diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/file.c | 4 | ||||
-rw-r--r-- | security/apparmor/include/file.h | 4 | ||||
-rw-r--r-- | security/apparmor/include/path.h | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 83 | ||||
-rw-r--r-- | security/apparmor/path.c | 8 | ||||
-rw-r--r-- | security/commoncap.c | 8 | ||||
-rw-r--r-- | security/integrity/evm/evm_main.c | 6 | ||||
-rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_api.c | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 4 | ||||
-rw-r--r-- | security/security.c | 30 | ||||
-rw-r--r-- | security/selinux/hooks.c | 13 | ||||
-rw-r--r-- | security/selinux/nlmsgtab.c | 4 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 6 | ||||
-rw-r--r-- | security/tomoyo/common.h | 12 | ||||
-rw-r--r-- | security/tomoyo/file.c | 10 | ||||
-rw-r--r-- | security/tomoyo/mount.c | 4 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 28 |
18 files changed, 105 insertions, 125 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 913f377a038a..d186674f973a 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry) * * Returns: %0 else error if access denied or other error */ -int aa_path_perm(int op, struct aa_profile *profile, struct path *path, +int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond) { char *buffer = NULL; @@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target) * Returns: %0 if allowed else error */ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) + const struct path *new_dir, struct dentry *new_dentry) { struct path link = { new_dir->mnt, new_dentry }; struct path target = { new_dir->mnt, old_dentry }; diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 2c922b86bd44..4803c97d1992 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -171,11 +171,11 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms); -int aa_path_perm(int op, struct aa_profile *profile, struct path *path, +int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond); int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry); + const struct path *new_dir, struct dentry *new_dentry); int aa_file_perm(int op, struct aa_profile *profile, struct file *file, u32 request); diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h index 286ac75dc88b..73560f258784 100644 --- a/security/apparmor/include/path.h +++ b/security/apparmor/include/path.h @@ -26,7 +26,7 @@ enum path_flags { PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */ }; -int aa_path_name(struct path *path, int flags, char **buffer, +int aa_path_name(const struct path *path, int flags, char **buffer, const char **name, const char **info); #endif /* __AA_PATH_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17b64..2660fbcf94d1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, * * Returns: %0 else error code if error or permission denied */ -static int common_perm(int op, struct path *path, u32 mask, +static int common_perm(int op, const struct path *path, u32 mask, struct path_cond *cond) { struct aa_profile *profile; @@ -172,7 +172,7 @@ static int common_perm(int op, struct path *path, u32 mask, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_dir_dentry(int op, struct path *dir, +static int common_perm_dir_dentry(int op, const struct path *dir, struct dentry *dentry, u32 mask, struct path_cond *cond) { @@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir, } /** - * common_perm_mnt_dentry - common permission wrapper when mnt, dentry + * common_perm_path - common permission wrapper when mnt, dentry * @op: operation being checked - * @mnt: mount point of dentry (NOT NULL) - * @dentry: dentry to check (NOT NULL) + * @path: location to check (NOT NULL) * @mask: requested permissions mask * * Returns: %0 else error code if error or permission denied */ -static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, - struct dentry *dentry, u32 mask) +static inline int common_perm_path(int op, const struct path *path, u32 mask) { - struct path path = { mnt, dentry }; - struct path_cond cond = { d_backing_inode(dentry)->i_uid, - d_backing_inode(dentry)->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; + if (!mediated_filesystem(path->dentry)) + return 0; - return common_perm(op, &path, mask, &cond); + return common_perm(op, path, mask, &cond); } /** @@ -210,13 +209,13 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_rm(int op, struct path *dir, +static int common_perm_rm(int op, const struct path *dir, struct dentry *dentry, u32 mask) { struct inode *inode = d_backing_inode(dentry); struct path_cond cond = { }; - if (!inode || !dir->mnt || !mediated_filesystem(dentry)) + if (!inode || !mediated_filesystem(dentry)) return 0; cond.uid = inode->i_uid; @@ -235,61 +234,53 @@ static int common_perm_rm(int op, struct path *dir, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_create(int op, struct path *dir, struct dentry *dentry, - u32 mask, umode_t mode) +static int common_perm_create(int op, const struct path *dir, + struct dentry *dentry, u32 mask, umode_t mode) { struct path_cond cond = { current_fsuid(), mode }; - if (!dir->mnt || !mediated_filesystem(dir->dentry)) + if (!mediated_filesystem(dir->dentry)) return 0; return common_perm_dir_dentry(op, dir, dentry, mask, &cond); } -static int apparmor_path_unlink(struct path *dir, struct dentry *dentry) +static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry) { return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE); } -static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, +static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, S_IFDIR); } -static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry) +static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry) { return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE); } -static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, +static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); } -static int apparmor_path_truncate(struct path *path) +static int apparmor_path_truncate(const struct path *path) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!path->mnt || !mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, - &cond); + return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); } -static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, +static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE, S_IFLNK); } -static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, +static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { struct aa_profile *profile; @@ -304,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, return error; } -static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) +static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry) { struct aa_profile *profile; int error = 0; @@ -334,33 +325,19 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, return error; } -static int apparmor_path_chmod(struct path *path, umode_t mode) +static int apparmor_path_chmod(const struct path *path, umode_t mode) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); + return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD); } -static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); + return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN); } static int apparmor_inode_getattr(const struct path *path) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, - AA_MAY_META_READ); + return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ); } static int apparmor_file_open(struct file *file, const struct cred *cred) diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 71e0e3a15b9d..edddc026406b 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen) * When no error the path name is returned in @name which points to * to a position in @buf */ -static int d_namespace_path(struct path *path, char *buf, int buflen, +static int d_namespace_path(const struct path *path, char *buf, int buflen, char **name, int flags) { char *res; @@ -158,7 +158,7 @@ out: * * Returns: %0 else error on failure */ -static int get_name_to_buffer(struct path *path, int flags, char *buffer, +static int get_name_to_buffer(const struct path *path, int flags, char *buffer, int size, char **name, const char **info) { int adjust = (flags & PATH_IS_DIR) ? 1 : 0; @@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer, * * Returns: %0 else error code if could retrieve name */ -int aa_path_name(struct path *path, int flags, char **buffer, const char **name, - const char **info) +int aa_path_name(const struct path *path, int flags, char **buffer, + const char **name, const char **info) { char *buf, *str = NULL; int size = 256; diff --git a/security/commoncap.c b/security/commoncap.c index 48071ed7c445..e7fadde737f4 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -111,7 +111,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, * Determine whether the current process may set the system clock and timezone * information, returning 0 if permission granted, -ve if denied. */ -int cap_settime(const struct timespec *ts, const struct timezone *tz) +int cap_settime(const struct timespec64 *ts, const struct timezone *tz) { if (!capable(CAP_SYS_TIME)) return -EPERM; @@ -313,7 +313,7 @@ int cap_inode_need_killpriv(struct dentry *dentry) if (!inode->i_op->getxattr) return 0; - error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0); + error = inode->i_op->getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0); if (error <= 0) return 0; return 1; @@ -397,8 +397,8 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data if (!inode || !inode->i_op->getxattr) return -ENODATA; - size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps, - XATTR_CAPS_SZ); + size = inode->i_op->getxattr((struct dentry *)dentry, inode, + XATTR_NAME_CAPS, &caps, XATTR_CAPS_SZ); if (size == -ENODATA || size == -EOPNOTSUPP) /* no data, that's ok */ return -ENODATA; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index e6ea9d4b1de9..b9e26288d30c 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -82,7 +82,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry) return -EOPNOTSUPP; for (xattr = evm_config_xattrnames; *xattr != NULL; xattr++) { - error = inode->i_op->getxattr(dentry, *xattr, NULL, 0); + error = inode->i_op->getxattr(dentry, inode, *xattr, NULL, 0); if (error < 0) { if (error == -ENODATA) continue; @@ -299,8 +299,8 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, return 0; /* exception for pseudo filesystems */ - if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC - || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC) + if (dentry->d_sb->s_magic == TMPFS_MAGIC + || dentry->d_sb->s_magic == SYSFS_MAGIC) return 0; integrity_audit_msg(AUDIT_INTEGRITY_METADATA, diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 5d0f61163d98..d3a939bf2781 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data, int ima_store_template(struct ima_template_entry *entry, int violation, struct inode *inode, const unsigned char *filename); void ima_free_template_entry(struct ima_template_entry *entry); -const char *ima_d_path(struct path *path, char **pathbuf); +const char *ima_d_path(const struct path *path, char **pathbuf); /* IMA policy related functions */ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 370e42dfc5c5..5a2218fe877a 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, iint->flags |= IMA_AUDITED; } -const char *ima_d_path(struct path *path, char **pathbuf) +const char *ima_d_path(const struct path *path, char **pathbuf) { char *pathname = NULL; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index be09e2cacf82..3cd0a58672dd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -884,10 +884,10 @@ static char *func_tokens[] = { "BPRM_CHECK", "MODULE_CHECK", "FIRMWARE_CHECK", + "POST_SETATTR", "KEXEC_KERNEL_CHECK", "KEXEC_INITRAMFS_CHECK", - "POLICY_CHECK", - "POST_SETATTR" + "POLICY_CHECK" }; void *ima_policy_start(struct seq_file *m, loff_t *pos) diff --git a/security/security.c b/security/security.c index e42860899f23..709569305d32 100644 --- a/security/security.c +++ b/security/security.c @@ -209,7 +209,7 @@ int security_syslog(int type) return call_int_hook(syslog, 0, type); } -int security_settime(const struct timespec *ts, const struct timezone *tz) +int security_settime64(const struct timespec64 *ts, const struct timezone *tz) { return call_int_hook(settime, 0, ts, tz); } @@ -303,7 +303,7 @@ int security_sb_statfs(struct dentry *dentry) return call_int_hook(sb_statfs, 0, dentry); } -int security_sb_mount(const char *dev_name, struct path *path, +int security_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); @@ -314,7 +314,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return call_int_hook(sb_umount, 0, mnt, flags); } -int security_sb_pivotroot(struct path *old_path, struct path *new_path) +int security_sb_pivotroot(const struct path *old_path, const struct path *new_path) { return call_int_hook(sb_pivotroot, 0, old_path, new_path); } @@ -411,7 +411,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, EXPORT_SYMBOL(security_old_inode_init_security); #ifdef CONFIG_SECURITY_PATH -int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, +int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) @@ -420,7 +420,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, } EXPORT_SYMBOL(security_path_mknod); -int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) +int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; @@ -428,14 +428,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) } EXPORT_SYMBOL(security_path_mkdir); -int security_path_rmdir(struct path *dir, struct dentry *dentry) +int security_path_rmdir(const struct path *dir, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } -int security_path_unlink(struct path *dir, struct dentry *dentry) +int security_path_unlink(const struct path *dir, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; @@ -443,7 +443,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry) } EXPORT_SYMBOL(security_path_unlink); -int security_path_symlink(struct path *dir, struct dentry *dentry, +int security_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) @@ -451,7 +451,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, return call_int_hook(path_symlink, 0, dir, dentry, old_name); } -int security_path_link(struct dentry *old_dentry, struct path *new_dir, +int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) @@ -459,8 +459,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } -int security_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry, +int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry, unsigned int flags) { if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || @@ -479,28 +479,28 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, } EXPORT_SYMBOL(security_path_rename); -int security_path_truncate(struct path *path) +int security_path_truncate(const struct path *path) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return call_int_hook(path_truncate, 0, path); } -int security_path_chmod(struct path *path, umode_t mode) +int security_path_chmod(const struct path *path, umode_t mode) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return call_int_hook(path_chmod, 0, path, mode); } -int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) +int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return call_int_hook(path_chown, 0, path, uid, gid); } -int security_path_chroot(struct path *path) +int security_path_chroot(const struct path *path) { return call_int_hook(path_chroot, 0, path); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a00ab81ab719..a86d537eb79b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -513,7 +513,8 @@ static int sb_finish_set_opts(struct super_block *sb) rc = -EOPNOTSUPP; goto out; } - rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); + rc = root_inode->i_op->getxattr(root, root_inode, + XATTR_NAME_SELINUX, NULL, 0); if (rc < 0 && rc != -ENODATA) { if (rc == -EOPNOTSUPP) printk(KERN_WARNING "SELinux: (dev %s, type " @@ -1325,7 +1326,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry, u32 *sid) { int rc; - struct super_block *sb = dentry->d_inode->i_sb; + struct super_block *sb = dentry->d_sb; char *buffer, *path; buffer = (char *)__get_free_page(GFP_KERNEL); @@ -1421,13 +1422,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent goto out_unlock; } context[len] = '\0'; - rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, + rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len); if (rc == -ERANGE) { kfree(context); /* Need a larger buffer. Query for the right size. */ - rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, + rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0); if (rc < 0) { dput(dentry); @@ -1441,7 +1442,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent goto out_unlock; } context[len] = '\0'; - rc = inode->i_op->getxattr(dentry, + rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len); } @@ -2773,7 +2774,7 @@ static int selinux_sb_statfs(struct dentry *dentry) } static int selinux_mount(const char *dev_name, - struct path *path, + const struct path *path, const char *type, unsigned long flags, void *data) diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 8495b9368190..2ca9cde939d4 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -76,6 +76,8 @@ static struct nlmsg_perm nlmsg_route_perms[] = { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, + { RTM_NEWSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ }, + { RTM_GETSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ }, }; static struct nlmsg_perm nlmsg_tcpdiag_perms[] = @@ -155,7 +157,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) switch (sclass) { case SECCLASS_NETLINK_ROUTE_SOCKET: /* RTM_MAX always point to RTM_SETxxxx, ie RTM_NEWxxx + 3 */ - BUILD_BUG_ON(RTM_MAX != (RTM_NEWNSID + 3)); + BUILD_BUG_ON(RTM_MAX != (RTM_NEWSTATS + 3)); err = nlmsg_perm(nlmsg_type, perm, nlmsg_route_perms, sizeof(nlmsg_route_perms)); break; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 11f79013ae1f..ff2b8c3cf7a9 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -272,7 +272,7 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip, if (buffer == NULL) return ERR_PTR(-ENOMEM); - rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); + rc = ip->i_op->getxattr(dp, ip, name, buffer, SMK_LONGLABEL); if (rc < 0) skp = ERR_PTR(rc); else if (rc == 0) @@ -1444,7 +1444,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) * XATTR_NAME_SMACKIPOUT */ if (strcmp(name, XATTR_NAME_SMACK) == 0) { - struct super_block *sbp = d_backing_inode(dentry)->i_sb; + struct super_block *sbp = dentry->d_sb; struct superblock_smack *sbsp = sbp->s_security; isp->smk_inode = sbsp->smk_default; @@ -3519,7 +3519,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) TRANS_TRUE, TRANS_TRUE_SIZE, 0); } else { - rc = inode->i_op->getxattr(dp, + rc = inode->i_op->getxattr(dp, inode, XATTR_NAME_SMACKTRANSMUTE, trattr, TRANS_TRUE_SIZE); if (rc >= 0 && strncmp(trattr, TRANS_TRUE, diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index f9c9fb1d56b4..361e7a284699 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name); const struct tomoyo_path_info *tomoyo_path_matches_group (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct path *path, const int flag); + const struct path *path, const int flag); void tomoyo_close_control(struct tomoyo_io_buffer *head); int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); int tomoyo_execute_permission(struct tomoyo_request_info *r, @@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, int tomoyo_init_request_info(struct tomoyo_request_info *r, struct tomoyo_domain_info *domain, const u8 index); -int tomoyo_mkdev_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, const struct path *path, const unsigned int mode, unsigned int dev); -int tomoyo_mount_permission(const char *dev_name, struct path *path, +int tomoyo_mount_permission(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data_page); int tomoyo_open_control(const u8 type, struct file *file); -int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct path *path2); -int tomoyo_path_number_perm(const u8 operation, struct path *path, +int tomoyo_path2_perm(const u8 operation, const struct path *path1, + const struct path *path2); +int tomoyo_path_number_perm(const u8 operation, const struct path *path, unsigned long number); int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 2367b100cc62..7041a580019e 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path_number_perm(const u8 type, struct path *path, +int tomoyo_path_number_perm(const u8 type, const struct path *path, unsigned long number) { struct tomoyo_request_info r; @@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, * Returns 0 on success, negative value otherwise. */ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct path *path, const int flag) + const struct path *path, const int flag) { const u8 acc_mode = ACC_MODE(flag); int error = 0; @@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta * * Returns 0 on success, negative value otherwise. */ -int tomoyo_mkdev_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, const struct path *path, const unsigned int mode, unsigned int dev) { struct tomoyo_request_info r; @@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct path *path2) +int tomoyo_path2_perm(const u8 operation, const struct path *path1, + const struct path *path2) { int error = -ENOMEM; struct tomoyo_path_info buf1; diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 390c646013cb..14b53fb2a0cf 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, */ static int tomoyo_mount_acl(struct tomoyo_request_info *r, const char *dev_name, - struct path *dir, const char *type, + const struct path *dir, const char *type, unsigned long flags) { struct tomoyo_obj_info obj = { }; @@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_mount_permission(const char *dev_name, struct path *path, +int tomoyo_mount_permission(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data_page) { diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index cbf3df422c87..75c998700190 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_truncate(struct path *path) +static int tomoyo_path_truncate(const struct path *path) { return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); } @@ -163,7 +163,7 @@ static int tomoyo_path_truncate(struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) +static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) { struct path path = { parent->mnt, dentry }; return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); @@ -178,7 +178,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, +static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, umode_t mode) { struct path path = { parent->mnt, dentry }; @@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) +static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) { struct path path = { parent->mnt, dentry }; return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); @@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, +static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, const char *old_name) { struct path path = { parent->mnt, dentry }; @@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, +static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, umode_t mode, unsigned int dev) { struct path path = { parent->mnt, dentry }; @@ -265,7 +265,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, +static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { struct path path1 = { new_dir->mnt, old_dentry }; @@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_rename(struct path *old_parent, +static int tomoyo_path_rename(const struct path *old_parent, struct dentry *old_dentry, - struct path *new_parent, + const struct path *new_parent, struct dentry *new_dentry) { struct path path1 = { old_parent->mnt, old_dentry }; @@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chmod(struct path *path, umode_t mode) +static int tomoyo_path_chmod(const struct path *path, umode_t mode) { return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, mode & S_IALLUGO); @@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { int error = 0; if (uid_valid(uid)) @@ -385,7 +385,7 @@ static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chroot(struct path *path) +static int tomoyo_path_chroot(const struct path *path) { return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); } @@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_sb_mount(const char *dev_name, struct path *path, +static int tomoyo_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { return tomoyo_mount_permission(dev_name, path, type, flags, data); @@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) +static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) { return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); } |