Commit b5266eb4c8d1a2887a19aaec8144ee4ad1b054c3
1 parent
1a60a28077
Exists in
master
and in
7 other branches
[PATCH] switch a bunch of LSM hooks from nameidata to path
Namely, ones from namespace.c Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 6 changed files with 53 additions and 52 deletions Side-by-side Diff
fs/namespace.c
... | ... | @@ -1220,7 +1220,7 @@ |
1220 | 1220 | if (IS_DEADDIR(nd->path.dentry->d_inode)) |
1221 | 1221 | goto out_unlock; |
1222 | 1222 | |
1223 | - err = security_sb_check_sb(mnt, nd); | |
1223 | + err = security_sb_check_sb(mnt, &nd->path); | |
1224 | 1224 | if (err) |
1225 | 1225 | goto out_unlock; |
1226 | 1226 | |
... | ... | @@ -1230,7 +1230,7 @@ |
1230 | 1230 | out_unlock: |
1231 | 1231 | mutex_unlock(&nd->path.dentry->d_inode->i_mutex); |
1232 | 1232 | if (!err) |
1233 | - security_sb_post_addmount(mnt, nd); | |
1233 | + security_sb_post_addmount(mnt, &nd->path); | |
1234 | 1234 | return err; |
1235 | 1235 | } |
1236 | 1236 | |
... | ... | @@ -1746,7 +1746,8 @@ |
1746 | 1746 | if (retval) |
1747 | 1747 | return retval; |
1748 | 1748 | |
1749 | - retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page); | |
1749 | + retval = security_sb_mount(dev_name, &nd.path, | |
1750 | + type_page, flags, data_page); | |
1750 | 1751 | if (retval) |
1751 | 1752 | goto dput_out; |
1752 | 1753 | |
... | ... | @@ -2007,7 +2008,7 @@ |
2007 | 2008 | if (error) |
2008 | 2009 | goto out1; |
2009 | 2010 | |
2010 | - error = security_sb_pivotroot(&old_nd, &new_nd); | |
2011 | + error = security_sb_pivotroot(&old_nd.path, &new_nd.path); | |
2011 | 2012 | if (error) { |
2012 | 2013 | path_put(&old_nd.path); |
2013 | 2014 | goto out1; |
... | ... | @@ -2070,7 +2071,7 @@ |
2070 | 2071 | touch_mnt_namespace(current->nsproxy->mnt_ns); |
2071 | 2072 | spin_unlock(&vfsmount_lock); |
2072 | 2073 | chroot_fs_refs(&user_nd.path, &new_nd.path); |
2073 | - security_sb_post_pivotroot(&user_nd, &new_nd); | |
2074 | + security_sb_post_pivotroot(&user_nd.path, &new_nd.path); | |
2074 | 2075 | error = 0; |
2075 | 2076 | path_put(&root_parent); |
2076 | 2077 | path_put(&parent_path); |
include/linux/security.h
... | ... | @@ -230,7 +230,7 @@ |
230 | 230 | * loopback/bind mount (@flags & MS_BIND), @dev_name identifies the |
231 | 231 | * pathname of the object being mounted. |
232 | 232 | * @dev_name contains the name for object being mounted. |
233 | - * @nd contains the nameidata structure for mount point object. | |
233 | + * @path contains the path for mount point object. | |
234 | 234 | * @type contains the filesystem type. |
235 | 235 | * @flags contains the mount flags. |
236 | 236 | * @data contains the filesystem-specific data. |
... | ... | @@ -249,7 +249,7 @@ |
249 | 249 | * Check permission before the device with superblock @mnt->sb is mounted |
250 | 250 | * on the mount point named by @nd. |
251 | 251 | * @mnt contains the vfsmount for device being mounted. |
252 | - * @nd contains the nameidata object for the mount point. | |
252 | + * @path contains the path for the mount point. | |
253 | 253 | * Return 0 if permission is granted. |
254 | 254 | * @sb_umount: |
255 | 255 | * Check permission before the @mnt file system is unmounted. |
256 | 256 | |
257 | 257 | |
... | ... | @@ -278,16 +278,16 @@ |
278 | 278 | * This hook is called any time a mount is successfully grafetd to |
279 | 279 | * the tree. |
280 | 280 | * @mnt contains the mounted filesystem. |
281 | - * @mountpoint_nd contains the nameidata structure for the mount point. | |
281 | + * @mountpoint contains the path for the mount point. | |
282 | 282 | * @sb_pivotroot: |
283 | 283 | * Check permission before pivoting the root filesystem. |
284 | - * @old_nd contains the nameidata structure for the new location of the current root (put_old). | |
285 | - * @new_nd contains the nameidata structure for the new root (new_root). | |
284 | + * @old_path contains the path for the new location of the current root (put_old). | |
285 | + * @new_path contains the path for the new root (new_root). | |
286 | 286 | * Return 0 if permission is granted. |
287 | 287 | * @sb_post_pivotroot: |
288 | 288 | * Update module state after a successful pivot. |
289 | - * @old_nd contains the nameidata structure for the old root. | |
290 | - * @new_nd contains the nameidata structure for the new root. | |
289 | + * @old_path contains the path for the old root. | |
290 | + * @new_path contains the path for the new root. | |
291 | 291 | * @sb_get_mnt_opts: |
292 | 292 | * Get the security relevant mount options used for a superblock |
293 | 293 | * @sb the superblock to get security mount options from |
294 | 294 | |
295 | 295 | |
... | ... | @@ -1315,20 +1315,20 @@ |
1315 | 1315 | int (*sb_copy_data)(char *orig, char *copy); |
1316 | 1316 | int (*sb_kern_mount) (struct super_block *sb, void *data); |
1317 | 1317 | int (*sb_statfs) (struct dentry *dentry); |
1318 | - int (*sb_mount) (char *dev_name, struct nameidata * nd, | |
1318 | + int (*sb_mount) (char *dev_name, struct path *path, | |
1319 | 1319 | char *type, unsigned long flags, void *data); |
1320 | - int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd); | |
1320 | + int (*sb_check_sb) (struct vfsmount * mnt, struct path *path); | |
1321 | 1321 | int (*sb_umount) (struct vfsmount * mnt, int flags); |
1322 | 1322 | void (*sb_umount_close) (struct vfsmount * mnt); |
1323 | 1323 | void (*sb_umount_busy) (struct vfsmount * mnt); |
1324 | 1324 | void (*sb_post_remount) (struct vfsmount * mnt, |
1325 | 1325 | unsigned long flags, void *data); |
1326 | 1326 | void (*sb_post_addmount) (struct vfsmount * mnt, |
1327 | - struct nameidata * mountpoint_nd); | |
1328 | - int (*sb_pivotroot) (struct nameidata * old_nd, | |
1329 | - struct nameidata * new_nd); | |
1330 | - void (*sb_post_pivotroot) (struct nameidata * old_nd, | |
1331 | - struct nameidata * new_nd); | |
1327 | + struct path *mountpoint); | |
1328 | + int (*sb_pivotroot) (struct path *old_path, | |
1329 | + struct path *new_path); | |
1330 | + void (*sb_post_pivotroot) (struct path *old_path, | |
1331 | + struct path *new_path); | |
1332 | 1332 | int (*sb_get_mnt_opts) (const struct super_block *sb, |
1333 | 1333 | struct security_mnt_opts *opts); |
1334 | 1334 | int (*sb_set_mnt_opts) (struct super_block *sb, |
1335 | 1335 | |
1336 | 1336 | |
... | ... | @@ -1593,16 +1593,16 @@ |
1593 | 1593 | int security_sb_copy_data(char *orig, char *copy); |
1594 | 1594 | int security_sb_kern_mount(struct super_block *sb, void *data); |
1595 | 1595 | int security_sb_statfs(struct dentry *dentry); |
1596 | -int security_sb_mount(char *dev_name, struct nameidata *nd, | |
1596 | +int security_sb_mount(char *dev_name, struct path *path, | |
1597 | 1597 | char *type, unsigned long flags, void *data); |
1598 | -int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd); | |
1598 | +int security_sb_check_sb(struct vfsmount *mnt, struct path *path); | |
1599 | 1599 | int security_sb_umount(struct vfsmount *mnt, int flags); |
1600 | 1600 | void security_sb_umount_close(struct vfsmount *mnt); |
1601 | 1601 | void security_sb_umount_busy(struct vfsmount *mnt); |
1602 | 1602 | void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); |
1603 | -void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd); | |
1604 | -int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); | |
1605 | -void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); | |
1603 | +void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); | |
1604 | +int security_sb_pivotroot(struct path *old_path, struct path *new_path); | |
1605 | +void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); | |
1606 | 1606 | int security_sb_get_mnt_opts(const struct super_block *sb, |
1607 | 1607 | struct security_mnt_opts *opts); |
1608 | 1608 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); |
... | ... | @@ -1872,7 +1872,7 @@ |
1872 | 1872 | return 0; |
1873 | 1873 | } |
1874 | 1874 | |
1875 | -static inline int security_sb_mount (char *dev_name, struct nameidata *nd, | |
1875 | +static inline int security_sb_mount (char *dev_name, struct path *path, | |
1876 | 1876 | char *type, unsigned long flags, |
1877 | 1877 | void *data) |
1878 | 1878 | { |
... | ... | @@ -1880,7 +1880,7 @@ |
1880 | 1880 | } |
1881 | 1881 | |
1882 | 1882 | static inline int security_sb_check_sb (struct vfsmount *mnt, |
1883 | - struct nameidata *nd) | |
1883 | + struct path *path) | |
1884 | 1884 | { |
1885 | 1885 | return 0; |
1886 | 1886 | } |
1887 | 1887 | |
1888 | 1888 | |
... | ... | @@ -1901,17 +1901,17 @@ |
1901 | 1901 | { } |
1902 | 1902 | |
1903 | 1903 | static inline void security_sb_post_addmount (struct vfsmount *mnt, |
1904 | - struct nameidata *mountpoint_nd) | |
1904 | + struct path *mountpoint) | |
1905 | 1905 | { } |
1906 | 1906 | |
1907 | -static inline int security_sb_pivotroot (struct nameidata *old_nd, | |
1908 | - struct nameidata *new_nd) | |
1907 | +static inline int security_sb_pivotroot (struct path *old_path, | |
1908 | + struct path *new_path) | |
1909 | 1909 | { |
1910 | 1910 | return 0; |
1911 | 1911 | } |
1912 | 1912 | |
1913 | -static inline void security_sb_post_pivotroot (struct nameidata *old_nd, | |
1914 | - struct nameidata *new_nd) | |
1913 | +static inline void security_sb_post_pivotroot (struct path *old_path, | |
1914 | + struct path *new_path) | |
1915 | 1915 | { } |
1916 | 1916 | static inline int security_sb_get_mnt_opts(const struct super_block *sb, |
1917 | 1917 | struct security_mnt_opts *opts) |
security/dummy.c
... | ... | @@ -196,13 +196,13 @@ |
196 | 196 | return 0; |
197 | 197 | } |
198 | 198 | |
199 | -static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type, | |
199 | +static int dummy_sb_mount (char *dev_name, struct path *path, char *type, | |
200 | 200 | unsigned long flags, void *data) |
201 | 201 | { |
202 | 202 | return 0; |
203 | 203 | } |
204 | 204 | |
205 | -static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd) | |
205 | +static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path) | |
206 | 206 | { |
207 | 207 | return 0; |
208 | 208 | } |
209 | 209 | |
210 | 210 | |
... | ... | @@ -229,17 +229,17 @@ |
229 | 229 | } |
230 | 230 | |
231 | 231 | |
232 | -static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd) | |
232 | +static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path) | |
233 | 233 | { |
234 | 234 | return; |
235 | 235 | } |
236 | 236 | |
237 | -static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) | |
237 | +static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path) | |
238 | 238 | { |
239 | 239 | return 0; |
240 | 240 | } |
241 | 241 | |
242 | -static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) | |
242 | +static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path) | |
243 | 243 | { |
244 | 244 | return; |
245 | 245 | } |
security/security.c
... | ... | @@ -296,15 +296,15 @@ |
296 | 296 | return security_ops->sb_statfs(dentry); |
297 | 297 | } |
298 | 298 | |
299 | -int security_sb_mount(char *dev_name, struct nameidata *nd, | |
299 | +int security_sb_mount(char *dev_name, struct path *path, | |
300 | 300 | char *type, unsigned long flags, void *data) |
301 | 301 | { |
302 | - return security_ops->sb_mount(dev_name, nd, type, flags, data); | |
302 | + return security_ops->sb_mount(dev_name, path, type, flags, data); | |
303 | 303 | } |
304 | 304 | |
305 | -int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd) | |
305 | +int security_sb_check_sb(struct vfsmount *mnt, struct path *path) | |
306 | 306 | { |
307 | - return security_ops->sb_check_sb(mnt, nd); | |
307 | + return security_ops->sb_check_sb(mnt, path); | |
308 | 308 | } |
309 | 309 | |
310 | 310 | int security_sb_umount(struct vfsmount *mnt, int flags) |
311 | 311 | |
312 | 312 | |
313 | 313 | |
314 | 314 | |
315 | 315 | |
... | ... | @@ -327,19 +327,19 @@ |
327 | 327 | security_ops->sb_post_remount(mnt, flags, data); |
328 | 328 | } |
329 | 329 | |
330 | -void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd) | |
330 | +void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint) | |
331 | 331 | { |
332 | - security_ops->sb_post_addmount(mnt, mountpoint_nd); | |
332 | + security_ops->sb_post_addmount(mnt, mountpoint); | |
333 | 333 | } |
334 | 334 | |
335 | -int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd) | |
335 | +int security_sb_pivotroot(struct path *old_path, struct path *new_path) | |
336 | 336 | { |
337 | - return security_ops->sb_pivotroot(old_nd, new_nd); | |
337 | + return security_ops->sb_pivotroot(old_path, new_path); | |
338 | 338 | } |
339 | 339 | |
340 | -void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd) | |
340 | +void security_sb_post_pivotroot(struct path *old_path, struct path *new_path) | |
341 | 341 | { |
342 | - security_ops->sb_post_pivotroot(old_nd, new_nd); | |
342 | + security_ops->sb_post_pivotroot(old_path, new_path); | |
343 | 343 | } |
344 | 344 | |
345 | 345 | int security_sb_get_mnt_opts(const struct super_block *sb, |
security/selinux/hooks.c
... | ... | @@ -2392,22 +2392,22 @@ |
2392 | 2392 | } |
2393 | 2393 | |
2394 | 2394 | static int selinux_mount(char *dev_name, |
2395 | - struct nameidata *nd, | |
2395 | + struct path *path, | |
2396 | 2396 | char *type, |
2397 | 2397 | unsigned long flags, |
2398 | 2398 | void *data) |
2399 | 2399 | { |
2400 | 2400 | int rc; |
2401 | 2401 | |
2402 | - rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data); | |
2402 | + rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); | |
2403 | 2403 | if (rc) |
2404 | 2404 | return rc; |
2405 | 2405 | |
2406 | 2406 | if (flags & MS_REMOUNT) |
2407 | - return superblock_has_perm(current, nd->path.mnt->mnt_sb, | |
2407 | + return superblock_has_perm(current, path->mnt->mnt_sb, | |
2408 | 2408 | FILESYSTEM__REMOUNT, NULL); |
2409 | 2409 | else |
2410 | - return dentry_has_perm(current, nd->path.mnt, nd->path.dentry, | |
2410 | + return dentry_has_perm(current, path->mnt, path->dentry, | |
2411 | 2411 | FILE__MOUNTON); |
2412 | 2412 | } |
2413 | 2413 |
security/smack/smack_lsm.c
... | ... | @@ -315,10 +315,10 @@ |
315 | 315 | * Returns 0 if current can write the floor of the filesystem |
316 | 316 | * being mounted on, an error code otherwise. |
317 | 317 | */ |
318 | -static int smack_sb_mount(char *dev_name, struct nameidata *nd, | |
318 | +static int smack_sb_mount(char *dev_name, struct path *path, | |
319 | 319 | char *type, unsigned long flags, void *data) |
320 | 320 | { |
321 | - struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security; | |
321 | + struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; | |
322 | 322 | |
323 | 323 | return smk_curacc(sbp->smk_floor, MAY_WRITE); |
324 | 324 | } |