From: Miklos Szeredi <miklos@szeredi.hu>
To: linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: jmorris@namei.org, sds@tycho.nsa.gov, eparis@redhat.com,
casey@schaufler-ca.com, agruen@suse.de, jjohansen@suse.de,
penguin-kernel@I-love.SAKURA.ne.jp, hch@infradead.org,
viro@ZenIV.linux.org.uk, linux-kernel@vger.kernel.org
Subject: [patch 08/15] security: pass path to inode_rename
Date: Thu, 29 May 2008 15:49:11 +0200 [thread overview]
Message-ID: <20080529135007.516269298@szeredi.hu> (raw)
In-Reply-To: 20080529134903.615127628@szeredi.hu
[-- Attachment #1: security_rename_path.patch --]
[-- Type: text/plain, Size: 9633 bytes --]
From: Miklos Szeredi <mszeredi@suse.cz>
In the inode_rename() security operation and related functions pass the
path (vfsmount + dentry) to the parent directory instead of the inode.
AppArmor will need this.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---
fs/namei.c | 51 +++++++++++++++++++++------------------------
include/linux/security.h | 16 +++++++-------
security/dummy.c | 6 +----
security/security.c | 4 +--
security/selinux/hooks.c | 7 +++---
security/smack/smack_lsm.c | 8 +++----
6 files changed, 44 insertions(+), 48 deletions(-)
Index: linux-2.6/fs/namei.c
===================================================================
--- linux-2.6.orig/fs/namei.c 2008-05-29 12:20:55.000000000 +0200
+++ linux-2.6/fs/namei.c 2008-05-29 12:20:55.000000000 +0200
@@ -2682,20 +2682,6 @@ static int vfs_rename_dir(struct inode *
int error = 0;
struct inode *target;
- /*
- * If we are going to change the parent - check write permissions,
- * we'll need to flip '..'.
- */
- if (new_dir != old_dir) {
- error = dentry_permission(old_dentry, MAY_MOVE_DIR);
- if (error)
- return error;
- }
-
- error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
- if (error)
- return error;
-
target = new_dentry->d_inode;
if (target) {
mutex_lock(&target->i_mutex);
@@ -2725,10 +2711,6 @@ static int vfs_rename_other(struct inode
struct inode *target;
int error;
- error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
- if (error)
- return error;
-
dget(new_dentry);
target = new_dentry->d_inode;
if (target)
@@ -2747,11 +2729,11 @@ static int vfs_rename_other(struct inode
return error;
}
-static int vfs_rename(struct dentry *old_dir_dentry, struct dentry *old_dentry,
- struct dentry *new_dir_dentry, struct dentry *new_dentry)
+static int vfs_rename(struct path *old_dir_path, struct dentry *old_dentry,
+ struct path *new_dir_path, struct dentry *new_dentry)
{
- struct inode *old_dir = old_dir_dentry->d_inode;
- struct inode *new_dir = new_dir_dentry->d_inode;
+ struct inode *old_dir = old_dir_path->dentry->d_inode;
+ struct inode *new_dir = new_dir_path->dentry->d_inode;
int error;
int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
const char *old_name;
@@ -2759,20 +2741,35 @@ static int vfs_rename(struct dentry *old
if (old_dentry->d_inode == new_dentry->d_inode)
return 0;
- error = may_delete(old_dir_dentry, old_dentry, is_dir);
+ error = may_delete(old_dir_path->dentry, old_dentry, is_dir);
if (error)
return error;
if (!new_dentry->d_inode)
- error = may_create(new_dir_dentry, new_dentry);
+ error = may_create(new_dir_path->dentry, new_dentry);
else
- error = may_delete(new_dir_dentry, new_dentry, is_dir);
+ error = may_delete(new_dir_path->dentry, new_dentry, is_dir);
if (error)
return error;
if (!old_dir->i_op || !old_dir->i_op->rename)
return -EPERM;
+ /*
+ * If we are going to change the parent - check write permissions,
+ * we'll need to flip '..'.
+ */
+ if (is_dir && new_dir != old_dir) {
+ error = dentry_permission(old_dentry, MAY_MOVE_DIR);
+ if (error)
+ return error;
+ }
+
+ error = security_inode_rename(old_dir_path, old_dentry,
+ new_dir_path, new_dentry);
+ if (error)
+ return error;
+
DQUOT_INIT(old_dir);
DQUOT_INIT(new_dir);
@@ -2802,8 +2799,8 @@ int path_rename(struct path *old_dir_pat
error = mnt_want_write(mnt);
if (!error) {
- error = vfs_rename(old_dir_path->dentry, old_dentry,
- new_dir_path->dentry, new_dentry);
+ error = vfs_rename(old_dir_path, old_dentry,
+ new_dir_path, new_dentry);
mnt_drop_write(mnt);
}
Index: linux-2.6/include/linux/security.h
===================================================================
--- linux-2.6.orig/include/linux/security.h 2008-05-29 12:20:55.000000000 +0200
+++ linux-2.6/include/linux/security.h 2008-05-29 12:20:55.000000000 +0200
@@ -384,9 +384,9 @@ static inline void security_free_mnt_opt
* Return 0 if permission is granted.
* @inode_rename:
* Check for permission to rename a file or directory.
- * @old_dir contains the inode structure for parent of the old link.
+ * @old_dir contains the path to the parent of the old link.
* @old_dentry contains the dentry structure of the old link.
- * @new_dir contains the inode structure for parent of the new link.
+ * @new_dir contains the path to the parent of the new link.
* @new_dentry contains the dentry structure of the new link.
* Return 0 if permission is granted.
* @inode_readlink:
@@ -1363,8 +1363,8 @@ struct security_operations {
int (*inode_rmdir) (struct path *dir, struct dentry *dentry);
int (*inode_mknod) (struct path *dir, struct dentry *dentry,
int mode, dev_t dev);
- int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry);
+ int (*inode_rename) (struct path *old_dir, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry);
int (*inode_readlink) (struct dentry *dentry);
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
int (*inode_permission) (struct inode *inode, int mask);
@@ -1635,8 +1635,8 @@ int security_inode_mkdir(struct path *di
int security_inode_rmdir(struct path *dir, struct dentry *dentry);
int security_inode_mknod(struct path *dir, struct dentry *dentry, int mode,
dev_t dev);
-int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry);
+int security_inode_rename(struct path *old_dir, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry);
int security_inode_readlink(struct dentry *dentry);
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
int security_inode_permission(struct inode *inode, int mask);
@@ -2011,9 +2011,9 @@ static inline int security_inode_mknod(s
return 0;
}
-static inline int security_inode_rename(struct inode *old_dir,
+static inline int security_inode_rename(struct path *old_dir,
struct dentry *old_dentry,
- struct inode *new_dir,
+ struct path *new_dir,
struct dentry *new_dentry)
{
return 0;
Index: linux-2.6/security/dummy.c
===================================================================
--- linux-2.6.orig/security/dummy.c 2008-05-29 12:20:55.000000000 +0200
+++ linux-2.6/security/dummy.c 2008-05-29 12:20:55.000000000 +0200
@@ -326,10 +326,8 @@ static int dummy_inode_mknod(struct path
return 0;
}
-static int dummy_inode_rename (struct inode *old_inode,
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
+static int dummy_inode_rename(struct path *old_dir, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
{
return 0;
}
Index: linux-2.6/security/security.c
===================================================================
--- linux-2.6.orig/security/security.c 2008-05-29 12:20:55.000000000 +0200
+++ linux-2.6/security/security.c 2008-05-29 12:20:55.000000000 +0200
@@ -440,8 +440,8 @@ int security_inode_mknod(struct path *di
return security_ops->inode_mknod(dir, dentry, mode, dev);
}
-int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry)
+int security_inode_rename(struct path *old_dir, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
{
if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
Index: linux-2.6/security/selinux/hooks.c
===================================================================
--- linux-2.6.orig/security/selinux/hooks.c 2008-05-29 12:20:55.000000000 +0200
+++ linux-2.6/security/selinux/hooks.c 2008-05-29 12:20:55.000000000 +0200
@@ -2539,10 +2539,11 @@ static int selinux_inode_mknod(struct pa
inode_mode_to_security_class(mode));
}
-static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
- struct inode *new_inode, struct dentry *new_dentry)
+static int selinux_inode_rename(struct path *old_dir, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
{
- return may_rename(old_inode, old_dentry, new_inode, new_dentry);
+ return may_rename(old_dir->dentry->d_inode, old_dentry,
+ new_dir->dentry->d_inode, new_dentry);
}
static int selinux_inode_readlink(struct dentry *dentry)
Index: linux-2.6/security/smack/smack_lsm.c
===================================================================
--- linux-2.6.orig/security/smack/smack_lsm.c 2008-05-29 12:20:55.000000000 +0200
+++ linux-2.6/security/smack/smack_lsm.c 2008-05-29 12:20:55.000000000 +0200
@@ -482,9 +482,9 @@ static int smack_inode_rmdir(struct path
/**
* smack_inode_rename - Smack check on rename
- * @old_inode: the old directory
+ * @old_dir: the old directory
* @old_dentry: unused
- * @new_inode: the new directory
+ * @new_dir: the new directory
* @new_dentry: unused
*
* Read and write access is required on both the old and
@@ -492,9 +492,9 @@ static int smack_inode_rmdir(struct path
*
* Returns 0 if access is permitted, an error code otherwise
*/
-static int smack_inode_rename(struct inode *old_inode,
+static int smack_inode_rename(struct path *old_dir,
struct dentry *old_dentry,
- struct inode *new_inode,
+ struct path *new_dir,
struct dentry *new_dentry)
{
int rc;
--
next prev parent reply other threads:[~2008-05-29 13:52 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-29 13:49 [patch 00/15] security: pass path instead of inode to security ops Miklos Szeredi
2008-05-29 13:49 ` [patch 01/15] security: pass path to inode_create Miklos Szeredi
2008-05-31 8:30 ` Christoph Hellwig
2008-05-31 10:48 ` Tetsuo Handa
2008-06-01 20:52 ` Miklos Szeredi
2008-06-02 6:01 ` Christoph Hellwig
2008-06-02 7:02 ` Miklos Szeredi
2008-06-02 9:13 ` Christoph Hellwig
2008-06-02 9:32 ` Miklos Szeredi
2008-06-02 9:36 ` Christoph Hellwig
2008-06-02 9:52 ` Miklos Szeredi
2008-06-02 10:42 ` Christoph Hellwig
2008-06-02 10:55 ` Miklos Szeredi
2008-06-02 11:04 ` Pekka Enberg
2008-06-02 11:13 ` Miklos Szeredi
2008-06-02 15:05 ` Evgeniy Polyakov
2008-06-02 15:31 ` Toshiharu Harada
2008-06-02 15:51 ` Evgeniy Polyakov
2008-06-02 16:29 ` Toshiharu Harada
2008-06-02 16:52 ` Evgeniy Polyakov
2008-06-02 23:37 ` Toshiharu Harada
2008-06-03 6:08 ` Miklos Szeredi
2008-06-02 18:59 ` Serge E. Hallyn
2008-06-02 10:04 ` Andreas Gruenbacher
2008-06-02 11:23 ` Matthew Wilcox
2008-06-02 11:34 ` Miklos Szeredi
2008-06-02 11:52 ` Miklos Szeredi
2008-06-02 12:32 ` Matthew Wilcox
2008-06-02 12:45 ` Andreas Gruenbacher
2008-06-02 12:49 ` Matthew Wilcox
2008-06-02 13:24 ` Andreas Gruenbacher
2008-06-14 8:27 ` Tetsuo Handa
2008-06-03 13:43 ` Stephen Smalley
2008-06-04 5:09 ` Tetsuo Handa
2008-05-29 13:49 ` [patch 02/15] security: pass path to inode_mknod Miklos Szeredi
2008-05-29 13:49 ` [patch 03/15] security: pass path to inode_mkdir Miklos Szeredi
2008-05-29 13:49 ` [patch 04/15] security: pass path to inode_rmdir Miklos Szeredi
2008-05-29 13:49 ` [patch 05/15] security: pass path to inode_unlink Miklos Szeredi
2008-05-29 13:49 ` [patch 06/15] security: pass path to inode_symlink Miklos Szeredi
2008-05-29 13:49 ` [patch 07/15] security: pass path to inode_link Miklos Szeredi
2008-05-29 13:49 ` Miklos Szeredi [this message]
2008-05-29 13:49 ` [patch 09/15] security: pass path to inode_setattr Miklos Szeredi
2008-05-29 13:49 ` [patch 10/15] security: pass path to inode_getxattr Miklos Szeredi
2008-05-29 13:49 ` [patch 11/15] security: pass path to inode_listxattr Miklos Szeredi
2008-05-29 13:49 ` [patch 12/15] security: pass path to inode_setxattr Miklos Szeredi
2008-05-29 13:49 ` [patch 13/15] security: pass path to inode_removexattr Miklos Szeredi
2008-05-29 13:49 ` [patch 14/15] vfs: more path_permission() conversions Miklos Szeredi
2008-05-29 13:49 ` [patch 15/15] security: pass path to inode_permission Miklos Szeredi
2008-05-30 13:37 ` [patch 00/15] security: pass path instead of inode to security ops Tetsuo Handa
2008-05-30 17:17 ` Miklos Szeredi
2008-05-31 0:33 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080529135007.516269298@szeredi.hu \
--to=miklos@szeredi.hu \
--cc=agruen@suse.de \
--cc=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=jjohansen@suse.de \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox