Merge branch 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull 'struct path' constification update from Al Viro:
"'struct path' is passed by reference to a bunch of Linux security
methods; in theory, there's nothing to stop them from modifying the
damn thing and LSM community being what it is, sooner or later some
enterprising soul is going to decide that it's a good idea.
Let's remove the temptation and constify all of those..."
* 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
constify ima_d_path()
constify security_sb_pivotroot()
constify security_path_chroot()
constify security_path_{link,rename}
apparmor: remove useless checks for NULL ->mnt
constify security_path_{mkdir,mknod,symlink}
constify security_path_{unlink,rmdir}
apparmor: constify common_perm_...()
apparmor: constify aa_path_link()
apparmor: new helper - common_path_perm()
constify chmod_common/security_path_chmod
constify security_sb_mount()
constify chown_common/security_path_chown
tomoyo: constify assorted struct path *
apparmor_path_truncate(): path->mnt is never NULL
constify vfs_truncate()
constify security_path_truncate()
[apparmor] constify struct path * in a bunch of helpers
hifive-unleashed-5.1
Linus Torvalds
commit
c52b76185b
|
|
@ -2837,7 +2837,7 @@ static inline int open_to_namei_flags(int flag)
|
||||||
return flag;
|
return flag;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int may_o_create(struct path *dir, struct dentry *dentry, umode_t mode)
|
static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode)
|
||||||
{
|
{
|
||||||
int error = security_path_mknod(dir, dentry, mode, 0);
|
int error = security_path_mknod(dir, dentry, mode, 0);
|
||||||
if (error)
|
if (error)
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
long vfs_truncate(struct path *path, loff_t length)
|
long vfs_truncate(const struct path *path, loff_t length)
|
||||||
{
|
{
|
||||||
struct inode *inode;
|
struct inode *inode;
|
||||||
long error;
|
long error;
|
||||||
|
|
@ -499,7 +499,7 @@ out:
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int chmod_common(struct path *path, umode_t mode)
|
static int chmod_common(const struct path *path, umode_t mode)
|
||||||
{
|
{
|
||||||
struct inode *inode = path->dentry->d_inode;
|
struct inode *inode = path->dentry->d_inode;
|
||||||
struct inode *delegated_inode = NULL;
|
struct inode *delegated_inode = NULL;
|
||||||
|
|
@ -564,7 +564,7 @@ SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode)
|
||||||
return sys_fchmodat(AT_FDCWD, filename, mode);
|
return sys_fchmodat(AT_FDCWD, filename, mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int chown_common(struct path *path, uid_t user, gid_t group)
|
static int chown_common(const struct path *path, uid_t user, gid_t group)
|
||||||
{
|
{
|
||||||
struct inode *inode = path->dentry->d_inode;
|
struct inode *inode = path->dentry->d_inode;
|
||||||
struct inode *delegated_inode = NULL;
|
struct inode *delegated_inode = NULL;
|
||||||
|
|
|
||||||
|
|
@ -2293,7 +2293,7 @@ struct filename {
|
||||||
const char iname[];
|
const char iname[];
|
||||||
};
|
};
|
||||||
|
|
||||||
extern long vfs_truncate(struct path *, loff_t);
|
extern long vfs_truncate(const struct path *, loff_t);
|
||||||
extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
|
extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
|
||||||
struct file *filp);
|
struct file *filp);
|
||||||
extern int vfs_fallocate(struct file *file, int mode, loff_t offset,
|
extern int vfs_fallocate(struct file *file, int mode, loff_t offset,
|
||||||
|
|
|
||||||
|
|
@ -1344,10 +1344,10 @@ union security_list_options {
|
||||||
int (*sb_kern_mount)(struct super_block *sb, int flags, void *data);
|
int (*sb_kern_mount)(struct super_block *sb, int flags, void *data);
|
||||||
int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
|
int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
|
||||||
int (*sb_statfs)(struct dentry *dentry);
|
int (*sb_statfs)(struct dentry *dentry);
|
||||||
int (*sb_mount)(const char *dev_name, struct path *path,
|
int (*sb_mount)(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags, void *data);
|
const char *type, unsigned long flags, void *data);
|
||||||
int (*sb_umount)(struct vfsmount *mnt, int flags);
|
int (*sb_umount)(struct vfsmount *mnt, int flags);
|
||||||
int (*sb_pivotroot)(struct path *old_path, struct path *new_path);
|
int (*sb_pivotroot)(const struct path *old_path, const struct path *new_path);
|
||||||
int (*sb_set_mnt_opts)(struct super_block *sb,
|
int (*sb_set_mnt_opts)(struct super_block *sb,
|
||||||
struct security_mnt_opts *opts,
|
struct security_mnt_opts *opts,
|
||||||
unsigned long kern_flags,
|
unsigned long kern_flags,
|
||||||
|
|
@ -1361,23 +1361,23 @@ union security_list_options {
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_SECURITY_PATH
|
#ifdef CONFIG_SECURITY_PATH
|
||||||
int (*path_unlink)(struct path *dir, struct dentry *dentry);
|
int (*path_unlink)(const struct path *dir, struct dentry *dentry);
|
||||||
int (*path_mkdir)(struct path *dir, struct dentry *dentry,
|
int (*path_mkdir)(const struct path *dir, struct dentry *dentry,
|
||||||
umode_t mode);
|
umode_t mode);
|
||||||
int (*path_rmdir)(struct path *dir, struct dentry *dentry);
|
int (*path_rmdir)(const struct path *dir, struct dentry *dentry);
|
||||||
int (*path_mknod)(struct path *dir, struct dentry *dentry,
|
int (*path_mknod)(const struct path *dir, struct dentry *dentry,
|
||||||
umode_t mode, unsigned int dev);
|
umode_t mode, unsigned int dev);
|
||||||
int (*path_truncate)(struct path *path);
|
int (*path_truncate)(const struct path *path);
|
||||||
int (*path_symlink)(struct path *dir, struct dentry *dentry,
|
int (*path_symlink)(const struct path *dir, struct dentry *dentry,
|
||||||
const char *old_name);
|
const char *old_name);
|
||||||
int (*path_link)(struct dentry *old_dentry, struct path *new_dir,
|
int (*path_link)(struct dentry *old_dentry, const struct path *new_dir,
|
||||||
struct dentry *new_dentry);
|
struct dentry *new_dentry);
|
||||||
int (*path_rename)(struct path *old_dir, struct dentry *old_dentry,
|
int (*path_rename)(const struct path *old_dir, struct dentry *old_dentry,
|
||||||
struct path *new_dir,
|
const struct path *new_dir,
|
||||||
struct dentry *new_dentry);
|
struct dentry *new_dentry);
|
||||||
int (*path_chmod)(struct path *path, umode_t mode);
|
int (*path_chmod)(const struct path *path, umode_t mode);
|
||||||
int (*path_chown)(struct path *path, kuid_t uid, kgid_t gid);
|
int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);
|
||||||
int (*path_chroot)(struct path *path);
|
int (*path_chroot)(const struct path *path);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int (*inode_alloc_security)(struct inode *inode);
|
int (*inode_alloc_security)(struct inode *inode);
|
||||||
|
|
|
||||||
|
|
@ -228,10 +228,10 @@ int security_sb_remount(struct super_block *sb, void *data);
|
||||||
int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
|
int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
|
||||||
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
|
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
|
||||||
int security_sb_statfs(struct dentry *dentry);
|
int security_sb_statfs(struct dentry *dentry);
|
||||||
int security_sb_mount(const char *dev_name, struct path *path,
|
int security_sb_mount(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags, void *data);
|
const char *type, unsigned long flags, void *data);
|
||||||
int security_sb_umount(struct vfsmount *mnt, int flags);
|
int security_sb_umount(struct vfsmount *mnt, int flags);
|
||||||
int security_sb_pivotroot(struct path *old_path, struct path *new_path);
|
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
|
||||||
int security_sb_set_mnt_opts(struct super_block *sb,
|
int security_sb_set_mnt_opts(struct super_block *sb,
|
||||||
struct security_mnt_opts *opts,
|
struct security_mnt_opts *opts,
|
||||||
unsigned long kern_flags,
|
unsigned long kern_flags,
|
||||||
|
|
@ -544,7 +544,7 @@ static inline int security_sb_statfs(struct dentry *dentry)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_sb_mount(const char *dev_name, struct path *path,
|
static inline int security_sb_mount(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags,
|
const char *type, unsigned long flags,
|
||||||
void *data)
|
void *data)
|
||||||
{
|
{
|
||||||
|
|
@ -556,8 +556,8 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_sb_pivotroot(struct path *old_path,
|
static inline int security_sb_pivotroot(const struct path *old_path,
|
||||||
struct path *new_path)
|
const struct path *new_path)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
@ -1456,83 +1456,83 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
|
||||||
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
|
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
|
||||||
|
|
||||||
#ifdef CONFIG_SECURITY_PATH
|
#ifdef CONFIG_SECURITY_PATH
|
||||||
int security_path_unlink(struct path *dir, struct dentry *dentry);
|
int security_path_unlink(const struct path *dir, struct dentry *dentry);
|
||||||
int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
|
int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
|
||||||
int security_path_rmdir(struct path *dir, struct dentry *dentry);
|
int security_path_rmdir(const struct path *dir, struct dentry *dentry);
|
||||||
int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
|
int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
|
||||||
unsigned int dev);
|
unsigned int dev);
|
||||||
int security_path_truncate(struct path *path);
|
int security_path_truncate(const struct path *path);
|
||||||
int security_path_symlink(struct path *dir, struct dentry *dentry,
|
int security_path_symlink(const struct path *dir, struct dentry *dentry,
|
||||||
const char *old_name);
|
const char *old_name);
|
||||||
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
|
||||||
struct dentry *new_dentry);
|
struct dentry *new_dentry);
|
||||||
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
|
||||||
struct path *new_dir, struct dentry *new_dentry,
|
const struct path *new_dir, struct dentry *new_dentry,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
int security_path_chmod(struct path *path, umode_t mode);
|
int security_path_chmod(const struct path *path, umode_t mode);
|
||||||
int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
|
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
|
||||||
int security_path_chroot(struct path *path);
|
int security_path_chroot(const struct path *path);
|
||||||
#else /* CONFIG_SECURITY_PATH */
|
#else /* CONFIG_SECURITY_PATH */
|
||||||
static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
|
static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
|
static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
|
||||||
umode_t mode)
|
umode_t mode)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
|
static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
|
static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
|
||||||
umode_t mode, unsigned int dev)
|
umode_t mode, unsigned int dev)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_truncate(struct path *path)
|
static inline int security_path_truncate(const struct path *path)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
|
static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
|
||||||
const char *old_name)
|
const char *old_name)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_link(struct dentry *old_dentry,
|
static inline int security_path_link(struct dentry *old_dentry,
|
||||||
struct path *new_dir,
|
const struct path *new_dir,
|
||||||
struct dentry *new_dentry)
|
struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_rename(struct path *old_dir,
|
static inline int security_path_rename(const struct path *old_dir,
|
||||||
struct dentry *old_dentry,
|
struct dentry *old_dentry,
|
||||||
struct path *new_dir,
|
const struct path *new_dir,
|
||||||
struct dentry *new_dentry,
|
struct dentry *new_dentry,
|
||||||
unsigned int flags)
|
unsigned int flags)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_chmod(struct path *path, umode_t mode)
|
static inline int security_path_chmod(const struct path *path, umode_t mode)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_path_chroot(struct path *path)
|
static inline int security_path_chroot(const struct path *path)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -953,7 +953,7 @@ fail:
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int unix_mknod(struct dentry *dentry, struct path *path, umode_t mode,
|
static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mode,
|
||||||
struct path *res)
|
struct path *res)
|
||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
|
|
||||||
|
|
@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry)
|
||||||
*
|
*
|
||||||
* Returns: %0 else error if access denied or other error
|
* Returns: %0 else error if access denied or other error
|
||||||
*/
|
*/
|
||||||
int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
|
int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
|
||||||
int flags, u32 request, struct path_cond *cond)
|
int flags, u32 request, struct path_cond *cond)
|
||||||
{
|
{
|
||||||
char *buffer = NULL;
|
char *buffer = NULL;
|
||||||
|
|
@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target)
|
||||||
* Returns: %0 if allowed else error
|
* Returns: %0 if allowed else error
|
||||||
*/
|
*/
|
||||||
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
|
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
|
||||||
struct path *new_dir, struct dentry *new_dentry)
|
const struct path *new_dir, struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
struct path link = { new_dir->mnt, new_dentry };
|
struct path link = { new_dir->mnt, new_dentry };
|
||||||
struct path target = { new_dir->mnt, old_dentry };
|
struct path target = { new_dir->mnt, old_dentry };
|
||||||
|
|
|
||||||
|
|
@ -171,11 +171,11 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
|
||||||
const char *name, struct path_cond *cond,
|
const char *name, struct path_cond *cond,
|
||||||
struct file_perms *perms);
|
struct file_perms *perms);
|
||||||
|
|
||||||
int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
|
int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
|
||||||
int flags, u32 request, struct path_cond *cond);
|
int flags, u32 request, struct path_cond *cond);
|
||||||
|
|
||||||
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
|
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
|
||||||
struct path *new_dir, struct dentry *new_dentry);
|
const struct path *new_dir, struct dentry *new_dentry);
|
||||||
|
|
||||||
int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
|
int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
|
||||||
u32 request);
|
u32 request);
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ enum path_flags {
|
||||||
PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
|
PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
|
||||||
};
|
};
|
||||||
|
|
||||||
int aa_path_name(struct path *path, int flags, char **buffer,
|
int aa_path_name(const struct path *path, int flags, char **buffer,
|
||||||
const char **name, const char **info);
|
const char **name, const char **info);
|
||||||
|
|
||||||
#endif /* __AA_PATH_H */
|
#endif /* __AA_PATH_H */
|
||||||
|
|
|
||||||
|
|
@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if error or permission denied
|
* Returns: %0 else error code if error or permission denied
|
||||||
*/
|
*/
|
||||||
static int common_perm(int op, struct path *path, u32 mask,
|
static int common_perm(int op, const struct path *path, u32 mask,
|
||||||
struct path_cond *cond)
|
struct path_cond *cond)
|
||||||
{
|
{
|
||||||
struct aa_profile *profile;
|
struct aa_profile *profile;
|
||||||
|
|
@ -172,7 +172,7 @@ static int common_perm(int op, struct path *path, u32 mask,
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if error or permission denied
|
* Returns: %0 else error code if error or permission denied
|
||||||
*/
|
*/
|
||||||
static int common_perm_dir_dentry(int op, struct path *dir,
|
static int common_perm_dir_dentry(int op, const struct path *dir,
|
||||||
struct dentry *dentry, u32 mask,
|
struct dentry *dentry, u32 mask,
|
||||||
struct path_cond *cond)
|
struct path_cond *cond)
|
||||||
{
|
{
|
||||||
|
|
@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir,
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* common_perm_mnt_dentry - common permission wrapper when mnt, dentry
|
* common_perm_path - common permission wrapper when mnt, dentry
|
||||||
* @op: operation being checked
|
* @op: operation being checked
|
||||||
* @mnt: mount point of dentry (NOT NULL)
|
* @path: location to check (NOT NULL)
|
||||||
* @dentry: dentry to check (NOT NULL)
|
|
||||||
* @mask: requested permissions mask
|
* @mask: requested permissions mask
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if error or permission denied
|
* Returns: %0 else error code if error or permission denied
|
||||||
*/
|
*/
|
||||||
static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
|
static inline int common_perm_path(int op, const struct path *path, u32 mask)
|
||||||
struct dentry *dentry, u32 mask)
|
|
||||||
{
|
{
|
||||||
struct path path = { mnt, dentry };
|
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
|
||||||
struct path_cond cond = { d_backing_inode(dentry)->i_uid,
|
d_backing_inode(path->dentry)->i_mode
|
||||||
d_backing_inode(dentry)->i_mode
|
|
||||||
};
|
};
|
||||||
|
if (!mediated_filesystem(path->dentry))
|
||||||
|
return 0;
|
||||||
|
|
||||||
return common_perm(op, &path, mask, &cond);
|
return common_perm(op, path, mask, &cond);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -210,13 +209,13 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if error or permission denied
|
* Returns: %0 else error code if error or permission denied
|
||||||
*/
|
*/
|
||||||
static int common_perm_rm(int op, struct path *dir,
|
static int common_perm_rm(int op, const struct path *dir,
|
||||||
struct dentry *dentry, u32 mask)
|
struct dentry *dentry, u32 mask)
|
||||||
{
|
{
|
||||||
struct inode *inode = d_backing_inode(dentry);
|
struct inode *inode = d_backing_inode(dentry);
|
||||||
struct path_cond cond = { };
|
struct path_cond cond = { };
|
||||||
|
|
||||||
if (!inode || !dir->mnt || !mediated_filesystem(dentry))
|
if (!inode || !mediated_filesystem(dentry))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
cond.uid = inode->i_uid;
|
cond.uid = inode->i_uid;
|
||||||
|
|
@ -235,61 +234,53 @@ static int common_perm_rm(int op, struct path *dir,
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if error or permission denied
|
* Returns: %0 else error code if error or permission denied
|
||||||
*/
|
*/
|
||||||
static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
|
static int common_perm_create(int op, const struct path *dir,
|
||||||
u32 mask, umode_t mode)
|
struct dentry *dentry, u32 mask, umode_t mode)
|
||||||
{
|
{
|
||||||
struct path_cond cond = { current_fsuid(), mode };
|
struct path_cond cond = { current_fsuid(), mode };
|
||||||
|
|
||||||
if (!dir->mnt || !mediated_filesystem(dir->dentry))
|
if (!mediated_filesystem(dir->dentry))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
|
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_unlink(struct path *dir, struct dentry *dentry)
|
static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
|
return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
|
static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry,
|
||||||
umode_t mode)
|
umode_t mode)
|
||||||
{
|
{
|
||||||
return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
|
return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
|
||||||
S_IFDIR);
|
S_IFDIR);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry)
|
static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
|
return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
|
static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry,
|
||||||
umode_t mode, unsigned int dev)
|
umode_t mode, unsigned int dev)
|
||||||
{
|
{
|
||||||
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
|
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_truncate(struct path *path)
|
static int apparmor_path_truncate(const struct path *path)
|
||||||
{
|
{
|
||||||
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
|
return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
|
||||||
d_backing_inode(path->dentry)->i_mode
|
|
||||||
};
|
|
||||||
|
|
||||||
if (!path->mnt || !mediated_filesystem(path->dentry))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
|
|
||||||
&cond);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
|
static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry,
|
||||||
const char *old_name)
|
const char *old_name)
|
||||||
{
|
{
|
||||||
return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
|
return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
|
||||||
S_IFLNK);
|
S_IFLNK);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
|
static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir,
|
||||||
struct dentry *new_dentry)
|
struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
struct aa_profile *profile;
|
struct aa_profile *profile;
|
||||||
|
|
@ -304,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry,
|
||||||
struct path *new_dir, struct dentry *new_dentry)
|
const struct path *new_dir, struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
struct aa_profile *profile;
|
struct aa_profile *profile;
|
||||||
int error = 0;
|
int error = 0;
|
||||||
|
|
@ -334,33 +325,19 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_chmod(struct path *path, umode_t mode)
|
static int apparmor_path_chmod(const struct path *path, umode_t mode)
|
||||||
{
|
{
|
||||||
if (!mediated_filesystem(path->dentry))
|
return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||||
{
|
{
|
||||||
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
|
return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
|
||||||
d_backing_inode(path->dentry)->i_mode
|
|
||||||
};
|
|
||||||
|
|
||||||
if (!mediated_filesystem(path->dentry))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_inode_getattr(const struct path *path)
|
static int apparmor_inode_getattr(const struct path *path)
|
||||||
{
|
{
|
||||||
if (!mediated_filesystem(path->dentry))
|
return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry,
|
|
||||||
AA_MAY_META_READ);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_file_open(struct file *file, const struct cred *cred)
|
static int apparmor_file_open(struct file *file, const struct cred *cred)
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
|
||||||
* When no error the path name is returned in @name which points to
|
* When no error the path name is returned in @name which points to
|
||||||
* to a position in @buf
|
* to a position in @buf
|
||||||
*/
|
*/
|
||||||
static int d_namespace_path(struct path *path, char *buf, int buflen,
|
static int d_namespace_path(const struct path *path, char *buf, int buflen,
|
||||||
char **name, int flags)
|
char **name, int flags)
|
||||||
{
|
{
|
||||||
char *res;
|
char *res;
|
||||||
|
|
@ -158,7 +158,7 @@ out:
|
||||||
*
|
*
|
||||||
* Returns: %0 else error on failure
|
* Returns: %0 else error on failure
|
||||||
*/
|
*/
|
||||||
static int get_name_to_buffer(struct path *path, int flags, char *buffer,
|
static int get_name_to_buffer(const struct path *path, int flags, char *buffer,
|
||||||
int size, char **name, const char **info)
|
int size, char **name, const char **info)
|
||||||
{
|
{
|
||||||
int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
|
int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
|
||||||
|
|
@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer,
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if could retrieve name
|
* Returns: %0 else error code if could retrieve name
|
||||||
*/
|
*/
|
||||||
int aa_path_name(struct path *path, int flags, char **buffer, const char **name,
|
int aa_path_name(const struct path *path, int flags, char **buffer,
|
||||||
const char **info)
|
const char **name, const char **info)
|
||||||
{
|
{
|
||||||
char *buf, *str = NULL;
|
char *buf, *str = NULL;
|
||||||
int size = 256;
|
int size = 256;
|
||||||
|
|
|
||||||
|
|
@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
|
||||||
int ima_store_template(struct ima_template_entry *entry, int violation,
|
int ima_store_template(struct ima_template_entry *entry, int violation,
|
||||||
struct inode *inode, const unsigned char *filename);
|
struct inode *inode, const unsigned char *filename);
|
||||||
void ima_free_template_entry(struct ima_template_entry *entry);
|
void ima_free_template_entry(struct ima_template_entry *entry);
|
||||||
const char *ima_d_path(struct path *path, char **pathbuf);
|
const char *ima_d_path(const struct path *path, char **pathbuf);
|
||||||
|
|
||||||
/* IMA policy related functions */
|
/* IMA policy related functions */
|
||||||
int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
|
int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
|
||||||
|
|
|
||||||
|
|
@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
|
||||||
iint->flags |= IMA_AUDITED;
|
iint->flags |= IMA_AUDITED;
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *ima_d_path(struct path *path, char **pathbuf)
|
const char *ima_d_path(const struct path *path, char **pathbuf)
|
||||||
{
|
{
|
||||||
char *pathname = NULL;
|
char *pathname = NULL;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -302,7 +302,7 @@ int security_sb_statfs(struct dentry *dentry)
|
||||||
return call_int_hook(sb_statfs, 0, dentry);
|
return call_int_hook(sb_statfs, 0, dentry);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_sb_mount(const char *dev_name, struct path *path,
|
int security_sb_mount(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags, void *data)
|
const char *type, unsigned long flags, void *data)
|
||||||
{
|
{
|
||||||
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
|
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
|
||||||
|
|
@ -313,7 +313,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
|
||||||
return call_int_hook(sb_umount, 0, mnt, flags);
|
return call_int_hook(sb_umount, 0, mnt, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_sb_pivotroot(struct path *old_path, struct path *new_path)
|
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path)
|
||||||
{
|
{
|
||||||
return call_int_hook(sb_pivotroot, 0, old_path, new_path);
|
return call_int_hook(sb_pivotroot, 0, old_path, new_path);
|
||||||
}
|
}
|
||||||
|
|
@ -410,7 +410,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
|
||||||
EXPORT_SYMBOL(security_old_inode_init_security);
|
EXPORT_SYMBOL(security_old_inode_init_security);
|
||||||
|
|
||||||
#ifdef CONFIG_SECURITY_PATH
|
#ifdef CONFIG_SECURITY_PATH
|
||||||
int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
|
int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
|
||||||
unsigned int dev)
|
unsigned int dev)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
||||||
|
|
@ -419,7 +419,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(security_path_mknod);
|
EXPORT_SYMBOL(security_path_mknod);
|
||||||
|
|
||||||
int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
|
int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -427,14 +427,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(security_path_mkdir);
|
EXPORT_SYMBOL(security_path_mkdir);
|
||||||
|
|
||||||
int security_path_rmdir(struct path *dir, struct dentry *dentry)
|
int security_path_rmdir(const struct path *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
||||||
return 0;
|
return 0;
|
||||||
return call_int_hook(path_rmdir, 0, dir, dentry);
|
return call_int_hook(path_rmdir, 0, dir, dentry);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_path_unlink(struct path *dir, struct dentry *dentry)
|
int security_path_unlink(const struct path *dir, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -442,7 +442,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry)
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(security_path_unlink);
|
EXPORT_SYMBOL(security_path_unlink);
|
||||||
|
|
||||||
int security_path_symlink(struct path *dir, struct dentry *dentry,
|
int security_path_symlink(const struct path *dir, struct dentry *dentry,
|
||||||
const char *old_name)
|
const char *old_name)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
|
||||||
|
|
@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
|
||||||
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
|
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
|
||||||
struct dentry *new_dentry)
|
struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
|
||||||
|
|
@ -458,8 +458,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
||||||
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
|
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
|
||||||
struct path *new_dir, struct dentry *new_dentry,
|
const struct path *new_dir, struct dentry *new_dentry,
|
||||||
unsigned int flags)
|
unsigned int flags)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
|
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
|
||||||
|
|
@ -478,28 +478,28 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(security_path_rename);
|
EXPORT_SYMBOL(security_path_rename);
|
||||||
|
|
||||||
int security_path_truncate(struct path *path)
|
int security_path_truncate(const struct path *path)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
|
||||||
return 0;
|
return 0;
|
||||||
return call_int_hook(path_truncate, 0, path);
|
return call_int_hook(path_truncate, 0, path);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_path_chmod(struct path *path, umode_t mode)
|
int security_path_chmod(const struct path *path, umode_t mode)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
|
||||||
return 0;
|
return 0;
|
||||||
return call_int_hook(path_chmod, 0, path, mode);
|
return call_int_hook(path_chmod, 0, path, mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||||
{
|
{
|
||||||
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
|
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
|
||||||
return 0;
|
return 0;
|
||||||
return call_int_hook(path_chown, 0, path, uid, gid);
|
return call_int_hook(path_chown, 0, path, uid, gid);
|
||||||
}
|
}
|
||||||
|
|
||||||
int security_path_chroot(struct path *path)
|
int security_path_chroot(const struct path *path)
|
||||||
{
|
{
|
||||||
return call_int_hook(path_chroot, 0, path);
|
return call_int_hook(path_chroot, 0, path);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2761,7 +2761,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_mount(const char *dev_name,
|
static int selinux_mount(const char *dev_name,
|
||||||
struct path *path,
|
const struct path *path,
|
||||||
const char *type,
|
const char *type,
|
||||||
unsigned long flags,
|
unsigned long flags,
|
||||||
void *data)
|
void *data)
|
||||||
|
|
|
||||||
|
|
@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name);
|
||||||
const struct tomoyo_path_info *tomoyo_path_matches_group
|
const struct tomoyo_path_info *tomoyo_path_matches_group
|
||||||
(const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
|
(const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
|
||||||
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
|
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
|
||||||
struct path *path, const int flag);
|
const struct path *path, const int flag);
|
||||||
void tomoyo_close_control(struct tomoyo_io_buffer *head);
|
void tomoyo_close_control(struct tomoyo_io_buffer *head);
|
||||||
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
|
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
|
||||||
int tomoyo_execute_permission(struct tomoyo_request_info *r,
|
int tomoyo_execute_permission(struct tomoyo_request_info *r,
|
||||||
|
|
@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
|
||||||
int tomoyo_init_request_info(struct tomoyo_request_info *r,
|
int tomoyo_init_request_info(struct tomoyo_request_info *r,
|
||||||
struct tomoyo_domain_info *domain,
|
struct tomoyo_domain_info *domain,
|
||||||
const u8 index);
|
const u8 index);
|
||||||
int tomoyo_mkdev_perm(const u8 operation, struct path *path,
|
int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
|
||||||
const unsigned int mode, unsigned int dev);
|
const unsigned int mode, unsigned int dev);
|
||||||
int tomoyo_mount_permission(const char *dev_name, struct path *path,
|
int tomoyo_mount_permission(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags,
|
const char *type, unsigned long flags,
|
||||||
void *data_page);
|
void *data_page);
|
||||||
int tomoyo_open_control(const u8 type, struct file *file);
|
int tomoyo_open_control(const u8 type, struct file *file);
|
||||||
int tomoyo_path2_perm(const u8 operation, struct path *path1,
|
int tomoyo_path2_perm(const u8 operation, const struct path *path1,
|
||||||
struct path *path2);
|
const struct path *path2);
|
||||||
int tomoyo_path_number_perm(const u8 operation, struct path *path,
|
int tomoyo_path_number_perm(const u8 operation, const struct path *path,
|
||||||
unsigned long number);
|
unsigned long number);
|
||||||
int tomoyo_path_perm(const u8 operation, const struct path *path,
|
int tomoyo_path_perm(const u8 operation, const struct path *path,
|
||||||
const char *target);
|
const char *target);
|
||||||
|
|
|
||||||
|
|
@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
int tomoyo_path_number_perm(const u8 type, struct path *path,
|
int tomoyo_path_number_perm(const u8 type, const struct path *path,
|
||||||
unsigned long number)
|
unsigned long number)
|
||||||
{
|
{
|
||||||
struct tomoyo_request_info r;
|
struct tomoyo_request_info r;
|
||||||
|
|
@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
|
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
|
||||||
struct path *path, const int flag)
|
const struct path *path, const int flag)
|
||||||
{
|
{
|
||||||
const u8 acc_mode = ACC_MODE(flag);
|
const u8 acc_mode = ACC_MODE(flag);
|
||||||
int error = 0;
|
int error = 0;
|
||||||
|
|
@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
int tomoyo_mkdev_perm(const u8 operation, struct path *path,
|
int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
|
||||||
const unsigned int mode, unsigned int dev)
|
const unsigned int mode, unsigned int dev)
|
||||||
{
|
{
|
||||||
struct tomoyo_request_info r;
|
struct tomoyo_request_info r;
|
||||||
|
|
@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
int tomoyo_path2_perm(const u8 operation, struct path *path1,
|
int tomoyo_path2_perm(const u8 operation, const struct path *path1,
|
||||||
struct path *path2)
|
const struct path *path2)
|
||||||
{
|
{
|
||||||
int error = -ENOMEM;
|
int error = -ENOMEM;
|
||||||
struct tomoyo_path_info buf1;
|
struct tomoyo_path_info buf1;
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
|
||||||
*/
|
*/
|
||||||
static int tomoyo_mount_acl(struct tomoyo_request_info *r,
|
static int tomoyo_mount_acl(struct tomoyo_request_info *r,
|
||||||
const char *dev_name,
|
const char *dev_name,
|
||||||
struct path *dir, const char *type,
|
const struct path *dir, const char *type,
|
||||||
unsigned long flags)
|
unsigned long flags)
|
||||||
{
|
{
|
||||||
struct tomoyo_obj_info obj = { };
|
struct tomoyo_obj_info obj = { };
|
||||||
|
|
@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
int tomoyo_mount_permission(const char *dev_name, struct path *path,
|
int tomoyo_mount_permission(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags,
|
const char *type, unsigned long flags,
|
||||||
void *data_page)
|
void *data_page)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_truncate(struct path *path)
|
static int tomoyo_path_truncate(const struct path *path)
|
||||||
{
|
{
|
||||||
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
|
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
|
||||||
}
|
}
|
||||||
|
|
@ -163,7 +163,7 @@ static int tomoyo_path_truncate(struct path *path)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
|
static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
struct path path = { parent->mnt, dentry };
|
struct path path = { parent->mnt, dentry };
|
||||||
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
|
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
|
||||||
|
|
@ -178,7 +178,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
|
static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
|
||||||
umode_t mode)
|
umode_t mode)
|
||||||
{
|
{
|
||||||
struct path path = { parent->mnt, dentry };
|
struct path path = { parent->mnt, dentry };
|
||||||
|
|
@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
|
static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
|
||||||
{
|
{
|
||||||
struct path path = { parent->mnt, dentry };
|
struct path path = { parent->mnt, dentry };
|
||||||
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
|
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
|
||||||
|
|
@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
|
static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
|
||||||
const char *old_name)
|
const char *old_name)
|
||||||
{
|
{
|
||||||
struct path path = { parent->mnt, dentry };
|
struct path path = { parent->mnt, dentry };
|
||||||
|
|
@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
|
static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
|
||||||
umode_t mode, unsigned int dev)
|
umode_t mode, unsigned int dev)
|
||||||
{
|
{
|
||||||
struct path path = { parent->mnt, dentry };
|
struct path path = { parent->mnt, dentry };
|
||||||
|
|
@ -265,7 +265,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
|
static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
|
||||||
struct dentry *new_dentry)
|
struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
struct path path1 = { new_dir->mnt, old_dentry };
|
struct path path1 = { new_dir->mnt, old_dentry };
|
||||||
|
|
@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_rename(struct path *old_parent,
|
static int tomoyo_path_rename(const struct path *old_parent,
|
||||||
struct dentry *old_dentry,
|
struct dentry *old_dentry,
|
||||||
struct path *new_parent,
|
const struct path *new_parent,
|
||||||
struct dentry *new_dentry)
|
struct dentry *new_dentry)
|
||||||
{
|
{
|
||||||
struct path path1 = { old_parent->mnt, old_dentry };
|
struct path path1 = { old_parent->mnt, old_dentry };
|
||||||
|
|
@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_chmod(struct path *path, umode_t mode)
|
static int tomoyo_path_chmod(const struct path *path, umode_t mode)
|
||||||
{
|
{
|
||||||
return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
|
return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
|
||||||
mode & S_IALLUGO);
|
mode & S_IALLUGO);
|
||||||
|
|
@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||||
{
|
{
|
||||||
int error = 0;
|
int error = 0;
|
||||||
if (uid_valid(uid))
|
if (uid_valid(uid))
|
||||||
|
|
@ -385,7 +385,7 @@ static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_path_chroot(struct path *path)
|
static int tomoyo_path_chroot(const struct path *path)
|
||||||
{
|
{
|
||||||
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
|
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
|
||||||
}
|
}
|
||||||
|
|
@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_sb_mount(const char *dev_name, struct path *path,
|
static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
|
||||||
const char *type, unsigned long flags, void *data)
|
const char *type, unsigned long flags, void *data)
|
||||||
{
|
{
|
||||||
return tomoyo_mount_permission(dev_name, path, type, flags, data);
|
return tomoyo_mount_permission(dev_name, path, type, flags, data);
|
||||||
|
|
@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
|
||||||
*
|
*
|
||||||
* Returns 0 on success, negative value otherwise.
|
* Returns 0 on success, negative value otherwise.
|
||||||
*/
|
*/
|
||||||
static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
|
static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
|
||||||
{
|
{
|
||||||
return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
|
return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue