1 files changed, 19 insertions, 21 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 654345de62e7..1fa72317bbec 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -160,7 +160,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
 {
        struct task_smack *tsp = current_security();
        struct smack_known *sskp = tsp->smk_task;
-        struct inode *inode = file->f_inode;
+        struct inode *inode = file_inode(file);
        char acc[SMK_NUM_ACCESS_TYPE + 1];
        if (rc <= 0)
@@ -168,7 +168,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
        smk_bu_mode(mode, acc);
        pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
-                sskp->smk_known, (char *)file->f_security, acc,
+                sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
                inode->i_sb->s_id, inode->i_ino, file,
                current->comm);
        return 0;
@@ -1347,6 +1347,9 @@ static int smack_file_permission(struct file *file, int mask)
 * The security blob for a file is a pointer to the master
 * label list, so no allocation is done.
 *
+ * f_security is the owner security information. It
+ * isn't used on file access checks, it's for send_sigio.
+ *
 * Returns 0
 */
 static int smack_file_alloc_security(struct file *file)
@@ -1384,17 +1387,18 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
 {
        int rc = 0;
        struct smk_audit_info ad;
+        struct inode *inode = file_inode(file);
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
        if (_IOC_DIR(cmd) & _IOC_WRITE) {
-                rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
+                rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
                rc = smk_bu_file(file, MAY_WRITE, rc);
        }
        if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
-                rc = smk_curacc(file->f_security, MAY_READ, &ad);
+                rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
                rc = smk_bu_file(file, MAY_READ, rc);
        }
@@ -1412,10 +1416,11 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
 {
        struct smk_audit_info ad;
        int rc;
+        struct inode *inode = file_inode(file);
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
-        rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
+        rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
        rc = smk_bu_file(file, MAY_LOCK, rc);
        return rc;
 }
@@ -1437,7 +1442,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
 {
        struct smk_audit_info ad;
        int rc = 0;
+        struct inode *inode = file_inode(file);
        switch (cmd) {
        case F_GETLK:
@@ -1446,14 +1451,14 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
        case F_SETLKW:
                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
                smk_ad_setfield_u_fs_path(&ad, file->f_path);
-                rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
+                rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
                rc = smk_bu_file(file, MAY_LOCK, rc);
                break;
        case F_SETOWN:
        case F_SETSIG:
                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
                smk_ad_setfield_u_fs_path(&ad, file->f_path);
-                rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
+                rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
                rc = smk_bu_file(file, MAY_WRITE, rc);
                break;
        default:
@@ -1571,14 +1576,10 @@ static int smack_mmap_file(struct file *file,
 * smack_file_set_fowner - set the file security blob value
 * @file: object in question
 *
- * Returns 0
- * Further research may be required on this one.
 */
 static void smack_file_set_fowner(struct file *file)
 {
-        struct smack_known *skp = smk_of_current();
+        file->f_security = smk_of_current();
-        file->f_security = skp;
 }
 /**
@@ -1630,6 +1631,7 @@ static int smack_file_receive(struct file *file)
        int rc;
        int may = 0;
        struct smk_audit_info ad;
+        struct inode *inode = file_inode(file);
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
@@ -1641,7 +1643,7 @@ static int smack_file_receive(struct file *file)
        if (file->f_mode & FMODE_WRITE)
                may |= MAY_WRITE;
-        rc = smk_curacc(file->f_security, may, &ad);
+        rc = smk_curacc(smk_of_inode(inode), may, &ad);
        rc = smk_bu_file(file, may, rc);
        return rc;
 }
@@ -1661,21 +1663,17 @@ static int smack_file_receive(struct file *file)
 static int smack_file_open(struct file *file, const struct cred *cred)
 {
        struct task_smack *tsp = cred->security;
-        struct inode_smack *isp = file_inode(file)->i_security;
+        struct inode *inode = file_inode(file);
        struct smk_audit_info ad;
        int rc;
-        if (smack_privileged(CAP_MAC_OVERRIDE)) {
+        if (smack_privileged(CAP_MAC_OVERRIDE))
-                file->f_security = isp->smk_inode;
                return 0;
-        }
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
-        rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);
+        rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
        rc = smk_bu_credfile(cred, file, MAY_READ, rc);
-        if (rc == 0)
-                file->f_security = isp->smk_inode;
        return rc;
 }

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 654345de62e7..1fa72317bbec 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -160,7 +160,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
160	{	160	{
161	struct task_smack *tsp = current_security();	161	struct task_smack *tsp = current_security();
162	struct smack_known *sskp = tsp->smk_task;	162	struct smack_known *sskp = tsp->smk_task;
163	struct inode *inode = file->f_inode;	163	struct inode *inode = file_inode(file);
164	char acc[SMK_NUM_ACCESS_TYPE + 1];	164	char acc[SMK_NUM_ACCESS_TYPE + 1];
165		165
166	if (rc <= 0)	166	if (rc <= 0)
@@ -168,7 +168,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
168		168
169	smk_bu_mode(mode, acc);	169	smk_bu_mode(mode, acc);
170	pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",	170	pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n",
171	sskp->smk_known, (char *)file->f_security, acc,	171	sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
172	inode->i_sb->s_id, inode->i_ino, file,	172	inode->i_sb->s_id, inode->i_ino, file,
173	current->comm);	173	current->comm);
174	return 0;	174	return 0;
@@ -1347,6 +1347,9 @@ static int smack_file_permission(struct file *file, int mask)
1347	* The security blob for a file is a pointer to the master	1347	* The security blob for a file is a pointer to the master
1348	* label list, so no allocation is done.	1348	* label list, so no allocation is done.
1349	*	1349	*
		1350	* f_security is the owner security information. It
		1351	* isn't used on file access checks, it's for send_sigio.
		1352	*
1350	* Returns 0	1353	* Returns 0
1351	*/	1354	*/
1352	static int smack_file_alloc_security(struct file *file)	1355	static int smack_file_alloc_security(struct file *file)
@@ -1384,17 +1387,18 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
1384	{	1387	{
1385	int rc = 0;	1388	int rc = 0;
1386	struct smk_audit_info ad;	1389	struct smk_audit_info ad;
		1390	struct inode *inode = file_inode(file);
1387		1391
1388	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1392	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1389	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1393	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1390		1394
1391	if (_IOC_DIR(cmd) & _IOC_WRITE) {	1395	if (_IOC_DIR(cmd) & _IOC_WRITE) {
1392	rc = smk_curacc(file->f_security, MAY_WRITE, &ad);	1396	rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1393	rc = smk_bu_file(file, MAY_WRITE, rc);	1397	rc = smk_bu_file(file, MAY_WRITE, rc);
1394	}	1398	}
1395		1399
1396	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {	1400	if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
1397	rc = smk_curacc(file->f_security, MAY_READ, &ad);	1401	rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1398	rc = smk_bu_file(file, MAY_READ, rc);	1402	rc = smk_bu_file(file, MAY_READ, rc);
1399	}	1403	}
1400		1404
@@ -1412,10 +1416,11 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
1412	{	1416	{
1413	struct smk_audit_info ad;	1417	struct smk_audit_info ad;
1414	int rc;	1418	int rc;
		1419	struct inode *inode = file_inode(file);
1415		1420
1416	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1421	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1417	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1422	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1418	rc = smk_curacc(file->f_security, MAY_LOCK, &ad);	1423	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1419	rc = smk_bu_file(file, MAY_LOCK, rc);	1424	rc = smk_bu_file(file, MAY_LOCK, rc);
1420	return rc;	1425	return rc;
1421	}	1426	}
@@ -1437,7 +1442,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
1437	{	1442	{
1438	struct smk_audit_info ad;	1443	struct smk_audit_info ad;
1439	int rc = 0;	1444	int rc = 0;
1440		1445	struct inode *inode = file_inode(file);
1441		1446
1442	switch (cmd) {	1447	switch (cmd) {
1443	case F_GETLK:	1448	case F_GETLK:
@@ -1446,14 +1451,14 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
1446	case F_SETLKW:	1451	case F_SETLKW:
1447	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1452	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1448	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1453	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1449	rc = smk_curacc(file->f_security, MAY_LOCK, &ad);	1454	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
1450	rc = smk_bu_file(file, MAY_LOCK, rc);	1455	rc = smk_bu_file(file, MAY_LOCK, rc);
1451	break;	1456	break;
1452	case F_SETOWN:	1457	case F_SETOWN:
1453	case F_SETSIG:	1458	case F_SETSIG:
1454	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1459	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1455	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1460	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1456	rc = smk_curacc(file->f_security, MAY_WRITE, &ad);	1461	rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
1457	rc = smk_bu_file(file, MAY_WRITE, rc);	1462	rc = smk_bu_file(file, MAY_WRITE, rc);
1458	break;	1463	break;
1459	default:	1464	default:
@@ -1571,14 +1576,10 @@ static int smack_mmap_file(struct file *file,
1571	* smack_file_set_fowner - set the file security blob value	1576	* smack_file_set_fowner - set the file security blob value
1572	* @file: object in question	1577	* @file: object in question
1573	*	1578	*
1574	* Returns 0
1575	* Further research may be required on this one.
1576	*/	1579	*/
1577	static void smack_file_set_fowner(struct file *file)	1580	static void smack_file_set_fowner(struct file *file)
1578	{	1581	{
1579	struct smack_known *skp = smk_of_current();	1582	file->f_security = smk_of_current();
1580
1581	file->f_security = skp;
1582	}	1583	}
1583		1584
1584	/**	1585	/**
@@ -1630,6 +1631,7 @@ static int smack_file_receive(struct file *file)
1630	int rc;	1631	int rc;
1631	int may = 0;	1632	int may = 0;
1632	struct smk_audit_info ad;	1633	struct smk_audit_info ad;
		1634	struct inode *inode = file_inode(file);
1633		1635
1634	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1636	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1635	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1637	smk_ad_setfield_u_fs_path(&ad, file->f_path);
@@ -1641,7 +1643,7 @@ static int smack_file_receive(struct file *file)
1641	if (file->f_mode & FMODE_WRITE)	1643	if (file->f_mode & FMODE_WRITE)
1642	may \|= MAY_WRITE;	1644	may \|= MAY_WRITE;
1643		1645
1644	rc = smk_curacc(file->f_security, may, &ad);	1646	rc = smk_curacc(smk_of_inode(inode), may, &ad);
1645	rc = smk_bu_file(file, may, rc);	1647	rc = smk_bu_file(file, may, rc);
1646	return rc;	1648	return rc;
1647	}	1649	}
@@ -1661,21 +1663,17 @@ static int smack_file_receive(struct file *file)
1661	static int smack_file_open(struct file file, const struct cred cred)	1663	static int smack_file_open(struct file file, const struct cred cred)
1662	{	1664	{
1663	struct task_smack *tsp = cred->security;	1665	struct task_smack *tsp = cred->security;
1664	struct inode_smack *isp = file_inode(file)->i_security;	1666	struct inode *inode = file_inode(file);
1665	struct smk_audit_info ad;	1667	struct smk_audit_info ad;
1666	int rc;	1668	int rc;
1667		1669
1668	if (smack_privileged(CAP_MAC_OVERRIDE)) {	1670	if (smack_privileged(CAP_MAC_OVERRIDE))
1669	file->f_security = isp->smk_inode;
1670	return 0;	1671	return 0;
1671	}
1672		1672
1673	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);	1673	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1674	smk_ad_setfield_u_fs_path(&ad, file->f_path);	1674	smk_ad_setfield_u_fs_path(&ad, file->f_path);
1675	rc = smk_access(tsp->smk_task, isp->smk_inode, MAY_READ, &ad);	1675	rc = smk_access(tsp->smk_task, smk_of_inode(inode), MAY_READ, &ad);
1676	rc = smk_bu_credfile(cred, file, MAY_READ, rc);	1676	rc = smk_bu_credfile(cred, file, MAY_READ, rc);
1677	if (rc == 0)
1678	file->f_security = isp->smk_inode;
1679		1677
1680	return rc;	1678	return rc;
1681	}	1679	}