diff options
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack.h | 11 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 48 |
2 files changed, 30 insertions, 29 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index b449cfdad21c..2b6c6a516123 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -316,22 +316,17 @@ static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | |||
| 316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | 316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, |
| 317 | struct dentry *d) | 317 | struct dentry *d) |
| 318 | { | 318 | { |
| 319 | a->a.u.fs.path.dentry = d; | 319 | a->a.u.dentry = d; |
| 320 | } | ||
| 321 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | ||
| 322 | struct vfsmount *m) | ||
| 323 | { | ||
| 324 | a->a.u.fs.path.mnt = m; | ||
| 325 | } | 320 | } |
| 326 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | 321 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, |
| 327 | struct inode *i) | 322 | struct inode *i) |
| 328 | { | 323 | { |
| 329 | a->a.u.fs.inode = i; | 324 | a->a.u.inode = i; |
| 330 | } | 325 | } |
| 331 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | 326 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, |
| 332 | struct path p) | 327 | struct path p) |
| 333 | { | 328 | { |
| 334 | a->a.u.fs.path = p; | 329 | a->a.u.path = p; |
| 335 | } | 330 | } |
| 336 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | 331 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, |
| 337 | struct sock *sk) | 332 | struct sock *sk) |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 400a5d5cde61..9831a39c11f6 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -383,7 +383,7 @@ static int smack_sb_statfs(struct dentry *dentry) | |||
| 383 | int rc; | 383 | int rc; |
| 384 | struct smk_audit_info ad; | 384 | struct smk_audit_info ad; |
| 385 | 385 | ||
| 386 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 386 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 387 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 387 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 388 | 388 | ||
| 389 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); | 389 | rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); |
| @@ -407,7 +407,7 @@ static int smack_sb_mount(char *dev_name, struct path *path, | |||
| 407 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; | 407 | struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; |
| 408 | struct smk_audit_info ad; | 408 | struct smk_audit_info ad; |
| 409 | 409 | ||
| 410 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 410 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 411 | smk_ad_setfield_u_fs_path(&ad, *path); | 411 | smk_ad_setfield_u_fs_path(&ad, *path); |
| 412 | 412 | ||
| 413 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); | 413 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); |
| @@ -425,10 +425,13 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
| 425 | { | 425 | { |
| 426 | struct superblock_smack *sbp; | 426 | struct superblock_smack *sbp; |
| 427 | struct smk_audit_info ad; | 427 | struct smk_audit_info ad; |
| 428 | struct path path; | ||
| 428 | 429 | ||
| 429 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 430 | path.dentry = mnt->mnt_root; |
| 430 | smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); | 431 | path.mnt = mnt; |
| 431 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 432 | |
| 433 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); | ||
| 434 | smk_ad_setfield_u_fs_path(&ad, path); | ||
| 432 | 435 | ||
| 433 | sbp = mnt->mnt_sb->s_security; | 436 | sbp = mnt->mnt_sb->s_security; |
| 434 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); | 437 | return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); |
| @@ -563,7 +566,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, | |||
| 563 | struct smk_audit_info ad; | 566 | struct smk_audit_info ad; |
| 564 | int rc; | 567 | int rc; |
| 565 | 568 | ||
| 566 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 569 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 567 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | 570 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); |
| 568 | 571 | ||
| 569 | isp = smk_of_inode(old_dentry->d_inode); | 572 | isp = smk_of_inode(old_dentry->d_inode); |
| @@ -592,7 +595,7 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) | |||
| 592 | struct smk_audit_info ad; | 595 | struct smk_audit_info ad; |
| 593 | int rc; | 596 | int rc; |
| 594 | 597 | ||
| 595 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 598 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 596 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 599 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 597 | 600 | ||
| 598 | /* | 601 | /* |
| @@ -623,7 +626,7 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) | |||
| 623 | struct smk_audit_info ad; | 626 | struct smk_audit_info ad; |
| 624 | int rc; | 627 | int rc; |
| 625 | 628 | ||
| 626 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 629 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 627 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 630 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 628 | 631 | ||
| 629 | /* | 632 | /* |
| @@ -663,7 +666,7 @@ static int smack_inode_rename(struct inode *old_inode, | |||
| 663 | char *isp; | 666 | char *isp; |
| 664 | struct smk_audit_info ad; | 667 | struct smk_audit_info ad; |
| 665 | 668 | ||
| 666 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 669 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 667 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); | 670 | smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); |
| 668 | 671 | ||
| 669 | isp = smk_of_inode(old_dentry->d_inode); | 672 | isp = smk_of_inode(old_dentry->d_inode); |
| @@ -700,7 +703,7 @@ static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) | |||
| 700 | /* May be droppable after audit */ | 703 | /* May be droppable after audit */ |
| 701 | if (flags & IPERM_FLAG_RCU) | 704 | if (flags & IPERM_FLAG_RCU) |
| 702 | return -ECHILD; | 705 | return -ECHILD; |
| 703 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 706 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); |
| 704 | smk_ad_setfield_u_fs_inode(&ad, inode); | 707 | smk_ad_setfield_u_fs_inode(&ad, inode); |
| 705 | return smk_curacc(smk_of_inode(inode), mask, &ad); | 708 | return smk_curacc(smk_of_inode(inode), mask, &ad); |
| 706 | } | 709 | } |
| @@ -720,7 +723,7 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
| 720 | */ | 723 | */ |
| 721 | if (iattr->ia_valid & ATTR_FORCE) | 724 | if (iattr->ia_valid & ATTR_FORCE) |
| 722 | return 0; | 725 | return 0; |
| 723 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 726 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 724 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 727 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 725 | 728 | ||
| 726 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 729 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
| @@ -736,10 +739,13 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) | |||
| 736 | static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 739 | static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
| 737 | { | 740 | { |
| 738 | struct smk_audit_info ad; | 741 | struct smk_audit_info ad; |
| 742 | struct path path; | ||
| 739 | 743 | ||
| 740 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 744 | path.dentry = dentry; |
| 741 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 745 | path.mnt = mnt; |
| 742 | smk_ad_setfield_u_fs_path_mnt(&ad, mnt); | 746 | |
| 747 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); | ||
| 748 | smk_ad_setfield_u_fs_path(&ad, path); | ||
| 743 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | 749 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); |
| 744 | } | 750 | } |
| 745 | 751 | ||
| @@ -784,7 +790,7 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, | |||
| 784 | } else | 790 | } else |
| 785 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 791 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
| 786 | 792 | ||
| 787 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 793 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 788 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 794 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 789 | 795 | ||
| 790 | if (rc == 0) | 796 | if (rc == 0) |
| @@ -845,7 +851,7 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name) | |||
| 845 | { | 851 | { |
| 846 | struct smk_audit_info ad; | 852 | struct smk_audit_info ad; |
| 847 | 853 | ||
| 848 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 854 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 849 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 855 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 850 | 856 | ||
| 851 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); | 857 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); |
| @@ -877,7 +883,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) | |||
| 877 | } else | 883 | } else |
| 878 | rc = cap_inode_removexattr(dentry, name); | 884 | rc = cap_inode_removexattr(dentry, name); |
| 879 | 885 | ||
| 880 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 886 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); |
| 881 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); | 887 | smk_ad_setfield_u_fs_path_dentry(&ad, dentry); |
| 882 | if (rc == 0) | 888 | if (rc == 0) |
| 883 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); | 889 | rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); |
| @@ -1047,7 +1053,7 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, | |||
| 1047 | int rc = 0; | 1053 | int rc = 0; |
| 1048 | struct smk_audit_info ad; | 1054 | struct smk_audit_info ad; |
| 1049 | 1055 | ||
| 1050 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1056 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1051 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1057 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1052 | 1058 | ||
| 1053 | if (_IOC_DIR(cmd) & _IOC_WRITE) | 1059 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
| @@ -1070,8 +1076,8 @@ static int smack_file_lock(struct file *file, unsigned int cmd) | |||
| 1070 | { | 1076 | { |
| 1071 | struct smk_audit_info ad; | 1077 | struct smk_audit_info ad; |
| 1072 | 1078 | ||
| 1073 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1079 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1074 | smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); | 1080 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1075 | return smk_curacc(file->f_security, MAY_WRITE, &ad); | 1081 | return smk_curacc(file->f_security, MAY_WRITE, &ad); |
| 1076 | } | 1082 | } |
| 1077 | 1083 | ||
| @@ -1089,7 +1095,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1089 | struct smk_audit_info ad; | 1095 | struct smk_audit_info ad; |
| 1090 | int rc; | 1096 | int rc; |
| 1091 | 1097 | ||
| 1092 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); | 1098 | smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); |
| 1093 | smk_ad_setfield_u_fs_path(&ad, file->f_path); | 1099 | smk_ad_setfield_u_fs_path(&ad, file->f_path); |
| 1094 | 1100 | ||
| 1095 | switch (cmd) { | 1101 | switch (cmd) { |