1 fs/namei.c | 9 +++++----
2 include/linux/security.h | 11 +++++++----
3 security/dummy.c | 2 +-
4 security/selinux/hooks.c | 7 ++++++-
5 4 files changed, 19 insertions(+), 10 deletions(-)
7 Index: linux-2.6/fs/namei.c
8 ===================================================================
9 RCS file: /nfshome/pal/CVS/linux-2.6/fs/namei.c,v
10 retrieving revision 1.13
11 diff -u -r1.13 namei.c
12 --- linux-2.6/fs/namei.c 25 Aug 2003 15:29:19 -0000 1.13
13 +++ linux-2.6/fs/namei.c 24 Sep 2003 14:54:40 -0000
18 - return security_inode_permission(inode, mask);
19 + return security_inode_permission(inode, mask, nd);
24 * short-cut DAC fails, then call permission() to do more
25 * complete permission check.
27 -static inline int exec_permission_lite(struct inode *inode)
28 +static inline int exec_permission_lite(struct inode *inode,
29 + struct nameidata *nd)
31 umode_t mode = inode->i_mode;
37 - return security_inode_permission(inode, MAY_EXEC);
38 + return security_inode_permission(inode, MAY_EXEC, nd);
46 - err = exec_permission_lite(inode);
47 + err = exec_permission_lite(inode, nd);
49 err = permission(inode, MAY_EXEC, nd);
51 Index: linux-2.6/include/linux/security.h
52 ===================================================================
53 RCS file: /nfshome/pal/CVS/linux-2.6/include/linux/security.h,v
54 retrieving revision 1.25
55 diff -u -r1.25 security.h
56 --- linux-2.6/include/linux/security.h 24 Jun 2003 14:55:43 -0000 1.25
57 +++ linux-2.6/include/linux/security.h 24 Sep 2003 14:55:17 -0000
59 * called when the actual read/write operations are performed.
60 * @inode contains the inode structure to check.
61 * @mask contains the permission mask.
62 + * @nd contains the nameidata (may be NULL).
63 * Return 0 if permission is granted.
65 * Check permission before setting file attributes. Note that the kernel
67 struct dentry *new_dentry);
68 int (*inode_readlink) (struct dentry *dentry);
69 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
70 - int (*inode_permission) (struct inode *inode, int mask);
71 + int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
72 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
73 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
74 void (*inode_delete) (struct inode *inode);
75 @@ -1474,9 +1475,10 @@
76 return security_ops->inode_follow_link (dentry, nd);
79 -static inline int security_inode_permission (struct inode *inode, int mask)
80 +static inline int security_inode_permission (struct inode *inode, int mask,
81 + struct nameidata *nd)
83 - return security_ops->inode_permission (inode, mask);
84 + return security_ops->inode_permission (inode, mask, nd);
87 static inline int security_inode_setattr (struct dentry *dentry,
92 -static inline int security_inode_permission (struct inode *inode, int mask)
93 +static inline int security_inode_permission (struct inode *inode, int mask,
94 + struct nameidata *nd)
98 Index: linux-2.6/security/dummy.c
99 ===================================================================
100 RCS file: /nfshome/pal/CVS/linux-2.6/security/dummy.c,v
101 retrieving revision 1.22
102 diff -u -r1.22 dummy.c
103 --- linux-2.6/security/dummy.c 3 Jul 2003 14:31:12 -0000 1.22
104 +++ linux-2.6/security/dummy.c 24 Sep 2003 14:54:40 -0000
109 -static int dummy_inode_permission (struct inode *inode, int mask)
110 +static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd)
114 Index: linux-2.6/security/selinux/hooks.c
115 ===================================================================
116 RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v
117 retrieving revision 1.73
118 diff -u -r1.73 hooks.c
119 --- linux-2.6/security/selinux/hooks.c 4 Sep 2003 18:23:49 -0000 1.73
120 +++ linux-2.6/security/selinux/hooks.c 24 Sep 2003 14:54:40 -0000
121 @@ -1730,12 +1730,17 @@
122 return dentry_has_perm(current, NULL, dentry, FILE__READ);
125 -static int selinux_inode_permission(struct inode *inode, int mask)
126 +static int selinux_inode_permission(struct inode *inode, int mask,
127 + struct nameidata *nd)
130 /* No permission to check. Existence test. */
134 + if (nd && nd->dentry)
135 + return dentry_has_perm(current, nd->mnt, nd->dentry,
136 + file_mask_to_av(inode->i_mode, mask));
138 return inode_has_perm(current, inode,
139 file_mask_to_av(inode->i_mode, mask), NULL, NULL);