Commit 44707fdf5938ad269ea5d6c5744d82f6a7328746
Committed by
Linus Torvalds
1 parent
a03a8a709a
Exists in
master
and in
7 other branches
d_path: Use struct path in struct avc_audit_data
audit_log_d_path() is a d_path() wrapper that is used by the audit code. To use a struct path in audit_log_d_path() I need to embed it into struct avc_audit_data. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jan Blunck <jblunck@suse.de> Acked-by: Christoph Hellwig <hch@infradead.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Neil Brown <neilb@suse.de> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 6 changed files with 43 additions and 51 deletions Side-by-side Diff
include/linux/audit.h
... | ... | @@ -534,8 +534,7 @@ |
534 | 534 | const char *string); |
535 | 535 | extern void audit_log_d_path(struct audit_buffer *ab, |
536 | 536 | const char *prefix, |
537 | - struct dentry *dentry, | |
538 | - struct vfsmount *vfsmnt); | |
537 | + struct path *path); | |
539 | 538 | extern void audit_log_lost(const char *message); |
540 | 539 | /* Private API (for audit.c only) */ |
541 | 540 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
... | ... | @@ -552,7 +551,7 @@ |
552 | 551 | #define audit_log_hex(a,b,l) do { ; } while (0) |
553 | 552 | #define audit_log_untrustedstring(a,s) do { ; } while (0) |
554 | 553 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) |
555 | -#define audit_log_d_path(b,p,d,v) do { ; } while (0) | |
554 | +#define audit_log_d_path(b, p, d) do { ; } while (0) | |
556 | 555 | #define audit_enabled 0 |
557 | 556 | #endif |
558 | 557 | #endif |
kernel/audit.c
... | ... | @@ -1312,26 +1312,26 @@ |
1312 | 1312 | |
1313 | 1313 | /* This is a helper-function to print the escaped d_path */ |
1314 | 1314 | void audit_log_d_path(struct audit_buffer *ab, const char *prefix, |
1315 | - struct dentry *dentry, struct vfsmount *vfsmnt) | |
1315 | + struct path *path) | |
1316 | 1316 | { |
1317 | - char *p, *path; | |
1317 | + char *p, *pathname; | |
1318 | 1318 | |
1319 | 1319 | if (prefix) |
1320 | 1320 | audit_log_format(ab, " %s", prefix); |
1321 | 1321 | |
1322 | 1322 | /* We will allow 11 spaces for ' (deleted)' to be appended */ |
1323 | - path = kmalloc(PATH_MAX+11, ab->gfp_mask); | |
1324 | - if (!path) { | |
1323 | + pathname = kmalloc(PATH_MAX+11, ab->gfp_mask); | |
1324 | + if (!pathname) { | |
1325 | 1325 | audit_log_format(ab, "<no memory>"); |
1326 | 1326 | return; |
1327 | 1327 | } |
1328 | - p = d_path(dentry, vfsmnt, path, PATH_MAX+11); | |
1328 | + p = d_path(path->dentry, path->mnt, pathname, PATH_MAX+11); | |
1329 | 1329 | if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */ |
1330 | 1330 | /* FIXME: can we save some information here? */ |
1331 | 1331 | audit_log_format(ab, "<too long>"); |
1332 | 1332 | } else |
1333 | 1333 | audit_log_untrustedstring(ab, p); |
1334 | - kfree(path); | |
1334 | + kfree(pathname); | |
1335 | 1335 | } |
1336 | 1336 | |
1337 | 1337 | /** |
kernel/auditsc.c
... | ... | @@ -208,8 +208,7 @@ |
208 | 208 | int name_count; |
209 | 209 | struct audit_names names[AUDIT_NAMES]; |
210 | 210 | char * filterkey; /* key for rule that triggered record */ |
211 | - struct dentry * pwd; | |
212 | - struct vfsmount * pwdmnt; | |
211 | + struct path pwd; | |
213 | 212 | struct audit_context *previous; /* For nested syscalls */ |
214 | 213 | struct audit_aux_data *aux; |
215 | 214 | struct audit_aux_data *aux_pids; |
... | ... | @@ -786,12 +785,9 @@ |
786 | 785 | __putname(context->names[i].name); |
787 | 786 | } |
788 | 787 | context->name_count = 0; |
789 | - if (context->pwd) | |
790 | - dput(context->pwd); | |
791 | - if (context->pwdmnt) | |
792 | - mntput(context->pwdmnt); | |
793 | - context->pwd = NULL; | |
794 | - context->pwdmnt = NULL; | |
788 | + path_put(&context->pwd); | |
789 | + context->pwd.dentry = NULL; | |
790 | + context->pwd.mnt = NULL; | |
795 | 791 | } |
796 | 792 | |
797 | 793 | static inline void audit_free_aux(struct audit_context *context) |
... | ... | @@ -930,8 +926,7 @@ |
930 | 926 | if ((vma->vm_flags & VM_EXECUTABLE) && |
931 | 927 | vma->vm_file) { |
932 | 928 | audit_log_d_path(ab, "exe=", |
933 | - vma->vm_file->f_path.dentry, | |
934 | - vma->vm_file->f_path.mnt); | |
929 | + &vma->vm_file->f_path); | |
935 | 930 | break; |
936 | 931 | } |
937 | 932 | vma = vma->vm_next; |
938 | 933 | |
... | ... | @@ -1341,10 +1336,10 @@ |
1341 | 1336 | context->target_sid, context->target_comm)) |
1342 | 1337 | call_panic = 1; |
1343 | 1338 | |
1344 | - if (context->pwd && context->pwdmnt) { | |
1339 | + if (context->pwd.dentry && context->pwd.mnt) { | |
1345 | 1340 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); |
1346 | 1341 | if (ab) { |
1347 | - audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); | |
1342 | + audit_log_d_path(ab, "cwd=", &context->pwd); | |
1348 | 1343 | audit_log_end(ab); |
1349 | 1344 | } |
1350 | 1345 | } |
... | ... | @@ -1367,8 +1362,7 @@ |
1367 | 1362 | case 0: |
1368 | 1363 | /* name was specified as a relative path and the |
1369 | 1364 | * directory component is the cwd */ |
1370 | - audit_log_d_path(ab, " name=", context->pwd, | |
1371 | - context->pwdmnt); | |
1365 | + audit_log_d_path(ab, " name=", &context->pwd); | |
1372 | 1366 | break; |
1373 | 1367 | default: |
1374 | 1368 | /* log the name's directory component */ |
1375 | 1369 | |
... | ... | @@ -1695,10 +1689,10 @@ |
1695 | 1689 | context->names[context->name_count].ino = (unsigned long)-1; |
1696 | 1690 | context->names[context->name_count].osid = 0; |
1697 | 1691 | ++context->name_count; |
1698 | - if (!context->pwd) { | |
1692 | + if (!context->pwd.dentry) { | |
1699 | 1693 | read_lock(¤t->fs->lock); |
1700 | - context->pwd = dget(current->fs->pwd.dentry); | |
1701 | - context->pwdmnt = mntget(current->fs->pwd.mnt); | |
1694 | + context->pwd = current->fs->pwd; | |
1695 | + path_get(¤t->fs->pwd); | |
1702 | 1696 | read_unlock(¤t->fs->lock); |
1703 | 1697 | } |
1704 | 1698 |
security/selinux/avc.c
... | ... | @@ -568,10 +568,11 @@ |
568 | 568 | audit_log_format(ab, " capability=%d", a->u.cap); |
569 | 569 | break; |
570 | 570 | case AVC_AUDIT_DATA_FS: |
571 | - if (a->u.fs.dentry) { | |
572 | - struct dentry *dentry = a->u.fs.dentry; | |
573 | - if (a->u.fs.mnt) { | |
574 | - audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt); | |
571 | + if (a->u.fs.path.dentry) { | |
572 | + struct dentry *dentry = a->u.fs.path.dentry; | |
573 | + if (a->u.fs.path.mnt) { | |
574 | + audit_log_d_path(ab, "path=", | |
575 | + &a->u.fs.path); | |
575 | 576 | } else { |
576 | 577 | audit_log_format(ab, " name="); |
577 | 578 | audit_log_untrustedstring(ab, dentry->d_name.name); |
578 | 579 | |
... | ... | @@ -626,8 +627,12 @@ |
626 | 627 | case AF_UNIX: |
627 | 628 | u = unix_sk(sk); |
628 | 629 | if (u->dentry) { |
630 | + struct path path = { | |
631 | + .dentry = u->dentry, | |
632 | + .mnt = u->mnt | |
633 | + }; | |
629 | 634 | audit_log_d_path(ab, "path=", |
630 | - u->dentry, u->mnt); | |
635 | + &path); | |
631 | 636 | break; |
632 | 637 | } |
633 | 638 | if (!u->addr) |
security/selinux/hooks.c
... | ... | @@ -1356,8 +1356,8 @@ |
1356 | 1356 | struct inode *inode = dentry->d_inode; |
1357 | 1357 | struct avc_audit_data ad; |
1358 | 1358 | AVC_AUDIT_DATA_INIT(&ad,FS); |
1359 | - ad.u.fs.mnt = mnt; | |
1360 | - ad.u.fs.dentry = dentry; | |
1359 | + ad.u.fs.path.mnt = mnt; | |
1360 | + ad.u.fs.path.dentry = dentry; | |
1361 | 1361 | return inode_has_perm(tsk, inode, av, &ad); |
1362 | 1362 | } |
1363 | 1363 | |
1364 | 1364 | |
... | ... | @@ -1375,15 +1375,12 @@ |
1375 | 1375 | { |
1376 | 1376 | struct task_security_struct *tsec = tsk->security; |
1377 | 1377 | struct file_security_struct *fsec = file->f_security; |
1378 | - struct vfsmount *mnt = file->f_path.mnt; | |
1379 | - struct dentry *dentry = file->f_path.dentry; | |
1380 | - struct inode *inode = dentry->d_inode; | |
1378 | + struct inode *inode = file->f_path.dentry->d_inode; | |
1381 | 1379 | struct avc_audit_data ad; |
1382 | 1380 | int rc; |
1383 | 1381 | |
1384 | 1382 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1385 | - ad.u.fs.mnt = mnt; | |
1386 | - ad.u.fs.dentry = dentry; | |
1383 | + ad.u.fs.path = file->f_path; | |
1387 | 1384 | |
1388 | 1385 | if (tsec->sid != fsec->sid) { |
1389 | 1386 | rc = avc_has_perm(tsec->sid, fsec->sid, |
... | ... | @@ -1418,7 +1415,7 @@ |
1418 | 1415 | sbsec = dir->i_sb->s_security; |
1419 | 1416 | |
1420 | 1417 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1421 | - ad.u.fs.dentry = dentry; | |
1418 | + ad.u.fs.path.dentry = dentry; | |
1422 | 1419 | |
1423 | 1420 | rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, |
1424 | 1421 | DIR__ADD_NAME | DIR__SEARCH, |
... | ... | @@ -1476,7 +1473,7 @@ |
1476 | 1473 | isec = dentry->d_inode->i_security; |
1477 | 1474 | |
1478 | 1475 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1479 | - ad.u.fs.dentry = dentry; | |
1476 | + ad.u.fs.path.dentry = dentry; | |
1480 | 1477 | |
1481 | 1478 | av = DIR__SEARCH; |
1482 | 1479 | av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); |
... | ... | @@ -1523,7 +1520,7 @@ |
1523 | 1520 | |
1524 | 1521 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1525 | 1522 | |
1526 | - ad.u.fs.dentry = old_dentry; | |
1523 | + ad.u.fs.path.dentry = old_dentry; | |
1527 | 1524 | rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, |
1528 | 1525 | DIR__REMOVE_NAME | DIR__SEARCH, &ad); |
1529 | 1526 | if (rc) |
... | ... | @@ -1539,7 +1536,7 @@ |
1539 | 1536 | return rc; |
1540 | 1537 | } |
1541 | 1538 | |
1542 | - ad.u.fs.dentry = new_dentry; | |
1539 | + ad.u.fs.path.dentry = new_dentry; | |
1543 | 1540 | av = DIR__ADD_NAME | DIR__SEARCH; |
1544 | 1541 | if (new_dentry->d_inode) |
1545 | 1542 | av |= DIR__REMOVE_NAME; |
... | ... | @@ -1918,8 +1915,7 @@ |
1918 | 1915 | } |
1919 | 1916 | |
1920 | 1917 | AVC_AUDIT_DATA_INIT(&ad, FS); |
1921 | - ad.u.fs.mnt = bprm->file->f_path.mnt; | |
1922 | - ad.u.fs.dentry = bprm->file->f_path.dentry; | |
1918 | + ad.u.fs.path = bprm->file->f_path; | |
1923 | 1919 | |
1924 | 1920 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
1925 | 1921 | newsid = tsec->sid; |
... | ... | @@ -2315,7 +2311,7 @@ |
2315 | 2311 | return rc; |
2316 | 2312 | |
2317 | 2313 | AVC_AUDIT_DATA_INIT(&ad,FS); |
2318 | - ad.u.fs.dentry = sb->s_root; | |
2314 | + ad.u.fs.path.dentry = sb->s_root; | |
2319 | 2315 | return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); |
2320 | 2316 | } |
2321 | 2317 | |
... | ... | @@ -2324,7 +2320,7 @@ |
2324 | 2320 | struct avc_audit_data ad; |
2325 | 2321 | |
2326 | 2322 | AVC_AUDIT_DATA_INIT(&ad,FS); |
2327 | - ad.u.fs.dentry = dentry->d_sb->s_root; | |
2323 | + ad.u.fs.path.dentry = dentry->d_sb->s_root; | |
2328 | 2324 | return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
2329 | 2325 | } |
2330 | 2326 | |
... | ... | @@ -2587,7 +2583,7 @@ |
2587 | 2583 | return -EPERM; |
2588 | 2584 | |
2589 | 2585 | AVC_AUDIT_DATA_INIT(&ad,FS); |
2590 | - ad.u.fs.dentry = dentry; | |
2586 | + ad.u.fs.path.dentry = dentry; | |
2591 | 2587 | |
2592 | 2588 | rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, |
2593 | 2589 | FILE__RELABELFROM, &ad); |
security/selinux/include/avc.h
... | ... | @@ -13,6 +13,7 @@ |
13 | 13 | #include <linux/spinlock.h> |
14 | 14 | #include <linux/init.h> |
15 | 15 | #include <linux/in6.h> |
16 | +#include <linux/path.h> | |
16 | 17 | #include <asm/system.h> |
17 | 18 | #include "flask.h" |
18 | 19 | #include "av_permissions.h" |
... | ... | @@ -30,8 +31,6 @@ |
30 | 31 | struct avc_entry; |
31 | 32 | |
32 | 33 | struct task_struct; |
33 | -struct vfsmount; | |
34 | -struct dentry; | |
35 | 34 | struct inode; |
36 | 35 | struct sock; |
37 | 36 | struct sk_buff; |
... | ... | @@ -46,8 +45,7 @@ |
46 | 45 | struct task_struct *tsk; |
47 | 46 | union { |
48 | 47 | struct { |
49 | - struct vfsmount *mnt; | |
50 | - struct dentry *dentry; | |
48 | + struct path path; | |
51 | 49 | struct inode *inode; |
52 | 50 | } fs; |
53 | 51 | struct { |