1
From: Tony Jones <tonyj@suse.de>
2
Subject: Pass struct vfsmount to the inode_getxattr LSM hook
4
This is needed for computing pathnames in the AppArmor LSM.
6
Signed-off-by: Tony Jones <tonyj@suse.de>
7
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
8
Signed-off-by: John Johansen <jjohansen@suse.de>
12
include/linux/security.h | 11 +++++++----
13
security/dummy.c | 3 ++-
14
security/security.c | 5 +++--
15
security/selinux/hooks.c | 3 ++-
16
5 files changed, 15 insertions(+), 9 deletions(-)
20
@@ -115,7 +115,7 @@ vfs_getxattr(struct dentry *dentry, stru
24
- error = security_inode_getxattr(dentry, name);
25
+ error = security_inode_getxattr(dentry, mnt, name);
29
--- a/include/linux/security.h
30
+++ b/include/linux/security.h
31
@@ -405,7 +405,7 @@ struct request_sock;
32
* @value identified by @name for @dentry and @mnt.
34
* Check permission before obtaining the extended attributes
35
- * identified by @name for @dentry.
36
+ * identified by @name for @dentry and @mnt.
37
* Return 0 if permission is granted.
39
* Check permission before obtaining the list of extended attribute
40
@@ -1291,7 +1291,8 @@ struct security_operations {
42
char *name, void *value,
43
size_t size, int flags);
44
- int (*inode_getxattr) (struct dentry *dentry, char *name);
45
+ int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt,
47
int (*inode_listxattr) (struct dentry *dentry);
48
int (*inode_removexattr) (struct dentry *dentry, char *name);
49
int (*inode_need_killpriv) (struct dentry *dentry);
50
@@ -1554,7 +1555,8 @@ int security_inode_setxattr(struct dentr
51
void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt,
52
char *name, void *value, size_t size,
54
-int security_inode_getxattr(struct dentry *dentry, char *name);
55
+int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
57
int security_inode_listxattr(struct dentry *dentry);
58
int security_inode_removexattr(struct dentry *dentry, char *name);
59
int security_inode_need_killpriv(struct dentry *dentry);
60
@@ -1954,7 +1956,8 @@ static inline void security_inode_post_s
64
-static inline int security_inode_getxattr (struct dentry *dentry, char *name)
65
+static inline int security_inode_getxattr (struct dentry *dentry,
66
+ struct vfsmount *mnt, char *name)
70
--- a/security/dummy.c
71
+++ b/security/dummy.c
72
@@ -365,7 +365,8 @@ static void dummy_inode_post_setxattr (s
76
-static int dummy_inode_getxattr (struct dentry *dentry, char *name)
77
+static int dummy_inode_getxattr (struct dentry *dentry,
78
+ struct vfsmount *mnt, char *name)
82
--- a/security/security.c
83
+++ b/security/security.c
84
@@ -458,11 +458,12 @@ void security_inode_post_setxattr(struct
85
security_ops->inode_post_setxattr(dentry, mnt, name, value, size, flags);
88
-int security_inode_getxattr(struct dentry *dentry, char *name)
89
+int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
92
if (unlikely(IS_PRIVATE(dentry->d_inode)))
94
- return security_ops->inode_getxattr(dentry, name);
95
+ return security_ops->inode_getxattr(dentry, mnt, name);
98
int security_inode_listxattr(struct dentry *dentry)
99
--- a/security/selinux/hooks.c
100
+++ b/security/selinux/hooks.c
101
@@ -2409,7 +2409,8 @@ static void selinux_inode_post_setxattr(
105
-static int selinux_inode_getxattr (struct dentry *dentry, char *name)
106
+static int selinux_inode_getxattr (struct dentry *dentry, struct vfsmount *mnt,
109
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);