From 7412301b76bd53ee53b860f611fc3b5b1c2245b5 Mon Sep 17 00:00:00 2001 From: Marcin Lis Date: Thu, 22 Jan 2015 15:40:33 +0100 Subject: Smack: Assign smack_known_web as default smk_in label for kernel thread's socket This change fixes the bug associated with sockets owned by kernel threads. These sockets, created usually by network devices' drivers tasks, received smk_in label from the task that created them - the "floor" label in the most cases. The result was that they were not able to receive data packets because of missing smack rules. The main reason of the access deny is that the socket smk_in label is placed as the object during smk check, kernel thread's capabilities are omitted. Signed-off-by: Marcin Lis --- security/smack/smack_lsm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'security/smack/smack_lsm.c') diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c934311812f1..a097dc7d4669 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2452,7 +2452,21 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, static int smack_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - if (family != PF_INET || sock->sk == NULL) + struct socket_smack *ssp; + + if (sock->sk == NULL) + return 0; + + /* + * Sockets created by kernel threads receive web label. + */ + if (unlikely(current->flags & PF_KTHREAD)) { + ssp = sock->sk->sk_security; + ssp->smk_in = &smack_known_web; + ssp->smk_out = &smack_known_web; + } + + if (family != PF_INET) return 0; /* * Set the outbound netlbl. -- cgit v1.2.3 From 7fc5f36e980a8f4830efdae3858f6e64eee538b7 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 17 Feb 2015 15:41:22 +0100 Subject: Smack: getting the Smack security context of keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this commit, the LSM Smack implements the LSM side part of the system call keyctl with the action code KEYCTL_GET_SECURITY. It is now possible to get the context of, for example, the user session key using the command "keyctl security @s". The original patch has been modified for merge. Signed-off-by: José Bollo Signed-off-by: Casey Schaufler --- security/smack/smack_lsm.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'security/smack/smack_lsm.c') diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a097dc7d4669..e2d1a7b073c0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4000,6 +4000,36 @@ static int smack_key_permission(key_ref_t key_ref, rc = smk_bu_note("key access", tkp, keyp->security, request, rc); return rc; } + +/* + * smack_key_getsecurity - Smack label tagging the key + * @key points to the key to be queried + * @_buffer points to a pointer that should be set to point to the + * resulting string (if no label or an error occurs). + * Return the length of the string (including terminating NUL) or -ve if + * an error. + * May also return 0 (and a NULL buffer pointer) if there is no label. + */ +static int smack_key_getsecurity(struct key *key, char **_buffer) +{ + struct smack_known *skp = key->security; + size_t length; + char *copy; + + if (key->security == NULL) { + *_buffer = NULL; + return 0; + } + + copy = kstrdup(skp->smk_known, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + length = strlen(copy) + 1; + + *_buffer = copy; + return length; +} + #endif /* CONFIG_KEYS */ /* @@ -4324,6 +4354,7 @@ struct security_operations smack_ops = { .key_alloc = smack_key_alloc, .key_free = smack_key_free, .key_permission = smack_key_permission, + .key_getsecurity = smack_key_getsecurity, #endif /* CONFIG_KEYS */ /* Audit hooks */ -- cgit v1.2.3 From bf4b2fee99799780ea3dbb6d79d1909b3e32be13 Mon Sep 17 00:00:00 2001 From: Casey Schaufler Date: Sat, 21 Mar 2015 18:26:40 -0700 Subject: Smack: Allow an unconfined label in bringup mode I have vehemently opposed adding a "permissive" mode to Smack for the simple reasons that it would be subject to massive abuse and that developers refuse to turn it off come product release. I still believe that this is true, and still refuse to add a general "permissive mode". So don't ask again. Bumjin Im suggested an approach that addresses most of the concerns, and I have implemented it here. I still believe that we'd be better off without this sort of thing, but it looks like this minimizes the abuse potential. Firstly, you have to configure Smack Bringup Mode. That allows for "release" software to be ammune from abuse. Second, only one label gets to be "permissive" at a time. You can use it for debugging, but that's about it. A label written to smackfs/unconfined is treated specially. If either the subject or object label of an access check matches the "unconfined" label, and the access would not have been allowed otherwise an audit record and a console message are generated. The audit record "request" string is marked with either "(US)" or "(UO)", to indicate that the request was granted because of an unconfined label. The fact that an inode was accessed by an unconfined label is remembered, and subsequent accesses to that "impure" object are noted in the log. The impurity is not stored in the filesystem, so a file mislabled as a side effect of using an unconfined label may still cause concern after a reboot. So, it's there, it's dangerous, but so many application developers seem incapable of living without it I have given in. I've tried to make it as safe as I can, but in the end it's still a chain saw. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 8 ++++ security/smack/smack_access.c | 43 ++++++++++++++----- security/smack/smack_lsm.c | 52 +++++++++++++++++++---- security/smack/smackfs.c | 96 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 182 insertions(+), 17 deletions(-) (limited to 'security/smack/smack_lsm.c') diff --git a/security/smack/smack.h b/security/smack/smack.h index 67ccb7b2b89b..49eada6266ec 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -105,6 +105,7 @@ struct task_smack { #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ #define SMK_INODE_CHANGED 0x04 /* smack was transmuted */ +#define SMK_INODE_IMPURE 0x08 /* involved in an impure transaction */ /* * A label access rule. @@ -193,6 +194,10 @@ struct smk_port_label { #define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */ #define MAY_BRINGUP 0x00004000 /* Report use of this rule */ +#define SMACK_BRINGUP_ALLOW 1 /* Allow bringup mode */ +#define SMACK_UNCONFINED_SUBJECT 2 /* Allow unconfined label */ +#define SMACK_UNCONFINED_OBJECT 3 /* Allow unconfined label */ + /* * Just to make the common cases easier to deal with */ @@ -254,6 +259,9 @@ extern int smack_cipso_mapped; extern struct smack_known *smack_net_ambient; extern struct smack_known *smack_onlycap; extern struct smack_known *smack_syslog_label; +#ifdef CONFIG_SECURITY_SMACK_BRINGUP +extern struct smack_known *smack_unconfined; +#endif extern struct smack_known smack_cipso_option; extern int smack_ptrace_rule; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 1158430f5bb9..0f410fc56e33 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -130,7 +130,8 @@ int smk_access(struct smack_known *subject, struct smack_known *object, /* * Hardcoded comparisons. - * + */ + /* * A star subject can't access any object. */ if (subject == &smack_known_star) { @@ -189,10 +190,20 @@ int smk_access(struct smack_known *subject, struct smack_known *object, * succeed because of "b" rules. */ if (may & MAY_BRINGUP) - rc = MAY_BRINGUP; + rc = SMACK_BRINGUP_ALLOW; #endif out_audit: + +#ifdef CONFIG_SECURITY_SMACK_BRINGUP + if (rc < 0) { + if (object == smack_unconfined) + rc = SMACK_UNCONFINED_OBJECT; + if (subject == smack_unconfined) + rc = SMACK_UNCONFINED_SUBJECT; + } +#endif + #ifdef CONFIG_AUDIT if (a) smack_log(subject->smk_known, object->smk_known, @@ -338,19 +349,16 @@ static void smack_log_callback(struct audit_buffer *ab, void *a) void smack_log(char *subject_label, char *object_label, int request, int result, struct smk_audit_info *ad) { +#ifdef CONFIG_SECURITY_SMACK_BRINGUP + char request_buffer[SMK_NUM_ACCESS_TYPE + 5]; +#else char request_buffer[SMK_NUM_ACCESS_TYPE + 1]; +#endif struct smack_audit_data *sad; struct common_audit_data *a = &ad->a; -#ifdef CONFIG_SECURITY_SMACK_BRINGUP - /* - * The result may be positive in bringup mode. - */ - if (result > 0) - result = 0; -#endif /* check if we have to log the current event */ - if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) + if (result < 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) return; if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) return; @@ -364,6 +372,21 @@ void smack_log(char *subject_label, char *object_label, int request, smack_str_from_perm(request_buffer, request); sad->subject = subject_label; sad->object = object_label; +#ifdef CONFIG_SECURITY_SMACK_BRINGUP + /* + * The result may be positive in bringup mode. + * A positive result is an allow, but not for normal reasons. + * Mark it as successful, but don't filter it out even if + * the logging policy says to do so. + */ + if (result == SMACK_UNCONFINED_SUBJECT) + strcat(request_buffer, "(US)"); + else if (result == SMACK_UNCONFINED_OBJECT) + strcat(request_buffer, "(UO)"); + + if (result > 0) + result = 0; +#endif sad->request = request_buffer; sad->result = result; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e2d1a7b073c0..6f3c7d866d04 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -57,6 +57,13 @@ static struct kmem_cache *smack_inode_cache; int smack_enabled; #ifdef CONFIG_SECURITY_SMACK_BRINGUP +static char *smk_bu_mess[] = { + "Bringup Error", /* Unused */ + "Bringup", /* SMACK_BRINGUP_ALLOW */ + "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */ + "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */ +}; + static void smk_bu_mode(int mode, char *s) { int i = 0; @@ -87,9 +94,11 @@ static int smk_bu_note(char *note, struct smack_known *sskp, if (rc <= 0) return rc; + if (rc > SMACK_UNCONFINED_OBJECT) + rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack Bringup: (%s %s %s) %s\n", + pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc], sskp->smk_known, oskp->smk_known, acc, note); return 0; } @@ -106,9 +115,11 @@ static int smk_bu_current(char *note, struct smack_known *oskp, if (rc <= 0) return rc; + if (rc > SMACK_UNCONFINED_OBJECT) + rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack Bringup: (%s %s %s) %s %s\n", + pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc], tsp->smk_task->smk_known, oskp->smk_known, acc, current->comm, note); return 0; @@ -126,9 +137,11 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) if (rc <= 0) return rc; + if (rc > SMACK_UNCONFINED_OBJECT) + rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack Bringup: (%s %s %s) %s to %s\n", + pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc], tsp->smk_task->smk_known, smk_task->smk_known, acc, current->comm, otp->comm); return 0; @@ -141,14 +154,25 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) static int smk_bu_inode(struct inode *inode, int mode, int rc) { struct task_smack *tsp = current_security(); + struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; + if (isp->smk_flags & SMK_INODE_IMPURE) + pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", + inode->i_sb->s_id, inode->i_ino, current->comm); + if (rc <= 0) return rc; + if (rc > SMACK_UNCONFINED_OBJECT) + rc = 0; + if (rc == SMACK_UNCONFINED_SUBJECT && + (mode & (MAY_WRITE | MAY_APPEND))) + isp->smk_flags |= SMK_INODE_IMPURE; smk_bu_mode(mode, acc); - pr_info("Smack Bringup: (%s %s %s) inode=(%s %ld) %s\n", - tsp->smk_task->smk_known, smk_of_inode(inode)->smk_known, acc, + + pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], + tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, inode->i_sb->s_id, inode->i_ino, current->comm); return 0; } @@ -162,13 +186,20 @@ static int smk_bu_file(struct file *file, int mode, int rc) struct task_smack *tsp = current_security(); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); + struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; + if (isp->smk_flags & SMK_INODE_IMPURE) + pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", + inode->i_sb->s_id, inode->i_ino, current->comm); + if (rc <= 0) return rc; + if (rc > SMACK_UNCONFINED_OBJECT) + rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n", + pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], sskp->smk_known, smk_of_inode(inode)->smk_known, acc, inode->i_sb->s_id, inode->i_ino, file, current->comm); @@ -185,13 +216,20 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file, struct task_smack *tsp = cred->security; struct smack_known *sskp = tsp->smk_task; struct inode *inode = file->f_inode; + struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; + if (isp->smk_flags & SMK_INODE_IMPURE) + pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", + inode->i_sb->s_id, inode->i_ino, current->comm); + if (rc <= 0) return rc; + if (rc > SMACK_UNCONFINED_OBJECT) + rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack Bringup: (%s %s %s) file=(%s %ld %pD) %s\n", + pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], sskp->smk_known, smk_of_inode(inode)->smk_known, acc, inode->i_sb->s_id, inode->i_ino, file, current->comm); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index bce4e8f1b267..deb3d3bfbbf3 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -54,6 +54,9 @@ enum smk_inos { SMK_CHANGE_RULE = 19, /* change or add rules (long labels) */ SMK_SYSLOG = 20, /* change syslog label) */ SMK_PTRACE = 21, /* set ptrace rule */ +#ifdef CONFIG_SECURITY_SMACK_BRINGUP + SMK_UNCONFINED = 22, /* define an unconfined label */ +#endif }; /* @@ -95,6 +98,16 @@ int smack_cipso_mapped = SMACK_CIPSO_MAPPED_DEFAULT; */ struct smack_known *smack_onlycap; +#ifdef CONFIG_SECURITY_SMACK_BRINGUP +/* + * Allow one label to be unconfined. This is for + * debugging and application bring-up purposes only. + * It is bad and wrong, but everyone seems to expect + * to have it. + */ +struct smack_known *smack_unconfined; +#endif + /* * If this value is set restrict syslog use to the label specified. * It can be reset via smackfs/syslog @@ -1717,6 +1730,85 @@ static const struct file_operations smk_onlycap_ops = { .llseek = default_llseek, }; +#ifdef CONFIG_SECURITY_SMACK_BRINGUP +/** + * smk_read_unconfined - read() for smackfs/unconfined + * @filp: file pointer, not actually used + * @buf: where to put the result + * @cn: maximum to send along + * @ppos: where to start + * + * Returns number of bytes read or error code, as appropriate + */ +static ssize_t smk_read_unconfined(struct file *filp, char __user *buf, + size_t cn, loff_t *ppos) +{ + char *smack = ""; + ssize_t rc = -EINVAL; + int asize; + + if (*ppos != 0) + return 0; + + if (smack_unconfined != NULL) + smack = smack_unconfined->smk_known; + + asize = strlen(smack) + 1; + + if (cn >= asize) + rc = simple_read_from_buffer(buf, cn, ppos, smack, asize); + + return rc; +} + +/** + * smk_write_unconfined - write() for smackfs/unconfined + * @file: file pointer, not actually used + * @buf: where to get the data from + * @count: bytes sent + * @ppos: where to start + * + * Returns number of bytes written or error code, as appropriate + */ +static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) +{ + char *data; + int rc = count; + + if (!smack_privileged(CAP_MAC_ADMIN)) + return -EPERM; + + data = kzalloc(count + 1, GFP_KERNEL); + if (data == NULL) + return -ENOMEM; + + /* + * Should the null string be passed in unset the unconfined value. + * This seems like something to be careful with as usually + * smk_import only expects to return NULL for errors. It + * is usually the case that a nullstring or "\n" would be + * bad to pass to smk_import but in fact this is useful here. + * + * smk_import will also reject a label beginning with '-', + * so "-confine" will also work. + */ + if (copy_from_user(data, buf, count) != 0) + rc = -EFAULT; + else + smack_unconfined = smk_import_entry(data, count); + + kfree(data); + return rc; +} + +static const struct file_operations smk_unconfined_ops = { + .read = smk_read_unconfined, + .write = smk_write_unconfined, + .llseek = default_llseek, +}; +#endif /* CONFIG_SECURITY_SMACK_BRINGUP */ + /** * smk_read_logging - read() for /smack/logging * @filp: file pointer, not actually used @@ -2384,6 +2476,10 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) "syslog", &smk_syslog_ops, S_IRUGO|S_IWUSR}, [SMK_PTRACE] = { "ptrace", &smk_ptrace_ops, S_IRUGO|S_IWUSR}, +#ifdef CONFIG_SECURITY_SMACK_BRINGUP + [SMK_UNCONFINED] = { + "unconfined", &smk_unconfined_ops, S_IRUGO|S_IWUSR}, +#endif /* last one */ {""} }; -- cgit v1.2.3 From 3f7036a071b879da017eddaedb10fba173fdf1ff Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 8 Mar 2015 19:28:30 -0400 Subject: switch security_inode_getattr() to struct path * Signed-off-by: Al Viro --- fs/stat.c | 2 +- include/linux/security.h | 7 +++---- security/apparmor/lsm.c | 6 +++--- security/capability.c | 2 +- security/security.c | 6 +++--- security/selinux/hooks.c | 12 +++--------- security/smack/smack_lsm.c | 13 +++++-------- security/tomoyo/common.h | 2 +- security/tomoyo/file.c | 4 ++-- security/tomoyo/tomoyo.c | 5 ++--- 10 files changed, 24 insertions(+), 35 deletions(-) (limited to 'security/smack/smack_lsm.c') diff --git a/fs/stat.c b/fs/stat.c index ae0c3cef9927..19636af5e75c 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -66,7 +66,7 @@ int vfs_getattr(struct path *path, struct kstat *stat) { int retval; - retval = security_inode_getattr(path->mnt, path->dentry); + retval = security_inode_getattr(path); if (retval) return retval; return vfs_getattr_nosec(path, stat); diff --git a/include/linux/security.h b/include/linux/security.h index a1b7dbd127ff..4e14e3d6309f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1556,7 +1556,7 @@ struct security_operations { int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); - int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); + int (*inode_getattr) (const struct path *path); int (*inode_setxattr) (struct dentry *dentry, const char *name, const void *value, size_t size, int flags); void (*inode_post_setxattr) (struct dentry *dentry, const char *name, @@ -1843,7 +1843,7 @@ int security_inode_readlink(struct dentry *dentry); int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask); int security_inode_setattr(struct dentry *dentry, struct iattr *attr); -int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); +int security_inode_getattr(const struct path *path); int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); void security_inode_post_setxattr(struct dentry *dentry, const char *name, @@ -2259,8 +2259,7 @@ static inline int security_inode_setattr(struct dentry *dentry, return 0; } -static inline int security_inode_getattr(struct vfsmount *mnt, - struct dentry *dentry) +static inline int security_inode_getattr(const struct path *path) { return 0; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 107db88b1d5f..dd56bffd6500 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -364,12 +364,12 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); } -static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +static int apparmor_inode_getattr(const struct path *path) { - if (!mediated_filesystem(dentry)) + if (!mediated_filesystem(path->dentry)) return 0; - return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, + return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, AA_MAY_META_READ); } diff --git a/security/capability.c b/security/capability.c index 070dd46f62f4..bdf22034a961 100644 --- a/security/capability.c +++ b/security/capability.c @@ -225,7 +225,7 @@ static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr) return 0; } -static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +static int cap_inode_getattr(const struct path *path) { return 0; } diff --git a/security/security.c b/security/security.c index e81d5bbe7363..ed890c6d31c5 100644 --- a/security/security.c +++ b/security/security.c @@ -608,11 +608,11 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr) } EXPORT_SYMBOL_GPL(security_inode_setattr); -int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +int security_inode_getattr(const struct path *path) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(path->dentry->d_inode))) return 0; - return security_ops->inode_getattr(mnt, dentry); + return security_ops->inode_getattr(path); } int security_inode_setxattr(struct dentry *dentry, const char *name, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4d1a54190388..e119cdcffc87 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1623,7 +1623,7 @@ static inline int dentry_has_perm(const struct cred *cred, the path to help the auditing code to more easily generate the pathname if needed. */ static inline int path_has_perm(const struct cred *cred, - struct path *path, + const struct path *path, u32 av) { struct inode *inode = path->dentry->d_inode; @@ -2954,15 +2954,9 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) return dentry_has_perm(cred, dentry, av); } -static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +static int selinux_inode_getattr(const struct path *path) { - const struct cred *cred = current_cred(); - struct path path; - - path.dentry = dentry; - path.mnt = mnt; - - return path_has_perm(cred, &path, FILE__GETATTR); + return path_has_perm(current_cred(), path, FILE__GETATTR); } static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c934311812f1..1511965549b8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1034,19 +1034,16 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) * * Returns 0 if access is permitted, an error code otherwise */ -static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +static int smack_inode_getattr(const struct path *path) { struct smk_audit_info ad; - struct path path; + struct inode *inode = path->dentry->d_inode; int rc; - path.dentry = dentry; - path.mnt = mnt; - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); - smk_ad_setfield_u_fs_path(&ad, path); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc); + smk_ad_setfield_u_fs_path(&ad, *path); + rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad); + rc = smk_bu_inode(inode, MAY_READ, rc); return rc; } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 6627102c24af..f9c9fb1d56b4 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -978,7 +978,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, struct path *path2); int tomoyo_path_number_perm(const u8 operation, struct path *path, unsigned long number); -int tomoyo_path_perm(const u8 operation, struct path *path, +int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target); unsigned int tomoyo_poll_control(struct file *file, poll_table *wait); unsigned int tomoyo_poll_log(struct file *file, poll_table *wait); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index c151a1869597..2367b100cc62 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -145,7 +145,7 @@ static void tomoyo_add_slash(struct tomoyo_path_info *buf) * * Returns true on success, false otherwise. */ -static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, struct path *path) +static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, const struct path *path) { buf->name = tomoyo_realpath_from_path(path); if (buf->name) { @@ -782,7 +782,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path_perm(const u8 operation, struct path *path, const char *target) +int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target) { struct tomoyo_request_info r; struct tomoyo_obj_info obj = { diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index f0b756e27fed..57c88d52ffa5 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -144,10 +144,9 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) +static int tomoyo_inode_getattr(const struct path *path) { - struct path path = { mnt, dentry }; - return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL); + return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL); } /** -- cgit v1.2.3 From c6f493d631c4d40cea5c36055f9148f547b200af Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 17 Mar 2015 22:26:22 +0000 Subject: VFS: security/: d_backing_inode() annotations most of the ->d_inode uses there refer to the same inode IO would go to, i.e. d_backing_inode() Signed-off-by: David Howells Signed-off-by: Al Viro --- security/apparmor/file.c | 6 ++--- security/apparmor/lsm.c | 18 ++++++------- security/commoncap.c | 6 ++--- security/integrity/evm/evm_crypto.c | 4 +-- security/integrity/evm/evm_main.c | 18 ++++++------- security/integrity/ima/ima_appraise.c | 10 +++---- security/lsm_audit.c | 4 +-- security/security.c | 50 +++++++++++++++++------------------ security/selinux/hooks.c | 36 ++++++++++++------------- security/smack/smack_lsm.c | 46 ++++++++++++++++---------------- security/tomoyo/condition.c | 2 +- security/tomoyo/realpath.c | 10 +++---- 12 files changed, 105 insertions(+), 105 deletions(-) (limited to 'security/smack/smack_lsm.c') diff --git a/security/apparmor/file.c b/security/apparmor/file.c index fdaa50cb1876..913f377a038a 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -259,7 +259,7 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, */ static inline bool is_deleted(struct dentry *dentry) { - if (d_unlinked(dentry) && dentry->d_inode->i_nlink == 0) + if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0) return 1; return 0; } @@ -351,8 +351,8 @@ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, struct path link = { new_dir->mnt, new_dentry }; struct path target = { new_dir->mnt, old_dentry }; struct path_cond cond = { - old_dentry->d_inode->i_uid, - old_dentry->d_inode->i_mode + d_backing_inode(old_dentry)->i_uid, + d_backing_inode(old_dentry)->i_mode }; char *buffer = NULL, *buffer2 = NULL; const char *lname, *tname = NULL, *info = NULL; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dd56bffd6500..e5f1561439db 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -204,8 +204,8 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, struct dentry *dentry, u32 mask) { struct path path = { mnt, dentry }; - struct path_cond cond = { dentry->d_inode->i_uid, - dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(dentry)->i_uid, + d_backing_inode(dentry)->i_mode }; return common_perm(op, &path, mask, &cond); @@ -223,7 +223,7 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, static int common_perm_rm(int op, struct path *dir, struct dentry *dentry, u32 mask) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct path_cond cond = { }; if (!inode || !dir->mnt || !mediated_filesystem(dentry)) @@ -281,8 +281,8 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, static int apparmor_path_truncate(struct path *path) { - struct path_cond cond = { path->dentry->d_inode->i_uid, - path->dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; if (!path->mnt || !mediated_filesystem(path->dentry)) @@ -327,8 +327,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, if (!unconfined(profile)) { struct path old_path = { old_dir->mnt, old_dentry }; struct path new_path = { new_dir->mnt, new_dentry }; - struct path_cond cond = { old_dentry->d_inode->i_uid, - old_dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, + d_backing_inode(old_dentry)->i_mode }; error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0, @@ -354,8 +354,8 @@ static int apparmor_path_chmod(struct path *path, umode_t mode) static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) { - struct path_cond cond = { path->dentry->d_inode->i_uid, - path->dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; if (!mediated_filesystem(path->dentry)) diff --git a/security/commoncap.c b/security/commoncap.c index f66713bd7450..f2875cd9f677 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -297,7 +297,7 @@ static inline void bprm_clear_caps(struct linux_binprm *bprm) */ int cap_inode_need_killpriv(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); int error; if (!inode->i_op->getxattr) @@ -319,7 +319,7 @@ int cap_inode_need_killpriv(struct dentry *dentry) */ int cap_inode_killpriv(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!inode->i_op->removexattr) return 0; @@ -375,7 +375,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, */ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); __u32 magic_etc; unsigned tocopy, i; int size; diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 5e9687f02e1b..159ef3ea4130 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -131,7 +131,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, size_t req_xattr_value_len, char type, char *digest) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct shash_desc *desc; char **xattrname; size_t xattr_size = 0; @@ -199,7 +199,7 @@ int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, const char *xattr_value, size_t xattr_value_len) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct evm_ima_xattr_data xattr_data; int rc = 0; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index f589c9a05da2..10f994307a04 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -72,7 +72,7 @@ static void __init evm_init_config(void) static int evm_find_protected_xattrs(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); char **xattr; int error; int count = 0; @@ -165,8 +165,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, /* Replace RSA with HMAC if not mounted readonly and * not immutable */ - if (!IS_RDONLY(dentry->d_inode) && - !IS_IMMUTABLE(dentry->d_inode)) + if (!IS_RDONLY(d_backing_inode(dentry)) && + !IS_IMMUTABLE(d_backing_inode(dentry))) evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len); @@ -235,7 +235,7 @@ enum integrity_status evm_verifyxattr(struct dentry *dentry, return INTEGRITY_UNKNOWN; if (!iint) { - iint = integrity_iint_find(dentry->d_inode); + iint = integrity_iint_find(d_backing_inode(dentry)); if (!iint) return INTEGRITY_UNKNOWN; } @@ -253,7 +253,7 @@ EXPORT_SYMBOL_GPL(evm_verifyxattr); */ static enum integrity_status evm_verify_current_integrity(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!evm_initialized || !S_ISREG(inode->i_mode) || evm_fixmode) return 0; @@ -293,13 +293,13 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, if (evm_status == INTEGRITY_NOXATTRS) { struct integrity_iint_cache *iint; - iint = integrity_iint_find(dentry->d_inode); + iint = integrity_iint_find(d_backing_inode(dentry)); if (iint && (iint->flags & IMA_NEW_FILE)) return 0; } out: if (evm_status != INTEGRITY_PASS) - integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry), dentry->d_name.name, "appraise_metadata", integrity_status_msg[evm_status], -EPERM, 0); @@ -379,7 +379,7 @@ void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, */ void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!evm_initialized || !evm_protected_xattr(xattr_name)) return; @@ -404,7 +404,7 @@ int evm_inode_setattr(struct dentry *dentry, struct iattr *attr) if ((evm_status == INTEGRITY_PASS) || (evm_status == INTEGRITY_NOXATTRS)) return 0; - integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry), dentry->d_name.name, "appraise_metadata", integrity_status_msg[evm_status], -EPERM, 0); return -EPERM; diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index fffcdb0b31f0..4df493e4b3c9 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -165,7 +165,7 @@ void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len, int ima_read_xattr(struct dentry *dentry, struct evm_ima_xattr_data **xattr_value) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!inode->i_op->getxattr) return 0; @@ -190,7 +190,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, static const char op[] = "appraise_data"; char *cause = "unknown"; struct dentry *dentry = file->f_path.dentry; - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); enum integrity_status status = INTEGRITY_UNKNOWN; int rc = xattr_len, hash_start = 0; @@ -314,7 +314,7 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) */ void ima_inode_post_setattr(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct integrity_iint_cache *iint; int must_appraise, rc; @@ -380,7 +380,7 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, if (result == 1) { if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) return -EINVAL; - ima_reset_appraise_flags(dentry->d_inode, + ima_reset_appraise_flags(d_backing_inode(dentry), (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); result = 0; } @@ -393,7 +393,7 @@ int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) result = ima_protect_xattr(dentry, xattr_name, NULL, 0); if (result == 1) { - ima_reset_appraise_flags(dentry->d_inode, 0); + ima_reset_appraise_flags(d_backing_inode(dentry), 0); result = 0; } return result; diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 69fdf3bc765b..3b27e9928238 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -237,7 +237,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, audit_log_d_path(ab, " path=", &a->u.path); - inode = a->u.path.dentry->d_inode; + inode = d_backing_inode(a->u.path.dentry); if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); @@ -251,7 +251,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, audit_log_format(ab, " name="); audit_log_untrustedstring(ab, a->u.dentry->d_name.name); - inode = a->u.dentry->d_inode; + inode = d_backing_inode(a->u.dentry); if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); diff --git a/security/security.c b/security/security.c index 730ac65a5737..8e9b1f4b9b45 100644 --- a/security/security.c +++ b/security/security.c @@ -410,7 +410,7 @@ EXPORT_SYMBOL(security_old_inode_init_security); int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_mknod(dir, dentry, mode, dev); } @@ -418,7 +418,7 @@ EXPORT_SYMBOL(security_path_mknod); int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_mkdir(dir, dentry, mode); } @@ -426,14 +426,14 @@ EXPORT_SYMBOL(security_path_mkdir); int security_path_rmdir(struct path *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_rmdir(dir, dentry); } int security_path_unlink(struct path *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_unlink(dir, dentry); } @@ -442,7 +442,7 @@ EXPORT_SYMBOL(security_path_unlink); int security_path_symlink(struct path *dir, struct dentry *dentry, const char *old_name) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_symlink(dir, dentry, old_name); } @@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, int security_path_link(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) return 0; return security_ops->path_link(old_dentry, new_dir, new_dentry); } @@ -459,8 +459,8 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry, unsigned int flags) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode) || - (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || + (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) return 0; if (flags & RENAME_EXCHANGE) { @@ -477,21 +477,21 @@ EXPORT_SYMBOL(security_path_rename); int security_path_truncate(struct path *path) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->path_truncate(path); } int security_path_chmod(struct path *path, umode_t mode) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->path_chmod(path, mode); } int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->path_chown(path, uid, gid); } @@ -513,14 +513,14 @@ EXPORT_SYMBOL_GPL(security_inode_create); int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) return 0; return security_ops->inode_link(old_dentry, dir, new_dentry); } int security_inode_unlink(struct inode *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_unlink(dir, dentry); } @@ -543,7 +543,7 @@ EXPORT_SYMBOL_GPL(security_inode_mkdir); int security_inode_rmdir(struct inode *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_rmdir(dir, dentry); } @@ -559,8 +559,8 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode) || - (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || + (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) return 0; if (flags & RENAME_EXCHANGE) { @@ -576,14 +576,14 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, int security_inode_readlink(struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_readlink(dentry); } int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_follow_link(dentry, nd); } @@ -599,7 +599,7 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { int ret; - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; ret = security_ops->inode_setattr(dentry, attr); if (ret) @@ -610,7 +610,7 @@ EXPORT_SYMBOL_GPL(security_inode_setattr); int security_inode_getattr(const struct path *path) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->inode_getattr(path); } @@ -620,7 +620,7 @@ int security_inode_setxattr(struct dentry *dentry, const char *name, { int ret; - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; ret = security_ops->inode_setxattr(dentry, name, value, size, flags); if (ret) @@ -634,7 +634,7 @@ int security_inode_setxattr(struct dentry *dentry, const char *name, void security_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return; security_ops->inode_post_setxattr(dentry, name, value, size, flags); evm_inode_post_setxattr(dentry, name, value, size); @@ -642,14 +642,14 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name, int security_inode_getxattr(struct dentry *dentry, const char *name) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_getxattr(dentry, name); } int security_inode_listxattr(struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_listxattr(dentry); } @@ -658,7 +658,7 @@ int security_inode_removexattr(struct dentry *dentry, const char *name) { int ret; - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; ret = security_ops->inode_removexattr(dentry, name); if (ret) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c318b304ee2f..7dade28affba 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -414,7 +414,7 @@ static int sb_finish_set_opts(struct super_block *sb) { struct superblock_security_struct *sbsec = sb->s_security; struct dentry *root = sb->s_root; - struct inode *root_inode = root->d_inode; + struct inode *root_inode = d_backing_inode(root); int rc = 0; if (sbsec->behavior == SECURITY_FS_USE_XATTR) { @@ -552,7 +552,7 @@ static int selinux_get_mnt_opts(const struct super_block *sb, opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; } if (sbsec->flags & ROOTCONTEXT_MNT) { - struct inode *root = sbsec->sb->s_root->d_inode; + struct inode *root = d_backing_inode(sbsec->sb->s_root); struct inode_security_struct *isec = root->i_security; rc = security_sid_to_context(isec->sid, &context, &len); @@ -608,7 +608,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, int rc = 0, i; struct superblock_security_struct *sbsec = sb->s_security; const char *name = sb->s_type->name; - struct inode *inode = sbsec->sb->s_root->d_inode; + struct inode *inode = d_backing_inode(sbsec->sb->s_root); struct inode_security_struct *root_isec = inode->i_security; u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; u32 defcontext_sid = 0; @@ -835,8 +835,8 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) goto mismatch; if (oldflags & ROOTCONTEXT_MNT) { - struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security; - struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security; + struct inode_security_struct *oldroot = d_backing_inode(oldsb->s_root)->i_security; + struct inode_security_struct *newroot = d_backing_inode(newsb->s_root)->i_security; if (oldroot->sid != newroot->sid) goto mismatch; } @@ -886,16 +886,16 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, if (!set_fscontext) newsbsec->sid = sid; if (!set_rootcontext) { - struct inode *newinode = newsb->s_root->d_inode; + struct inode *newinode = d_backing_inode(newsb->s_root); struct inode_security_struct *newisec = newinode->i_security; newisec->sid = sid; } newsbsec->mntpoint_sid = sid; } if (set_rootcontext) { - const struct inode *oldinode = oldsb->s_root->d_inode; + const struct inode *oldinode = d_backing_inode(oldsb->s_root); const struct inode_security_struct *oldisec = oldinode->i_security; - struct inode *newinode = newsb->s_root->d_inode; + struct inode *newinode = d_backing_inode(newsb->s_root); struct inode_security_struct *newisec = newinode->i_security; newisec->sid = oldisec->sid; @@ -1610,7 +1610,7 @@ static inline int dentry_has_perm(const struct cred *cred, struct dentry *dentry, u32 av) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct common_audit_data ad; ad.type = LSM_AUDIT_DATA_DENTRY; @@ -1625,7 +1625,7 @@ static inline int path_has_perm(const struct cred *cred, const struct path *path, u32 av) { - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); struct common_audit_data ad; ad.type = LSM_AUDIT_DATA_PATH; @@ -1753,7 +1753,7 @@ static int may_link(struct inode *dir, int rc; dsec = dir->i_security; - isec = dentry->d_inode->i_security; + isec = d_backing_inode(dentry)->i_security; ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; @@ -1797,7 +1797,7 @@ static inline int may_rename(struct inode *old_dir, int rc; old_dsec = old_dir->i_security; - old_isec = old_dentry->d_inode->i_security; + old_isec = d_backing_inode(old_dentry)->i_security; old_is_dir = d_is_dir(old_dentry); new_dsec = new_dir->i_security; @@ -1827,7 +1827,7 @@ static inline int may_rename(struct inode *old_dir, if (rc) return rc; if (d_is_positive(new_dentry)) { - new_isec = new_dentry->d_inode->i_security; + new_isec = d_backing_inode(new_dentry)->i_security; new_is_dir = d_is_dir(new_dentry); rc = avc_has_perm(sid, new_isec->sid, new_isec->sclass, @@ -1963,7 +1963,7 @@ static int selinux_binder_transfer_file(struct task_struct *from, { u32 sid = task_sid(to); struct file_security_struct *fsec = file->f_security; - struct inode *inode = file->f_path.dentry->d_inode; + struct inode *inode = d_backing_inode(file->f_path.dentry); struct inode_security_struct *isec = inode->i_security; struct common_audit_data ad; int rc; @@ -2627,7 +2627,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data) break; case ROOTCONTEXT_MNT: { struct inode_security_struct *root_isec; - root_isec = sb->s_root->d_inode->i_security; + root_isec = d_backing_inode(sb->s_root)->i_security; if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) goto out_bad_option; @@ -2727,7 +2727,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, struct task_security_struct *tsec; struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; - struct inode *dir = dentry->d_parent->d_inode; + struct inode *dir = d_backing_inode(dentry->d_parent); u32 newsid; int rc; @@ -2982,7 +2982,7 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) static int selinux_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct inode_security_struct *isec = inode->i_security; struct superblock_security_struct *sbsec; struct common_audit_data ad; @@ -3059,7 +3059,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct inode_security_struct *isec = inode->i_security; u32 newsid; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1511965549b8..14b316f60fc5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -555,7 +555,7 @@ static int smack_sb_copy_data(char *orig, char *smackopts) static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) { struct dentry *root = sb->s_root; - struct inode *inode = root->d_inode; + struct inode *inode = d_backing_inode(root); struct superblock_smack *sp = sb->s_security; struct inode_smack *isp; struct smack_known *skp; @@ -851,15 +851,15 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); - isp = smk_of_inode(old_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(old_dentry)); rc = smk_curacc(isp, MAY_WRITE, &ad); - rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc); + rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); if (rc == 0 && d_is_positive(new_dentry)) { - isp = smk_of_inode(new_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(new_dentry)); smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); rc = smk_curacc(isp, MAY_WRITE, &ad); - rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc); + rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); } return rc; @@ -875,7 +875,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, */ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) { - struct inode *ip = dentry->d_inode; + struct inode *ip = d_backing_inode(dentry); struct smk_audit_info ad; int rc; @@ -918,8 +918,8 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) /* * You need write access to the thing you're removing */ - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); if (rc == 0) { /* * You also need write access to the containing directory @@ -957,15 +957,15 @@ static int smack_inode_rename(struct inode *old_inode, smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); - isp = smk_of_inode(old_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(old_dentry)); rc = smk_curacc(isp, MAY_READWRITE, &ad); - rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc); + rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); if (rc == 0 && d_is_positive(new_dentry)) { - isp = smk_of_inode(new_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(new_dentry)); smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); rc = smk_curacc(isp, MAY_READWRITE, &ad); - rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc); + rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); } return rc; } @@ -1022,8 +1022,8 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); return rc; } @@ -1037,7 +1037,7 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) static int smack_inode_getattr(const struct path *path) { struct smk_audit_info ad; - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); int rc; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); @@ -1104,8 +1104,8 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, smk_ad_setfield_u_fs_path_dentry(&ad, dentry); if (rc == 0) { - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); } return rc; @@ -1126,7 +1126,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct smack_known *skp; - struct inode_smack *isp = dentry->d_inode->i_security; + struct inode_smack *isp = d_backing_inode(dentry)->i_security; if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { isp->smk_flags |= SMK_INODE_TRANSMUTE; @@ -1171,8 +1171,8 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); return rc; } @@ -1208,12 +1208,12 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); if (rc != 0) return rc; - isp = dentry->d_inode->i_security; + isp = d_backing_inode(dentry)->i_security; /* * Don't do anything special for these. * XATTR_NAME_SMACKIPIN diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c index 63681e8be628..6c4528d4b48f 100644 --- a/security/tomoyo/condition.c +++ b/security/tomoyo/condition.c @@ -714,7 +714,7 @@ void tomoyo_get_attributes(struct tomoyo_obj_info *obj) dentry = dget_parent(dentry); break; } - inode = dentry->d_inode; + inode = d_backing_inode(dentry); if (inode) { struct tomoyo_mini_stat *stat = &obj->stat[i]; stat->uid = inode->i_uid; diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 1e0d480ff6a6..5077f1968841 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -97,7 +97,7 @@ static char *tomoyo_get_absolute_path(const struct path *path, char * const buff /* go to whatever namespace root we are under */ pos = d_absolute_path(path, buffer, buflen - 1); if (!IS_ERR(pos) && *pos == '/' && pos[1]) { - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); if (inode && S_ISDIR(inode->i_mode)) { buffer[buflen - 2] = '/'; buffer[buflen - 1] = '\0'; @@ -125,7 +125,7 @@ static char *tomoyo_get_dentry_path(struct dentry *dentry, char * const buffer, if (buflen >= 256) { pos = dentry_path_raw(dentry, buffer, buflen - 1); if (!IS_ERR(pos) && *pos == '/' && pos[1]) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (inode && S_ISDIR(inode->i_mode)) { buffer[buflen - 2] = '/'; buffer[buflen - 1] = '\0'; @@ -168,7 +168,7 @@ static char *tomoyo_get_local_path(struct dentry *dentry, char * const buffer, if (!MAJOR(sb->s_dev)) goto prepend_filesystem_name; { - struct inode *inode = sb->s_root->d_inode; + struct inode *inode = d_backing_inode(sb->s_root); /* * Use filesystem name if filesystem does not support rename() * operation. @@ -219,7 +219,7 @@ out: static char *tomoyo_get_socket_name(const struct path *path, char * const buffer, const int buflen) { - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); struct socket *sock = inode ? SOCKET_I(inode) : NULL; struct sock *sk = sock ? sock->sk : NULL; if (sk) { @@ -277,7 +277,7 @@ char *tomoyo_realpath_from_path(const struct path *path) pos = dentry->d_op->d_dname(dentry, buf, buf_len - 1); goto encode; } - inode = sb->s_root->d_inode; + inode = d_backing_inode(sb->s_root); /* * Get local name for filesystems without rename() operation * or dentry without vfsmount. -- cgit v1.2.3