diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2011-06-20 19:48:41 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-07-20 01:43:29 -0400 |
commit | eecdd358b467405a084d400d5ec571bbdbfe97a3 (patch) | |
tree | 357332873b909a19964e77dbae3c4aed5c100dc6 /fs/namei.c | |
parent | cf1dd1dae851ce5765cda5de16aa965eef7c2dbf (diff) | |
download | op-kernel-dev-eecdd358b467405a084d400d5ec571bbdbfe97a3.zip op-kernel-dev-eecdd358b467405a084d400d5ec571bbdbfe97a3.tar.gz |
->permission() sanitizing: don't pass flags to exec_permission()
pass mask instead; kill security_inode_exec_permission() since we can use
security_inode_permission() instead.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 17 |
1 files changed, 7 insertions, 10 deletions
@@ -304,7 +304,7 @@ int inode_permission(struct inode *inode, int mask) /** * exec_permission - check for right to do lookups in a given directory * @inode: inode to check permission on - * @flags: IPERM_FLAG_ flags. + * @mask: MAY_EXEC and possibly MAY_NOT_BLOCK flags. * * Short-cut version of inode_permission(), for calling on directories * during pathname resolution. Combines parts of inode_permission() @@ -314,13 +314,10 @@ int inode_permission(struct inode *inode, int mask) * short-cut DAC fails, then call ->permission() to do more * complete permission check. */ -static inline int exec_permission(struct inode *inode, unsigned int flags) +static inline int exec_permission(struct inode *inode, int mask) { int ret; struct user_namespace *ns = inode_userns(inode); - int mask = MAY_EXEC; - if (flags & IPERM_FLAG_RCU) - mask |= MAY_NOT_BLOCK; if (inode->i_op->permission) { ret = inode->i_op->permission(inode, mask); @@ -338,7 +335,7 @@ static inline int exec_permission(struct inode *inode, unsigned int flags) } return ret; ok: - return security_inode_exec_permission(inode, flags); + return security_inode_permission(inode, mask); } /** @@ -1214,13 +1211,13 @@ retry: static inline int may_lookup(struct nameidata *nd) { if (nd->flags & LOOKUP_RCU) { - int err = exec_permission(nd->inode, IPERM_FLAG_RCU); + int err = exec_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK); if (err != -ECHILD) return err; if (unlazy_walk(nd, NULL)) return -ECHILD; } - return exec_permission(nd->inode, 0); + return exec_permission(nd->inode, MAY_EXEC); } static inline int handle_dots(struct nameidata *nd, int type) @@ -1495,7 +1492,7 @@ static int path_init(int dfd, const char *name, unsigned int flags, if (!S_ISDIR(dentry->d_inode->i_mode)) goto fput_fail; - retval = exec_permission(dentry->d_inode, 0); + retval = exec_permission(dentry->d_inode, MAY_EXEC); if (retval) goto fput_fail; } @@ -1652,7 +1649,7 @@ static struct dentry *__lookup_hash(struct qstr *name, struct dentry *dentry; int err; - err = exec_permission(inode, 0); + err = exec_permission(inode, MAY_EXEC); if (err) return ERR_PTR(err); |