diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2016-03-25 15:04:36 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-03-28 00:47:25 -0400 |
commit | 741aca71d61c3485d1e9db3bcea00d4509cf2301 (patch) | |
tree | 3d8f7af9abb176907a1fbdfe35f1c93a7176b491 | |
parent | be01f9f28e66fa846f02196eb047c6bc445642db (diff) | |
download | op-kernel-dev-741aca71d61c3485d1e9db3bcea00d4509cf2301.zip op-kernel-dev-741aca71d61c3485d1e9db3bcea00d4509cf2301.tar.gz |
apparmor: new helper - common_path_perm()
was open-coded in several places...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | security/apparmor/lsm.c | 47 |
1 files changed, 12 insertions, 35 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8d19615..ead56bf 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir, } /** - * common_perm_mnt_dentry - common permission wrapper when mnt, dentry + * common_perm_path - common permission wrapper when mnt, dentry * @op: operation being checked - * @mnt: mount point of dentry (NOT NULL) - * @dentry: dentry to check (NOT NULL) + * @path: location to check (NOT NULL) * @mask: requested permissions mask * * Returns: %0 else error code if error or permission denied */ -static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, - struct dentry *dentry, u32 mask) +static inline int common_perm_path(int op, const struct path *path, u32 mask) { - struct path path = { mnt, dentry }; - struct path_cond cond = { d_backing_inode(dentry)->i_uid, - d_backing_inode(dentry)->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; + if (!mediated_filesystem(path->dentry)) + return 0; - return common_perm(op, &path, mask, &cond); + return common_perm(op, path, mask, &cond); } /** @@ -271,15 +270,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, static int apparmor_path_truncate(const struct path *path) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, - &cond); + return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); } static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, @@ -336,31 +327,17 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, static int apparmor_path_chmod(const struct path *path, umode_t mode) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); + return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD); } static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); + return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN); } static int apparmor_inode_getattr(const struct path *path) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, - AA_MAY_META_READ); + return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ); } static int apparmor_file_open(struct file *file, const struct cred *cred) |