diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/include/apparmor.h | 4 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 20 | ||||
| -rw-r--r-- | security/apparmor/path.c | 2 | ||||
| -rw-r--r-- | security/inode.c | 2 | ||||
| -rw-r--r-- | security/integrity/Kconfig | 4 | ||||
| -rw-r--r-- | security/integrity/evm/Kconfig | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 8 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 4 | ||||
| -rw-r--r-- | security/tomoyo/file.c | 4 |
9 files changed, 24 insertions, 26 deletions
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 97130f88838b..e4ea62663866 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h | |||
| @@ -112,9 +112,9 @@ static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa, | |||
| 112 | return aa_dfa_next(dfa, start, 0); | 112 | return aa_dfa_next(dfa, start, 0); |
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | static inline bool mediated_filesystem(struct inode *inode) | 115 | static inline bool mediated_filesystem(struct dentry *dentry) |
| 116 | { | 116 | { |
| 117 | return !(inode->i_sb->s_flags & MS_NOUSER); | 117 | return !(dentry->d_sb->s_flags & MS_NOUSER); |
| 118 | } | 118 | } |
| 119 | 119 | ||
| 120 | #endif /* __APPARMOR_H */ | 120 | #endif /* __APPARMOR_H */ |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 65ca451a764d..107db88b1d5f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -226,7 +226,7 @@ static int common_perm_rm(int op, struct path *dir, | |||
| 226 | struct inode *inode = dentry->d_inode; | 226 | struct inode *inode = dentry->d_inode; |
| 227 | struct path_cond cond = { }; | 227 | struct path_cond cond = { }; |
| 228 | 228 | ||
| 229 | if (!inode || !dir->mnt || !mediated_filesystem(inode)) | 229 | if (!inode || !dir->mnt || !mediated_filesystem(dentry)) |
| 230 | return 0; | 230 | return 0; |
| 231 | 231 | ||
| 232 | cond.uid = inode->i_uid; | 232 | cond.uid = inode->i_uid; |
| @@ -250,7 +250,7 @@ static int common_perm_create(int op, struct path *dir, struct dentry *dentry, | |||
| 250 | { | 250 | { |
| 251 | struct path_cond cond = { current_fsuid(), mode }; | 251 | struct path_cond cond = { current_fsuid(), mode }; |
| 252 | 252 | ||
| 253 | if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode)) | 253 | if (!dir->mnt || !mediated_filesystem(dir->dentry)) |
| 254 | return 0; | 254 | return 0; |
| 255 | 255 | ||
| 256 | return common_perm_dir_dentry(op, dir, dentry, mask, &cond); | 256 | return common_perm_dir_dentry(op, dir, dentry, mask, &cond); |
| @@ -285,7 +285,7 @@ static int apparmor_path_truncate(struct path *path) | |||
| 285 | path->dentry->d_inode->i_mode | 285 | path->dentry->d_inode->i_mode |
| 286 | }; | 286 | }; |
| 287 | 287 | ||
| 288 | if (!path->mnt || !mediated_filesystem(path->dentry->d_inode)) | 288 | if (!path->mnt || !mediated_filesystem(path->dentry)) |
| 289 | return 0; | 289 | return 0; |
| 290 | 290 | ||
| 291 | return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, | 291 | return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, |
| @@ -305,7 +305,7 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 305 | struct aa_profile *profile; | 305 | struct aa_profile *profile; |
| 306 | int error = 0; | 306 | int error = 0; |
| 307 | 307 | ||
| 308 | if (!mediated_filesystem(old_dentry->d_inode)) | 308 | if (!mediated_filesystem(old_dentry)) |
| 309 | return 0; | 309 | return 0; |
| 310 | 310 | ||
| 311 | profile = aa_current_profile(); | 311 | profile = aa_current_profile(); |
| @@ -320,7 +320,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, | |||
| 320 | struct aa_profile *profile; | 320 | struct aa_profile *profile; |
| 321 | int error = 0; | 321 | int error = 0; |
| 322 | 322 | ||
| 323 | if (!mediated_filesystem(old_dentry->d_inode)) | 323 | if (!mediated_filesystem(old_dentry)) |
| 324 | return 0; | 324 | return 0; |
| 325 | 325 | ||
| 326 | profile = aa_current_profile(); | 326 | profile = aa_current_profile(); |
| @@ -346,7 +346,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, | |||
| 346 | 346 | ||
| 347 | static int apparmor_path_chmod(struct path *path, umode_t mode) | 347 | static int apparmor_path_chmod(struct path *path, umode_t mode) |
| 348 | { | 348 | { |
| 349 | if (!mediated_filesystem(path->dentry->d_inode)) | 349 | if (!mediated_filesystem(path->dentry)) |
| 350 | return 0; | 350 | return 0; |
| 351 | 351 | ||
| 352 | return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); | 352 | return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); |
| @@ -358,7 +358,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |||
| 358 | path->dentry->d_inode->i_mode | 358 | path->dentry->d_inode->i_mode |
| 359 | }; | 359 | }; |
| 360 | 360 | ||
| 361 | if (!mediated_filesystem(path->dentry->d_inode)) | 361 | if (!mediated_filesystem(path->dentry)) |
| 362 | return 0; | 362 | return 0; |
| 363 | 363 | ||
| 364 | return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); | 364 | return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); |
| @@ -366,7 +366,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |||
| 366 | 366 | ||
| 367 | static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 367 | static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
| 368 | { | 368 | { |
| 369 | if (!mediated_filesystem(dentry->d_inode)) | 369 | if (!mediated_filesystem(dentry)) |
| 370 | return 0; | 370 | return 0; |
| 371 | 371 | ||
| 372 | return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, | 372 | return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, |
| @@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred) | |||
| 379 | struct aa_profile *profile; | 379 | struct aa_profile *profile; |
| 380 | int error = 0; | 380 | int error = 0; |
| 381 | 381 | ||
| 382 | if (!mediated_filesystem(file_inode(file))) | 382 | if (!mediated_filesystem(file->f_path.dentry)) |
| 383 | return 0; | 383 | return 0; |
| 384 | 384 | ||
| 385 | /* If in exec, permission is handled by bprm hooks. | 385 | /* If in exec, permission is handled by bprm hooks. |
| @@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask) | |||
| 432 | BUG_ON(!fprofile); | 432 | BUG_ON(!fprofile); |
| 433 | 433 | ||
| 434 | if (!file->f_path.mnt || | 434 | if (!file->f_path.mnt || |
| 435 | !mediated_filesystem(file_inode(file))) | 435 | !mediated_filesystem(file->f_path.dentry)) |
| 436 | return 0; | 436 | return 0; |
| 437 | 437 | ||
| 438 | profile = __aa_current_profile(); | 438 | profile = __aa_current_profile(); |
diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 35b394a75d76..71e0e3a15b9d 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c | |||
| @@ -114,7 +114,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, | |||
| 114 | * security_path hooks as a deleted dentry except without an inode | 114 | * security_path hooks as a deleted dentry except without an inode |
| 115 | * allocated. | 115 | * allocated. |
| 116 | */ | 116 | */ |
| 117 | if (d_unlinked(path->dentry) && path->dentry->d_inode && | 117 | if (d_unlinked(path->dentry) && d_is_positive(path->dentry) && |
| 118 | !(flags & PATH_MEDIATE_DELETED)) { | 118 | !(flags & PATH_MEDIATE_DELETED)) { |
| 119 | error = -ENOENT; | 119 | error = -ENOENT; |
| 120 | goto out; | 120 | goto out; |
diff --git a/security/inode.c b/security/inode.c index 8e7ca62078ab..131a3c49f766 100644 --- a/security/inode.c +++ b/security/inode.c | |||
| @@ -203,7 +203,7 @@ void securityfs_remove(struct dentry *dentry) | |||
| 203 | mutex_lock(&parent->d_inode->i_mutex); | 203 | mutex_lock(&parent->d_inode->i_mutex); |
| 204 | if (positive(dentry)) { | 204 | if (positive(dentry)) { |
| 205 | if (dentry->d_inode) { | 205 | if (dentry->d_inode) { |
| 206 | if (S_ISDIR(dentry->d_inode->i_mode)) | 206 | if (d_is_dir(dentry)) |
| 207 | simple_rmdir(parent->d_inode, dentry); | 207 | simple_rmdir(parent->d_inode, dentry); |
| 208 | else | 208 | else |
| 209 | simple_unlink(parent->d_inode, dentry); | 209 | simple_unlink(parent->d_inode, dentry); |
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index b76235ae4786..73c457bf5a4a 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig | |||
| @@ -16,7 +16,7 @@ config INTEGRITY | |||
| 16 | if INTEGRITY | 16 | if INTEGRITY |
| 17 | 17 | ||
| 18 | config INTEGRITY_SIGNATURE | 18 | config INTEGRITY_SIGNATURE |
| 19 | boolean "Digital signature verification using multiple keyrings" | 19 | bool "Digital signature verification using multiple keyrings" |
| 20 | depends on KEYS | 20 | depends on KEYS |
| 21 | default n | 21 | default n |
| 22 | select SIGNATURE | 22 | select SIGNATURE |
| @@ -30,7 +30,7 @@ config INTEGRITY_SIGNATURE | |||
| 30 | usually only added from initramfs. | 30 | usually only added from initramfs. |
| 31 | 31 | ||
| 32 | config INTEGRITY_ASYMMETRIC_KEYS | 32 | config INTEGRITY_ASYMMETRIC_KEYS |
| 33 | boolean "Enable asymmetric keys support" | 33 | bool "Enable asymmetric keys support" |
| 34 | depends on INTEGRITY_SIGNATURE | 34 | depends on INTEGRITY_SIGNATURE |
| 35 | default n | 35 | default n |
| 36 | select ASYMMETRIC_KEY_TYPE | 36 | select ASYMMETRIC_KEY_TYPE |
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig index df586fa00ef1..bf19723cf117 100644 --- a/security/integrity/evm/Kconfig +++ b/security/integrity/evm/Kconfig | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | config EVM | 1 | config EVM |
| 2 | boolean "EVM support" | 2 | bool "EVM support" |
| 3 | select KEYS | 3 | select KEYS |
| 4 | select ENCRYPTED_KEYS | 4 | select ENCRYPTED_KEYS |
| 5 | select CRYPTO_HMAC | 5 | select CRYPTO_HMAC |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 29c39e0b03ed..4d1a54190388 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1799,7 +1799,7 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1799 | 1799 | ||
| 1800 | old_dsec = old_dir->i_security; | 1800 | old_dsec = old_dir->i_security; |
| 1801 | old_isec = old_dentry->d_inode->i_security; | 1801 | old_isec = old_dentry->d_inode->i_security; |
| 1802 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1802 | old_is_dir = d_is_dir(old_dentry); |
| 1803 | new_dsec = new_dir->i_security; | 1803 | new_dsec = new_dir->i_security; |
| 1804 | 1804 | ||
| 1805 | ad.type = LSM_AUDIT_DATA_DENTRY; | 1805 | ad.type = LSM_AUDIT_DATA_DENTRY; |
| @@ -1822,14 +1822,14 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1822 | 1822 | ||
| 1823 | ad.u.dentry = new_dentry; | 1823 | ad.u.dentry = new_dentry; |
| 1824 | av = DIR__ADD_NAME | DIR__SEARCH; | 1824 | av = DIR__ADD_NAME | DIR__SEARCH; |
| 1825 | if (new_dentry->d_inode) | 1825 | if (d_is_positive(new_dentry)) |
| 1826 | av |= DIR__REMOVE_NAME; | 1826 | av |= DIR__REMOVE_NAME; |
| 1827 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); | 1827 | rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); |
| 1828 | if (rc) | 1828 | if (rc) |
| 1829 | return rc; | 1829 | return rc; |
| 1830 | if (new_dentry->d_inode) { | 1830 | if (d_is_positive(new_dentry)) { |
| 1831 | new_isec = new_dentry->d_inode->i_security; | 1831 | new_isec = new_dentry->d_inode->i_security; |
| 1832 | new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); | 1832 | new_is_dir = d_is_dir(new_dentry); |
| 1833 | rc = avc_has_perm(sid, new_isec->sid, | 1833 | rc = avc_has_perm(sid, new_isec->sid, |
| 1834 | new_isec->sclass, | 1834 | new_isec->sclass, |
| 1835 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); | 1835 | (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ed94f6f836e7..c934311812f1 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -855,7 +855,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, | |||
| 855 | rc = smk_curacc(isp, MAY_WRITE, &ad); | 855 | rc = smk_curacc(isp, MAY_WRITE, &ad); |
| 856 | rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc); | 856 | rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc); |
| 857 | 857 | ||
| 858 | if (rc == 0 && new_dentry->d_inode != NULL) { | 858 | if (rc == 0 && d_is_positive(new_dentry)) { |
| 859 | isp = smk_of_inode(new_dentry->d_inode); | 859 | isp = smk_of_inode(new_dentry->d_inode); |
| 860 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); | 860 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); |
| 861 | rc = smk_curacc(isp, MAY_WRITE, &ad); | 861 | rc = smk_curacc(isp, MAY_WRITE, &ad); |
| @@ -961,7 +961,7 @@ static int smack_inode_rename(struct inode *old_inode, | |||
| 961 | rc = smk_curacc(isp, MAY_READWRITE, &ad); | 961 | rc = smk_curacc(isp, MAY_READWRITE, &ad); |
| 962 | rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc); | 962 | rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc); |
| 963 | 963 | ||
| 964 | if (rc == 0 && new_dentry->d_inode != NULL) { | 964 | if (rc == 0 && d_is_positive(new_dentry)) { |
| 965 | isp = smk_of_inode(new_dentry->d_inode); | 965 | isp = smk_of_inode(new_dentry->d_inode); |
| 966 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); | 966 | smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); |
| 967 | rc = smk_curacc(isp, MAY_READWRITE, &ad); | 967 | rc = smk_curacc(isp, MAY_READWRITE, &ad); |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 400390790745..c151a1869597 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -905,11 +905,9 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, | |||
| 905 | !tomoyo_get_realpath(&buf2, path2)) | 905 | !tomoyo_get_realpath(&buf2, path2)) |
| 906 | goto out; | 906 | goto out; |
| 907 | switch (operation) { | 907 | switch (operation) { |
| 908 | struct dentry *dentry; | ||
| 909 | case TOMOYO_TYPE_RENAME: | 908 | case TOMOYO_TYPE_RENAME: |
| 910 | case TOMOYO_TYPE_LINK: | 909 | case TOMOYO_TYPE_LINK: |
| 911 | dentry = path1->dentry; | 910 | if (!d_is_dir(path1->dentry)) |
| 912 | if (!dentry->d_inode || !S_ISDIR(dentry->d_inode->i_mode)) | ||
| 913 | break; | 911 | break; |
| 914 | /* fall through */ | 912 | /* fall through */ |
| 915 | case TOMOYO_TYPE_PIVOT_ROOT: | 913 | case TOMOYO_TYPE_PIVOT_ROOT: |