From c5dc332eb93881fc8234d652f6e91a2825b06503 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Nov 2011 20:08:53 -0500 Subject: tomoyo: stop including hell knows what tomoyo/realpath.c needs exactly one include - that of common.h. It pulls everything the thing needs, without doing ridiculous garbage such as trying to include ../../fs/internal.h. If that alone doesn't scream "layering violation", I don't know what does; and these days it's all for nothing, since it fortunately does not use any symbols defined in there... Signed-off-by: Al Viro --- security/tomoyo/realpath.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'security') diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index d9f3ced8756..2cb5db589c9 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -4,15 +4,7 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ -#include -#include -#include -#include -#include -#include -#include #include "common.h" -#include "../../fs/internal.h" /** * tomoyo_encode2 - Encode binary string to ascii string. -- cgit v1.2.3 From e407699ef56ed948739dd57a5578ba8cb5bd81b2 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Nov 2011 20:14:54 -0500 Subject: btrfs, nfs, apparmor: don't pull mnt_namespace.h for no reason... it's not needed anymore; we used to, back when we had to do mount_subtree() by hand, complete with put_mnt_ns() in it. No more... Apparmor didn't need it since the __d_path() fix. Signed-off-by: Al Viro --- security/apparmor/path.c | 1 - 1 file changed, 1 deletion(-) (limited to 'security') diff --git a/security/apparmor/path.c b/security/apparmor/path.c index b566eba4a65..9d070a7c3ff 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -13,7 +13,6 @@ */ #include -#include #include #include #include -- cgit v1.2.3 From 4c1d5a64f134b254552b6211f6f79a1da667eab7 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 7 Dec 2011 18:21:57 -0500 Subject: vfs: for usbfs, etc. internal vfsmounts ->mnt_sb->s_root == ->mnt_root Signed-off-by: Al Viro --- security/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/inode.c b/security/inode.c index c4df2fbebe6..a67004f9d10 100644 --- a/security/inode.c +++ b/security/inode.c @@ -159,7 +159,7 @@ static int create_by_name(const char *name, mode_t mode, * have around. */ if (!parent) - parent = mount->mnt_sb->s_root; + parent = mount->mnt_root; mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); -- cgit v1.2.3 From 18bb1db3e7607e4a997d50991a6f9fa5b0f8722c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 26 Jul 2011 01:41:39 -0400 Subject: switch vfs_mkdir() and ->mkdir() to umode_t vfs_mkdir() gets int, but immediately drops everything that might not fit into umode_t and that's the only caller of ->mkdir()... Signed-off-by: Al Viro --- security/capability.c | 2 +- security/security.c | 2 +- security/selinux/hooks.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/capability.c b/security/capability.c index 2984ea4f776..ddd17892826 100644 --- a/security/capability.c +++ b/security/capability.c @@ -148,7 +148,7 @@ static int cap_inode_symlink(struct inode *inode, struct dentry *dentry, } static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry, - int mask) + umode_t mask) { return 0; } diff --git a/security/security.c b/security/security.c index e2f684aeb70..be49eb5768b 100644 --- a/security/security.c +++ b/security/security.c @@ -506,7 +506,7 @@ int security_inode_symlink(struct inode *dir, struct dentry *dentry, return security_ops->inode_symlink(dir, dentry, old_name); } -int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) +int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(dir))) return 0; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1126c10a5e8..ad74ad24ce2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2618,7 +2618,7 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const return may_create(dir, dentry, SECCLASS_LNK_FILE); } -static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask) { return may_create(dir, dentry, SECCLASS_DIR); } -- cgit v1.2.3 From 4acdaf27ebe2034c342f3be57ef49aed1ad885ef Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 26 Jul 2011 01:42:34 -0400 Subject: switch ->create() to umode_t vfs_create() ignores everything outside of 16bit subset of its mode argument; switching it to umode_t is obviously equivalent and it's the only caller of the method Signed-off-by: Al Viro --- security/capability.c | 2 +- security/security.c | 2 +- security/selinux/hooks.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/capability.c b/security/capability.c index ddd17892826..ff18d0ca30b 100644 --- a/security/capability.c +++ b/security/capability.c @@ -125,7 +125,7 @@ static int cap_inode_init_security(struct inode *inode, struct inode *dir, } static int cap_inode_create(struct inode *inode, struct dentry *dentry, - int mask) + umode_t mask) { return 0; } diff --git a/security/security.c b/security/security.c index be49eb5768b..2420eed8763 100644 --- a/security/security.c +++ b/security/security.c @@ -475,7 +475,7 @@ int security_path_chroot(struct path *path) } #endif -int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) +int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(dir))) return 0; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad74ad24ce2..a1eba2b9ea5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2598,7 +2598,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, return 0; } -static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) { return may_create(dir, dentry, SECCLASS_FILE); } -- cgit v1.2.3 From 1a67aafb5f72a436ca044293309fa7e6351d6a35 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 26 Jul 2011 01:52:52 -0400 Subject: switch ->mknod() to umode_t Signed-off-by: Al Viro --- security/capability.c | 2 +- security/security.c | 2 +- security/selinux/hooks.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/capability.c b/security/capability.c index ff18d0ca30b..9def035cd57 100644 --- a/security/capability.c +++ b/security/capability.c @@ -159,7 +159,7 @@ static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry) } static int cap_inode_mknod(struct inode *inode, struct dentry *dentry, - int mode, dev_t dev) + umode_t mode, dev_t dev) { return 0; } diff --git a/security/security.c b/security/security.c index 2420eed8763..8cc0f0caa64 100644 --- a/security/security.c +++ b/security/security.c @@ -521,7 +521,7 @@ int security_inode_rmdir(struct inode *dir, struct dentry *dentry) return security_ops->inode_rmdir(dir, dentry); } -int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { if (unlikely(IS_PRIVATE(dir))) return 0; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a1eba2b9ea5..8878370c13b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2628,7 +2628,7 @@ static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) return may_link(dir, dentry, MAY_RMDIR); } -static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { return may_create(dir, dentry, inode_mode_to_security_class(mode)); } -- cgit v1.2.3 From dba19c6064766730dd64757a010ec3aec503ecdb Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 25 Jul 2011 20:49:29 -0400 Subject: get rid of open-coded S_ISREG(), etc. Signed-off-by: Al Viro --- security/inode.c | 2 +- security/selinux/hooks.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/inode.c b/security/inode.c index a67004f9d10..bfe02e68f92 100644 --- a/security/inode.c +++ b/security/inode.c @@ -164,7 +164,7 @@ static int create_by_name(const char *name, mode_t mode, mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); if (!IS_ERR(*dentry)) { - if ((mode & S_IFMT) == S_IFDIR) + if (S_ISDIR(mode)) error = mkdir(parent->d_inode, *dentry, mode); else error = create(parent->d_inode, *dentry, mode); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 8878370c13b..4def4d92aae 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1740,7 +1740,7 @@ static inline u32 file_mask_to_av(int mode, int mask) { u32 av = 0; - if ((mode & S_IFMT) != S_IFDIR) { + if (!S_ISDIR(mode)) { if (mask & MAY_EXEC) av |= FILE__EXECUTE; if (mask & MAY_READ) -- cgit v1.2.3 From 910f4ecef3f67714ebff69d0bc34313e48afaed2 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 26 Jul 2011 04:25:58 -0400 Subject: switch security_path_chmod() to umode_t Signed-off-by: Al Viro --- security/apparmor/lsm.c | 2 +- security/capability.c | 2 +- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'security') diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 37832026e58..afbe49822be 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -345,7 +345,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, } static int apparmor_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) + umode_t mode) { if (!mediated_filesystem(dentry->d_inode)) return 0; diff --git a/security/capability.c b/security/capability.c index 9def035cd57..4f24bee49f2 100644 --- a/security/capability.c +++ b/security/capability.c @@ -280,7 +280,7 @@ static int cap_path_truncate(struct path *path) } static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) + umode_t mode) { return 0; } diff --git a/security/security.c b/security/security.c index 8cc0f0caa64..3635a13cd4a 100644 --- a/security/security.c +++ b/security/security.c @@ -455,7 +455,7 @@ int security_path_truncate(struct path *path) } int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) + umode_t mode) { if (unlikely(IS_PRIVATE(dentry->d_inode))) return 0; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 4b327b69174..a4b840ea007 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -360,7 +360,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, * Returns 0 on success, negative value otherwise. */ static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) + umode_t mode) { struct path path = { mnt, dentry }; return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path, -- cgit v1.2.3 From 52ef0c042bf06f6aef382fade175075627beebc1 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 26 Jul 2011 04:30:04 -0400 Subject: switch securityfs_create_file() to umode_t Signed-off-by: Al Viro --- security/apparmor/apparmorfs.c | 2 +- security/inode.c | 12 ++++++------ security/tomoyo/securityfs_if.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'security') diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 69ddb47787b..e39df6d4377 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -165,7 +165,7 @@ static void __init aafs_remove(const char *name) * * Used aafs_remove to remove entries created with this fn. */ -static int __init aafs_create(const char *name, int mask, +static int __init aafs_create(const char *name, umode_t mask, const struct file_operations *fops) { struct dentry *dentry; diff --git a/security/inode.c b/security/inode.c index bfe02e68f92..90a70a67d83 100644 --- a/security/inode.c +++ b/security/inode.c @@ -56,7 +56,7 @@ static const struct file_operations default_file_ops = { .llseek = noop_llseek, }; -static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) +static struct inode *get_inode(struct super_block *sb, umode_t mode, dev_t dev) { struct inode *inode = new_inode(sb); @@ -85,7 +85,7 @@ static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) /* SMP-safe */ static int mknod(struct inode *dir, struct dentry *dentry, - int mode, dev_t dev) + umode_t mode, dev_t dev) { struct inode *inode; int error = -ENOMEM; @@ -102,7 +102,7 @@ static int mknod(struct inode *dir, struct dentry *dentry, return error; } -static int mkdir(struct inode *dir, struct dentry *dentry, int mode) +static int mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) { int res; @@ -113,7 +113,7 @@ static int mkdir(struct inode *dir, struct dentry *dentry, int mode) return res; } -static int create(struct inode *dir, struct dentry *dentry, int mode) +static int create(struct inode *dir, struct dentry *dentry, umode_t mode) { mode = (mode & S_IALLUGO) | S_IFREG; return mknod(dir, dentry, mode, 0); @@ -145,7 +145,7 @@ static struct file_system_type fs_type = { .kill_sb = kill_litter_super, }; -static int create_by_name(const char *name, mode_t mode, +static int create_by_name(const char *name, umode_t mode, struct dentry *parent, struct dentry **dentry) { @@ -205,7 +205,7 @@ static int create_by_name(const char *name, mode_t mode, * If securityfs is not enabled in the kernel, the value %-ENODEV is * returned. */ -struct dentry *securityfs_create_file(const char *name, mode_t mode, +struct dentry *securityfs_create_file(const char *name, umode_t mode, struct dentry *parent, void *data, const struct file_operations *fops) { diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 2672ac4f3be..482b2a5f48f 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -224,7 +224,7 @@ static const struct file_operations tomoyo_operations = { * * Returns nothing. */ -static void __init tomoyo_create_entry(const char *name, const mode_t mode, +static void __init tomoyo_create_entry(const char *name, const umode_t mode, struct dentry *parent, const u8 key) { securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, -- cgit v1.2.3 From d179333f37d33533f4c77118f757b9e7835ccb7c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Aug 2011 23:03:17 -0400 Subject: tomoyo_mini_stat: switch to umode_t Signed-off-by: Al Viro --- security/tomoyo/audit.c | 4 ++-- security/tomoyo/common.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index 075c3a6d164..5ca47ea3049 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -112,7 +112,7 @@ out: * * Returns file type string. */ -static inline const char *tomoyo_filetype(const mode_t mode) +static inline const char *tomoyo_filetype(const umode_t mode) { switch (mode & S_IFMT) { case S_IFREG: @@ -180,7 +180,7 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { struct tomoyo_mini_stat *stat; unsigned int dev; - mode_t mode; + umode_t mode; if (!obj->stat_valid[i]) continue; stat = &obj->stat[i]; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index ed311d7a8ce..deeab7be5b9 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -564,7 +564,7 @@ struct tomoyo_mini_stat { uid_t uid; gid_t gid; ino_t ino; - mode_t mode; + umode_t mode; dev_t dev; dev_t rdev; }; -- cgit v1.2.3 From 4572befe248fd0d94aedc98775e3f0ddc8a26651 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 21 Nov 2011 14:56:21 -0500 Subject: switch ->path_mkdir() to umode_t Signed-off-by: Al Viro --- security/apparmor/lsm.c | 2 +- security/capability.c | 2 +- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'security') diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index afbe49822be..3271bd38d86 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -262,7 +262,7 @@ static int apparmor_path_unlink(struct path *dir, struct dentry *dentry) } static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, - int mode) + umode_t mode) { return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, S_IFDIR); diff --git a/security/capability.c b/security/capability.c index 4f24bee49f2..2e1fe45d148 100644 --- a/security/capability.c +++ b/security/capability.c @@ -241,7 +241,7 @@ static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, return 0; } -static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode) +static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) { return 0; } diff --git a/security/security.c b/security/security.c index 3635a13cd4a..e9724e058b4 100644 --- a/security/security.c +++ b/security/security.c @@ -397,7 +397,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, } EXPORT_SYMBOL(security_path_mknod); -int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode) +int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) return 0; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index a4b840ea007..95e4a7db8b8 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -186,7 +186,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) * Returns 0 on success, negative value otherwise. */ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, - int mode) + umode_t mode) { struct path path = { parent->mnt, dentry }; return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, -- cgit v1.2.3 From 04fc66e789a896e684bfdca30208e57eb832dd96 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 21 Nov 2011 14:58:38 -0500 Subject: switch ->path_mknod() to umode_t Signed-off-by: Al Viro --- security/apparmor/lsm.c | 2 +- security/capability.c | 2 +- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'security') diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 3271bd38d86..c0a399ec1df 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -274,7 +274,7 @@ static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry) } static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, - int mode, unsigned int dev) + umode_t mode, unsigned int dev) { return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); } diff --git a/security/capability.c b/security/capability.c index 2e1fe45d148..156816d451b 100644 --- a/security/capability.c +++ b/security/capability.c @@ -235,7 +235,7 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid) } #ifdef CONFIG_SECURITY_PATH -static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, +static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { return 0; diff --git a/security/security.c b/security/security.c index e9724e058b4..151152de1a0 100644 --- a/security/security.c +++ b/security/security.c @@ -388,7 +388,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, EXPORT_SYMBOL(security_old_inode_init_security); #ifdef CONFIG_SECURITY_PATH -int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, +int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 95e4a7db8b8..75c956a51e7 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -234,7 +234,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, * Returns 0 on success, negative value otherwise. */ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, - int mode, unsigned int dev) + umode_t mode, unsigned int dev) { struct path path = { parent->mnt, dentry }; int type = TOMOYO_TYPE_CREATE; -- cgit v1.2.3 From d10577a8d86a0c735488d66d32289a6d66bcfa20 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 7 Dec 2011 13:06:11 -0500 Subject: vfs: trim includes a bit [folded fix for missing magic.h from Tetsuo Handa] Signed-off-by: Al Viro --- security/tomoyo/realpath.c | 1 + 1 file changed, 1 insertion(+) (limited to 'security') diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 2cb5db589c9..80a09c37cac 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -5,6 +5,7 @@ */ #include "common.h" +#include /** * tomoyo_encode2 - Encode binary string to ascii string. -- cgit v1.2.3 From d8c9584ea2a92879f471fd3a2be3af6c534fb035 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 7 Dec 2011 18:16:57 -0500 Subject: vfs: prefer ->dentry->d_sb to ->mnt->mnt_sb Signed-off-by: Al Viro --- security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4def4d92aae..57546cfb18e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2507,7 +2507,7 @@ static int selinux_mount(char *dev_name, const struct cred *cred = current_cred(); if (flags & MS_REMOUNT) - return superblock_has_perm(cred, path->mnt->mnt_sb, + return superblock_has_perm(cred, path->dentry->d_sb, FILESYSTEM__REMOUNT, NULL); else return path_has_perm(cred, path, FILE__MOUNTON); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7db62b48eb4..e8af5b0ba80 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -406,7 +406,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data) { - struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; + struct superblock_smack *sbp = path->dentry->d_sb->s_security; struct smk_audit_info ad; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); @@ -435,7 +435,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, path); - sbp = mnt->mnt_sb->s_security; + sbp = path.dentry->d_sb->s_security; return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); } -- cgit v1.2.3 From cdcf116d44e78c7216ba9f8be9af1cdfca7af728 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 8 Dec 2011 10:51:53 -0500 Subject: switch security_path_chmod() to struct path * Signed-off-by: Al Viro --- security/apparmor/lsm.c | 7 +++---- security/capability.c | 3 +-- security/security.c | 7 +++---- security/tomoyo/tomoyo.c | 11 ++++------- 4 files changed, 11 insertions(+), 17 deletions(-) (limited to 'security') diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index c0a399ec1df..2c0a0ff4139 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -344,13 +344,12 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, return error; } -static int apparmor_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - umode_t mode) +static int apparmor_path_chmod(struct path *path, umode_t mode) { - if (!mediated_filesystem(dentry->d_inode)) + if (!mediated_filesystem(path->dentry->d_inode)) return 0; - return common_perm_mnt_dentry(OP_CHMOD, mnt, dentry, AA_MAY_CHMOD); + return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); } static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid) diff --git a/security/capability.c b/security/capability.c index 156816d451b..3b5883b7179 100644 --- a/security/capability.c +++ b/security/capability.c @@ -279,8 +279,7 @@ static int cap_path_truncate(struct path *path) return 0; } -static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - umode_t mode) +static int cap_path_chmod(struct path *path, umode_t mode) { return 0; } diff --git a/security/security.c b/security/security.c index 151152de1a0..214502c772a 100644 --- a/security/security.c +++ b/security/security.c @@ -454,12 +454,11 @@ int security_path_truncate(struct path *path) return security_ops->path_truncate(path); } -int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - umode_t mode) +int security_path_chmod(struct path *path, umode_t mode) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(path->dentry->d_inode))) return 0; - return security_ops->path_chmod(dentry, mnt, mode); + return security_ops->path_chmod(path, mode); } int security_path_chown(struct path *path, uid_t uid, gid_t gid) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 75c956a51e7..620d37c159a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -353,17 +353,14 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, /** * tomoyo_path_chmod - Target for security_path_chmod(). * - * @dentry: Pointer to "struct dentry". - * @mnt: Pointer to "struct vfsmount". - * @mode: DAC permission mode. + * @path: Pointer to "struct path". + * @mode: DAC permission mode. * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - umode_t mode) +static int tomoyo_path_chmod(struct path *path, umode_t mode) { - struct path path = { mnt, dentry }; - return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path, + return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, mode & S_IALLUGO); } -- cgit v1.2.3