From: Stephen Smalley <sds@tycho.nsa.gov>
To: Andreas Gruenbacher <agruenba@redhat.com>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
ocfs2-devel@oss.oracle.com, David Howells <dhowells@redhat.com>
Subject: [Ocfs2-devel] [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
Date: Tue, 27 Oct 2015 12:40:13 -0400 [thread overview]
Message-ID: <562FA8ED.7020704@tycho.nsa.gov> (raw)
In-Reply-To: <1445894128-6765-4-git-send-email-agruenba@redhat.com>
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
> Use path_has_perm directly instead.
This reverts:
commit 13f8e9810bff12d01807b6f92329111f45218235
Author: David Howells <dhowells@redhat.com>
Date: Thu Jun 13 23:37:55 2013 +0100
SELinux: Institute file_path_has_perm()
Create a file_path_has_perm() function that is like path_has_perm() but
instead takes a file struct that is the source of both the path and the
inode (rather than getting the inode from the dentry in the path).
This
is then used where appropriate.
This will be useful for situations like unionmount where it will be
possible to have an apparently-negative dentry (eg. a fallthrough)
that is
open with the file struct pointing to an inode on the lower fs.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
which I think David was intending to use as part of his
SELinux/overlayfs support.
path_has_perm() uses d_backing_inode(path->dentry), while
file_path_has_perm() uses file_inode(file).
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> ---
> security/selinux/hooks.c | 18 +++---------------
> 1 file changed, 3 insertions(+), 15 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 65e8689..d6b4dc9 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1673,18 +1673,6 @@ static inline int path_has_perm(const struct cred *cred,
> return inode_has_perm(cred, inode, av, &ad);
> }
>
> -/* Same as path_has_perm, but uses the inode from the file struct. */
> -static inline int file_path_has_perm(const struct cred *cred,
> - struct file *file,
> - u32 av)
> -{
> - struct common_audit_data ad;
> -
> - ad.type = LSM_AUDIT_DATA_PATH;
> - ad.u.path = file->f_path;
> - return inode_has_perm(cred, file_inode(file), av, &ad);
> -}
> -
> /* Check whether a task can use an open file descriptor to
> access an inode in a given way. Check access to the
> descriptor itself, and then use dentry_has_perm to
> @@ -2371,14 +2359,14 @@ static inline void flush_unauthorized_files(const struct cred *cred,
> struct tty_file_private *file_priv;
>
> /* Revalidate access to controlling tty.
> - Use file_path_has_perm on the tty path directly
> + Use path_has_perm on the tty path directly
> rather than using file_has_perm, as this particular
> open file may belong to another process and we are
> only interested in the inode-based check here. */
> file_priv = list_first_entry(&tty->tty_files,
> struct tty_file_private, list);
> file = file_priv->file;
> - if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
> + if (path_has_perm(cred, &file->f_path, FILE__READ | FILE__WRITE))
> drop_tty = 1;
> }
> spin_unlock(&tty_files_lock);
> @@ -3537,7 +3525,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
> * new inode label or new policy.
> * This check is not redundant - do not remove.
> */
> - return file_path_has_perm(cred, file, open_file_to_av(file));
> + return path_has_perm(cred, &file->f_path, open_file_to_av(file));
> }
>
> /* task security operations */
>
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Andreas Gruenbacher <agruenba@redhat.com>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
ocfs2-devel@oss.oracle.com, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH v3 3/7] selinux: Get rid of file_path_has_perm
Date: Tue, 27 Oct 2015 12:40:13 -0400 [thread overview]
Message-ID: <562FA8ED.7020704@tycho.nsa.gov> (raw)
In-Reply-To: <1445894128-6765-4-git-send-email-agruenba@redhat.com>
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
> Use path_has_perm directly instead.
This reverts:
commit 13f8e9810bff12d01807b6f92329111f45218235
Author: David Howells <dhowells@redhat.com>
Date: Thu Jun 13 23:37:55 2013 +0100
SELinux: Institute file_path_has_perm()
Create a file_path_has_perm() function that is like path_has_perm() but
instead takes a file struct that is the source of both the path and the
inode (rather than getting the inode from the dentry in the path).
This
is then used where appropriate.
This will be useful for situations like unionmount where it will be
possible to have an apparently-negative dentry (eg. a fallthrough)
that is
open with the file struct pointing to an inode on the lower fs.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
which I think David was intending to use as part of his
SELinux/overlayfs support.
path_has_perm() uses d_backing_inode(path->dentry), while
file_path_has_perm() uses file_inode(file).
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> ---
> security/selinux/hooks.c | 18 +++---------------
> 1 file changed, 3 insertions(+), 15 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 65e8689..d6b4dc9 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1673,18 +1673,6 @@ static inline int path_has_perm(const struct cred *cred,
> return inode_has_perm(cred, inode, av, &ad);
> }
>
> -/* Same as path_has_perm, but uses the inode from the file struct. */
> -static inline int file_path_has_perm(const struct cred *cred,
> - struct file *file,
> - u32 av)
> -{
> - struct common_audit_data ad;
> -
> - ad.type = LSM_AUDIT_DATA_PATH;
> - ad.u.path = file->f_path;
> - return inode_has_perm(cred, file_inode(file), av, &ad);
> -}
> -
> /* Check whether a task can use an open file descriptor to
> access an inode in a given way. Check access to the
> descriptor itself, and then use dentry_has_perm to
> @@ -2371,14 +2359,14 @@ static inline void flush_unauthorized_files(const struct cred *cred,
> struct tty_file_private *file_priv;
>
> /* Revalidate access to controlling tty.
> - Use file_path_has_perm on the tty path directly
> + Use path_has_perm on the tty path directly
> rather than using file_has_perm, as this particular
> open file may belong to another process and we are
> only interested in the inode-based check here. */
> file_priv = list_first_entry(&tty->tty_files,
> struct tty_file_private, list);
> file = file_priv->file;
> - if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
> + if (path_has_perm(cred, &file->f_path, FILE__READ | FILE__WRITE))
> drop_tty = 1;
> }
> spin_unlock(&tty_files_lock);
> @@ -3537,7 +3525,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
> * new inode label or new policy.
> * This check is not redundant - do not remove.
> */
> - return file_path_has_perm(cred, file, open_file_to_av(file));
> + return path_has_perm(cred, &file->f_path, open_file_to_av(file));
> }
>
> /* task security operations */
>
next prev parent reply other threads:[~2015-10-27 16:40 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-26 21:15 [PATCH v3 0/7] Inode security label invalidation Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 1/7] selinux: Remove unused variable in selinux_inode_init_security Andreas Gruenbacher
2015-10-27 13:11 ` [Ocfs2-devel] " Stephen Smalley
2015-10-27 13:11 ` Stephen Smalley
2015-10-26 21:15 ` [PATCH v3 2/7] selinux: Add accessor functions for inode->i_security Andreas Gruenbacher
2015-10-27 17:20 ` [Ocfs2-devel] " Stephen Smalley
2015-10-27 17:20 ` Stephen Smalley
2015-10-28 13:36 ` Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 3/7] selinux: Get rid of file_path_has_perm Andreas Gruenbacher
2015-10-27 16:40 ` Stephen Smalley [this message]
2015-10-27 16:40 ` Stephen Smalley
2015-10-28 11:48 ` Andreas Gruenbacher
2015-10-28 17:31 ` [Ocfs2-devel] " Stephen Smalley
2015-10-28 17:31 ` Stephen Smalley
2015-10-28 18:56 ` [Ocfs2-devel] " Stephen Smalley
2015-10-28 18:56 ` Stephen Smalley
2015-10-29 0:22 ` Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 4/7] selinux: Push dentry down from {dentry, path, file}_has_perm Andreas Gruenbacher
2015-10-26 21:15 ` [PATCH v3 5/7] security: Add hook to invalidate inode security labels Andreas Gruenbacher
2015-10-28 6:08 ` [Ocfs2-devel] " James Morris
2015-10-28 6:08 ` James Morris
2015-10-28 6:09 ` [Ocfs2-devel] " James Morris
2015-10-28 6:09 ` James Morris
2015-10-26 21:15 ` [PATCH v3 6/7] selinux: Revalidate invalid " Andreas Gruenbacher
2015-10-26 21:15 ` [Cluster-devel] [PATCH v3 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher
2015-10-26 21:15 ` Andreas Gruenbacher
2015-10-27 12:32 ` [Ocfs2-devel] [PATCH v3 0/7] Inode security label invalidation Stephen Smalley
2015-10-27 12:32 ` Stephen Smalley
2015-10-28 21:12 ` Paul Moore
2015-10-28 21:30 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=562FA8ED.7020704@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=agruenba@redhat.com \
--cc=dhowells@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=ocfs2-devel@oss.oracle.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.