;
@@ -250,7 +250,7 @@ static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
250{ 250{
251 struct path_cond cond = { current_fsuid(), mode }; 251 struct path_cond cond = { current_fsuid(), mode };
252 252
253 if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode)) 253 if (!dir->mnt || !mediated_filesystem(dir->dentry))
254 return 0; 254 return 0;
255 255
256 return common_perm_dir_dentry(op, dir, dentry, mask, &cond); 256 return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
@@ -285,7 +285,7 @@ static int apparmor_path_truncate(struct path *path)
285 path->dentry->d_inode->i_mode 285 path->dentry->d_inode->i_mode
286 }; 286 };
287 287
288 if (!path->mnt || !mediated_filesystem(path->dentry->d_inode)) 288 if (!path->mnt || !mediated_filesystem(path->dentry))
289 return 0; 289 return 0;
290 290
291 return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, 291 return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
@@ -305,7 +305,7 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
305 struct aa_profile *profile; 305 struct aa_profile *profile;
306 int error = 0; 306 int error = 0;
307 307
308 if (!mediated_filesystem(old_dentry->d_inode)) 308 if (!mediated_filesystem(old_dentry))
309 return 0; 309 return 0;
310 310
311 profile = aa_current_profile(); 311 profile = aa_current_profile();
@@ -320,7 +320,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
320 struct aa_profile *profile; 320 struct aa_profile *profile;
321 int error = 0; 321 int error = 0;
322 322
323 if (!mediated_filesystem(old_dentry->d_inode)) 323 if (!mediated_filesystem(old_dentry))
324 return 0; 324 return 0;
325 325
326 profile = aa_current_profile(); 326 profile = aa_current_profile();
@@ -346,7 +346,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
346 346
347static int apparmor_path_chmod(struct path *path, umode_t mode) 347static int apparmor_path_chmod(struct path *path, umode_t mode)
348{ 348{
349 if (!mediated_filesystem(path->dentry->d_inode)) 349 if (!mediated_filesystem(path->dentry))
350 return 0; 350 return 0;
351 351
352 return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); 352 return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
@@ -358,7 +358,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
358 path->dentry->d_inode->i_mode 358 path->dentry->d_inode->i_mode
359 }; 359 };
360 360
361 if (!mediated_filesystem(path->dentry->d_inode)) 361 if (!mediated_filesystem(path->dentry))
362 return 0; 362 return 0;
363 363
364 return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); 364 return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
@@ -366,7 +366,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
366 366
367static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 367static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
368{ 368{
369 if (!mediated_filesystem(dentry->d_inode)) 369 if (!mediated_filesystem(dentry))
370 return 0; 370 return 0;
371 371
372 return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, 372 return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry,
@@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
379 struct aa_profile *profile; 379 struct aa_profile *profile;
380 int error = 0; 380 int error = 0;
381 381
382 if (!mediated_filesystem(file_inode(file))) 382 if (!mediated_filesystem(file->f_path.dentry))
383 return 0; 383 return 0;
384 384
385 /* If in exec, permission is handled by bprm hooks. 385 /* If in exec, permission is handled by bprm hooks.
@@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask)
432 BUG_ON(!fprofile); 432 BUG_ON(!fprofile);
433 433
434 if (!file->f_path.mnt || 434 if (!file->f_path.mnt ||
435 !mediated_filesystem(file_inode(file))) 435 !mediated_filesystem(file->f_path.dentry))
436 return 0; 436 return 0;
437 437
438 profile = __aa_current_profile(); 438 profile = __aa_current_profile();