summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/file.c4
-rw-r--r--security/apparmor/include/file.h4
-rw-r--r--security/apparmor/include/path.h2
-rw-r--r--security/apparmor/lsm.c83
-rw-r--r--security/apparmor/path.c8
-rw-r--r--security/commoncap.c8
-rw-r--r--security/integrity/evm/evm_main.c6
-rw-r--r--security/integrity/ima/ima.h2
-rw-r--r--security/integrity/ima/ima_api.c2
-rw-r--r--security/integrity/ima/ima_policy.c4
-rw-r--r--security/security.c30
-rw-r--r--security/selinux/hooks.c13
-rw-r--r--security/selinux/nlmsgtab.c4
-rw-r--r--security/smack/smack_lsm.c6
-rw-r--r--security/tomoyo/common.h12
-rw-r--r--security/tomoyo/file.c10
-rw-r--r--security/tomoyo/mount.c4
-rw-r--r--security/tomoyo/tomoyo.c28
18 files changed, 105 insertions, 125 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 913f377a038a..d186674f973a 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry)
*
* Returns: %0 else error if access denied or other error
*/
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
+int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond)
{
char *buffer = NULL;
@@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target)
* Returns: %0 if allowed else error
*/
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
+ const struct path *new_dir, struct dentry *new_dentry)
{
struct path link = { new_dir->mnt, new_dentry };
struct path target = { new_dir->mnt, old_dentry };
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 2c922b86bd44..4803c97d1992 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -171,11 +171,11 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
const char *name, struct path_cond *cond,
struct file_perms *perms);
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
+int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond);
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry);
+ const struct path *new_dir, struct dentry *new_dentry);
int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
u32 request);
diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
index 286ac75dc88b..73560f258784 100644
--- a/security/apparmor/include/path.h
+++ b/security/apparmor/include/path.h
@@ -26,7 +26,7 @@ enum path_flags {
PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
};
-int aa_path_name(struct path *path, int flags, char **buffer,
+int aa_path_name(const struct path *path, int flags, char **buffer,
const char **name, const char **info);
#endif /* __AA_PATH_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index dec607c17b64..2660fbcf94d1 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm(int op, struct path *path, u32 mask,
+static int common_perm(int op, const struct path *path, u32 mask,
struct path_cond *cond)
{
struct aa_profile *profile;
@@ -172,7 +172,7 @@ static int common_perm(int op, struct path *path, u32 mask,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_dir_dentry(int op, struct path *dir,
+static int common_perm_dir_dentry(int op, const struct path *dir,
struct dentry *dentry, u32 mask,
struct path_cond *cond)
{
@@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir,
}
/**
- * common_perm_mnt_dentry - common permission wrapper when mnt, dentry
+ * common_perm_path - common permission wrapper when mnt, dentry
* @op: operation being checked
- * @mnt: mount point of dentry (NOT NULL)
- * @dentry: dentry to check (NOT NULL)
+ * @path: location to check (NOT NULL)
* @mask: requested permissions mask
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
- struct dentry *dentry, u32 mask)
+static inline int common_perm_path(int op, const struct path *path, u32 mask)
{
- struct path path = { mnt, dentry };
- struct path_cond cond = { d_backing_inode(dentry)->i_uid,
- d_backing_inode(dentry)->i_mode
+ struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
+ d_backing_inode(path->dentry)->i_mode
};
+ if (!mediated_filesystem(path->dentry))
+ return 0;
- return common_perm(op, &path, mask, &cond);
+ return common_perm(op, path, mask, &cond);
}
/**
@@ -210,13 +209,13 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_rm(int op, struct path *dir,
+static int common_perm_rm(int op, const struct path *dir,
struct dentry *dentry, u32 mask)
{
struct inode *inode = d_backing_inode(dentry);
struct path_cond cond = { };
- if (!inode || !dir->mnt || !mediated_filesystem(dentry))
+ if (!inode || !mediated_filesystem(dentry))
return 0;
cond.uid = inode->i_uid;
@@ -235,61 +234,53 @@ static int common_perm_rm(int op, struct path *dir,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
- u32 mask, umode_t mode)
+static int common_perm_create(int op, const struct path *dir,
+ struct dentry *dentry, u32 mask, umode_t mode)
{
struct path_cond cond = { current_fsuid(), mode };
- if (!dir->mnt || !mediated_filesystem(dir->dentry))
+ if (!mediated_filesystem(dir->dentry))
return 0;
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
}
-static int apparmor_path_unlink(struct path *dir, struct dentry *dentry)
+static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry)
{
return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
}
-static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
+static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry,
umode_t mode)
{
return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
S_IFDIR);
}
-static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry)
+static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry)
{
return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
}
-static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
+static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
}
-static int apparmor_path_truncate(struct path *path)
+static int apparmor_path_truncate(const struct path *path)
{
- struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
- d_backing_inode(path->dentry)->i_mode
- };
-
- if (!path->mnt || !mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
- &cond);
+ return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
}
-static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
+static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
S_IFLNK);
}
-static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
+static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
struct aa_profile *profile;
@@ -304,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
return error;
}
-static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
+static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry)
{
struct aa_profile *profile;
int error = 0;
@@ -334,33 +325,19 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
return error;
}
-static int apparmor_path_chmod(struct path *path, umode_t mode)
+static int apparmor_path_chmod(const struct path *path, umode_t mode)
{
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
+ return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
}
-static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
- struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
- d_backing_inode(path->dentry)->i_mode
- };
-
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
+ return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
}
static int apparmor_inode_getattr(const struct path *path)
{
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry,
- AA_MAY_META_READ);
+ return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
}
static int apparmor_file_open(struct file *file, const struct cred *cred)
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 71e0e3a15b9d..edddc026406b 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
* When no error the path name is returned in @name which points to
* to a position in @buf
*/
-static int d_namespace_path(struct path *path, char *buf, int buflen,
+static int d_namespace_path(const struct path *path, char *buf, int buflen,
char **name, int flags)
{
char *res;
@@ -158,7 +158,7 @@ out:
*
* Returns: %0 else error on failure
*/
-static int get_name_to_buffer(struct path *path, int flags, char *buffer,
+static int get_name_to_buffer(const struct path *path, int flags, char *buffer,
int size, char **name, const char **info)
{
int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
@@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer,
*
* Returns: %0 else error code if could retrieve name
*/
-int aa_path_name(struct path *path, int flags, char **buffer, const char **name,
- const char **info)
+int aa_path_name(const struct path *path, int flags, char **buffer,
+ const char **name, const char **info)
{
char *buf, *str = NULL;
int size = 256;
diff --git a/security/commoncap.c b/security/commoncap.c
index 48071ed7c445..e7fadde737f4 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -111,7 +111,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
* Determine whether the current process may set the system clock and timezone
* information, returning 0 if permission granted, -ve if denied.
*/
-int cap_settime(const struct timespec *ts, const struct timezone *tz)
+int cap_settime(const struct timespec64 *ts, const struct timezone *tz)
{
if (!capable(CAP_SYS_TIME))
return -EPERM;
@@ -313,7 +313,7 @@ int cap_inode_need_killpriv(struct dentry *dentry)
if (!inode->i_op->getxattr)
return 0;
- error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0);
+ error = inode->i_op->getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0);
if (error <= 0)
return 0;
return 1;
@@ -397,8 +397,8 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
if (!inode || !inode->i_op->getxattr)
return -ENODATA;
- size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps,
- XATTR_CAPS_SZ);
+ size = inode->i_op->getxattr((struct dentry *)dentry, inode,
+ XATTR_NAME_CAPS, &caps, XATTR_CAPS_SZ);
if (size == -ENODATA || size == -EOPNOTSUPP)
/* no data, that's ok */
return -ENODATA;
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index e6ea9d4b1de9..b9e26288d30c 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -82,7 +82,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry)
return -EOPNOTSUPP;
for (xattr = evm_config_xattrnames; *xattr != NULL; xattr++) {
- error = inode->i_op->getxattr(dentry, *xattr, NULL, 0);
+ error = inode->i_op->getxattr(dentry, inode, *xattr, NULL, 0);
if (error < 0) {
if (error == -ENODATA)
continue;
@@ -299,8 +299,8 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
return 0;
/* exception for pseudo filesystems */
- if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC
- || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC)
+ if (dentry->d_sb->s_magic == TMPFS_MAGIC
+ || dentry->d_sb->s_magic == SYSFS_MAGIC)
return 0;
integrity_audit_msg(AUDIT_INTEGRITY_METADATA,
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 5d0f61163d98..d3a939bf2781 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
int ima_store_template(struct ima_template_entry *entry, int violation,
struct inode *inode, const unsigned char *filename);
void ima_free_template_entry(struct ima_template_entry *entry);
-const char *ima_d_path(struct path *path, char **pathbuf);
+const char *ima_d_path(const struct path *path, char **pathbuf);
/* IMA policy related functions */
int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 370e42dfc5c5..5a2218fe877a 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
iint->flags |= IMA_AUDITED;
}
-const char *ima_d_path(struct path *path, char **pathbuf)
+const char *ima_d_path(const struct path *path, char **pathbuf)
{
char *pathname = NULL;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index be09e2cacf82..3cd0a58672dd 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -884,10 +884,10 @@ static char *func_tokens[] = {
"BPRM_CHECK",
"MODULE_CHECK",
"FIRMWARE_CHECK",
+ "POST_SETATTR",
"KEXEC_KERNEL_CHECK",
"KEXEC_INITRAMFS_CHECK",
- "POLICY_CHECK",
- "POST_SETATTR"
+ "POLICY_CHECK"
};
void *ima_policy_start(struct seq_file *m, loff_t *pos)
diff --git a/security/security.c b/security/security.c
index e42860899f23..709569305d32 100644
--- a/security/security.c
+++ b/security/security.c
@@ -209,7 +209,7 @@ int security_syslog(int type)
return call_int_hook(syslog, 0, type);
}
-int security_settime(const struct timespec *ts, const struct timezone *tz)
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
{
return call_int_hook(settime, 0, ts, tz);
}
@@ -303,7 +303,7 @@ int security_sb_statfs(struct dentry *dentry)
return call_int_hook(sb_statfs, 0, dentry);
}
-int security_sb_mount(const char *dev_name, struct path *path,
+int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
@@ -314,7 +314,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
return call_int_hook(sb_umount, 0, mnt, flags);
}
-int security_sb_pivotroot(struct path *old_path, struct path *new_path)
+int security_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
return call_int_hook(sb_pivotroot, 0, old_path, new_path);
}
@@ -411,7 +411,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
EXPORT_SYMBOL(security_old_inode_init_security);
#ifdef CONFIG_SECURITY_PATH
-int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
+int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
@@ -420,7 +420,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
}
EXPORT_SYMBOL(security_path_mknod);
-int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
+int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
@@ -428,14 +428,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
}
EXPORT_SYMBOL(security_path_mkdir);
-int security_path_rmdir(struct path *dir, struct dentry *dentry)
+int security_path_rmdir(const struct path *dir, struct dentry *dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
-int security_path_unlink(struct path *dir, struct dentry *dentry)
+int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
@@ -443,7 +443,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry)
}
EXPORT_SYMBOL(security_path_unlink);
-int security_path_symlink(struct path *dir, struct dentry *dentry,
+int security_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
@@ -451,7 +451,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
-int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
@@ -459,8 +459,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
-int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry,
+int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry,
unsigned int flags)
{
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
@@ -479,28 +479,28 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
}
EXPORT_SYMBOL(security_path_rename);
-int security_path_truncate(struct path *path)
+int security_path_truncate(const struct path *path)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
return call_int_hook(path_truncate, 0, path);
}
-int security_path_chmod(struct path *path, umode_t mode)
+int security_path_chmod(const struct path *path, umode_t mode)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
-int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
-int security_path_chroot(struct path *path)
+int security_path_chroot(const struct path *path)
{
return call_int_hook(path_chroot, 0, path);
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a00ab81ab719..a86d537eb79b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -513,7 +513,8 @@ static int sb_finish_set_opts(struct super_block *sb)
rc = -EOPNOTSUPP;
goto out;
}
- rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
+ rc = root_inode->i_op->getxattr(root, root_inode,
+ XATTR_NAME_SELINUX, NULL, 0);
if (rc < 0 && rc != -ENODATA) {
if (rc == -EOPNOTSUPP)
printk(KERN_WARNING "SELinux: (dev %s, type "
@@ -1325,7 +1326,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
u32 *sid)
{
int rc;
- struct super_block *sb = dentry->d_inode->i_sb;
+ struct super_block *sb = dentry->d_sb;
char *buffer, *path;
buffer = (char *)__get_free_page(GFP_KERNEL);
@@ -1421,13 +1422,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
goto out_unlock;
}
context[len] = '\0';
- rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
+ rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX,
context, len);
if (rc == -ERANGE) {
kfree(context);
/* Need a larger buffer. Query for the right size. */
- rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
+ rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX,
NULL, 0);
if (rc < 0) {
dput(dentry);
@@ -1441,7 +1442,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
goto out_unlock;
}
context[len] = '\0';
- rc = inode->i_op->getxattr(dentry,
+ rc = inode->i_op->getxattr(dentry, inode,
XATTR_NAME_SELINUX,
context, len);
}
@@ -2773,7 +2774,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
}
static int selinux_mount(const char *dev_name,
- struct path *path,
+ const struct path *path,
const char *type,
unsigned long flags,
void *data)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 8495b9368190..2ca9cde939d4 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -76,6 +76,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_NEWSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_GETSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
@@ -155,7 +157,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
switch (sclass) {
case SECCLASS_NETLINK_ROUTE_SOCKET:
/* RTM_MAX always point to RTM_SETxxxx, ie RTM_NEWxxx + 3 */
- BUILD_BUG_ON(RTM_MAX != (RTM_NEWNSID + 3));
+ BUILD_BUG_ON(RTM_MAX != (RTM_NEWSTATS + 3));
err = nlmsg_perm(nlmsg_type, perm, nlmsg_route_perms,
sizeof(nlmsg_route_perms));
break;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 11f79013ae1f..ff2b8c3cf7a9 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -272,7 +272,7 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip,
if (buffer == NULL)
return ERR_PTR(-ENOMEM);
- rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL);
+ rc = ip->i_op->getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
if (rc < 0)
skp = ERR_PTR(rc);
else if (rc == 0)
@@ -1444,7 +1444,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
* XATTR_NAME_SMACKIPOUT
*/
if (strcmp(name, XATTR_NAME_SMACK) == 0) {
- struct super_block *sbp = d_backing_inode(dentry)->i_sb;
+ struct super_block *sbp = dentry->d_sb;
struct superblock_smack *sbsp = sbp->s_security;
isp->smk_inode = sbsp->smk_default;
@@ -3519,7 +3519,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
TRANS_TRUE, TRANS_TRUE_SIZE,
0);
} else {
- rc = inode->i_op->getxattr(dp,
+ rc = inode->i_op->getxattr(dp, inode,
XATTR_NAME_SMACKTRANSMUTE, trattr,
TRANS_TRUE_SIZE);
if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index f9c9fb1d56b4..361e7a284699 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name);
const struct tomoyo_path_info *tomoyo_path_matches_group
(const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct path *path, const int flag);
+ const struct path *path, const int flag);
void tomoyo_close_control(struct tomoyo_io_buffer *head);
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
int tomoyo_execute_permission(struct tomoyo_request_info *r,
@@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
int tomoyo_init_request_info(struct tomoyo_request_info *r,
struct tomoyo_domain_info *domain,
const u8 index);
-int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
const unsigned int mode, unsigned int dev);
-int tomoyo_mount_permission(const char *dev_name, struct path *path,
+int tomoyo_mount_permission(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data_page);
int tomoyo_open_control(const u8 type, struct file *file);
-int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct path *path2);
-int tomoyo_path_number_perm(const u8 operation, struct path *path,
+int tomoyo_path2_perm(const u8 operation, const struct path *path1,
+ const struct path *path2);
+int tomoyo_path_number_perm(const u8 operation, const struct path *path,
unsigned long number);
int tomoyo_path_perm(const u8 operation, const struct path *path,
const char *target);
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 2367b100cc62..7041a580019e 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_path_number_perm(const u8 type, struct path *path,
+int tomoyo_path_number_perm(const u8 type, const struct path *path,
unsigned long number)
{
struct tomoyo_request_info r;
@@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
* Returns 0 on success, negative value otherwise.
*/
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct path *path, const int flag)
+ const struct path *path, const int flag)
{
const u8 acc_mode = ACC_MODE(flag);
int error = 0;
@@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
const unsigned int mode, unsigned int dev)
{
struct tomoyo_request_info r;
@@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct path *path2)
+int tomoyo_path2_perm(const u8 operation, const struct path *path1,
+ const struct path *path2)
{
int error = -ENOMEM;
struct tomoyo_path_info buf1;
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 390c646013cb..14b53fb2a0cf 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
*/
static int tomoyo_mount_acl(struct tomoyo_request_info *r,
const char *dev_name,
- struct path *dir, const char *type,
+ const struct path *dir, const char *type,
unsigned long flags)
{
struct tomoyo_obj_info obj = { };
@@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_mount_permission(const char *dev_name, struct path *path,
+int tomoyo_mount_permission(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data_page)
{
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index cbf3df422c87..75c998700190 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_truncate(struct path *path)
+static int tomoyo_path_truncate(const struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
}
@@ -163,7 +163,7 @@ static int tomoyo_path_truncate(struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
@@ -178,7 +178,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
umode_t mode)
{
struct path path = { parent->mnt, dentry };
@@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
@@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
const char *old_name)
{
struct path path = { parent->mnt, dentry };
@@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
struct path path = { parent->mnt, dentry };
@@ -265,7 +265,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
+static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
struct path path1 = { new_dir->mnt, old_dentry };
@@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_rename(struct path *old_parent,
+static int tomoyo_path_rename(const struct path *old_parent,
struct dentry *old_dentry,
- struct path *new_parent,
+ const struct path *new_parent,
struct dentry *new_dentry)
{
struct path path1 = { old_parent->mnt, old_dentry };
@@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chmod(struct path *path, umode_t mode)
+static int tomoyo_path_chmod(const struct path *path, umode_t mode)
{
return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
mode & S_IALLUGO);
@@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
int error = 0;
if (uid_valid(uid))
@@ -385,7 +385,7 @@ static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chroot(struct path *path)
+static int tomoyo_path_chroot(const struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
}
@@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_sb_mount(const char *dev_name, struct path *path,
+static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
return tomoyo_mount_permission(dev_name, path, type, flags, data);
@@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
+static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
}