]>
Commit | Line | Data |
---|---|---|
34318f06 | 1 | fs/namei.c | 9 +++++---- |
2 | include/linux/security.h | 11 +++++++---- | |
3 | security/dummy.c | 2 +- | |
4 | security/selinux/hooks.c | 7 ++++++- | |
5 | 4 files changed, 19 insertions(+), 10 deletions(-) | |
6 | ||
7 | Index: linux-2.6/fs/namei.c | |
8 | =================================================================== | |
9 | RCS file: /nfshome/pal/CVS/linux-2.6/fs/namei.c,v | |
10 | retrieving revision 1.13 | |
11 | diff -u -r1.13 namei.c | |
12 | --- linux-2.6/fs/namei.c 25 Aug 2003 15:29:19 -0000 1.13 | |
13 | +++ linux-2.6/fs/namei.c 24 Sep 2003 14:54:40 -0000 | |
14 | @@ -218,7 +218,7 @@ | |
15 | if (retval) | |
16 | return retval; | |
17 | ||
18 | - return security_inode_permission(inode, mask); | |
19 | + return security_inode_permission(inode, mask, nd); | |
20 | } | |
21 | ||
22 | /* | |
23 | @@ -302,7 +302,8 @@ | |
24 | * short-cut DAC fails, then call permission() to do more | |
25 | * complete permission check. | |
26 | */ | |
27 | -static inline int exec_permission_lite(struct inode *inode) | |
28 | +static inline int exec_permission_lite(struct inode *inode, | |
29 | + struct nameidata *nd) | |
30 | { | |
31 | umode_t mode = inode->i_mode; | |
32 | ||
33 | @@ -325,7 +326,7 @@ | |
34 | ||
35 | return -EACCES; | |
36 | ok: | |
37 | - return security_inode_permission(inode, MAY_EXEC); | |
38 | + return security_inode_permission(inode, MAY_EXEC, nd); | |
39 | } | |
40 | ||
41 | /* | |
42 | @@ -584,7 +585,7 @@ | |
43 | struct qstr this; | |
44 | unsigned int c; | |
45 | ||
46 | - err = exec_permission_lite(inode); | |
47 | + err = exec_permission_lite(inode, nd); | |
48 | if (err == -EAGAIN) { | |
49 | err = permission(inode, MAY_EXEC, nd); | |
50 | } | |
51 | Index: linux-2.6/include/linux/security.h | |
52 | =================================================================== | |
53 | RCS file: /nfshome/pal/CVS/linux-2.6/include/linux/security.h,v | |
54 | retrieving revision 1.25 | |
55 | diff -u -r1.25 security.h | |
56 | --- linux-2.6/include/linux/security.h 24 Jun 2003 14:55:43 -0000 1.25 | |
57 | +++ linux-2.6/include/linux/security.h 24 Sep 2003 14:55:17 -0000 | |
58 | @@ -334,6 +334,7 @@ | |
59 | * called when the actual read/write operations are performed. | |
60 | * @inode contains the inode structure to check. | |
61 | * @mask contains the permission mask. | |
62 | + * @nd contains the nameidata (may be NULL). | |
63 | * Return 0 if permission is granted. | |
64 | * @inode_setattr: | |
65 | * Check permission before setting file attributes. Note that the kernel | |
66 | @@ -1055,7 +1056,7 @@ | |
67 | struct dentry *new_dentry); | |
68 | int (*inode_readlink) (struct dentry *dentry); | |
69 | int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); | |
70 | - int (*inode_permission) (struct inode *inode, int mask); | |
71 | + int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); | |
72 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); | |
73 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); | |
74 | void (*inode_delete) (struct inode *inode); | |
75 | @@ -1474,9 +1475,10 @@ | |
76 | return security_ops->inode_follow_link (dentry, nd); | |
77 | } | |
78 | ||
79 | -static inline int security_inode_permission (struct inode *inode, int mask) | |
80 | +static inline int security_inode_permission (struct inode *inode, int mask, | |
81 | + struct nameidata *nd) | |
82 | { | |
83 | - return security_ops->inode_permission (inode, mask); | |
84 | + return security_ops->inode_permission (inode, mask, nd); | |
85 | } | |
86 | ||
87 | static inline int security_inode_setattr (struct dentry *dentry, | |
88 | @@ -2110,7 +2112,8 @@ | |
89 | return 0; | |
90 | } | |
91 | ||
92 | -static inline int security_inode_permission (struct inode *inode, int mask) | |
93 | +static inline int security_inode_permission (struct inode *inode, int mask, | |
94 | + struct nameidata *nd) | |
95 | { | |
96 | return 0; | |
97 | } | |
98 | Index: linux-2.6/security/dummy.c | |
99 | =================================================================== | |
100 | RCS file: /nfshome/pal/CVS/linux-2.6/security/dummy.c,v | |
101 | retrieving revision 1.22 | |
102 | diff -u -r1.22 dummy.c | |
103 | --- linux-2.6/security/dummy.c 3 Jul 2003 14:31:12 -0000 1.22 | |
104 | +++ linux-2.6/security/dummy.c 24 Sep 2003 14:54:40 -0000 | |
105 | @@ -364,7 +364,7 @@ | |
106 | return 0; | |
107 | } | |
108 | ||
109 | -static int dummy_inode_permission (struct inode *inode, int mask) | |
110 | +static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd) | |
111 | { | |
112 | return 0; | |
113 | } | |
114 | Index: linux-2.6/security/selinux/hooks.c | |
115 | =================================================================== | |
116 | RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v | |
117 | retrieving revision 1.73 | |
118 | diff -u -r1.73 hooks.c | |
119 | --- linux-2.6/security/selinux/hooks.c 4 Sep 2003 18:23:49 -0000 1.73 | |
120 | +++ linux-2.6/security/selinux/hooks.c 24 Sep 2003 14:54:40 -0000 | |
121 | @@ -1730,12 +1730,17 @@ | |
122 | return dentry_has_perm(current, NULL, dentry, FILE__READ); | |
123 | } | |
124 | ||
125 | -static int selinux_inode_permission(struct inode *inode, int mask) | |
126 | +static int selinux_inode_permission(struct inode *inode, int mask, | |
127 | + struct nameidata *nd) | |
128 | { | |
129 | if (!mask) { | |
130 | /* No permission to check. Existence test. */ | |
131 | return 0; | |
132 | } | |
133 | + | |
134 | + if (nd && nd->dentry) | |
135 | + return dentry_has_perm(current, nd->mnt, nd->dentry, | |
136 | + file_mask_to_av(inode->i_mode, mask)); | |
137 | ||
138 | return inode_has_perm(current, inode, | |
139 | file_mask_to_av(inode->i_mode, mask), NULL, NULL); |