AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 10:10:54 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

->permission() sanitizing: don't pass flags to exec_permission()

Browse Source 
pass mask instead; kill security_inode_exec_permission() since we can use
security_inode_permission() instead.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2011-06-20 19:48:41 -04:00
parent cf1dd1dae8
commit eecdd358b4
3 changed files with 7 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
fs/namei.c
View File

@ -304,7 +304,7 @@ int inode_permission(struct inode *inode, int mask)
/** /**
* exec_permission - check for right to do lookups in a given directory * exec_permission - check for right to do lookups in a given directory
* @inode: inode to check permission on * @inode: inode to check permission on
* @flags: IPERM_FLAG_ flags. * @mask: MAY_EXEC and possibly MAY_NOT_BLOCK flags.
* *
* Short-cut version of inode_permission(), for calling on directories * Short-cut version of inode_permission(), for calling on directories
* during pathname resolution. Combines parts of inode_permission() * during pathname resolution. Combines parts of inode_permission()
@ -314,13 +314,10 @@ int inode_permission(struct inode *inode, int mask)
* short-cut DAC fails, then call ->permission() to do more * short-cut DAC fails, then call ->permission() to do more
* complete permission check. * complete permission check.
*/ */
static inline int exec_permission(struct inode *inode, unsigned int flags) static inline int exec_permission(struct inode *inode, int mask)
{ {
int ret; int ret;
struct user_namespace *ns = inode_userns(inode); struct user_namespace *ns = inode_userns(inode);
int mask = MAY_EXEC;
if (flags & IPERM_FLAG_RCU)
mask |= MAY_NOT_BLOCK;
if (inode->i_op->permission) { if (inode->i_op->permission) {
ret = inode->i_op->permission(inode, mask); ret = inode->i_op->permission(inode, mask);
@ -338,7 +335,7 @@ static inline int exec_permission(struct inode *inode, unsigned int flags)
} }
return ret; return ret;
ok: ok:
return security_inode_exec_permission(inode, flags); return security_inode_permission(inode, mask);
} }
/** /**
@ -1214,13 +1211,13 @@ static int do_lookup(struct nameidata *nd, struct qstr *name,
static inline int may_lookup(struct nameidata *nd) static inline int may_lookup(struct nameidata *nd)
{ {
if (nd->flags & LOOKUP_RCU) { if (nd->flags & LOOKUP_RCU) {
int err = exec_permission(nd->inode, IPERM_FLAG_RCU); int err = exec_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
if (err != -ECHILD) if (err != -ECHILD)
return err; return err;
if (unlazy_walk(nd, NULL)) if (unlazy_walk(nd, NULL))
return -ECHILD; return -ECHILD;
} }
return exec_permission(nd->inode, 0); return exec_permission(nd->inode, MAY_EXEC);
} }
static inline int handle_dots(struct nameidata *nd, int type) static inline int handle_dots(struct nameidata *nd, int type)
@ -1495,7 +1492,7 @@ static int path_init(int dfd, const char *name, unsigned int flags,
if (!S_ISDIR(dentry->d_inode->i_mode)) if (!S_ISDIR(dentry->d_inode->i_mode))
goto fput_fail; goto fput_fail;
retval = exec_permission(dentry->d_inode, 0); retval = exec_permission(dentry->d_inode, MAY_EXEC);
if (retval) if (retval)
goto fput_fail; goto fput_fail;
} }
@ -1652,7 +1649,7 @@ static struct dentry *__lookup_hash(struct qstr *name,
struct dentry *dentry; struct dentry *dentry;
int err; int err;
err = exec_permission(inode, 0); err = exec_permission(inode, MAY_EXEC);
if (err) if (err)
return ERR_PTR(err); return ERR_PTR(err);

7
include/linux/security.h
View File

@ -1720,7 +1720,6 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
int security_inode_readlink(struct dentry *dentry); int security_inode_readlink(struct dentry *dentry);
int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
int security_inode_permission(struct inode *inode, int mask); int security_inode_permission(struct inode *inode, int mask);
int security_inode_exec_permission(struct inode *inode, unsigned int flags);
int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
int security_inode_setxattr(struct dentry *dentry, const char *name, int security_inode_setxattr(struct dentry *dentry, const char *name,
@ -2113,12 +2112,6 @@ static inline int security_inode_permission(struct inode *inode, int mask)
return 0; return 0;
} }
static inline int security_inode_exec_permission(struct inode *inode,
unsigned int flags)
{
return 0;
}
static inline int security_inode_setattr(struct dentry *dentry, static inline int security_inode_setattr(struct dentry *dentry,
struct iattr *attr) struct iattr *attr)
{ {

10
security/security.c
View File

@ -521,16 +521,6 @@ int security_inode_permission(struct inode *inode, int mask)
return security_ops->inode_permission(inode, mask); return security_ops->inode_permission(inode, mask);
} }
int security_inode_exec_permission(struct inode *inode, unsigned int flags)
{
int mask = MAY_EXEC;
if (unlikely(IS_PRIVATE(inode)))
return 0;
if (flags)
mask |= MAY_NOT_BLOCK;
return security_ops->inode_permission(inode, mask);
}
int security_inode_setattr(struct dentry *dentry, struct iattr *attr) int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{ {
if (unlikely(IS_PRIVATE(dentry->d_inode))) if (unlikely(IS_PRIVATE(dentry->d_inode)))