From e74f71eb78a4a8b9eaf1bc65f20f761648e85f76 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 20 Jun 2011 19:38:15 -0400 Subject: ->permission() sanitizing: don't pass flags to ->inode_permission() pass that via mask instead. Signed-off-by: Al Viro --- security/capability.c | 2 +- security/security.c | 7 +++++-- security/selinux/hooks.c | 5 +++-- security/smack/smack_lsm.c | 5 +++-- 4 files changed, 12 insertions(+), 7 deletions(-) (limited to 'security') diff --git a/security/capability.c b/security/capability.c index bbb51156261..2984ea4f776 100644 --- a/security/capability.c +++ b/security/capability.c @@ -181,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry, return 0; } -static int cap_inode_permission(struct inode *inode, int mask, unsigned flags) +static int cap_inode_permission(struct inode *inode, int mask) { return 0; } diff --git a/security/security.c b/security/security.c index 4ba6d4cc061..db3b750da35 100644 --- a/security/security.c +++ b/security/security.c @@ -518,14 +518,17 @@ int security_inode_permission(struct inode *inode, int mask) { if (unlikely(IS_PRIVATE(inode))) return 0; - return security_ops->inode_permission(inode, mask, 0); + return security_ops->inode_permission(inode, mask); } int security_inode_exec_permission(struct inode *inode, unsigned int flags) { + int mask = MAY_EXEC; if (unlikely(IS_PRIVATE(inode))) return 0; - return security_ops->inode_permission(inode, MAY_EXEC, flags); + if (flags) + mask |= MAY_NOT_BLOCK; + return security_ops->inode_permission(inode, mask); } int security_inode_setattr(struct dentry *dentry, struct iattr *attr) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 20219ef5439..47a059fff34 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2659,12 +2659,13 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na return dentry_has_perm(cred, dentry, FILE__READ); } -static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) +static int selinux_inode_permission(struct inode *inode, int mask) { const struct cred *cred = current_cred(); struct common_audit_data ad; u32 perms; bool from_access; + unsigned __flags = mask & MAY_NOT_BLOCK ? IPERM_FLAG_RCU : 0; from_access = mask & MAY_ACCESS; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); @@ -2681,7 +2682,7 @@ static int selinux_inode_permission(struct inode *inode, int mask, unsigned flag perms = file_mask_to_av(inode->i_mode, mask); - return inode_has_perm(cred, inode, perms, &ad, flags); + return inode_has_perm(cred, inode, perms, &ad, __flags); } static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9831a39c11f..f375eb2e195 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -689,9 +689,10 @@ static int smack_inode_rename(struct inode *old_inode, * * Returns 0 if access is permitted, -EACCES otherwise */ -static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) +static int smack_inode_permission(struct inode *inode, int mask) { struct smk_audit_info ad; + int no_block = mask & MAY_NOT_BLOCK; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); /* @@ -701,7 +702,7 @@ static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) return 0; /* May be droppable after audit */ - if (flags & IPERM_FLAG_RCU) + if (no_block) return -ECHILD; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); smk_ad_setfield_u_fs_inode(&ad, inode); -- cgit v1.2.3-70-g09d2 From cf1dd1dae851ce5765cda5de16aa965eef7c2dbf Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 20 Jun 2011 19:44:08 -0400 Subject: selinux: don't transliterate MAY_NOT_BLOCK to IPERM_FLAG_RCU Signed-off-by: Al Viro --- security/selinux/avc.c | 2 +- security/selinux/hooks.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/selinux/avc.c b/security/selinux/avc.c index d515b2128a4..dca1c22d927 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -527,7 +527,7 @@ int avc_audit(u32 ssid, u32 tsid, * happened a little later. */ if ((a->type == LSM_AUDIT_DATA_INODE) && - (flags & IPERM_FLAG_RCU)) + (flags & MAY_NOT_BLOCK)) return -ECHILD; a->selinux_audit_data.tclass = tclass; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 47a059fff34..eb5d5cdf3c5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2665,7 +2665,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) struct common_audit_data ad; u32 perms; bool from_access; - unsigned __flags = mask & MAY_NOT_BLOCK ? IPERM_FLAG_RCU : 0; + unsigned flags = mask & MAY_NOT_BLOCK; from_access = mask & MAY_ACCESS; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); @@ -2682,7 +2682,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) perms = file_mask_to_av(inode->i_mode, mask); - return inode_has_perm(cred, inode, perms, &ad, __flags); + return inode_has_perm(cred, inode, perms, &ad, flags); } static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) -- cgit v1.2.3-70-g09d2 From eecdd358b467405a084d400d5ec571bbdbfe97a3 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 20 Jun 2011 19:48:41 -0400 Subject: ->permission() sanitizing: don't pass flags to exec_permission() pass mask instead; kill security_inode_exec_permission() since we can use security_inode_permission() instead. Signed-off-by: Al Viro --- fs/namei.c | 17 +++++++---------- include/linux/security.h | 7 ------- security/security.c | 10 ---------- 3 files changed, 7 insertions(+), 27 deletions(-) (limited to 'security') diff --git a/fs/namei.c b/fs/namei.c index c5c382620a8..21eba95368f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -304,7 +304,7 @@ int inode_permission(struct inode *inode, int mask) /** * exec_permission - check for right to do lookups in a given directory * @inode: inode to check permission on - * @flags: IPERM_FLAG_ flags. + * @mask: MAY_EXEC and possibly MAY_NOT_BLOCK flags. * * Short-cut version of inode_permission(), for calling on directories * during pathname resolution. Combines parts of inode_permission() @@ -314,13 +314,10 @@ int inode_permission(struct inode *inode, int mask) * short-cut DAC fails, then call ->permission() to do more * complete permission check. */ -static inline int exec_permission(struct inode *inode, unsigned int flags) +static inline int exec_permission(struct inode *inode, int mask) { int ret; struct user_namespace *ns = inode_userns(inode); - int mask = MAY_EXEC; - if (flags & IPERM_FLAG_RCU) - mask |= MAY_NOT_BLOCK; if (inode->i_op->permission) { ret = inode->i_op->permission(inode, mask); @@ -338,7 +335,7 @@ static inline int exec_permission(struct inode *inode, unsigned int flags) } return ret; ok: - return security_inode_exec_permission(inode, flags); + return security_inode_permission(inode, mask); } /** @@ -1214,13 +1211,13 @@ retry: static inline int may_lookup(struct nameidata *nd) { if (nd->flags & LOOKUP_RCU) { - int err = exec_permission(nd->inode, IPERM_FLAG_RCU); + int err = exec_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK); if (err != -ECHILD) return err; if (unlazy_walk(nd, NULL)) return -ECHILD; } - return exec_permission(nd->inode, 0); + return exec_permission(nd->inode, MAY_EXEC); } static inline int handle_dots(struct nameidata *nd, int type) @@ -1495,7 +1492,7 @@ static int path_init(int dfd, const char *name, unsigned int flags, if (!S_ISDIR(dentry->d_inode->i_mode)) goto fput_fail; - retval = exec_permission(dentry->d_inode, 0); + retval = exec_permission(dentry->d_inode, MAY_EXEC); if (retval) goto fput_fail; } @@ -1652,7 +1649,7 @@ static struct dentry *__lookup_hash(struct qstr *name, struct dentry *dentry; int err; - err = exec_permission(inode, 0); + err = exec_permission(inode, MAY_EXEC); if (err) return ERR_PTR(err); diff --git a/include/linux/security.h b/include/linux/security.h index ca02f171673..ebd2a53a3d0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1720,7 +1720,6 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, int security_inode_readlink(struct dentry *dentry); int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask); -int security_inode_exec_permission(struct inode *inode, unsigned int flags); int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); int security_inode_setxattr(struct dentry *dentry, const char *name, @@ -2113,12 +2112,6 @@ static inline int security_inode_permission(struct inode *inode, int mask) return 0; } -static inline int security_inode_exec_permission(struct inode *inode, - unsigned int flags) -{ - return 0; -} - static inline int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { diff --git a/security/security.c b/security/security.c index db3b750da35..0e4fccfef12 100644 --- a/security/security.c +++ b/security/security.c @@ -521,16 +521,6 @@ int security_inode_permission(struct inode *inode, int mask) return security_ops->inode_permission(inode, mask); } -int security_inode_exec_permission(struct inode *inode, unsigned int flags) -{ - int mask = MAY_EXEC; - if (unlikely(IS_PRIVATE(inode))) - return 0; - if (flags) - mask |= MAY_NOT_BLOCK; - return security_ops->inode_permission(inode, mask); -} - int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { if (unlikely(IS_PRIVATE(dentry->d_inode))) -- cgit v1.2.3-70-g09d2 From fb408e6ccc32404a05783911b6f3fed56bd17b06 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 7 Jul 2011 15:12:51 -0400 Subject: get rid of pointless checks for dentry->sb == NULL it never is... Signed-off-by: Al Viro --- fs/cachefiles/bind.c | 1 - security/tomoyo/realpath.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'security') diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index a2603e7c0bb..e10c4415e8c 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -129,7 +129,6 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) !root->d_inode->i_op->mkdir || !root->d_inode->i_op->setxattr || !root->d_inode->i_op->getxattr || - !root->d_sb || !root->d_sb->s_op || !root->d_sb->s_op->statfs || !root->d_sb->s_op->sync_fs) diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index d1e05b04771..8d95e91c9fc 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -103,7 +103,7 @@ char *tomoyo_realpath_from_path(struct path *path) if (!buf) break; /* Get better name for socket. */ - if (dentry->d_sb && dentry->d_sb->s_magic == SOCKFS_MAGIC) { + if (dentry->d_sb->s_magic == SOCKFS_MAGIC) { struct inode *inode = dentry->d_inode; struct socket *sock = inode ? SOCKET_I(inode) : NULL; struct sock *sk = sock ? sock->sk : NULL; -- cgit v1.2.3-70-g09d2