d_path: Use struct path in struct avc_audit_data

audit_log_d_path() is a d_path() wrapper that is used by the audit code. To use a struct path in audit_log_d_path() I need to embed it into struct avc_audit_data. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jan Blunck <jblunck@suse.de> Acked-by: Christoph Hellwig <hch@infradead.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Neil Brown <neilb@suse.de> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

d_path: Use struct path in struct avc_audit_data
audit_log_d_path() is a d_path() wrapper that is used by the audit code. To use a struct path in audit_log_d_path() I need to embed it into struct avc_audit_data. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jan Blunck <jblunck@suse.de> Acked-by: Christoph Hellwig <hch@infradead.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Neil Brown <neilb@suse.de> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Blunck · Linus Torvalds
1 parent a03a8a709a
Showing 6 changed files with 43 additions and 51 deletions Side-by-side Diff
include/linux/audit.h
kernel/audit.c
kernel/auditsc.c
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/avc.h
@@ -534,8 +534,7 @@
 							const char *string);
 extern void		    audit_log_d_path(struct audit_buffer *ab,
 					     const char *prefix,
-					     struct dentry *dentry,
-					     struct vfsmount *vfsmnt);
+					     struct path *path);
 extern void		    audit_log_lost(const char *message);
 				/* Private API (for audit.c only) */
 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
@@ -552,7 +551,7 @@
 #define audit_log_hex(a,b,l) do { ; } while (0)
 #define audit_log_untrustedstring(a,s) do { ; } while (0)
 #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
-#define audit_log_d_path(b,p,d,v) do { ; } while (0)
+#define audit_log_d_path(b, p, d) do { ; } while (0)
 #define audit_enabled 0
 #endif
 #endif
@@ -1312,26 +1312,26 @@
  
 /* This is a helper-function to print the escaped d_path */
 void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
-		      struct dentry *dentry, struct vfsmount *vfsmnt)
+		      struct path *path)
 {
-	char *p, *path;
+	char *p, *pathname;
  
 	if (prefix)
 		audit_log_format(ab, " %s", prefix);
  
 	/* We will allow 11 spaces for ' (deleted)' to be appended */
-	path = kmalloc(PATH_MAX+11, ab->gfp_mask);
-	if (!path) {
+	pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
+	if (!pathname) {
 		audit_log_format(ab, "<no memory>");
 		return;
 	}
-	p = d_path(dentry, vfsmnt, path, PATH_MAX+11);
+	p = d_path(path->dentry, path->mnt, pathname, PATH_MAX+11);
 	if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
 		/* FIXME: can we save some information here? */
 		audit_log_format(ab, "<too long>");
 	} else
 		audit_log_untrustedstring(ab, p);
-	kfree(path);
+	kfree(pathname);
 }
  
 /**
@@ -208,8 +208,7 @@
 	int		    name_count;
 	struct audit_names  names[AUDIT_NAMES];
 	char *		    filterkey;	/* key for rule that triggered record */
-	struct dentry *	    pwd;
-	struct vfsmount *   pwdmnt;
+	struct path	    pwd;
 	struct audit_context *previous; /* For nested syscalls */
 	struct audit_aux_data *aux;
 	struct audit_aux_data *aux_pids;
@@ -786,12 +785,9 @@
 			__putname(context->names[i].name);
 	}
 	context->name_count = 0;
-	if (context->pwd)
-		dput(context->pwd);
-	if (context->pwdmnt)
-		mntput(context->pwdmnt);
-	context->pwd = NULL;
-	context->pwdmnt = NULL;
+	path_put(&context->pwd);
+	context->pwd.dentry = NULL;
+	context->pwd.mnt = NULL;
 }
  
 static inline void audit_free_aux(struct audit_context *context)
@@ -930,8 +926,7 @@
 			if ((vma->vm_flags & VM_EXECUTABLE) &&
 			    vma->vm_file) {
 				audit_log_d_path(ab, "exe=",
-						 vma->vm_file->f_path.dentry,
-						 vma->vm_file->f_path.mnt);
+						 &vma->vm_file->f_path);
 				break;
 			}
 			vma = vma->vm_next;
  
@@ -1341,10 +1336,10 @@
 				  context->target_sid, context->target_comm))
 			call_panic = 1;
  
-	if (context->pwd && context->pwdmnt) {
+	if (context->pwd.dentry && context->pwd.mnt) {
 		ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
 		if (ab) {
-			audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
+			audit_log_d_path(ab, "cwd=", &context->pwd);
 			audit_log_end(ab);
 		}
 	}
@@ -1367,8 +1362,7 @@
 			case 0:
 				/* name was specified as a relative path and the
 				 * directory component is the cwd */
-				audit_log_d_path(ab, " name=", context->pwd,
-						 context->pwdmnt);
+				audit_log_d_path(ab, " name=", &context->pwd);
 				break;
 			default:
 				/* log the name's directory component */
  
@@ -1695,10 +1689,10 @@
 	context->names[context->name_count].ino  = (unsigned long)-1;
 	context->names[context->name_count].osid = 0;
 	++context->name_count;
-	if (!context->pwd) {
+	if (!context->pwd.dentry) {
 		read_lock(&current->fs->lock);
-		context->pwd = dget(current->fs->pwd.dentry);
-		context->pwdmnt = mntget(current->fs->pwd.mnt);
+		context->pwd = current->fs->pwd;
+		path_get(&current->fs->pwd);
 		read_unlock(&current->fs->lock);
 	}
  
@@ -568,10 +568,11 @@
 			audit_log_format(ab, " capability=%d", a->u.cap);
 			break;
 		case AVC_AUDIT_DATA_FS:
-			if (a->u.fs.dentry) {
-				struct dentry *dentry = a->u.fs.dentry;
-				if (a->u.fs.mnt) {
-					audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt);
+			if (a->u.fs.path.dentry) {
+				struct dentry *dentry = a->u.fs.path.dentry;
+				if (a->u.fs.path.mnt) {
+					audit_log_d_path(ab, "path=",
+							 &a->u.fs.path);
 				} else {
 					audit_log_format(ab, " name=");
 					audit_log_untrustedstring(ab, dentry->d_name.name);
  
@@ -626,8 +627,12 @@
 				case AF_UNIX:
 					u = unix_sk(sk);
 					if (u->dentry) {
+						struct path path = {
+							.dentry = u->dentry,
+							.mnt = u->mnt
+						};
 						audit_log_d_path(ab, "path=",
-								 u->dentry, u->mnt);
+								 &path);
 						break;
 					}
 					if (!u->addr)
@@ -1356,8 +1356,8 @@
 	struct inode *inode = dentry->d_inode;
 	struct avc_audit_data ad;
 	AVC_AUDIT_DATA_INIT(&ad,FS);
-	ad.u.fs.mnt = mnt;
-	ad.u.fs.dentry = dentry;
+	ad.u.fs.path.mnt = mnt;
+	ad.u.fs.path.dentry = dentry;
 	return inode_has_perm(tsk, inode, av, &ad);
 }
  
  
@@ -1375,15 +1375,12 @@
 {
 	struct task_security_struct *tsec = tsk->security;
 	struct file_security_struct *fsec = file->f_security;
-	struct vfsmount *mnt = file->f_path.mnt;
-	struct dentry *dentry = file->f_path.dentry;
-	struct inode *inode = dentry->d_inode;
+	struct inode *inode = file->f_path.dentry->d_inode;
 	struct avc_audit_data ad;
 	int rc;
  
 	AVC_AUDIT_DATA_INIT(&ad, FS);
-	ad.u.fs.mnt = mnt;
-	ad.u.fs.dentry = dentry;
+	ad.u.fs.path = file->f_path;
  
 	if (tsec->sid != fsec->sid) {
 		rc = avc_has_perm(tsec->sid, fsec->sid,
@@ -1418,7 +1415,7 @@
 	sbsec = dir->i_sb->s_security;
  
 	AVC_AUDIT_DATA_INIT(&ad, FS);
-	ad.u.fs.dentry = dentry;
+	ad.u.fs.path.dentry = dentry;
  
 	rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
 			  DIR__ADD_NAME | DIR__SEARCH,
@@ -1476,7 +1473,7 @@
 	isec = dentry->d_inode->i_security;
  
 	AVC_AUDIT_DATA_INIT(&ad, FS);
-	ad.u.fs.dentry = dentry;
+	ad.u.fs.path.dentry = dentry;
  
 	av = DIR__SEARCH;
 	av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
@@ -1523,7 +1520,7 @@
  
 	AVC_AUDIT_DATA_INIT(&ad, FS);
  
-	ad.u.fs.dentry = old_dentry;
+	ad.u.fs.path.dentry = old_dentry;
 	rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
 			  DIR__REMOVE_NAME | DIR__SEARCH, &ad);
 	if (rc)
@@ -1539,7 +1536,7 @@
 			return rc;
 	}
  
-	ad.u.fs.dentry = new_dentry;
+	ad.u.fs.path.dentry = new_dentry;
 	av = DIR__ADD_NAME | DIR__SEARCH;
 	if (new_dentry->d_inode)
 		av |= DIR__REMOVE_NAME;
@@ -1918,8 +1915,7 @@
 	}
  
 	AVC_AUDIT_DATA_INIT(&ad, FS);
-	ad.u.fs.mnt = bprm->file->f_path.mnt;
-	ad.u.fs.dentry = bprm->file->f_path.dentry;
+	ad.u.fs.path = bprm->file->f_path;
  
 	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
 		newsid = tsec->sid;
@@ -2315,7 +2311,7 @@
 		return rc;
  
 	AVC_AUDIT_DATA_INIT(&ad,FS);
-	ad.u.fs.dentry = sb->s_root;
+	ad.u.fs.path.dentry = sb->s_root;
 	return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
 }
  
@@ -2324,7 +2320,7 @@
 	struct avc_audit_data ad;
  
 	AVC_AUDIT_DATA_INIT(&ad,FS);
-	ad.u.fs.dentry = dentry->d_sb->s_root;
+	ad.u.fs.path.dentry = dentry->d_sb->s_root;
 	return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
 }
  
@@ -2587,7 +2583,7 @@
 		return -EPERM;
  
 	AVC_AUDIT_DATA_INIT(&ad,FS);
-	ad.u.fs.dentry = dentry;
+	ad.u.fs.path.dentry = dentry;
  
 	rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
 			  FILE__RELABELFROM, &ad);
@@ -13,6 +13,7 @@
 #include <linux/spinlock.h>
 #include <linux/init.h>
 #include <linux/in6.h>
+#include <linux/path.h>
 #include <asm/system.h>
 #include "flask.h"
 #include "av_permissions.h"
@@ -30,8 +31,6 @@
 struct avc_entry;
  
 struct task_struct;
-struct vfsmount;
-struct dentry;
 struct inode;
 struct sock;
 struct sk_buff;
@@ -46,8 +45,7 @@
 	struct task_struct *tsk;
 	union 	{
 		struct {
-			struct vfsmount *mnt;
-			struct dentry *dentry;
+			struct path path;
 			struct inode *inode;
 		} fs;
 		struct {
...	...	@@ -534,8 +534,7 @@
534	534	const char *string);
535	535	extern void audit_log_d_path(struct audit_buffer *ab,
536	536	const char *prefix,
537		- struct dentry *dentry,
538		- struct vfsmount *vfsmnt);
	537	+ struct path *path);
539	538	extern void audit_log_lost(const char *message);
540	539	/* Private API (for audit.c only) */
541	540	extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
...	...	@@ -552,7 +551,7 @@
552	551	#define audit_log_hex(a,b,l) do { ; } while (0)
553	552	#define audit_log_untrustedstring(a,s) do { ; } while (0)
554	553	#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
555		-#define audit_log_d_path(b,p,d,v) do { ; } while (0)
	554	+#define audit_log_d_path(b, p, d) do { ; } while (0)
556	555	#define audit_enabled 0
557	556	#endif
558	557	#endif
...	...	@@ -1312,26 +1312,26 @@
1312	1312
1313	1313	/* This is a helper-function to print the escaped d_path */
1314	1314	void audit_log_d_path(struct audit_buffer ab, const char prefix,
1315		- struct dentry dentry, struct vfsmount vfsmnt)
	1315	+ struct path *path)
1316	1316	{
1317		- char p, path;
	1317	+ char p, pathname;
1318	1318
1319	1319	if (prefix)
1320	1320	audit_log_format(ab, " %s", prefix);
1321	1321
1322	1322	/* We will allow 11 spaces for ' (deleted)' to be appended */
1323		- path = kmalloc(PATH_MAX+11, ab->gfp_mask);
1324		- if (!path) {
	1323	+ pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
	1324	+ if (!pathname) {
1325	1325	audit_log_format(ab, "<no memory>");
1326	1326	return;
1327	1327	}
1328		- p = d_path(dentry, vfsmnt, path, PATH_MAX+11);
	1328	+ p = d_path(path->dentry, path->mnt, pathname, PATH_MAX+11);
1329	1329	if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
1330	1330	/* FIXME: can we save some information here? */
1331	1331	audit_log_format(ab, "<too long>");
1332	1332	} else
1333	1333	audit_log_untrustedstring(ab, p);
1334		- kfree(path);
	1334	+ kfree(pathname);
1335	1335	}
1336	1336
1337	1337	/**
...	...	@@ -208,8 +208,7 @@
208	208	int name_count;
209	209	struct audit_names names[AUDIT_NAMES];
210	210	char * filterkey; /* key for rule that triggered record */
211		- struct dentry * pwd;
212		- struct vfsmount * pwdmnt;
	211	+ struct path pwd;
213	212	struct audit_context previous; / For nested syscalls */
214	213	struct audit_aux_data *aux;
215	214	struct audit_aux_data *aux_pids;
...	...	@@ -786,12 +785,9 @@
786	785	__putname(context->names[i].name);
787	786	}
788	787	context->name_count = 0;
789		- if (context->pwd)
790		- dput(context->pwd);
791		- if (context->pwdmnt)
792		- mntput(context->pwdmnt);
793		- context->pwd = NULL;
794		- context->pwdmnt = NULL;
	788	+ path_put(&context->pwd);
	789	+ context->pwd.dentry = NULL;
	790	+ context->pwd.mnt = NULL;
795	791	}
796	792
797	793	static inline void audit_free_aux(struct audit_context *context)
...	...	@@ -930,8 +926,7 @@
930	926	if ((vma->vm_flags & VM_EXECUTABLE) &&
931	927	vma->vm_file) {
932	928	audit_log_d_path(ab, "exe=",
933		- vma->vm_file->f_path.dentry,
934		- vma->vm_file->f_path.mnt);
	929	+ &vma->vm_file->f_path);
935	930	break;
936	931	}
937	932	vma = vma->vm_next;
938	933
...	...	@@ -1341,10 +1336,10 @@
1341	1336	context->target_sid, context->target_comm))
1342	1337	call_panic = 1;
1343	1338
1344		- if (context->pwd && context->pwdmnt) {
	1339	+ if (context->pwd.dentry && context->pwd.mnt) {
1345	1340	ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
1346	1341	if (ab) {
1347		- audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
	1342	+ audit_log_d_path(ab, "cwd=", &context->pwd);
1348	1343	audit_log_end(ab);
1349	1344	}
1350	1345	}
...	...	@@ -1367,8 +1362,7 @@
1367	1362	case 0:
1368	1363	/* name was specified as a relative path and the
1369	1364	* directory component is the cwd */
1370		- audit_log_d_path(ab, " name=", context->pwd,
1371		- context->pwdmnt);
	1365	+ audit_log_d_path(ab, " name=", &context->pwd);
1372	1366	break;
1373	1367	default:
1374	1368	/* log the name's directory component */
1375	1369
...	...	@@ -1695,10 +1689,10 @@
1695	1689	context->names[context->name_count].ino = (unsigned long)-1;
1696	1690	context->names[context->name_count].osid = 0;
1697	1691	++context->name_count;
1698		- if (!context->pwd) {
	1692	+ if (!context->pwd.dentry) {
1699	1693	read_lock(&current->fs->lock);
1700		- context->pwd = dget(current->fs->pwd.dentry);
1701		- context->pwdmnt = mntget(current->fs->pwd.mnt);
	1694	+ context->pwd = current->fs->pwd;
	1695	+ path_get(&current->fs->pwd);
1702	1696	read_unlock(&current->fs->lock);
1703	1697	}
1704	1698
...	...	@@ -568,10 +568,11 @@
568	568	audit_log_format(ab, " capability=%d", a->u.cap);
569	569	break;
570	570	case AVC_AUDIT_DATA_FS:
571		- if (a->u.fs.dentry) {
572		- struct dentry *dentry = a->u.fs.dentry;
573		- if (a->u.fs.mnt) {
574		- audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt);
	571	+ if (a->u.fs.path.dentry) {
	572	+ struct dentry *dentry = a->u.fs.path.dentry;
	573	+ if (a->u.fs.path.mnt) {
	574	+ audit_log_d_path(ab, "path=",
	575	+ &a->u.fs.path);
575	576	} else {
576	577	audit_log_format(ab, " name=");
577	578	audit_log_untrustedstring(ab, dentry->d_name.name);
578	579
...	...	@@ -626,8 +627,12 @@
626	627	case AF_UNIX:
627	628	u = unix_sk(sk);
628	629	if (u->dentry) {
	630	+ struct path path = {
	631	+ .dentry = u->dentry,
	632	+ .mnt = u->mnt
	633	+ };
629	634	audit_log_d_path(ab, "path=",
630		- u->dentry, u->mnt);
	635	+ &path);
631	636	break;
632	637	}
633	638	if (!u->addr)
...	...	@@ -1356,8 +1356,8 @@
1356	1356	struct inode *inode = dentry->d_inode;
1357	1357	struct avc_audit_data ad;
1358	1358	AVC_AUDIT_DATA_INIT(&ad,FS);
1359		- ad.u.fs.mnt = mnt;
1360		- ad.u.fs.dentry = dentry;
	1359	+ ad.u.fs.path.mnt = mnt;
	1360	+ ad.u.fs.path.dentry = dentry;
1361	1361	return inode_has_perm(tsk, inode, av, &ad);
1362	1362	}
1363	1363
1364	1364
...	...	@@ -1375,15 +1375,12 @@
1375	1375	{
1376	1376	struct task_security_struct *tsec = tsk->security;
1377	1377	struct file_security_struct *fsec = file->f_security;
1378		- struct vfsmount *mnt = file->f_path.mnt;
1379		- struct dentry *dentry = file->f_path.dentry;
1380		- struct inode *inode = dentry->d_inode;
	1378	+ struct inode *inode = file->f_path.dentry->d_inode;
1381	1379	struct avc_audit_data ad;
1382	1380	int rc;
1383	1381
1384	1382	AVC_AUDIT_DATA_INIT(&ad, FS);
1385		- ad.u.fs.mnt = mnt;
1386		- ad.u.fs.dentry = dentry;
	1383	+ ad.u.fs.path = file->f_path;
1387	1384
1388	1385	if (tsec->sid != fsec->sid) {
1389	1386	rc = avc_has_perm(tsec->sid, fsec->sid,
...	...	@@ -1418,7 +1415,7 @@
1418	1415	sbsec = dir->i_sb->s_security;
1419	1416
1420	1417	AVC_AUDIT_DATA_INIT(&ad, FS);
1421		- ad.u.fs.dentry = dentry;
	1418	+ ad.u.fs.path.dentry = dentry;
1422	1419
1423	1420	rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1424	1421	DIR__ADD_NAME \| DIR__SEARCH,
...	...	@@ -1476,7 +1473,7 @@
1476	1473	isec = dentry->d_inode->i_security;
1477	1474
1478	1475	AVC_AUDIT_DATA_INIT(&ad, FS);
1479		- ad.u.fs.dentry = dentry;
	1476	+ ad.u.fs.path.dentry = dentry;
1480	1477
1481	1478	av = DIR__SEARCH;
1482	1479	av \|= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
...	...	@@ -1523,7 +1520,7 @@
1523	1520
1524	1521	AVC_AUDIT_DATA_INIT(&ad, FS);
1525	1522
1526		- ad.u.fs.dentry = old_dentry;
	1523	+ ad.u.fs.path.dentry = old_dentry;
1527	1524	rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1528	1525	DIR__REMOVE_NAME \| DIR__SEARCH, &ad);
1529	1526	if (rc)
...	...	@@ -1539,7 +1536,7 @@
1539	1536	return rc;
1540	1537	}
1541	1538
1542		- ad.u.fs.dentry = new_dentry;
	1539	+ ad.u.fs.path.dentry = new_dentry;
1543	1540	av = DIR__ADD_NAME \| DIR__SEARCH;
1544	1541	if (new_dentry->d_inode)
1545	1542	av \|= DIR__REMOVE_NAME;
...	...	@@ -1918,8 +1915,7 @@
1918	1915	}
1919	1916
1920	1917	AVC_AUDIT_DATA_INIT(&ad, FS);
1921		- ad.u.fs.mnt = bprm->file->f_path.mnt;
1922		- ad.u.fs.dentry = bprm->file->f_path.dentry;
	1918	+ ad.u.fs.path = bprm->file->f_path;
1923	1919
1924	1920	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
1925	1921	newsid = tsec->sid;
...	...	@@ -2315,7 +2311,7 @@
2315	2311	return rc;
2316	2312
2317	2313	AVC_AUDIT_DATA_INIT(&ad,FS);
2318		- ad.u.fs.dentry = sb->s_root;
	2314	+ ad.u.fs.path.dentry = sb->s_root;
2319	2315	return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2320	2316	}
2321	2317
...	...	@@ -2324,7 +2320,7 @@
2324	2320	struct avc_audit_data ad;
2325	2321
2326	2322	AVC_AUDIT_DATA_INIT(&ad,FS);
2327		- ad.u.fs.dentry = dentry->d_sb->s_root;
	2323	+ ad.u.fs.path.dentry = dentry->d_sb->s_root;
2328	2324	return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2329	2325	}
2330	2326
...	...	@@ -2587,7 +2583,7 @@
2587	2583	return -EPERM;
2588	2584
2589	2585	AVC_AUDIT_DATA_INIT(&ad,FS);
2590		- ad.u.fs.dentry = dentry;
	2586	+ ad.u.fs.path.dentry = dentry;
2591	2587
2592	2588	rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2593	2589	FILE__RELABELFROM, &ad);
...	...	@@ -13,6 +13,7 @@
13	13	#include <linux/spinlock.h>
14	14	#include <linux/init.h>
15	15	#include <linux/in6.h>
	16	+#include <linux/path.h>
16	17	#include <asm/system.h>
17	18	#include "flask.h"
18	19	#include "av_permissions.h"
...	...	@@ -30,8 +31,6 @@
30	31	struct avc_entry;
31	32
32	33	struct task_struct;
33		-struct vfsmount;
34		-struct dentry;
35	34	struct inode;
36	35	struct sock;
37	36	struct sk_buff;
...	...	@@ -46,8 +45,7 @@
46	45	struct task_struct *tsk;
47	46	union {
48	47	struct {
49		- struct vfsmount *mnt;
50		- struct dentry *dentry;
	48	+ struct path path;
51	49	struct inode *inode;
52	50	} fs;
53	51	struct {