aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-07-08 00:25:53 -0400
committerJames Morris <jmorris@namei.org>2011-07-10 21:05:34 -0400
commit97fb35e413f256ded07b88c73b3d932ec31ea84e (patch)
treed16cb1dcb6d16938aa01c071fdcd1cbbf85b5153 /security
parent5b636857fee642694e287e3a181b523b16098c93 (diff)
TOMOYO: Enable conditional ACL.
Enable conditional ACL by passing object's pointers. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.h3
-rw-r--r--security/tomoyo/domain.c53
-rw-r--r--security/tomoyo/file.c35
-rw-r--r--security/tomoyo/mount.c8
-rw-r--r--security/tomoyo/tomoyo.c14
5 files changed, 80 insertions, 33 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 6c013b177791..f7fbaa66e443 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -836,7 +836,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
836 struct path *path2); 836 struct path *path2);
837int tomoyo_path_number_perm(const u8 operation, struct path *path, 837int tomoyo_path_number_perm(const u8 operation, struct path *path,
838 unsigned long number); 838 unsigned long number);
839int tomoyo_path_perm(const u8 operation, struct path *path); 839int tomoyo_path_perm(const u8 operation, struct path *path,
840 const char *target);
840int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, 841int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
841 const struct tomoyo_path_info *filename); 842 const struct tomoyo_path_info *filename);
842int tomoyo_poll_control(struct file *file, poll_table *wait); 843int tomoyo_poll_control(struct file *file, poll_table *wait);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 565249c42e39..878d0206f43e 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -575,23 +575,27 @@ out:
575 */ 575 */
576int tomoyo_find_next_domain(struct linux_binprm *bprm) 576int tomoyo_find_next_domain(struct linux_binprm *bprm)
577{ 577{
578 struct tomoyo_request_info r;
579 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
580 struct tomoyo_domain_info *old_domain = tomoyo_domain(); 578 struct tomoyo_domain_info *old_domain = tomoyo_domain();
581 struct tomoyo_domain_info *domain = NULL; 579 struct tomoyo_domain_info *domain = NULL;
582 const char *original_name = bprm->filename; 580 const char *original_name = bprm->filename;
583 u8 mode;
584 bool is_enforce;
585 int retval = -ENOMEM; 581 int retval = -ENOMEM;
586 bool need_kfree = false; 582 bool need_kfree = false;
587 bool reject_on_transition_failure = false; 583 bool reject_on_transition_failure = false;
588 struct tomoyo_path_info rn = { }; /* real name */ 584 struct tomoyo_path_info rn = { }; /* real name */
589 585 struct tomoyo_execve *ee = kzalloc(sizeof(*ee), GFP_NOFS);
590 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); 586 if (!ee)
591 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING); 587 return -ENOMEM;
592 if (!tmp) 588 ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
593 goto out; 589 if (!ee->tmp) {
594 590 kfree(ee);
591 return -ENOMEM;
592 }
593 /* ee->dump->data is allocated by tomoyo_dump_page(). */
594 tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE);
595 ee->r.ee = ee;
596 ee->bprm = bprm;
597 ee->r.obj = &ee->obj;
598 ee->obj.path1 = bprm->file->f_path;
595 retry: 599 retry:
596 if (need_kfree) { 600 if (need_kfree) {
597 kfree(rn.name); 601 kfree(rn.name);
@@ -625,7 +629,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
625 } 629 }
626 630
627 /* Check execute permission. */ 631 /* Check execute permission. */
628 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn); 632 retval = tomoyo_path_permission(&ee->r, TOMOYO_TYPE_EXECUTE, &rn);
629 if (retval == TOMOYO_RETRY_REQUEST) 633 if (retval == TOMOYO_RETRY_REQUEST)
630 goto retry; 634 goto retry;
631 if (retval < 0) 635 if (retval < 0)
@@ -636,12 +640,12 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
636 * wildcard) rather than the pathname passed to execve() 640 * wildcard) rather than the pathname passed to execve()
637 * (which never contains wildcard). 641 * (which never contains wildcard).
638 */ 642 */
639 if (r.param.path.matched_path) { 643 if (ee->r.param.path.matched_path) {
640 if (need_kfree) 644 if (need_kfree)
641 kfree(rn.name); 645 kfree(rn.name);
642 need_kfree = false; 646 need_kfree = false;
643 /* This is OK because it is read only. */ 647 /* This is OK because it is read only. */
644 rn = *r.param.path.matched_path; 648 rn = *ee->r.param.path.matched_path;
645 } 649 }
646 650
647 /* Calculate domain to transit to. */ 651 /* Calculate domain to transit to. */
@@ -649,7 +653,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
649 &rn)) { 653 &rn)) {
650 case TOMOYO_TRANSITION_CONTROL_RESET: 654 case TOMOYO_TRANSITION_CONTROL_RESET:
651 /* Transit to the root of specified namespace. */ 655 /* Transit to the root of specified namespace. */
652 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name); 656 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);
653 /* 657 /*
654 * Make do_execve() fail if domain transition across namespaces 658 * Make do_execve() fail if domain transition across namespaces
655 * has failed. 659 * has failed.
@@ -658,7 +662,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
658 break; 662 break;
659 case TOMOYO_TRANSITION_CONTROL_INITIALIZE: 663 case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
660 /* Transit to the child of current namespace's root. */ 664 /* Transit to the child of current namespace's root. */
661 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", 665 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
662 old_domain->ns->name, rn.name); 666 old_domain->ns->name, rn.name);
663 break; 667 break;
664 case TOMOYO_TRANSITION_CONTROL_KEEP: 668 case TOMOYO_TRANSITION_CONTROL_KEEP:
@@ -677,29 +681,30 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
677 domain = old_domain; 681 domain = old_domain;
678 } else { 682 } else {
679 /* Normal domain transition. */ 683 /* Normal domain transition. */
680 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", 684 snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
681 old_domain->domainname->name, rn.name); 685 old_domain->domainname->name, rn.name);
682 } 686 }
683 break; 687 break;
684 } 688 }
685 if (!domain) 689 if (!domain)
686 domain = tomoyo_assign_domain(tmp, true); 690 domain = tomoyo_assign_domain(ee->tmp, true);
687 if (domain) 691 if (domain)
688 retval = 0; 692 retval = 0;
689 else if (reject_on_transition_failure) { 693 else if (reject_on_transition_failure) {
690 printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp); 694 printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n",
695 ee->tmp);
691 retval = -ENOMEM; 696 retval = -ENOMEM;
692 } else if (r.mode == TOMOYO_CONFIG_ENFORCING) 697 } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING)
693 retval = -ENOMEM; 698 retval = -ENOMEM;
694 else { 699 else {
695 retval = 0; 700 retval = 0;
696 if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) { 701 if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) {
697 old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true; 702 old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true;
698 r.granted = false; 703 ee->r.granted = false;
699 tomoyo_write_log(&r, "%s", tomoyo_dif 704 tomoyo_write_log(&ee->r, "%s", tomoyo_dif
700 [TOMOYO_DIF_TRANSITION_FAILED]); 705 [TOMOYO_DIF_TRANSITION_FAILED]);
701 printk(KERN_WARNING 706 printk(KERN_WARNING
702 "ERROR: Domain '%s' not defined.\n", tmp); 707 "ERROR: Domain '%s' not defined.\n", ee->tmp);
703 } 708 }
704 } 709 }
705 out: 710 out:
@@ -710,7 +715,9 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
710 bprm->cred->security = domain; 715 bprm->cred->security = domain;
711 if (need_kfree) 716 if (need_kfree)
712 kfree(rn.name); 717 kfree(rn.name);
713 kfree(tmp); 718 kfree(ee->tmp);
719 kfree(ee->dump.data);
720 kfree(ee);
714 return retval; 721 return retval;
715} 722}
716 723
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 6ab9e4cdd61f..31a9a4ab7af9 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -667,6 +667,9 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
667 unsigned long number) 667 unsigned long number)
668{ 668{
669 struct tomoyo_request_info r; 669 struct tomoyo_request_info r;
670 struct tomoyo_obj_info obj = {
671 .path1 = *path,
672 };
670 int error = -ENOMEM; 673 int error = -ENOMEM;
671 struct tomoyo_path_info buf; 674 struct tomoyo_path_info buf;
672 int idx; 675 int idx;
@@ -677,6 +680,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
677 idx = tomoyo_read_lock(); 680 idx = tomoyo_read_lock();
678 if (!tomoyo_get_realpath(&buf, path)) 681 if (!tomoyo_get_realpath(&buf, path))
679 goto out; 682 goto out;
683 r.obj = &obj;
680 if (type == TOMOYO_TYPE_MKDIR) 684 if (type == TOMOYO_TYPE_MKDIR)
681 tomoyo_add_slash(&buf); 685 tomoyo_add_slash(&buf);
682 r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL; 686 r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
@@ -711,6 +715,9 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
711 int error = 0; 715 int error = 0;
712 struct tomoyo_path_info buf; 716 struct tomoyo_path_info buf;
713 struct tomoyo_request_info r; 717 struct tomoyo_request_info r;
718 struct tomoyo_obj_info obj = {
719 .path1 = *path,
720 };
714 int idx; 721 int idx;
715 722
716 buf.name = NULL; 723 buf.name = NULL;
@@ -723,6 +730,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
723 error = -ENOMEM; 730 error = -ENOMEM;
724 goto out; 731 goto out;
725 } 732 }
733 r.obj = &obj;
726 if (acc_mode & MAY_READ) 734 if (acc_mode & MAY_READ)
727 error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ, 735 error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ,
728 &buf); 736 &buf);
@@ -745,15 +753,21 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
745 * 753 *
746 * @operation: Type of operation. 754 * @operation: Type of operation.
747 * @path: Pointer to "struct path". 755 * @path: Pointer to "struct path".
756 * @target: Symlink's target if @operation is TOMOYO_TYPE_SYMLINK,
757 * NULL otherwise.
748 * 758 *
749 * Returns 0 on success, negative value otherwise. 759 * Returns 0 on success, negative value otherwise.
750 */ 760 */
751int tomoyo_path_perm(const u8 operation, struct path *path) 761int tomoyo_path_perm(const u8 operation, struct path *path, const char *target)
752{ 762{
753 struct tomoyo_request_info r; 763 struct tomoyo_request_info r;
764 struct tomoyo_obj_info obj = {
765 .path1 = *path,
766 };
754 int error; 767 int error;
755 struct tomoyo_path_info buf; 768 struct tomoyo_path_info buf;
756 bool is_enforce; 769 bool is_enforce;
770 struct tomoyo_path_info symlink_target;
757 int idx; 771 int idx;
758 772
759 if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation]) 773 if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
@@ -765,13 +779,23 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
765 idx = tomoyo_read_lock(); 779 idx = tomoyo_read_lock();
766 if (!tomoyo_get_realpath(&buf, path)) 780 if (!tomoyo_get_realpath(&buf, path))
767 goto out; 781 goto out;
782 r.obj = &obj;
768 switch (operation) { 783 switch (operation) {
769 case TOMOYO_TYPE_RMDIR: 784 case TOMOYO_TYPE_RMDIR:
770 case TOMOYO_TYPE_CHROOT: 785 case TOMOYO_TYPE_CHROOT:
771 tomoyo_add_slash(&buf); 786 tomoyo_add_slash(&buf);
772 break; 787 break;
788 case TOMOYO_TYPE_SYMLINK:
789 symlink_target.name = tomoyo_encode(target);
790 if (!symlink_target.name)
791 goto out;
792 tomoyo_fill_path_info(&symlink_target);
793 obj.symlink_target = &symlink_target;
794 break;
773 } 795 }
774 error = tomoyo_path_permission(&r, operation, &buf); 796 error = tomoyo_path_permission(&r, operation, &buf);
797 if (operation == TOMOYO_TYPE_SYMLINK)
798 kfree(symlink_target.name);
775 out: 799 out:
776 kfree(buf.name); 800 kfree(buf.name);
777 tomoyo_read_unlock(idx); 801 tomoyo_read_unlock(idx);
@@ -794,6 +818,9 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
794 const unsigned int mode, unsigned int dev) 818 const unsigned int mode, unsigned int dev)
795{ 819{
796 struct tomoyo_request_info r; 820 struct tomoyo_request_info r;
821 struct tomoyo_obj_info obj = {
822 .path1 = *path,
823 };
797 int error = -ENOMEM; 824 int error = -ENOMEM;
798 struct tomoyo_path_info buf; 825 struct tomoyo_path_info buf;
799 int idx; 826 int idx;
@@ -804,6 +831,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
804 idx = tomoyo_read_lock(); 831 idx = tomoyo_read_lock();
805 error = -ENOMEM; 832 error = -ENOMEM;
806 if (tomoyo_get_realpath(&buf, path)) { 833 if (tomoyo_get_realpath(&buf, path)) {
834 r.obj = &obj;
807 dev = new_decode_dev(dev); 835 dev = new_decode_dev(dev);
808 r.param_type = TOMOYO_TYPE_MKDEV_ACL; 836 r.param_type = TOMOYO_TYPE_MKDEV_ACL;
809 r.param.mkdev.filename = &buf; 837 r.param.mkdev.filename = &buf;
@@ -837,6 +865,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
837 struct tomoyo_path_info buf1; 865 struct tomoyo_path_info buf1;
838 struct tomoyo_path_info buf2; 866 struct tomoyo_path_info buf2;
839 struct tomoyo_request_info r; 867 struct tomoyo_request_info r;
868 struct tomoyo_obj_info obj = {
869 .path1 = *path1,
870 .path2 = *path2,
871 };
840 int idx; 872 int idx;
841 873
842 if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation]) 874 if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
@@ -861,6 +893,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
861 tomoyo_add_slash(&buf2); 893 tomoyo_add_slash(&buf2);
862 break; 894 break;
863 } 895 }
896 r.obj = &obj;
864 r.param_type = TOMOYO_TYPE_PATH2_ACL; 897 r.param_type = TOMOYO_TYPE_PATH2_ACL;
865 r.param.path2.operation = operation; 898 r.param.path2.operation = operation;
866 r.param.path2.filename1 = &buf1; 899 r.param.path2.filename1 = &buf1;
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 0bbba8b67821..408385307470 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -75,6 +75,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
75 struct path *dir, const char *type, 75 struct path *dir, const char *type,
76 unsigned long flags) 76 unsigned long flags)
77{ 77{
78 struct tomoyo_obj_info obj = { };
78 struct path path; 79 struct path path;
79 struct file_system_type *fstype = NULL; 80 struct file_system_type *fstype = NULL;
80 const char *requested_type = NULL; 81 const char *requested_type = NULL;
@@ -85,6 +86,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
85 struct tomoyo_path_info rdir; 86 struct tomoyo_path_info rdir;
86 int need_dev = 0; 87 int need_dev = 0;
87 int error = -ENOMEM; 88 int error = -ENOMEM;
89 r->obj = &obj;
88 90
89 /* Get fstype. */ 91 /* Get fstype. */
90 requested_type = tomoyo_encode(type); 92 requested_type = tomoyo_encode(type);
@@ -94,6 +96,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
94 tomoyo_fill_path_info(&rtype); 96 tomoyo_fill_path_info(&rtype);
95 97
96 /* Get mount point. */ 98 /* Get mount point. */
99 obj.path2 = *dir;
97 requested_dir_name = tomoyo_realpath_from_path(dir); 100 requested_dir_name = tomoyo_realpath_from_path(dir);
98 if (!requested_dir_name) { 101 if (!requested_dir_name) {
99 error = -ENOMEM; 102 error = -ENOMEM;
@@ -129,8 +132,8 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
129 error = -ENOENT; 132 error = -ENOENT;
130 goto out; 133 goto out;
131 } 134 }
135 obj.path1 = path;
132 requested_dev_name = tomoyo_realpath_from_path(&path); 136 requested_dev_name = tomoyo_realpath_from_path(&path);
133 path_put(&path);
134 if (!requested_dev_name) { 137 if (!requested_dev_name) {
135 error = -ENOENT; 138 error = -ENOENT;
136 goto out; 139 goto out;
@@ -163,6 +166,9 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
163 if (fstype) 166 if (fstype)
164 put_filesystem(fstype); 167 put_filesystem(fstype);
165 kfree(requested_type); 168 kfree(requested_type);
169 /* Drop refcount obtained by kern_path(). */
170 if (obj.path1.dentry)
171 path_put(&obj.path1);
166 return error; 172 return error;
167} 173}
168 174
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index d6f68a0ec2dc..a536cb182c05 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -98,18 +98,18 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
98static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 98static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
99{ 99{
100 struct path path = { mnt, dentry }; 100 struct path path = { mnt, dentry };
101 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path); 101 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
102} 102}
103 103
104static int tomoyo_path_truncate(struct path *path) 104static int tomoyo_path_truncate(struct path *path)
105{ 105{
106 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path); 106 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
107} 107}
108 108
109static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) 109static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
110{ 110{
111 struct path path = { parent->mnt, dentry }; 111 struct path path = { parent->mnt, dentry };
112 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path); 112 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
113} 113}
114 114
115static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, 115static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
@@ -123,14 +123,14 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
123static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) 123static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
124{ 124{
125 struct path path = { parent->mnt, dentry }; 125 struct path path = { parent->mnt, dentry };
126 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path); 126 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
127} 127}
128 128
129static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, 129static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
130 const char *old_name) 130 const char *old_name)
131{ 131{
132 struct path path = { parent->mnt, dentry }; 132 struct path path = { parent->mnt, dentry };
133 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path); 133 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
134} 134}
135 135
136static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, 136static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
@@ -225,7 +225,7 @@ static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
225 225
226static int tomoyo_path_chroot(struct path *path) 226static int tomoyo_path_chroot(struct path *path)
227{ 227{
228 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path); 228 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
229} 229}
230 230
231static int tomoyo_sb_mount(char *dev_name, struct path *path, 231static int tomoyo_sb_mount(char *dev_name, struct path *path,
@@ -237,7 +237,7 @@ static int tomoyo_sb_mount(char *dev_name, struct path *path,
237static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 237static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
238{ 238{
239 struct path path = { mnt, mnt->mnt_root }; 239 struct path path = { mnt, mnt->mnt_root };
240 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path); 240 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
241} 241}
242 242
243static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) 243static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)