This allows LSMs to also distinguish between file descriptor and path
access for the xattr operations. (The other relevant operations are
covered by the setattr hook.)

Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Signed-off-by: John Johansen <[EMAIL PROTECTED]>

---
 fs/nfsd/vfs.c            |   12 +++++----
 fs/unionfs/copyup.c      |   12 +++++----
 fs/unionfs/xattr.c       |    9 +++----
 fs/xattr.c               |   60 +++++++++++++++++++++++++----------------------
 include/linux/security.h |   40 ++++++++++++++++++-------------
 include/linux/xattr.h    |   10 ++++---
 security/commoncap.c     |    4 +--
 security/dummy.c         |   10 ++++---
 security/security.c      |   21 +++++++++-------
 security/selinux/hooks.c |   10 ++++---
 10 files changed, 107 insertions(+), 81 deletions(-)

--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -413,7 +413,7 @@ static ssize_t nfsd_getxattr(struct dent
 {
        ssize_t buflen;
 
-       buflen = vfs_getxattr(dentry, mnt, key, NULL, 0);
+       buflen = vfs_getxattr(dentry, mnt, key, NULL, 0, NULL);
        if (buflen <= 0)
                return buflen;
 
@@ -421,7 +421,7 @@ static ssize_t nfsd_getxattr(struct dent
        if (!*buf)
                return -ENOMEM;
 
-       return vfs_getxattr(dentry, mnt, key, *buf, buflen);
+       return vfs_getxattr(dentry, mnt, key, *buf, buflen, NULL);
 }
 #endif
 
@@ -447,7 +447,7 @@ set_nfsv4_acl_one(struct dentry *dentry,
                goto out;
        }
 
-       error = vfs_setxattr(dentry, mnt, key, buf, len, 0);
+       error = vfs_setxattr(dentry, mnt, key, buf, len, 0, NULL);
 out:
        kfree(buf);
        return error;
@@ -2067,12 +2067,14 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i
 
        mnt = fhp->fh_export->ex_path.mnt;
        if (size)
-               error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size, 0);
+               error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size, 0,
+                                    NULL);
        else {
                if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT)
                        error = 0;
                else {
-                       error = vfs_removexattr(fhp->fh_dentry, mnt, name);
+                       error = vfs_removexattr(fhp->fh_dentry, mnt, name,
+                                               NULL);
                        if (error == -ENODATA)
                                error = 0;
                }
--- a/fs/unionfs/copyup.c
+++ b/fs/unionfs/copyup.c
@@ -37,7 +37,8 @@ static int copyup_xattrs(struct dentry *
        char *name_list_buf = NULL;
 
        /* query the actual size of the xattr list */
-       list_size = vfs_listxattr(old_lower_dentry, old_lower_mnt, NULL, 0);
+       list_size = vfs_listxattr(old_lower_dentry, old_lower_mnt, NULL, 0,
+                                 NULL);
        if (list_size <= 0) {
                err = list_size;
                goto out;
@@ -54,7 +55,7 @@ static int copyup_xattrs(struct dentry *
 
        /* now get the actual xattr list of the source file */
        list_size = vfs_listxattr(old_lower_dentry, old_lower_mnt, name_list,
-                                 list_size);
+                                 list_size, NULL);
        if (list_size <= 0) {
                err = list_size;
                goto out;
@@ -74,7 +75,7 @@ static int copyup_xattrs(struct dentry *
                /* Lock here since vfs_getxattr doesn't lock for us */
                mutex_lock(&old_lower_dentry->d_inode->i_mutex);
                size = vfs_getxattr(old_lower_dentry, old_lower_mnt, name_list,
-                                   attr_value, XATTR_SIZE_MAX);
+                                   attr_value, XATTR_SIZE_MAX, NULL);
                mutex_unlock(&old_lower_dentry->d_inode->i_mutex);
                if (size < 0) {
                        err = size;
@@ -86,7 +87,7 @@ static int copyup_xattrs(struct dentry *
                }
                /* Don't lock here since vfs_setxattr does it for us. */
                err = vfs_setxattr(new_lower_dentry, new_lower_mnt, name_list,
-                                  attr_value, size, 0);
+                                  attr_value, size, 0, NULL);
                /*
                 * Selinux depends on "security.*" xattrs, so to maintain
                 * the security of copied-up files, if Selinux is active,
@@ -97,7 +98,8 @@ static int copyup_xattrs(struct dentry *
                if (err == -EPERM && !capable(CAP_FOWNER)) {
                        cap_raise(current->cap_effective, CAP_FOWNER);
                        err = vfs_setxattr(new_lower_dentry, new_lower_mnt,
-                                          name_list, attr_value, size, 0);
+                                          name_list, attr_value, size, 0,
+                                          NULL);
                        cap_lower(current->cap_effective, CAP_FOWNER);
                }
                if (err < 0)
--- a/fs/unionfs/xattr.c
+++ b/fs/unionfs/xattr.c
@@ -57,7 +57,8 @@ ssize_t unionfs_getxattr(struct dentry *
        lower_dentry = unionfs_lower_dentry(dentry);
        lower_mnt = unionfs_lower_mnt(dentry);
 
-       err = vfs_getxattr(lower_dentry, lower_mnt, (char *) name, value, size);
+       err = vfs_getxattr(lower_dentry, lower_mnt, (char *) name, value, size,
+                          NULL);
 
 out:
        unionfs_check_dentry(dentry);
@@ -90,7 +91,7 @@ int unionfs_setxattr(struct dentry *dent
        lower_mnt = unionfs_lower_mnt(dentry);
 
        err = vfs_setxattr(lower_dentry, lower_mnt, (char *) name,
-                          (void *) value, size, flags);
+                          (void *) value, size, flags, NULL);
 
 out:
        unionfs_check_dentry(dentry);
@@ -120,7 +121,7 @@ int unionfs_removexattr(struct dentry *d
        lower_dentry = unionfs_lower_dentry(dentry);
        lower_mnt = unionfs_lower_mnt(dentry);
 
-       err = vfs_removexattr(lower_dentry, lower_mnt, (char *) name);
+       err = vfs_removexattr(lower_dentry, lower_mnt, (char *) name, NULL);
 
 out:
        unionfs_check_dentry(dentry);
@@ -152,7 +153,7 @@ ssize_t unionfs_listxattr(struct dentry 
        lower_mnt = unionfs_lower_mnt(dentry);
 
        encoded_list = list;
-       err = vfs_listxattr(lower_dentry, lower_mnt, encoded_list, size);
+       err = vfs_listxattr(lower_dentry, lower_mnt, encoded_list, size, NULL);
 
 out:
        unionfs_check_dentry(dentry);
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -68,7 +68,7 @@ xattr_permission(struct inode *inode, co
 
 int
 vfs_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
-            void *value, size_t size, int flags)
+            void *value, size_t size, int flags, struct file *file)
 {
        struct inode *inode = dentry->d_inode;
        int error;
@@ -78,7 +78,7 @@ vfs_setxattr(struct dentry *dentry, stru
                return error;
 
        mutex_lock(&inode->i_mutex);
-       error = security_inode_setxattr(dentry, mnt, name, value, size, flags);
+       error = security_inode_setxattr(dentry, mnt, name, value, size, flags,  
                                        file);
        if (error)
                goto out;
        error = -EOPNOTSUPP;
@@ -132,7 +132,7 @@ EXPORT_SYMBOL_GPL(xattr_getsecurity);
 
 ssize_t
 vfs_getxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
-            void *value, size_t size)
+            void *value, size_t size, struct file *file)
 {
        struct inode *inode = dentry->d_inode;
        int error;
@@ -141,7 +141,7 @@ vfs_getxattr(struct dentry *dentry, stru
        if (error)
                return error;
 
-       error = security_inode_getxattr(dentry, mnt, name);
+       error = security_inode_getxattr(dentry, mnt, name, file);
        if (error)
                return error;
 
@@ -169,12 +169,12 @@ EXPORT_SYMBOL_GPL(vfs_getxattr);
 
 ssize_t
 vfs_listxattr(struct dentry *dentry, struct vfsmount *mnt, char *list,
-             size_t size)
+             size_t size, struct file *file)
 {
        struct inode *inode = dentry->d_inode;
        ssize_t error;
 
-       error = security_inode_listxattr(dentry, mnt);
+       error = security_inode_listxattr(dentry, mnt, file);
        if (error)
                return error;
        error = -EOPNOTSUPP;
@@ -190,7 +190,8 @@ vfs_listxattr(struct dentry *dentry, str
 EXPORT_SYMBOL_GPL(vfs_listxattr);
 
 int
-vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name)
+vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
+               struct file *file)
 {
        struct inode *inode = dentry->d_inode;
        int error;
@@ -202,7 +203,7 @@ vfs_removexattr(struct dentry *dentry, s
        if (error)
                return error;
 
-       error = security_inode_removexattr(dentry, mnt, name);
+       error = security_inode_removexattr(dentry, mnt, name, file);
        if (error)
                return error;
 
@@ -222,7 +223,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
  */
 static long
 setxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name,
-        void __user *value, size_t size, int flags)
+        void __user *value, size_t size, int flags, struct file *file)
 {
        int error;
        void *kvalue = NULL;
@@ -249,7 +250,7 @@ setxattr(struct dentry *dentry, struct v
                }
        }
 
-       error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags);
+       error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags, file);
        kfree(kvalue);
        return error;
 }
@@ -267,7 +268,8 @@ sys_setxattr(char __user *path, char __u
        error = mnt_want_write(nd.path.mnt);
        if (error)
                return error;
-       error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags);
+       error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags,
+                        NULL);
        mnt_drop_write(nd.path.mnt);
        path_put(&nd.path);
        return error;
@@ -286,7 +288,8 @@ sys_lsetxattr(char __user *path, char __
        error = mnt_want_write(nd.path.mnt);
        if (error)
                return error;
-       error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags);
+       error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags,
+                        NULL);
        mnt_drop_write(nd.path.mnt);
        path_put(&nd.path);
        return error;
@@ -308,7 +311,7 @@ sys_fsetxattr(int fd, char __user *name,
                goto out_fput;
        dentry = f->f_path.dentry;
        audit_inode(NULL, dentry);
-       error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags);
+       error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags, f);
        mnt_drop_write(f->f_vfsmnt);
 out_fput:
        fput(f);
@@ -320,7 +323,7 @@ out_fput:
  */
 static ssize_t
 getxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name,
-        void __user *value, size_t size)
+        void __user *value, size_t size, struct file *file)
 {
        ssize_t error;
        void *kvalue = NULL;
@@ -340,7 +343,7 @@ getxattr(struct dentry *dentry, struct v
                        return -ENOMEM;
        }
 
-       error = vfs_getxattr(dentry, mnt, kname, kvalue, size);
+       error = vfs_getxattr(dentry, mnt, kname, kvalue, size, file);
        if (error > 0) {
                if (size && copy_to_user(value, kvalue, error))
                        error = -EFAULT;
@@ -363,7 +366,7 @@ sys_getxattr(char __user *path, char __u
        error = user_path_walk(path, &nd);
        if (error)
                return error;
-       error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size);
+       error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size, NULL);
        path_put(&nd.path);
        return error;
 }
@@ -378,7 +381,7 @@ sys_lgetxattr(char __user *path, char __
        error = user_path_walk_link(path, &nd);
        if (error)
                return error;
-       error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size);
+       error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size, NULL);
        path_put(&nd.path);
        return error;
 }
@@ -393,7 +396,7 @@ sys_fgetxattr(int fd, char __user *name,
        if (!f)
                return error;
        audit_inode(NULL, f->f_path.dentry);
-       error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size);
+       error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size, f);
        fput(f);
        return error;
 }
@@ -403,7 +406,7 @@ sys_fgetxattr(int fd, char __user *name,
  */
 static ssize_t
 listxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *list,
-         size_t size)
+         size_t size, struct file *file)
 {
        ssize_t error;
        char *klist = NULL;
@@ -416,7 +419,7 @@ listxattr(struct dentry *dentry, struct 
                        return -ENOMEM;
        }
 
-       error = vfs_listxattr(dentry, mnt, klist, size);
+       error = vfs_listxattr(dentry, mnt, klist, size, file);
        if (error > 0) {
                if (size && copy_to_user(list, klist, error))
                        error = -EFAULT;
@@ -438,7 +441,7 @@ sys_listxattr(char __user *path, char __
        error = user_path_walk(path, &nd);
        if (error)
                return error;
-       error = listxattr(nd.path.dentry, nd.path.mnt, list, size);
+       error = listxattr(nd.path.dentry, nd.path.mnt, list, size, NULL);
        path_put(&nd.path);
        return error;
 }
@@ -452,7 +455,7 @@ sys_llistxattr(char __user *path, char _
        error = user_path_walk_link(path, &nd);
        if (error)
                return error;
-       error = listxattr(nd.path.dentry, nd.path.mnt, list, size);
+       error = listxattr(nd.path.dentry, nd.path.mnt, list, size, NULL);
        path_put(&nd.path);
        return error;
 }
@@ -467,7 +470,7 @@ sys_flistxattr(int fd, char __user *list
        if (!f)
                return error;
        audit_inode(NULL, f->f_path.dentry);
-       error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size);
+       error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size, f);
        fput(f);
        return error;
 }
@@ -476,7 +479,8 @@ sys_flistxattr(int fd, char __user *list
  * Extended attribute REMOVE operations
  */
 static long
-removexattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name)
+removexattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name,
+           struct file *file)
 {
        int error;
        char kname[XATTR_NAME_MAX + 1];
@@ -487,7 +491,7 @@ removexattr(struct dentry *dentry, struc
        if (error < 0)
                return error;
 
-       return vfs_removexattr(dentry, mnt, kname);
+       return vfs_removexattr(dentry, mnt, kname, file);
 }
 
 asmlinkage long
@@ -499,7 +503,7 @@ sys_removexattr(char __user *path, char 
        error = user_path_walk(path, &nd);
        if (error)
                return error;
-       error = removexattr(nd.path.dentry, nd.path.mnt, name);
+       error = removexattr(nd.path.dentry, nd.path.mnt, name, NULL);
        path_put(&nd.path);
        return error;
 }
@@ -513,7 +517,7 @@ sys_lremovexattr(char __user *path, char
        error = user_path_walk_link(path, &nd);
        if (error)
                return error;
-       error = removexattr(nd.path.dentry, nd.path.mnt, name);
+       error = removexattr(nd.path.dentry, nd.path.mnt, name, NULL);
        path_put(&nd.path);
        return error;
 }
@@ -530,7 +534,7 @@ sys_fremovexattr(int fd, char __user *na
                return error;
        dentry = f->f_path.dentry;
        audit_inode(NULL, dentry);
-       error = removexattr(dentry, f->f_path.mnt, name);
+       error = removexattr(dentry, f->f_path.mnt, name, f);
        fput(f);
        return error;
 }
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -57,8 +57,8 @@ extern void cap_capset_set (struct task_
 extern int cap_bprm_set_security (struct linux_binprm *bprm);
 extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
-extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, 
char *name, void *value, size_t size, int flags);
-extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, 
char *name);
+extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, 
char *name, void *value, size_t size, int flags, struct file *file);
+extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, 
char *name, struct file *file);
 extern int cap_inode_need_killpriv(struct dentry *dentry);
 extern int cap_inode_killpriv(struct dentry *dentry);
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t 
old_suid, int flags);
@@ -1311,16 +1311,18 @@ struct security_operations {
        int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
         void (*inode_delete) (struct inode *inode);
        int (*inode_setxattr) (struct dentry *dentry, struct vfsmount *mnt,
-                              char *name, void *value, size_t size, int flags);
+                              char *name, void *value, size_t size, int flags,
+                              struct file *file);
        void (*inode_post_setxattr) (struct dentry *dentry,
                                     struct vfsmount *mnt,
                                     char *name, void *value,
                                     size_t size, int flags);
        int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt,
-                              char *name);
-       int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt);
+                              char *name, struct file *file);
+       int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt,
+                               struct file *file);
        int (*inode_removexattr) (struct dentry *dentry, struct vfsmount *mnt,
-                                 char *name);
+                                 char *name, struct file *file);
        int (*inode_need_killpriv) (struct dentry *dentry);
        int (*inode_killpriv) (struct dentry *dentry);
        int (*inode_getsecurity)(const struct inode *inode, const char *name, 
void **buffer, bool alloc);
@@ -1585,15 +1587,17 @@ int security_inode_setattr(struct dentry
 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
 void security_inode_delete(struct inode *inode);
 int security_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
-                           char *name, void *value, size_t size, int flags);
+                           char *name, void *value, size_t size, int flags,
+                           struct file *file);
 void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt,
                                  char *name, void *value, size_t size,
                                  int flags);
 int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
-                           char *name);
-int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt);
+                           char *name, struct file *file);
+int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt,
+                            struct file *file);
 int security_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
-                              char *name);
+                              char *name, struct file *file);
 int security_inode_need_killpriv(struct dentry *dentry);
 int security_inode_killpriv(struct dentry *dentry);
 int security_inode_getsecurity(const struct inode *inode, const char *name, 
void **buffer, bool alloc);
@@ -1980,9 +1984,10 @@ static inline void security_inode_delete
 
 static inline int security_inode_setxattr (struct dentry *dentry,
                                           struct vfsmount *mnt, char *name,
-                                          void *value, size_t size, int flags)
+                                          void *value, size_t size, int flags,
+                                          struct file *file)
 {
-       return cap_inode_setxattr(dentry, mnt, name, value, size, flags);
+       return cap_inode_setxattr(dentry, mnt, name, value, size, flags, file);
 }
 
 static inline void security_inode_post_setxattr (struct dentry *dentry,
@@ -1993,21 +1998,24 @@ static inline void security_inode_post_s
 { }
 
 static inline int security_inode_getxattr (struct dentry *dentry,
-                                           struct vfsmount *mnt, char *name)
+                                          struct vfsmount *mnt, char *name,
+                                          struct file *file)
 {
        return 0;
 }
 
 static inline int security_inode_listxattr (struct dentry *dentry,
-                                           struct vfsmount *mnt)
+                                          struct vfsmount *mnt,
+                                          struct file *file)
 {
        return 0;
 }
 
 static inline int security_inode_removexattr (struct dentry *dentry,
-                                             struct vfsmount *mnt, char *name)
+                                            struct vfsmount *mnt, char *name,
+                                            struct file *file)
 {
-       return cap_inode_removexattr(dentry, mnt, name);
+       return cap_inode_removexattr(dentry, mnt, name, file);
 }
 
 static inline int security_inode_need_killpriv(struct dentry *dentry)
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -47,11 +47,13 @@ struct xattr_handler {
 };
 
 ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
-ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *, 
size_t);
-ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list, size_t 
size);
+ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *,
+                    size_t, struct file *);
+ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list,
+                     size_t size, struct file *);
 int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t,
-                int);
-int vfs_removexattr(struct dentry *, struct vfsmount *, char *);
+                int, struct file *);
+int vfs_removexattr(struct dentry *, struct vfsmount *, char *, struct file *);
 
 ssize_t generic_getxattr(struct dentry *dentry, const char *name, void 
*buffer, size_t size);
 ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t 
buffer_size);
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -380,7 +380,7 @@ int cap_bprm_secureexec (struct linux_bi
 }
 
 int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
-                      void *value, size_t size, int flags)
+                      void *value, size_t size, int flags, struct file *file)
 {
        if (!strcmp(name, XATTR_NAME_CAPS)) {
                if (!capable(CAP_SETFCAP))
@@ -394,7 +394,7 @@ int cap_inode_setxattr(struct dentry *de
 }
 
 int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
-                         char *name)
+                         char *name, struct file *file)
 {
        if (!strcmp(name, XATTR_NAME_CAPS)) {
                if (!capable(CAP_SETFCAP))
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -377,7 +377,7 @@ static void dummy_inode_delete (struct i
 
 static int dummy_inode_setxattr (struct dentry *dentry, struct vfsmount *mnt,
                                 char *name, void *value, size_t size,
-                                int flags)
+                                int flags, struct file *file)
 {
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
@@ -394,18 +394,20 @@ static void dummy_inode_post_setxattr (s
 }
 
 static int dummy_inode_getxattr (struct dentry *dentry,
-                                 struct vfsmount *mnt, char *name)
+                                 struct vfsmount *mnt, char *name,
+                                 struct file *file)
 {
        return 0;
 }
 
-static int dummy_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt)
+static int dummy_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt,
+                                 struct file *file)
 {
        return 0;
 }
 
 static int dummy_inode_removexattr (struct dentry *dentry, struct vfsmount 
*mnt,
-                                   char *name)
+                                   char *name, struct file *file)
 {
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
--- a/security/security.c
+++ b/security/security.c
@@ -461,12 +461,13 @@ void security_inode_delete(struct inode 
 }
 
 int security_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
-                            char *name, void *value, size_t size, int flags)
+                           char *name, void *value, size_t size, int flags,
+                           struct file *file)
 {
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
                return 0;
        return security_ops->inode_setxattr(dentry, mnt, name, value, size,
-                                           flags);
+                                           flags, file);
 }
 
 void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt,
@@ -475,30 +476,32 @@ void security_inode_post_setxattr(struct
 {
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
                return;
-       security_ops->inode_post_setxattr(dentry, mnt, name, value, size, 
flags);
+       security_ops->inode_post_setxattr(dentry, mnt, name, value, size,
+                                        flags);
 }
 
 int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
-                           char *name)
+                           char *name, struct file *file)
 {
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
                return 0;
-       return security_ops->inode_getxattr(dentry, mnt, name);
+       return security_ops->inode_getxattr(dentry, mnt, name, file);
 }
 
-int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt)
+int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt,
+                            struct file *file)
 {
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
                return 0;
-       return security_ops->inode_listxattr(dentry, mnt);
+       return security_ops->inode_listxattr(dentry, mnt, file);
 }
 
 int security_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
-                              char *name)
+                              char *name, struct file *file)
 {
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
                return 0;
-       return security_ops->inode_removexattr(dentry, mnt, name);
+       return security_ops->inode_removexattr(dentry, mnt, name, file);
 }
 
 int security_inode_need_killpriv(struct dentry *dentry)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2561,7 +2561,7 @@ static int selinux_inode_setotherxattr(s
 
 static int selinux_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
                                  char *name, void *value, size_t size,
-                                 int flags)
+                                 int flags, struct file *file)
 {
        struct task_security_struct *tsec = current->security;
        struct inode *inode = dentry->d_inode;
@@ -2637,18 +2637,20 @@ static void selinux_inode_post_setxattr(
 }
 
 static int selinux_inode_getxattr (struct dentry *dentry, struct vfsmount *mnt,
-                                  char *name)
+                                  char *name, struct file *file)
 {
        return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
 }
 
-static int selinux_inode_listxattr (struct dentry *dentry, struct vfsmount 
*mnt)
+static int selinux_inode_listxattr (struct dentry *dentry, struct vfsmount 
*mnt,
+                                   struct file *file)
 {
        return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
 }
 
 static int selinux_inode_removexattr (struct dentry *dentry,
-                                     struct vfsmount *mnt, char *name)
+                                     struct vfsmount *mnt, char *name,
+                                     struct file *file)
 {
        if (strcmp(name, XATTR_NAME_SELINUX))
                return selinux_inode_setotherxattr(dentry, name);

-- 

-
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to