Commit 13f8e981 authored by David Howells's avatar David Howells Committed by Al Viro

SELinux: Institute file_path_has_perm()

Create a file_path_has_perm() function that is like path_has_perm() but
instead takes a file struct that is the source of both the path and the
inode (rather than getting the inode from the dentry in the path).  This
is then used where appropriate.

This will be useful for situations like unionmount where it will be
possible to have an apparently-negative dentry (eg. a fallthrough) that is
open with the file struct pointing to an inode on the lower fs.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent c77cecee
...@@ -1547,6 +1547,18 @@ static inline int path_has_perm(const struct cred *cred, ...@@ -1547,6 +1547,18 @@ static inline int path_has_perm(const struct cred *cred,
return inode_has_perm(cred, inode, av, &ad, 0); return inode_has_perm(cred, inode, av, &ad, 0);
} }
/* Same as path_has_perm, but uses the inode from the file struct. */
static inline int file_path_has_perm(const struct cred *cred,
struct file *file,
u32 av)
{
struct common_audit_data ad;
ad.type = LSM_AUDIT_DATA_PATH;
ad.u.path = file->f_path;
return inode_has_perm(cred, file_inode(file), av, &ad, 0);
}
/* Check whether a task can use an open file descriptor to /* Check whether a task can use an open file descriptor to
access an inode in a given way. Check access to the access an inode in a given way. Check access to the
descriptor itself, and then use dentry_has_perm to descriptor itself, and then use dentry_has_perm to
...@@ -2141,14 +2153,14 @@ static inline void flush_unauthorized_files(const struct cred *cred, ...@@ -2141,14 +2153,14 @@ static inline void flush_unauthorized_files(const struct cred *cred,
struct tty_file_private *file_priv; struct tty_file_private *file_priv;
/* Revalidate access to controlling tty. /* Revalidate access to controlling tty.
Use path_has_perm on the tty path directly rather Use file_path_has_perm on the tty path directly
than using file_has_perm, as this particular open rather than using file_has_perm, as this particular
file may belong to another process and we are only open file may belong to another process and we are
interested in the inode-based check here. */ only interested in the inode-based check here. */
file_priv = list_first_entry(&tty->tty_files, file_priv = list_first_entry(&tty->tty_files,
struct tty_file_private, list); struct tty_file_private, list);
file = file_priv->file; file = file_priv->file;
if (path_has_perm(cred, &file->f_path, FILE__READ | FILE__WRITE)) if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
drop_tty = 1; drop_tty = 1;
} }
spin_unlock(&tty_files_lock); spin_unlock(&tty_files_lock);
...@@ -3259,7 +3271,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred) ...@@ -3259,7 +3271,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
* new inode label or new policy. * new inode label or new policy.
* This check is not redundant - do not remove. * This check is not redundant - do not remove.
*/ */
return path_has_perm(cred, &file->f_path, open_file_to_av(file)); return file_path_has_perm(cred, file, open_file_to_av(file));
} }
/* task security operations */ /* task security operations */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment