This is needed for computing pathnames in the AppArmor LSM.

Signed-off-by: Tony Jones <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>
Signed-off-by: John Johansen <[EMAIL PROTECTED]>

---
 fs/xattr.c               |    4 ++--
 include/linux/security.h |   40 +++++++++++++++++++++++++---------------
 security/commoncap.c     |    4 ++--
 security/dummy.c         |    9 ++++++---
 security/selinux/hooks.c |    8 ++++++--
 5 files changed, 41 insertions(+), 24 deletions(-)

--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -80,7 +80,7 @@ vfs_setxattr(struct dentry *dentry, stru
                return error;
 
        mutex_lock(&inode->i_mutex);
-       error = security_inode_setxattr(dentry, name, value, size, flags);
+       error = security_inode_setxattr(dentry, mnt, name, value, size, flags);
        if (error)
                goto out;
        error = -EOPNOTSUPP;
@@ -88,7 +88,7 @@ vfs_setxattr(struct dentry *dentry, stru
                error = inode->i_op->setxattr(dentry, name, value, size, flags);
                if (!error) {
                        fsnotify_xattr(dentry);
-                       security_inode_post_setxattr(dentry, name, value,
+                       security_inode_post_setxattr(dentry, mnt, name, value,
                                                     size, flags);
                }
        } else if (!strncmp(name, XATTR_SECURITY_PREFIX,
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -49,7 +49,7 @@ extern void cap_capset_set (struct task_
 extern int cap_bprm_set_security (struct linux_binprm *bprm);
 extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
-extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, 
size_t size, int flags);
+extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, 
char *name, void *value, size_t size, int flags);
 extern int cap_inode_removexattr(struct dentry *dentry, char *name);
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t 
old_suid, int flags);
 extern void cap_task_reparent_to_init (struct task_struct *p);
@@ -384,11 +384,11 @@ struct request_sock;
  *     inode.
  * @inode_setxattr:
  *     Check permission before setting the extended attributes
- *     @value identified by @name for @dentry.
+ *     @value identified by @name for @dentry and @mnt.
  *     Return 0 if permission is granted.
  * @inode_post_setxattr:
  *     Update inode security field after successful setxattr operation.
- *     @value identified by @name for @dentry.
+ *     @value identified by @name for @dentry and @mnt.
  * @inode_getxattr:
  *     Check permission before obtaining the extended attributes
  *     identified by @name for @dentry.
@@ -1242,9 +1242,11 @@ struct security_operations {
                              struct iattr *attr);
        int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
         void (*inode_delete) (struct inode *inode);
-       int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
-                              size_t size, int flags);
-       void (*inode_post_setxattr) (struct dentry *dentry, char *name, void 
*value,
+       int (*inode_setxattr) (struct dentry *dentry, struct vfsmount *mnt,
+                              char *name, void *value, size_t size, int flags);
+       void (*inode_post_setxattr) (struct dentry *dentry,
+                                    struct vfsmount *mnt,
+                                    char *name, void *value,
                                     size_t size, int flags);
        int (*inode_getxattr) (struct dentry *dentry, char *name);
        int (*inode_listxattr) (struct dentry *dentry);
@@ -1760,20 +1762,24 @@ static inline void security_inode_delete
        security_ops->inode_delete (inode);
 }
 
-static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+static inline int security_inode_setxattr (struct dentry *dentry,
+                                          struct vfsmount *mnt, char *name,
                                           void *value, size_t size, int flags)
 {
        if (unlikely (IS_PRIVATE (dentry->d_inode)))
                return 0;
-       return security_ops->inode_setxattr (dentry, name, value, size, flags);
+       return security_ops->inode_setxattr (dentry, mnt, name, value, size,
+                                            flags);
 }
 
-static inline void security_inode_post_setxattr (struct dentry *dentry, char 
*name,
-                                               void *value, size_t size, int 
flags)
+static inline void security_inode_post_setxattr (struct dentry *dentry,
+                                                struct vfsmount *mnt,
+                                                char *name, void *value,
+                                                size_t size, int flags)
 {
        if (unlikely (IS_PRIVATE (dentry->d_inode)))
                return;
-       security_ops->inode_post_setxattr (dentry, name, value, size, flags);
+       security_ops->inode_post_setxattr (dentry, mnt, name, value, size, 
flags);
 }
 
 static inline int security_inode_getxattr (struct dentry *dentry, char *name)
@@ -2467,14 +2473,18 @@ static inline int security_inode_getattr
 static inline void security_inode_delete (struct inode *inode)
 { }
 
-static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+static inline int security_inode_setxattr (struct dentry *dentry,
+                                          struct vfsmount *mnt, char *name,
                                           void *value, size_t size, int flags)
 {
-       return cap_inode_setxattr(dentry, name, value, size, flags);
+       return cap_inode_setxattr(dentry, mnt, name, value, size, flags);
 }
 
-static inline void security_inode_post_setxattr (struct dentry *dentry, char 
*name,
-                                                void *value, size_t size, int 
flags)
+static inline void security_inode_post_setxattr (struct dentry *dentry,
+                                                struct vfsmount *mnt,
+                                                char *name,
+                                                void *value, size_t size,
+                                                int flags)
 { }
 
 static inline int security_inode_getxattr (struct dentry *dentry, char *name)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -190,8 +190,8 @@ int cap_bprm_secureexec (struct linux_bi
                current->egid != current->gid);
 }
 
-int cap_inode_setxattr(struct dentry *dentry, char *name, void *value,
-                      size_t size, int flags)
+int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
+                      void *value, size_t size, int flags)
 {
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                     sizeof(XATTR_SECURITY_PREFIX) - 1)  &&
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -350,8 +350,9 @@ static void dummy_inode_delete (struct i
        return;
 }
 
-static int dummy_inode_setxattr (struct dentry *dentry, char *name, void 
*value,
-                               size_t size, int flags)
+static int dummy_inode_setxattr (struct dentry *dentry, struct vfsmount *mnt,
+                                char *name, void *value, size_t size,
+                                int flags)
 {
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
@@ -360,7 +361,9 @@ static int dummy_inode_setxattr (struct 
        return 0;
 }
 
-static void dummy_inode_post_setxattr (struct dentry *dentry, char *name, void 
*value,
+static void dummy_inode_post_setxattr (struct dentry *dentry,
+                                      struct vfsmount *mnt,
+                                      char *name, void *value,
                                       size_t size, int flags)
 {
 }
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2305,7 +2305,9 @@ static int selinux_inode_getattr(struct 
        return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
 }
 
-static int selinux_inode_setxattr(struct dentry *dentry, char *name, void 
*value, size_t size, int flags)
+static int selinux_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+                                 char *name, void *value, size_t size,
+                                 int flags)
 {
        struct task_security_struct *tsec = current->security;
        struct inode *inode = dentry->d_inode;
@@ -2365,7 +2367,9 @@ static int selinux_inode_setxattr(struct
                            &ad);
 }
 
-static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
+static void selinux_inode_post_setxattr(struct dentry *dentry,
+                                       struct vfsmount *mnt,
+                                       char *name,
                                         void *value, size_t size, int flags)
 {
        struct inode *inode = dentry->d_inode;

-- 
-
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to