aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/domain.c4
-rw-r--r--security/apparmor/file.c4
-rw-r--r--security/apparmor/lsm.c6
-rw-r--r--security/integrity/ima/ima_api.c6
-rw-r--r--security/integrity/ima/ima_crypto.c2
-rw-r--r--security/integrity/ima/ima_main.c4
-rw-r--r--security/selinux/hooks.c10
-rw-r--r--security/selinux/selinuxfs.c20
-rw-r--r--security/smack/smack_lsm.c14
-rw-r--r--security/tomoyo/securityfs_if.c2
10 files changed, 31 insertions, 41 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 60f0c76a27d3..859abdaac1ea 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -349,8 +349,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
349 unsigned int state; 349 unsigned int state;
350 struct file_perms perms = {}; 350 struct file_perms perms = {};
351 struct path_cond cond = { 351 struct path_cond cond = {
352 bprm->file->f_path.dentry->d_inode->i_uid, 352 file_inode(bprm->file)->i_uid,
353 bprm->file->f_path.dentry->d_inode->i_mode 353 file_inode(bprm->file)->i_mode
354 }; 354 };
355 const char *name = NULL, *target = NULL, *info = NULL; 355 const char *name = NULL, *target = NULL, *info = NULL;
356 int error = cap_bprm_set_creds(bprm); 356 int error = cap_bprm_set_creds(bprm);
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index cd21ec5b90af..fdaa50cb1876 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -449,8 +449,8 @@ int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
449 u32 request) 449 u32 request)
450{ 450{
451 struct path_cond cond = { 451 struct path_cond cond = {
452 .uid = file->f_path.dentry->d_inode->i_uid, 452 .uid = file_inode(file)->i_uid,
453 .mode = file->f_path.dentry->d_inode->i_mode 453 .mode = file_inode(file)->i_mode
454 }; 454 };
455 455
456 return aa_path_perm(op, profile, &file->f_path, PATH_DELEGATE_DELETED, 456 return aa_path_perm(op, profile, &file->f_path, PATH_DELEGATE_DELETED,
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8c2a7f6b35e2..b21830eced41 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
379 struct aa_profile *profile; 379 struct aa_profile *profile;
380 int error = 0; 380 int error = 0;
381 381
382 if (!mediated_filesystem(file->f_path.dentry->d_inode)) 382 if (!mediated_filesystem(file_inode(file)))
383 return 0; 383 return 0;
384 384
385 /* If in exec, permission is handled by bprm hooks. 385 /* If in exec, permission is handled by bprm hooks.
@@ -394,7 +394,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
394 394
395 profile = aa_cred_profile(cred); 395 profile = aa_cred_profile(cred);
396 if (!unconfined(profile)) { 396 if (!unconfined(profile)) {
397 struct inode *inode = file->f_path.dentry->d_inode; 397 struct inode *inode = file_inode(file);
398 struct path_cond cond = { inode->i_uid, inode->i_mode }; 398 struct path_cond cond = { inode->i_uid, inode->i_mode };
399 399
400 error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0, 400 error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0,
@@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask)
432 BUG_ON(!fprofile); 432 BUG_ON(!fprofile);
433 433
434 if (!file->f_path.mnt || 434 if (!file->f_path.mnt ||
435 !mediated_filesystem(file->f_path.dentry->d_inode)) 435 !mediated_filesystem(file_inode(file)))
436 return 0; 436 return 0;
437 437
438 profile = __aa_current_profile(); 438 profile = __aa_current_profile();
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 0cea3db21657..27cb9eb42cc8 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -140,12 +140,12 @@ int ima_must_measure(struct inode *inode, int mask, int function)
140int ima_collect_measurement(struct integrity_iint_cache *iint, 140int ima_collect_measurement(struct integrity_iint_cache *iint,
141 struct file *file) 141 struct file *file)
142{ 142{
143 struct inode *inode = file->f_dentry->d_inode; 143 struct inode *inode = file_inode(file);
144 const char *filename = file->f_dentry->d_name.name; 144 const char *filename = file->f_dentry->d_name.name;
145 int result = 0; 145 int result = 0;
146 146
147 if (!(iint->flags & IMA_COLLECTED)) { 147 if (!(iint->flags & IMA_COLLECTED)) {
148 u64 i_version = file->f_dentry->d_inode->i_version; 148 u64 i_version = file_inode(file)->i_version;
149 149
150 iint->ima_xattr.type = IMA_XATTR_DIGEST; 150 iint->ima_xattr.type = IMA_XATTR_DIGEST;
151 result = ima_calc_hash(file, iint->ima_xattr.digest); 151 result = ima_calc_hash(file, iint->ima_xattr.digest);
@@ -182,7 +182,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
182 const char *op = "add_template_measure"; 182 const char *op = "add_template_measure";
183 const char *audit_cause = "ENOMEM"; 183 const char *audit_cause = "ENOMEM";
184 int result = -ENOMEM; 184 int result = -ENOMEM;
185 struct inode *inode = file->f_dentry->d_inode; 185 struct inode *inode = file_inode(file);
186 struct ima_template_entry *entry; 186 struct ima_template_entry *entry;
187 int violation = 0; 187 int violation = 0;
188 188
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index b21ee5b5495a..81dcaa26401e 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -63,7 +63,7 @@ int ima_calc_hash(struct file *file, char *digest)
63 file->f_mode |= FMODE_READ; 63 file->f_mode |= FMODE_READ;
64 read = 1; 64 read = 1;
65 } 65 }
66 i_size = i_size_read(file->f_dentry->d_inode); 66 i_size = i_size_read(file_inode(file));
67 while (offset < i_size) { 67 while (offset < i_size) {
68 int rbuf_len; 68 int rbuf_len;
69 69
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index dba965de90d3..e7a147f7d371 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -132,7 +132,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
132 */ 132 */
133void ima_file_free(struct file *file) 133void ima_file_free(struct file *file)
134{ 134{
135 struct inode *inode = file->f_dentry->d_inode; 135 struct inode *inode = file_inode(file);
136 struct integrity_iint_cache *iint; 136 struct integrity_iint_cache *iint;
137 137
138 if (!iint_initialized || !S_ISREG(inode->i_mode)) 138 if (!iint_initialized || !S_ISREG(inode->i_mode))
@@ -148,7 +148,7 @@ void ima_file_free(struct file *file)
148static int process_measurement(struct file *file, const unsigned char *filename, 148static int process_measurement(struct file *file, const unsigned char *filename,
149 int mask, int function) 149 int mask, int function)
150{ 150{
151 struct inode *inode = file->f_dentry->d_inode; 151 struct inode *inode = file_inode(file);
152 struct integrity_iint_cache *iint; 152 struct integrity_iint_cache *iint;
153 unsigned char *pathname = NULL, *pathbuf = NULL; 153 unsigned char *pathname = NULL, *pathbuf = NULL;
154 int rc = -ENOMEM, action, must_appraise; 154 int rc = -ENOMEM, action, must_appraise;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 61a53367d029..2963c689f9c0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1528,7 +1528,7 @@ static int file_has_perm(const struct cred *cred,
1528 u32 av) 1528 u32 av)
1529{ 1529{
1530 struct file_security_struct *fsec = file->f_security; 1530 struct file_security_struct *fsec = file->f_security;
1531 struct inode *inode = file->f_path.dentry->d_inode; 1531 struct inode *inode = file_inode(file);
1532 struct common_audit_data ad; 1532 struct common_audit_data ad;
1533 u32 sid = cred_sid(cred); 1533 u32 sid = cred_sid(cred);
1534 int rc; 1534 int rc;
@@ -1957,7 +1957,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1957 struct task_security_struct *new_tsec; 1957 struct task_security_struct *new_tsec;
1958 struct inode_security_struct *isec; 1958 struct inode_security_struct *isec;
1959 struct common_audit_data ad; 1959 struct common_audit_data ad;
1960 struct inode *inode = bprm->file->f_path.dentry->d_inode; 1960 struct inode *inode = file_inode(bprm->file);
1961 int rc; 1961 int rc;
1962 1962
1963 rc = cap_bprm_set_creds(bprm); 1963 rc = cap_bprm_set_creds(bprm);
@@ -2929,7 +2929,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2929static int selinux_revalidate_file_permission(struct file *file, int mask) 2929static int selinux_revalidate_file_permission(struct file *file, int mask)
2930{ 2930{
2931 const struct cred *cred = current_cred(); 2931 const struct cred *cred = current_cred();
2932 struct inode *inode = file->f_path.dentry->d_inode; 2932 struct inode *inode = file_inode(file);
2933 2933
2934 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ 2934 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2935 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2935 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
@@ -2941,7 +2941,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2941 2941
2942static int selinux_file_permission(struct file *file, int mask) 2942static int selinux_file_permission(struct file *file, int mask)
2943{ 2943{
2944 struct inode *inode = file->f_path.dentry->d_inode; 2944 struct inode *inode = file_inode(file);
2945 struct file_security_struct *fsec = file->f_security; 2945 struct file_security_struct *fsec = file->f_security;
2946 struct inode_security_struct *isec = inode->i_security; 2946 struct inode_security_struct *isec = inode->i_security;
2947 u32 sid = current_sid(); 2947 u32 sid = current_sid();
@@ -3218,7 +3218,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
3218 struct inode_security_struct *isec; 3218 struct inode_security_struct *isec;
3219 3219
3220 fsec = file->f_security; 3220 fsec = file->f_security;
3221 isec = file->f_path.dentry->d_inode->i_security; 3221 isec = file_inode(file)->i_security;
3222 /* 3222 /*
3223 * Save inode label and policy sequence number 3223 * Save inode label and policy sequence number
3224 * at open-time so that selinux_file_permission 3224 * at open-time so that selinux_file_permission
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 3a6e8731646c..ff427733c290 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -202,7 +202,7 @@ static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
202{ 202{
203 char tmpbuf[TMPBUFLEN]; 203 char tmpbuf[TMPBUFLEN];
204 ssize_t length; 204 ssize_t length;
205 ino_t ino = filp->f_path.dentry->d_inode->i_ino; 205 ino_t ino = file_inode(filp)->i_ino;
206 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 206 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
207 security_get_reject_unknown() : !security_get_allow_unknown(); 207 security_get_reject_unknown() : !security_get_allow_unknown();
208 208
@@ -671,7 +671,7 @@ static ssize_t (*write_op[])(struct file *, char *, size_t) = {
671 671
672static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 672static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
673{ 673{
674 ino_t ino = file->f_path.dentry->d_inode->i_ino; 674 ino_t ino = file_inode(file)->i_ino;
675 char *data; 675 char *data;
676 ssize_t rv; 676 ssize_t rv;
677 677
@@ -1042,8 +1042,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1042 ssize_t length; 1042 ssize_t length;
1043 ssize_t ret; 1043 ssize_t ret;
1044 int cur_enforcing; 1044 int cur_enforcing;
1045 struct inode *inode = filep->f_path.dentry->d_inode; 1045 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1046 unsigned index = inode->i_ino & SEL_INO_MASK;
1047 const char *name = filep->f_path.dentry->d_name.name; 1046 const char *name = filep->f_path.dentry->d_name.name;
1048 1047
1049 mutex_lock(&sel_mutex); 1048 mutex_lock(&sel_mutex);
@@ -1077,8 +1076,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1077 char *page = NULL; 1076 char *page = NULL;
1078 ssize_t length; 1077 ssize_t length;
1079 int new_value; 1078 int new_value;
1080 struct inode *inode = filep->f_path.dentry->d_inode; 1079 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1081 unsigned index = inode->i_ino & SEL_INO_MASK;
1082 const char *name = filep->f_path.dentry->d_name.name; 1080 const char *name = filep->f_path.dentry->d_name.name;
1083 1081
1084 mutex_lock(&sel_mutex); 1082 mutex_lock(&sel_mutex);
@@ -1486,13 +1484,11 @@ static int sel_make_avc_files(struct dentry *dir)
1486static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1484static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1487 size_t count, loff_t *ppos) 1485 size_t count, loff_t *ppos)
1488{ 1486{
1489 struct inode *inode;
1490 char *con; 1487 char *con;
1491 u32 sid, len; 1488 u32 sid, len;
1492 ssize_t ret; 1489 ssize_t ret;
1493 1490
1494 inode = file->f_path.dentry->d_inode; 1491 sid = file_inode(file)->i_ino&SEL_INO_MASK;
1495 sid = inode->i_ino&SEL_INO_MASK;
1496 ret = security_sid_to_context(sid, &con, &len); 1492 ret = security_sid_to_context(sid, &con, &len);
1497 if (ret) 1493 if (ret)
1498 return ret; 1494 return ret;
@@ -1553,7 +1549,7 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
1553static ssize_t sel_read_class(struct file *file, char __user *buf, 1549static ssize_t sel_read_class(struct file *file, char __user *buf,
1554 size_t count, loff_t *ppos) 1550 size_t count, loff_t *ppos)
1555{ 1551{
1556 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1552 unsigned long ino = file_inode(file)->i_ino;
1557 char res[TMPBUFLEN]; 1553 char res[TMPBUFLEN];
1558 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1554 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1559 return simple_read_from_buffer(buf, count, ppos, res, len); 1555 return simple_read_from_buffer(buf, count, ppos, res, len);
@@ -1567,7 +1563,7 @@ static const struct file_operations sel_class_ops = {
1567static ssize_t sel_read_perm(struct file *file, char __user *buf, 1563static ssize_t sel_read_perm(struct file *file, char __user *buf,
1568 size_t count, loff_t *ppos) 1564 size_t count, loff_t *ppos)
1569{ 1565{
1570 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1566 unsigned long ino = file_inode(file)->i_ino;
1571 char res[TMPBUFLEN]; 1567 char res[TMPBUFLEN];
1572 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1568 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1573 return simple_read_from_buffer(buf, count, ppos, res, len); 1569 return simple_read_from_buffer(buf, count, ppos, res, len);
@@ -1584,7 +1580,7 @@ static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1584 int value; 1580 int value;
1585 char tmpbuf[TMPBUFLEN]; 1581 char tmpbuf[TMPBUFLEN];
1586 ssize_t length; 1582 ssize_t length;
1587 unsigned long i_ino = file->f_path.dentry->d_inode->i_ino; 1583 unsigned long i_ino = file_inode(file)->i_ino;
1588 1584
1589 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1585 value = security_policycap_supported(i_ino & SEL_INO_MASK);
1590 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1586 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 38be92ce901e..fa64740abb59 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -456,7 +456,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
456 */ 456 */
457static int smack_bprm_set_creds(struct linux_binprm *bprm) 457static int smack_bprm_set_creds(struct linux_binprm *bprm)
458{ 458{
459 struct inode *inode = bprm->file->f_path.dentry->d_inode; 459 struct inode *inode = file_inode(bprm->file);
460 struct task_smack *bsp = bprm->cred->security; 460 struct task_smack *bsp = bprm->cred->security;
461 struct inode_smack *isp; 461 struct inode_smack *isp;
462 int rc; 462 int rc;
@@ -1187,21 +1187,15 @@ static int smack_mmap_file(struct file *file,
1187 char *msmack; 1187 char *msmack;
1188 char *osmack; 1188 char *osmack;
1189 struct inode_smack *isp; 1189 struct inode_smack *isp;
1190 struct dentry *dp;
1191 int may; 1190 int may;
1192 int mmay; 1191 int mmay;
1193 int tmay; 1192 int tmay;
1194 int rc; 1193 int rc;
1195 1194
1196 if (file == NULL || file->f_dentry == NULL) 1195 if (file == NULL)
1197 return 0;
1198
1199 dp = file->f_dentry;
1200
1201 if (dp->d_inode == NULL)
1202 return 0; 1196 return 0;
1203 1197
1204 isp = dp->d_inode->i_security; 1198 isp = file_inode(file)->i_security;
1205 if (isp->smk_mmap == NULL) 1199 if (isp->smk_mmap == NULL)
1206 return 0; 1200 return 0;
1207 msmack = isp->smk_mmap; 1201 msmack = isp->smk_mmap;
@@ -1359,7 +1353,7 @@ static int smack_file_receive(struct file *file)
1359 */ 1353 */
1360static int smack_file_open(struct file *file, const struct cred *cred) 1354static int smack_file_open(struct file *file, const struct cred *cred)
1361{ 1355{
1362 struct inode_smack *isp = file->f_path.dentry->d_inode->i_security; 1356 struct inode_smack *isp = file_inode(file)->i_security;
1363 1357
1364 file->f_security = isp->smk_inode; 1358 file->f_security = isp->smk_inode;
1365 1359
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 8592f2fc6ebb..fcf32783b66b 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -135,7 +135,7 @@ static const struct file_operations tomoyo_self_operations = {
135 */ 135 */
136static int tomoyo_open(struct inode *inode, struct file *file) 136static int tomoyo_open(struct inode *inode, struct file *file)
137{ 137{
138 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 138 const int key = ((u8 *) file_inode(file)->i_private)
139 - ((u8 *) NULL); 139 - ((u8 *) NULL);
140 return tomoyo_open_control(key, file); 140 return tomoyo_open_control(key, file);
141} 141}
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-03 20:43:45 -0500