diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/apparmorfs.c | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 11 | ||||
-rw-r--r-- | security/apparmor/path.c | 1 | ||||
-rw-r--r-- | security/capability.c | 13 | ||||
-rw-r--r-- | security/device_cgroup.c | 7 | ||||
-rw-r--r-- | security/inode.c | 193 | ||||
-rw-r--r-- | security/lsm_audit.c | 7 | ||||
-rw-r--r-- | security/security.c | 17 | ||||
-rw-r--r-- | security/selinux/hooks.c | 21 | ||||
-rw-r--r-- | security/selinux/netnode.c | 2 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 4 | ||||
-rw-r--r-- | security/tomoyo/audit.c | 4 | ||||
-rw-r--r-- | security/tomoyo/common.h | 2 | ||||
-rw-r--r-- | security/tomoyo/realpath.c | 9 | ||||
-rw-r--r-- | security/tomoyo/securityfs_if.c | 2 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 15 |
16 files changed, 104 insertions, 206 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 69ddb47787b..e39df6d4377 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -165,7 +165,7 @@ static void __init aafs_remove(const char *name) * * Used aafs_remove to remove entries created with this fn. */ -static int __init aafs_create(const char *name, int mask, +static int __init aafs_create(const char *name, umode_t mask, const struct file_operations *fops) { struct dentry *dentry; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 41ae0c6cb90..d7f06f8b283 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -262,7 +262,7 @@ static int apparmor_path_unlink(struct path *dir, struct dentry *dentry) } static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, - int mode) + umode_t mode) { return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, S_IFDIR); @@ -274,7 +274,7 @@ static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry) } static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, - int mode, unsigned int dev) + umode_t mode, unsigned int dev) { return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); } @@ -344,13 +344,12 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, return error; } -static int apparmor_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) +static int apparmor_path_chmod(struct path *path, umode_t mode) { - if (!mediated_filesystem(dentry->d_inode)) + if (!mediated_filesystem(path->dentry->d_inode)) return 0; - return common_perm_mnt_dentry(OP_CHMOD, mnt, dentry, AA_MAY_CHMOD); + return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); } static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid) diff --git a/security/apparmor/path.c b/security/apparmor/path.c index b566eba4a65..9d070a7c3ff 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -13,7 +13,6 @@ */ #include <linux/magic.h> -#include <linux/mnt_namespace.h> #include <linux/mount.h> #include <linux/namei.h> #include <linux/nsproxy.h> diff --git a/security/capability.c b/security/capability.c index 2984ea4f776..3b5883b7179 100644 --- a/security/capability.c +++ b/security/capability.c @@ -125,7 +125,7 @@ static int cap_inode_init_security(struct inode *inode, struct inode *dir, } static int cap_inode_create(struct inode *inode, struct dentry *dentry, - int mask) + umode_t mask) { return 0; } @@ -148,7 +148,7 @@ static int cap_inode_symlink(struct inode *inode, struct dentry *dentry, } static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry, - int mask) + umode_t mask) { return 0; } @@ -159,7 +159,7 @@ static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry) } static int cap_inode_mknod(struct inode *inode, struct dentry *dentry, - int mode, dev_t dev) + umode_t mode, dev_t dev) { return 0; } @@ -235,13 +235,13 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid) } #ifdef CONFIG_SECURITY_PATH -static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, +static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { return 0; } -static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode) +static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) { return 0; } @@ -279,8 +279,7 @@ static int cap_path_truncate(struct path *path) return 0; } -static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) +static int cap_path_chmod(struct path *path, umode_t mode) { return 0; } diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 4450fbeec41..8b5b5d8612c 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -62,11 +62,12 @@ static inline struct dev_cgroup *task_devcgroup(struct task_struct *task) struct cgroup_subsys devices_subsys; static int devcgroup_can_attach(struct cgroup_subsys *ss, - struct cgroup *new_cgroup, struct task_struct *task) + struct cgroup *new_cgrp, struct cgroup_taskset *set) { - if (current != task && !capable(CAP_SYS_ADMIN)) - return -EPERM; + struct task_struct *task = cgroup_taskset_first(set); + if (current != task && !capable(CAP_SYS_ADMIN)) + return -EPERM; return 0; } diff --git a/security/inode.c b/security/inode.c index c4df2fbebe6..43ce6e19015 100644 --- a/security/inode.c +++ b/security/inode.c @@ -25,100 +25,6 @@ static struct vfsmount *mount; static int mount_count; -/* - * TODO: - * I think I can get rid of these default_file_ops, but not quite sure... - */ -static ssize_t default_read_file(struct file *file, char __user *buf, - size_t count, loff_t *ppos) -{ - return 0; -} - -static ssize_t default_write_file(struct file *file, const char __user *buf, - size_t count, loff_t *ppos) -{ - return count; -} - -static int default_open(struct inode *inode, struct file *file) -{ - if (inode->i_private) - file->private_data = inode->i_private; - - return 0; -} - -static const struct file_operations default_file_ops = { - .read = default_read_file, - .write = default_write_file, - .open = default_open, - .llseek = noop_llseek, -}; - -static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) -{ - struct inode *inode = new_inode(sb); - - if (inode) { - inode->i_ino = get_next_ino(); - inode->i_mode = mode; - inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; - switch (mode & S_IFMT) { - default: - init_special_inode(inode, mode, dev); - break; - case S_IFREG: - inode->i_fop = &default_file_ops; - break; - case S_IFDIR: - inode->i_op = &simple_dir_inode_operations; - inode->i_fop = &simple_dir_operations; - - /* directory inodes start off with i_nlink == 2 (for "." entry) */ - inc_nlink(inode); - break; - } - } - return inode; -} - -/* SMP-safe */ -static int mknod(struct inode *dir, struct dentry *dentry, - int mode, dev_t dev) -{ - struct inode *inode; - int error = -ENOMEM; - - if (dentry->d_inode) - return -EEXIST; - - inode = get_inode(dir->i_sb, mode, dev); - if (inode) { - d_instantiate(dentry, inode); - dget(dentry); - error = 0; - } - return error; -} - -static int mkdir(struct inode *dir, struct dentry *dentry, int mode) -{ - int res; - - mode = (mode & (S_IRWXUGO | S_ISVTX)) | S_IFDIR; - res = mknod(dir, dentry, mode, 0); - if (!res) - inc_nlink(dir); - return res; -} - -static int create(struct inode *dir, struct dentry *dentry, int mode) -{ - mode = (mode & S_IALLUGO) | S_IFREG; - return mknod(dir, dentry, mode, 0); -} - static inline int positive(struct dentry *dentry) { return dentry->d_inode && !d_unhashed(dentry); @@ -145,38 +51,6 @@ static struct file_system_type fs_type = { .kill_sb = kill_litter_super, }; -static int create_by_name(const char *name, mode_t mode, - struct dentry *parent, - struct dentry **dentry) -{ - int error = 0; - - *dentry = NULL; - - /* If the parent is not specified, we create it in the root. - * We need the root dentry to do this, which is in the super - * block. A pointer to that is in the struct vfsmount that we - * have around. - */ - if (!parent) - parent = mount->mnt_sb->s_root; - - mutex_lock(&parent->d_inode->i_mutex); - *dentry = lookup_one_len(name, parent, strlen(name)); - if (!IS_ERR(*dentry)) { - if ((mode & S_IFMT) == S_IFDIR) - error = mkdir(parent->d_inode, *dentry, mode); - else - error = create(parent->d_inode, *dentry, mode); - if (error) - dput(*dentry); - } else - error = PTR_ERR(*dentry); - mutex_unlock(&parent->d_inode->i_mutex); - - return error; -} - /** * securityfs_create_file - create a file in the securityfs filesystem * @@ -205,35 +79,70 @@ static int create_by_name(const char *name, mode_t mode, * If securityfs is not enabled in the kernel, the value %-ENODEV is * returned. */ -struct dentry *securityfs_create_file(const char *name, mode_t mode, +struct dentry *securityfs_create_file(const char *name, umode_t mode, struct dentry *parent, void *data, const struct file_operations *fops) { - struct dentry *dentry = NULL; + struct dentry *dentry; + int is_dir = S_ISDIR(mode); + struct inode *dir, *inode; int error; + if (!is_dir) { + BUG_ON(!fops); + mode = (mode & S_IALLUGO) | S_IFREG; + } + pr_debug("securityfs: creating file '%s'\n",name); error = simple_pin_fs(&fs_type, &mount, &mount_count); - if (error) { - dentry = ERR_PTR(error); - goto exit; + if (error) + return ERR_PTR(error); + + if (!parent) + parent = mount->mnt_root; + + dir = parent->d_inode; + + mutex_lock(&dir->i_mutex); + dentry = lookup_one_len(name, parent, strlen(name)); + if (IS_ERR(dentry)) + goto out; + + if (dentry->d_inode) { + error = -EEXIST; + goto out1; } - error = create_by_name(name, mode, parent, &dentry); - if (error) { - dentry = ERR_PTR(error); - simple_release_fs(&mount, &mount_count); - goto exit; + inode = new_inode(dir->i_sb); + if (!inode) { + error = -ENOMEM; + goto out1; } - if (dentry->d_inode) { - if (fops) - dentry->d_inode->i_fop = fops; - if (data) - dentry->d_inode->i_private = data; + inode->i_ino = get_next_ino(); + inode->i_mode = mode; + inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; + inode->i_private = data; + if (is_dir) { + inode->i_op = &simple_dir_inode_operations; + inode->i_fop = &simple_dir_operations; + inc_nlink(inode); + inc_nlink(dir); + } else { + inode->i_fop = fops; } -exit: + d_instantiate(dentry, inode); + dget(dentry); + mutex_unlock(&dir->i_mutex); + return dentry; + +out1: + dput(dentry); + dentry = ERR_PTR(error); +out: + mutex_unlock(&dir->i_mutex); + simple_release_fs(&mount, &mount_count); return dentry; } EXPORT_SYMBOL_GPL(securityfs_create_file); diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 893af8a2fa1..7bd6f138236 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -114,19 +114,20 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, int offset, ret = 0; struct ipv6hdr *ip6; u8 nexthdr; + __be16 frag_off; ip6 = ipv6_hdr(skb); if (ip6 == NULL) return -EINVAL; - ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); - ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); + ad->u.net.v6info.saddr = ip6->saddr; + ad->u.net.v6info.daddr = ip6->daddr; ret = 0; /* IPv6 can have several extension header before the Transport header * skip them */ offset = skb_network_offset(skb); offset += sizeof(*ip6); nexthdr = ip6->nexthdr; - offset = ipv6_skip_exthdr(skb, offset, &nexthdr); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); if (offset < 0) return 0; if (proto) diff --git a/security/security.c b/security/security.c index e2f684aeb70..214502c772a 100644 --- a/security/security.c +++ b/security/security.c @@ -388,7 +388,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, EXPORT_SYMBOL(security_old_inode_init_security); #ifdef CONFIG_SECURITY_PATH -int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, +int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) @@ -397,7 +397,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, } EXPORT_SYMBOL(security_path_mknod); -int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode) +int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) return 0; @@ -454,12 +454,11 @@ int security_path_truncate(struct path *path) return security_ops->path_truncate(path); } -int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) +int security_path_chmod(struct path *path, umode_t mode) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(path->dentry->d_inode))) return 0; - return security_ops->path_chmod(dentry, mnt, mode); + return security_ops->path_chmod(path, mode); } int security_path_chown(struct path *path, uid_t uid, gid_t gid) @@ -475,7 +474,7 @@ int security_path_chroot(struct path *path) } #endif -int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) +int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(dir))) return 0; @@ -506,7 +505,7 @@ int security_inode_symlink(struct inode *dir, struct dentry *dentry, return security_ops->inode_symlink(dir, dentry, old_name); } -int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) +int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(dir))) return 0; @@ -521,7 +520,7 @@ int security_inode_rmdir(struct inode *dir, struct dentry *dentry) return security_ops->inode_rmdir(dir, dentry); } -int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { if (unlikely(IS_PRIVATE(dir))) return 0; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1126c10a5e8..7cd4c3affac 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1090,7 +1090,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc return SECCLASS_NETLINK_ROUTE_SOCKET; case NETLINK_FIREWALL: return SECCLASS_NETLINK_FIREWALL_SOCKET; - case NETLINK_INET_DIAG: + case NETLINK_SOCK_DIAG: return SECCLASS_NETLINK_TCPDIAG_SOCKET; case NETLINK_NFLOG: return SECCLASS_NETLINK_NFLOG_SOCKET; @@ -1740,7 +1740,7 @@ static inline u32 file_mask_to_av(int mode, int mask) { u32 av = 0; - if ((mode & S_IFMT) != S_IFDIR) { + if (!S_ISDIR(mode)) { if (mask & MAY_EXEC) av |= FILE__EXECUTE; if (mask & MAY_READ) @@ -2507,7 +2507,7 @@ static int selinux_mount(char *dev_name, const struct cred *cred = current_cred(); if (flags & MS_REMOUNT) - return superblock_has_perm(cred, path->mnt->mnt_sb, + return superblock_has_perm(cred, path->dentry->d_sb, FILESYSTEM__REMOUNT, NULL); else return path_has_perm(cred, path, FILE__MOUNTON); @@ -2598,7 +2598,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, return 0; } -static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) { return may_create(dir, dentry, SECCLASS_FILE); } @@ -2618,7 +2618,7 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const return may_create(dir, dentry, SECCLASS_LNK_FILE); } -static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask) { return may_create(dir, dentry, SECCLASS_DIR); } @@ -2628,7 +2628,7 @@ static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) return may_link(dir, dentry, MAY_RMDIR); } -static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { return may_create(dir, dentry, inode_mode_to_security_class(mode)); } @@ -3561,19 +3561,20 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, u8 nexthdr; int ret = -EINVAL, offset; struct ipv6hdr _ipv6h, *ip6; + __be16 frag_off; offset = skb_network_offset(skb); ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); if (ip6 == NULL) goto out; - ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); - ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); + ad->u.net.v6info.saddr = ip6->saddr; + ad->u.net.v6info.daddr = ip6->daddr; ret = 0; nexthdr = ip6->nexthdr; offset += sizeof(_ipv6h); - offset = ipv6_skip_exthdr(skb, offset, &nexthdr); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); if (offset < 0) goto out; @@ -3871,7 +3872,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in if (family == PF_INET) ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; else - ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); + ad.u.net.v6info.saddr = addr6->sin6_addr; err = avc_has_perm(sksec->sid, sid, sksec->sclass, node_perm, &ad); diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 3bf46abaa68..86365857c08 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -220,7 +220,7 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) case PF_INET6: ret = security_node_sid(PF_INET6, addr, sizeof(struct in6_addr), sid); - ipv6_addr_copy(&new->nsec.addr.ipv6, addr); + new->nsec.addr.ipv6 = *(struct in6_addr *)addr; break; default: BUG(); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7db62b48eb4..e8af5b0ba80 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -406,7 +406,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data) { - struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; + struct superblock_smack *sbp = path->dentry->d_sb->s_security; struct smk_audit_info ad; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); @@ -435,7 +435,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); smk_ad_setfield_u_fs_path(&ad, path); - sbp = mnt->mnt_sb->s_security; + sbp = path.dentry->d_sb->s_security; return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); } diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index 075c3a6d164..5ca47ea3049 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -112,7 +112,7 @@ out: * * Returns file type string. */ -static inline const char *tomoyo_filetype(const mode_t mode) +static inline const char *tomoyo_filetype(const umode_t mode) { switch (mode & S_IFMT) { case S_IFREG: @@ -180,7 +180,7 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { struct tomoyo_mini_stat *stat; unsigned int dev; - mode_t mode; + umode_t mode; if (!obj->stat_valid[i]) continue; stat = &obj->stat[i]; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index cb9f5c2d6f3..9512222d558 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -564,7 +564,7 @@ struct tomoyo_mini_stat { uid_t uid; gid_t gid; ino_t ino; - mode_t mode; + umode_t mode; dev_t dev; dev_t rdev; }; diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index d9f3ced8756..80a09c37cac 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -4,15 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ -#include <linux/types.h> -#include <linux/mount.h> -#include <linux/mnt_namespace.h> -#include <linux/fs_struct.h> -#include <linux/magic.h> -#include <linux/slab.h> -#include <net/sock.h> #include "common.h" -#include "../../fs/internal.h" +#include <linux/magic.h> /** * tomoyo_encode2 - Encode binary string to ascii string. diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 2672ac4f3be..482b2a5f48f 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -224,7 +224,7 @@ static const struct file_operations tomoyo_operations = { * * Returns nothing. */ -static void __init tomoyo_create_entry(const char *name, const mode_t mode, +static void __init tomoyo_create_entry(const char *name, const umode_t mode, struct dentry *parent, const u8 key) { securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 4b327b69174..620d37c159a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -186,7 +186,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) * Returns 0 on success, negative value otherwise. */ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, - int mode) + umode_t mode) { struct path path = { parent->mnt, dentry }; return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, @@ -234,7 +234,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, * Returns 0 on success, negative value otherwise. */ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, - int mode, unsigned int dev) + umode_t mode, unsigned int dev) { struct path path = { parent->mnt, dentry }; int type = TOMOYO_TYPE_CREATE; @@ -353,17 +353,14 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, /** * tomoyo_path_chmod - Target for security_path_chmod(). * - * @dentry: Pointer to "struct dentry". - * @mnt: Pointer to "struct vfsmount". - * @mode: DAC permission mode. + * @path: Pointer to "struct path". + * @mode: DAC permission mode. * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, - mode_t mode) +static int tomoyo_path_chmod(struct path *path, umode_t mode) { - struct path path = { mnt, dentry }; - return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path, + return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, mode & S_IALLUGO); } |