1 files changed, 88 insertions, 4 deletions
diff --git a/security/security.c b/security/security.c
index d85dbb37c972..c3586c0d97e2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -154,14 +154,32 @@ int security_capset(struct cred *new, const struct cred *old,
                                    effective, inheritable, permitted);
 }
-int security_capable(struct task_struct *tsk, int cap)
+int security_capable(int cap)
 {
-        return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT);
+        return security_ops->capable(current, current_cred(), cap,
+                                     SECURITY_CAP_AUDIT);
 }
-int security_capable_noaudit(struct task_struct *tsk, int cap)
+int security_real_capable(struct task_struct *tsk, int cap)
 {
-        return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT);
+        const struct cred *cred;
+        int ret;
+        cred = get_task_cred(tsk);
+        ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
+        put_cred(cred);
+        return ret;
+}
+int security_real_capable_noaudit(struct task_struct *tsk, int cap)
+{
+        const struct cred *cred;
+        int ret;
+        cred = get_task_cred(tsk);
+        ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
+        put_cred(cred);
+        return ret;
 }
 int security_acct(struct file *file)
@@ -355,6 +373,72 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 }
 EXPORT_SYMBOL(security_inode_init_security);
+#ifdef CONFIG_SECURITY_PATH
+int security_path_mknod(struct path *path, struct dentry *dentry, int mode,
+                        unsigned int dev)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_mknod(path, dentry, mode, dev);
+}
+EXPORT_SYMBOL(security_path_mknod);
+int security_path_mkdir(struct path *path, struct dentry *dentry, int mode)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_mkdir(path, dentry, mode);
+}
+int security_path_rmdir(struct path *path, struct dentry *dentry)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_rmdir(path, dentry);
+}
+int security_path_unlink(struct path *path, struct dentry *dentry)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_unlink(path, dentry);
+}
+int security_path_symlink(struct path *path, struct dentry *dentry,
+                          const char *old_name)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_symlink(path, dentry, old_name);
+}
+int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+                       struct dentry *new_dentry)
+{
+        if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
+                return 0;
+        return security_ops->path_link(old_dentry, new_dir, new_dentry);
+}
+int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
+                         struct path *new_dir, struct dentry *new_dentry)
+{
+        if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
+                     (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
+                return 0;
+        return security_ops->path_rename(old_dir, old_dentry, new_dir,
+                                         new_dentry);
+}
+int security_path_truncate(struct path *path, loff_t length,
+                           unsigned int time_attrs)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_truncate(path, length, time_attrs);
+}
+#endif
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
 {
        if (unlikely(IS_PRIVATE(dir)))

diff --git a/security/security.c b/security/security.c index d85dbb37c972..c3586c0d97e2 100644 --- a/security/security.c +++ b/security/security.c
@@ -154,14 +154,32 @@ int security_capset(struct cred new, const struct cred old,
154	effective, inheritable, permitted);	154	effective, inheritable, permitted);
155	}	155	}
156		156
157	int security_capable(struct task_struct *tsk, int cap)	157	int security_capable(int cap)
158	{	158	{
159	return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT);	159	return security_ops->capable(current, current_cred(), cap,
		160	SECURITY_CAP_AUDIT);
160	}	161	}
161		162
162	int security_capable_noaudit(struct task_struct *tsk, int cap)	163	int security_real_capable(struct task_struct *tsk, int cap)
163	{	164	{
164	return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT);	165	const struct cred *cred;
		166	int ret;
		167
		168	cred = get_task_cred(tsk);
		169	ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
		170	put_cred(cred);
		171	return ret;
		172	}
		173
		174	int security_real_capable_noaudit(struct task_struct *tsk, int cap)
		175	{
		176	const struct cred *cred;
		177	int ret;
		178
		179	cred = get_task_cred(tsk);
		180	ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
		181	put_cred(cred);
		182	return ret;
165	}	183	}
166		184
167	int security_acct(struct file *file)	185	int security_acct(struct file *file)
@@ -355,6 +373,72 @@ int security_inode_init_security(struct inode inode, struct inode dir,
355	}	373	}
356	EXPORT_SYMBOL(security_inode_init_security);	374	EXPORT_SYMBOL(security_inode_init_security);
357		375
		376	#ifdef CONFIG_SECURITY_PATH
		377	int security_path_mknod(struct path path, struct dentry dentry, int mode,
		378	unsigned int dev)
		379	{
		380	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		381	return 0;
		382	return security_ops->path_mknod(path, dentry, mode, dev);
		383	}
		384	EXPORT_SYMBOL(security_path_mknod);
		385
		386	int security_path_mkdir(struct path path, struct dentry dentry, int mode)
		387	{
		388	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		389	return 0;
		390	return security_ops->path_mkdir(path, dentry, mode);
		391	}
		392
		393	int security_path_rmdir(struct path path, struct dentry dentry)
		394	{
		395	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		396	return 0;
		397	return security_ops->path_rmdir(path, dentry);
		398	}
		399
		400	int security_path_unlink(struct path path, struct dentry dentry)
		401	{
		402	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		403	return 0;
		404	return security_ops->path_unlink(path, dentry);
		405	}
		406
		407	int security_path_symlink(struct path path, struct dentry dentry,
		408	const char *old_name)
		409	{
		410	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		411	return 0;
		412	return security_ops->path_symlink(path, dentry, old_name);
		413	}
		414
		415	int security_path_link(struct dentry old_dentry, struct path new_dir,
		416	struct dentry *new_dentry)
		417	{
		418	if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
		419	return 0;
		420	return security_ops->path_link(old_dentry, new_dir, new_dentry);
		421	}
		422
		423	int security_path_rename(struct path old_dir, struct dentry old_dentry,
		424	struct path new_dir, struct dentry new_dentry)
		425	{
		426	if (unlikely(IS_PRIVATE(old_dentry->d_inode) \|\|
		427	(new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
		428	return 0;
		429	return security_ops->path_rename(old_dir, old_dentry, new_dir,
		430	new_dentry);
		431	}
		432
		433	int security_path_truncate(struct path *path, loff_t length,
		434	unsigned int time_attrs)
		435	{
		436	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		437	return 0;
		438	return security_ops->path_truncate(path, length, time_attrs);
		439	}
		440	#endif
		441
358	int security_inode_create(struct inode dir, struct dentry dentry, int mode)	442	int security_inode_create(struct inode dir, struct dentry dentry, int mode)
359	{	443	{
360	if (unlikely(IS_PRIVATE(dir)))	444	if (unlikely(IS_PRIVATE(dir)))