fs/vfs/security: pass last path component to LSM on inode creation

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

fs/vfs/security: pass last path component to LSM on inode creation

SELinux would like to implement a new labeling behavior of newly created
inodes. We currently label new inodes based on the parent and the creating
process. This new behavior would also take into account the name of the
new object when deciding the new label. This is not the (supposed) full path,
just the last component of the path.

This is very useful because creating /etc/shadow is different than creating
/etc/passwd but the kernel hooks are unable to differentiate these
operations. We currently require that userspace realize it is doing some
difficult operation like that and than userspace jumps through SELinux hoops
to get things set up correctly. This patch does not implement new
behavior, that is obviously contained in a seperate SELinux patch, but it
does pass the needed name down to the correct LSM hook. If no such name
exists it is fine to pass NULL.

Signed-off-by: Eric Paris <eparis@redhat.com>

Eric Paris 15 years ago 2a7dba39 82140443

+136 -94

39 changed files

expand all collapse all

btrfs

inode.c

xattr.c

xattr.h

ext2

ext2.h

ialloc.c

namei.c

xattr.h

xattr_security.c

ext3

ialloc.c

namei.c

xattr.h

xattr_security.c

ext4

ialloc.c

xattr.h

xattr_security.c

gfs2

inode.c

jffs2

dir.c

nodelist.h

security.c

write.c

xattr.h

jfs

jfs_xattr.h

namei.c

xattr.c

ocfs2

namei.c

refcounttree.c

xattr.c

xattr.h

reiserfs

namei.c

xattr_security.c

xfs

linux-2.6

xfs_iops.c

include

linux

ext3_fs.h

reiserfs_xattr.h

security.h

shmem.c

security

capability.c

security.c

selinux

hooks.c

smack

smack_lsm.c

+7 -6

fs/btrfs/inode.c

reviewed

··· 90 90 unsigned long *nr_written, int unlock); 91 91 92 92 static int btrfs_init_inode_security(struct btrfs_trans_handle *trans, 93 93 - struct inode *inode, struct inode *dir) 93 93 + struct inode *inode, struct inode *dir, 94 94 + const struct qstr *qstr) 94 95 { 95 96 int err; 96 97 97 98 err = btrfs_init_acl(trans, inode, dir); 98 99 if (!err) 99 99 - err = btrfs_xattr_security_init(trans, inode, dir); 100 100 + err = btrfs_xattr_security_init(trans, inode, dir, qstr); 100 101 return err; 101 102 } 102 103 ··· 4676 4675 if (IS_ERR(inode)) 4677 4676 goto out_unlock; 4678 4677 4679 4679 - err = btrfs_init_inode_security(trans, inode, dir); 4678 4678 + err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); 4680 4679 if (err) { 4681 4680 drop_inode = 1; 4682 4681 goto out_unlock; ··· 4737 4736 if (IS_ERR(inode)) 4738 4737 goto out_unlock; 4739 4738 4740 4740 - err = btrfs_init_inode_security(trans, inode, dir); 4739 4739 + err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); 4741 4740 if (err) { 4742 4741 drop_inode = 1; 4743 4742 goto out_unlock; ··· 4865 4864 4866 4865 drop_on_err = 1; 4867 4866 4868 4868 - err = btrfs_init_inode_security(trans, inode, dir); 4867 4867 + err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); 4869 4868 if (err) 4870 4869 goto out_fail; 4871 4870 ··· 6947 6946 if (IS_ERR(inode)) 6948 6947 goto out_unlock; 6949 6948 6950 6950 - err = btrfs_init_inode_security(trans, inode, dir); 6949 6949 + err = btrfs_init_inode_security(trans, inode, dir, &dentry->d_name); 6951 6950 if (err) { 6952 6951 drop_inode = 1; 6953 6952 goto out_unlock;

+4 -2

fs/btrfs/xattr.c

reviewed

··· 352 352 } 353 353 354 354 int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, 355 355 - struct inode *inode, struct inode *dir) 355 355 + struct inode *inode, struct inode *dir, 356 356 + const struct qstr *qstr) 356 357 { 357 358 int err; 358 359 size_t len; ··· 361 360 char *suffix; 362 361 char *name; 363 362 364 364 - err = security_inode_init_security(inode, dir, &suffix, &value, &len); 363 363 + err = security_inode_init_security(inode, dir, qstr, &suffix, &value, 364 364 + &len); 365 365 if (err) { 366 366 if (err == -EOPNOTSUPP) 367 367 return 0;

+2 -1

fs/btrfs/xattr.h

reviewed

··· 37 37 extern int btrfs_removexattr(struct dentry *dentry, const char *name); 38 38 39 39 extern int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, 40 40 - struct inode *inode, struct inode *dir); 40 40 + struct inode *inode, struct inode *dir, 41 41 + const struct qstr *qstr); 41 42 42 43 #endif /* __XATTR__ */

+1 -1

fs/ext2/ext2.h

reviewed

··· 110 110 extern void ext2_set_link(struct inode *, struct ext2_dir_entry_2 *, struct page *, struct inode *, int); 111 111 112 112 /* ialloc.c */ 113 113 - extern struct inode * ext2_new_inode (struct inode *, int); 113 113 + extern struct inode * ext2_new_inode (struct inode *, int, const struct qstr *); 114 114 extern void ext2_free_inode (struct inode *); 115 115 extern unsigned long ext2_count_free_inodes (struct super_block *); 116 116 extern void ext2_check_inodes_bitmap (struct super_block *);

+3 -2

fs/ext2/ialloc.c

reviewed

··· 429 429 return group; 430 430 } 431 431 432 432 - struct inode *ext2_new_inode(struct inode *dir, int mode) 432 432 + struct inode *ext2_new_inode(struct inode *dir, int mode, 433 433 + const struct qstr *qstr) 433 434 { 434 435 struct super_block *sb; 435 436 struct buffer_head *bitmap_bh = NULL; ··· 586 585 if (err) 587 586 goto fail_free_drop; 588 587 589 589 - err = ext2_init_security(inode,dir); 588 588 + err = ext2_init_security(inode, dir, qstr); 590 589 if (err) 591 590 goto fail_free_drop; 592 591

+4 -4

fs/ext2/namei.c

reviewed

··· 104 104 105 105 dquot_initialize(dir); 106 106 107 107 - inode = ext2_new_inode(dir, mode); 107 107 + inode = ext2_new_inode(dir, mode, &dentry->d_name); 108 108 if (IS_ERR(inode)) 109 109 return PTR_ERR(inode); 110 110 ··· 133 133 134 134 dquot_initialize(dir); 135 135 136 136 - inode = ext2_new_inode (dir, mode); 136 136 + inode = ext2_new_inode (dir, mode, &dentry->d_name); 137 137 err = PTR_ERR(inode); 138 138 if (!IS_ERR(inode)) { 139 139 init_special_inode(inode, inode->i_mode, rdev); ··· 159 159 160 160 dquot_initialize(dir); 161 161 162 162 - inode = ext2_new_inode (dir, S_IFLNK | S_IRWXUGO); 162 162 + inode = ext2_new_inode (dir, S_IFLNK | S_IRWXUGO, &dentry->d_name); 163 163 err = PTR_ERR(inode); 164 164 if (IS_ERR(inode)) 165 165 goto out; ··· 230 230 231 231 inode_inc_link_count(dir); 232 232 233 233 - inode = ext2_new_inode (dir, S_IFDIR | mode); 233 233 + inode = ext2_new_inode(dir, S_IFDIR | mode, &dentry->d_name); 234 234 err = PTR_ERR(inode); 235 235 if (IS_ERR(inode)) 236 236 goto out_dir;

+4 -2

fs/ext2/xattr.h

reviewed

··· 116 116 # endif /* CONFIG_EXT2_FS_XATTR */ 117 117 118 118 #ifdef CONFIG_EXT2_FS_SECURITY 119 119 - extern int ext2_init_security(struct inode *inode, struct inode *dir); 119 119 + extern int ext2_init_security(struct inode *inode, struct inode *dir, 120 120 + const struct qstr *qstr); 120 121 #else 121 121 - static inline int ext2_init_security(struct inode *inode, struct inode *dir) 122 122 + static inline int ext2_init_security(struct inode *inode, struct inode *dir, 123 123 + const struct qstr *qstr) 122 124 { 123 125 return 0; 124 126 }

+3 -2

fs/ext2/xattr_security.c

reviewed

··· 47 47 } 48 48 49 49 int 50 50 - ext2_init_security(struct inode *inode, struct inode *dir) 50 50 + ext2_init_security(struct inode *inode, struct inode *dir, 51 51 + const struct qstr *qstr) 51 52 { 52 53 int err; 53 54 size_t len; 54 55 void *value; 55 56 char *name; 56 57 57 57 - err = security_inode_init_security(inode, dir, &name, &value, &len); 58 58 + err = security_inode_init_security(inode, dir, qstr, &name, &value, &len); 58 59 if (err) { 59 60 if (err == -EOPNOTSUPP) 60 61 return 0;

+3 -2

fs/ext3/ialloc.c

reviewed

··· 404 404 * For other inodes, search forward from the parent directory's block 405 405 * group to find a free inode. 406 406 */ 407 407 - struct inode *ext3_new_inode(handle_t *handle, struct inode * dir, int mode) 407 407 + struct inode *ext3_new_inode(handle_t *handle, struct inode * dir, 408 408 + const struct qstr *qstr, int mode) 408 409 { 409 410 struct super_block *sb; 410 411 struct buffer_head *bitmap_bh = NULL; ··· 590 589 if (err) 591 590 goto fail_free_drop; 592 591 593 593 - err = ext3_init_security(handle,inode, dir); 592 592 + err = ext3_init_security(handle, inode, dir, qstr); 594 593 if (err) 595 594 goto fail_free_drop; 596 595

+4 -4

fs/ext3/namei.c

reviewed

··· 1707 1707 if (IS_DIRSYNC(dir)) 1708 1708 handle->h_sync = 1; 1709 1709 1710 1710 - inode = ext3_new_inode (handle, dir, mode); 1710 1710 + inode = ext3_new_inode (handle, dir, &dentry->d_name, mode); 1711 1711 err = PTR_ERR(inode); 1712 1712 if (!IS_ERR(inode)) { 1713 1713 inode->i_op = &ext3_file_inode_operations; ··· 1743 1743 if (IS_DIRSYNC(dir)) 1744 1744 handle->h_sync = 1; 1745 1745 1746 1746 - inode = ext3_new_inode (handle, dir, mode); 1746 1746 + inode = ext3_new_inode (handle, dir, &dentry->d_name, mode); 1747 1747 err = PTR_ERR(inode); 1748 1748 if (!IS_ERR(inode)) { 1749 1749 init_special_inode(inode, inode->i_mode, rdev); ··· 1781 1781 if (IS_DIRSYNC(dir)) 1782 1782 handle->h_sync = 1; 1783 1783 1784 1784 - inode = ext3_new_inode (handle, dir, S_IFDIR | mode); 1784 1784 + inode = ext3_new_inode (handle, dir, &dentry->d_name, S_IFDIR | mode); 1785 1785 err = PTR_ERR(inode); 1786 1786 if (IS_ERR(inode)) 1787 1787 goto out_stop; ··· 2195 2195 if (IS_DIRSYNC(dir)) 2196 2196 handle->h_sync = 1; 2197 2197 2198 2198 - inode = ext3_new_inode (handle, dir, S_IFLNK|S_IRWXUGO); 2198 2198 + inode = ext3_new_inode (handle, dir, &dentry->d_name, S_IFLNK|S_IRWXUGO); 2199 2199 err = PTR_ERR(inode); 2200 2200 if (IS_ERR(inode)) 2201 2201 goto out_stop;

+2 -2

fs/ext3/xattr.h

reviewed

··· 128 128 129 129 #ifdef CONFIG_EXT3_FS_SECURITY 130 130 extern int ext3_init_security(handle_t *handle, struct inode *inode, 131 131 - struct inode *dir); 131 131 + struct inode *dir, const struct qstr *qstr); 132 132 #else 133 133 static inline int ext3_init_security(handle_t *handle, struct inode *inode, 134 134 - struct inode *dir) 134 134 + struct inode *dir, const struct qstr *qstr) 135 135 { 136 136 return 0; 137 137 }

+3 -2

fs/ext3/xattr_security.c

reviewed

··· 49 49 } 50 50 51 51 int 52 52 - ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir) 52 52 + ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir, 53 53 + const struct qstr *qstr) 53 54 { 54 55 int err; 55 56 size_t len; 56 57 void *value; 57 58 char *name; 58 59 59 59 - err = security_inode_init_security(inode, dir, &name, &value, &len); 60 60 + err = security_inode_init_security(inode, dir, qstr, &name, &value, &len); 60 61 if (err) { 61 62 if (err == -EOPNOTSUPP) 62 63 return 0;

+1 -1

fs/ext4/ialloc.c

reviewed

··· 1042 1042 if (err) 1043 1043 goto fail_free_drop; 1044 1044 1045 1045 - err = ext4_init_security(handle, inode, dir); 1045 1045 + err = ext4_init_security(handle, inode, dir, qstr); 1046 1046 if (err) 1047 1047 goto fail_free_drop; 1048 1048

+2 -2

fs/ext4/xattr.h

reviewed

··· 145 145 146 146 #ifdef CONFIG_EXT4_FS_SECURITY 147 147 extern int ext4_init_security(handle_t *handle, struct inode *inode, 148 148 - struct inode *dir); 148 148 + struct inode *dir, const struct qstr *qstr); 149 149 #else 150 150 static inline int ext4_init_security(handle_t *handle, struct inode *inode, 151 151 - struct inode *dir) 151 151 + struct inode *dir, const struct qstr *qstr) 152 152 { 153 153 return 0; 154 154 }

+3 -2

fs/ext4/xattr_security.c

reviewed

··· 49 49 } 50 50 51 51 int 52 52 - ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir) 52 52 + ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir, 53 53 + const struct qstr *qstr) 53 54 { 54 55 int err; 55 56 size_t len; 56 57 void *value; 57 58 char *name; 58 59 59 59 - err = security_inode_init_security(inode, dir, &name, &value, &len); 60 60 + err = security_inode_init_security(inode, dir, qstr, &name, &value, &len); 60 61 if (err) { 61 62 if (err == -EOPNOTSUPP) 62 63 return 0;

+4 -3

fs/gfs2/inode.c

reviewed

··· 791 791 return error; 792 792 } 793 793 794 794 - static int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip) 794 794 + static int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip, 795 795 + const struct qstr *qstr) 795 796 { 796 797 int err; 797 798 size_t len; 798 799 void *value; 799 800 char *name; 800 801 801 801 - err = security_inode_init_security(&ip->i_inode, &dip->i_inode, 802 802 + err = security_inode_init_security(&ip->i_inode, &dip->i_inode, qstr, 802 803 &name, &value, &len); 803 804 804 805 if (err) { ··· 883 882 if (error) 884 883 goto fail_gunlock2; 885 884 886 886 - error = gfs2_security_init(dip, GFS2_I(inode)); 885 885 + error = gfs2_security_init(dip, GFS2_I(inode), name); 887 886 if (error) 888 887 goto fail_gunlock2; 889 888

+4 -5

fs/jffs2/dir.c

reviewed

··· 215 215 no chance of AB-BA deadlock involving its f->sem). */ 216 216 mutex_unlock(&f->sem); 217 217 218 218 - ret = jffs2_do_create(c, dir_f, f, ri, 219 219 - dentry->d_name.name, dentry->d_name.len); 218 218 + ret = jffs2_do_create(c, dir_f, f, ri, &dentry->d_name); 220 219 if (ret) 221 220 goto fail; 222 221 ··· 385 386 386 387 jffs2_complete_reservation(c); 387 388 388 388 - ret = jffs2_init_security(inode, dir_i); 389 389 + ret = jffs2_init_security(inode, dir_i, &dentry->d_name); 389 390 if (ret) 390 391 goto fail; 391 392 ··· 529 530 530 531 jffs2_complete_reservation(c); 531 532 532 532 - ret = jffs2_init_security(inode, dir_i); 533 533 + ret = jffs2_init_security(inode, dir_i, &dentry->d_name); 533 534 if (ret) 534 535 goto fail; 535 536 ··· 702 703 703 704 jffs2_complete_reservation(c); 704 705 705 705 - ret = jffs2_init_security(inode, dir_i); 706 706 + ret = jffs2_init_security(inode, dir_i, &dentry->d_name); 706 707 if (ret) 707 708 goto fail; 708 709

+1 -1

fs/jffs2/nodelist.h

reviewed

··· 401 401 struct jffs2_raw_inode *ri, unsigned char *buf, 402 402 uint32_t offset, uint32_t writelen, uint32_t *retlen); 403 403 int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, struct jffs2_inode_info *f, 404 404 - struct jffs2_raw_inode *ri, const char *name, int namelen); 404 404 + struct jffs2_raw_inode *ri, const struct qstr *qstr); 405 405 int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, const char *name, 406 406 int namelen, struct jffs2_inode_info *dead_f, uint32_t time); 407 407 int jffs2_do_link(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, uint32_t ino,

+3 -2

fs/jffs2/security.c

reviewed

··· 23 23 #include "nodelist.h" 24 24 25 25 /* ---- Initial Security Label Attachment -------------- */ 26 26 - int jffs2_init_security(struct inode *inode, struct inode *dir) 26 26 + int jffs2_init_security(struct inode *inode, struct inode *dir, 27 27 + const struct qstr *qstr) 27 28 { 28 29 int rc; 29 30 size_t len; 30 31 void *value; 31 32 char *name; 32 33 33 33 - rc = security_inode_init_security(inode, dir, &name, &value, &len); 34 34 + rc = security_inode_init_security(inode, dir, qstr, &name, &value, &len); 34 35 if (rc) { 35 36 if (rc == -EOPNOTSUPP) 36 37 return 0;

+10 -8

fs/jffs2/write.c

reviewed

··· 424 424 return ret; 425 425 } 426 426 427 427 - int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, struct jffs2_inode_info *f, struct jffs2_raw_inode *ri, const char *name, int namelen) 427 427 + int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, 428 428 + struct jffs2_inode_info *f, struct jffs2_raw_inode *ri, 429 429 + const struct qstr *qstr) 428 430 { 429 431 struct jffs2_raw_dirent *rd; 430 432 struct jffs2_full_dnode *fn; ··· 468 466 mutex_unlock(&f->sem); 469 467 jffs2_complete_reservation(c); 470 468 471 471 - ret = jffs2_init_security(&f->vfs_inode, &dir_f->vfs_inode); 469 469 + ret = jffs2_init_security(&f->vfs_inode, &dir_f->vfs_inode, qstr); 472 470 if (ret) 473 471 return ret; 474 472 ret = jffs2_init_acl_post(&f->vfs_inode); 475 473 if (ret) 476 474 return ret; 477 475 478 478 - ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen, 479 479 - ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 476 476 + ret = jffs2_reserve_space(c, sizeof(*rd)+qstr->len, &alloclen, 477 477 + ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(qstr->len)); 480 478 481 479 if (ret) { 482 480 /* Eep. */ ··· 495 493 496 494 rd->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK); 497 495 rd->nodetype = cpu_to_je16(JFFS2_NODETYPE_DIRENT); 498 498 - rd->totlen = cpu_to_je32(sizeof(*rd) + namelen); 496 496 + rd->totlen = cpu_to_je32(sizeof(*rd) + qstr->len); 499 497 rd->hdr_crc = cpu_to_je32(crc32(0, rd, sizeof(struct jffs2_unknown_node)-4)); 500 498 501 499 rd->pino = cpu_to_je32(dir_f->inocache->ino); 502 500 rd->version = cpu_to_je32(++dir_f->highest_version); 503 501 rd->ino = ri->ino; 504 502 rd->mctime = ri->ctime; 505 505 - rd->nsize = namelen; 503 503 + rd->nsize = qstr->len; 506 504 rd->type = DT_REG; 507 505 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 508 508 - rd->name_crc = cpu_to_je32(crc32(0, name, namelen)); 506 506 + rd->name_crc = cpu_to_je32(crc32(0, qstr->name, qstr->len)); 509 507 510 510 - fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, ALLOC_NORMAL); 508 508 + fd = jffs2_write_dirent(c, dir_f, rd, qstr->name, qstr->len, ALLOC_NORMAL); 511 509 512 510 jffs2_free_raw_dirent(rd); 513 511

+3 -2

fs/jffs2/xattr.h

reviewed

··· 121 121 #endif /* CONFIG_JFFS2_FS_XATTR */ 122 122 123 123 #ifdef CONFIG_JFFS2_FS_SECURITY 124 124 - extern int jffs2_init_security(struct inode *inode, struct inode *dir); 124 124 + extern int jffs2_init_security(struct inode *inode, struct inode *dir, 125 125 + const struct qstr *qstr); 125 126 extern const struct xattr_handler jffs2_security_xattr_handler; 126 127 #else 127 127 - #define jffs2_init_security(inode,dir) (0) 128 128 + #define jffs2_init_security(inode,dir,qstr) (0) 128 129 #endif /* CONFIG_JFFS2_FS_SECURITY */ 129 130 130 131 #endif /* _JFFS2_FS_XATTR_H_ */

+3 -2

fs/jfs/jfs_xattr.h

reviewed

··· 62 62 extern int jfs_removexattr(struct dentry *, const char *); 63 63 64 64 #ifdef CONFIG_JFS_SECURITY 65 65 - extern int jfs_init_security(tid_t, struct inode *, struct inode *); 65 65 + extern int jfs_init_security(tid_t, struct inode *, struct inode *, 66 66 + const struct qstr *); 66 67 #else 67 68 static inline int jfs_init_security(tid_t tid, struct inode *inode, 68 68 - struct inode *dir) 69 69 + struct inode *dir, const struct qstr *qstr) 69 70 { 70 71 return 0; 71 72 }

+4 -4

fs/jfs/namei.c

reviewed

··· 115 115 if (rc) 116 116 goto out3; 117 117 118 118 - rc = jfs_init_security(tid, ip, dip); 118 118 + rc = jfs_init_security(tid, ip, dip, &dentry->d_name); 119 119 if (rc) { 120 120 txAbort(tid, 0); 121 121 goto out3; ··· 253 253 if (rc) 254 254 goto out3; 255 255 256 256 - rc = jfs_init_security(tid, ip, dip); 256 256 + rc = jfs_init_security(tid, ip, dip, &dentry->d_name); 257 257 if (rc) { 258 258 txAbort(tid, 0); 259 259 goto out3; ··· 932 932 mutex_lock_nested(&JFS_IP(dip)->commit_mutex, COMMIT_MUTEX_PARENT); 933 933 mutex_lock_nested(&JFS_IP(ip)->commit_mutex, COMMIT_MUTEX_CHILD); 934 934 935 935 - rc = jfs_init_security(tid, ip, dip); 935 935 + rc = jfs_init_security(tid, ip, dip, &dentry->d_name); 936 936 if (rc) 937 937 goto out3; 938 938 ··· 1395 1395 if (rc) 1396 1396 goto out3; 1397 1397 1398 1398 - rc = jfs_init_security(tid, ip, dir); 1398 1398 + rc = jfs_init_security(tid, ip, dir, &dentry->d_name); 1399 1399 if (rc) { 1400 1400 txAbort(tid, 0); 1401 1401 goto out3;

+4 -2

fs/jfs/xattr.c

reviewed

··· 1091 1091 } 1092 1092 1093 1093 #ifdef CONFIG_JFS_SECURITY 1094 1094 - int jfs_init_security(tid_t tid, struct inode *inode, struct inode *dir) 1094 1094 + int jfs_init_security(tid_t tid, struct inode *inode, struct inode *dir, 1095 1095 + const struct qstr *qstr) 1095 1096 { 1096 1097 int rc; 1097 1098 size_t len; ··· 1100 1099 char *suffix; 1101 1100 char *name; 1102 1101 1103 1103 - rc = security_inode_init_security(inode, dir, &suffix, &value, &len); 1102 1102 + rc = security_inode_init_security(inode, dir, qstr, &suffix, &value, 1103 1103 + &len); 1104 1104 if (rc) { 1105 1105 if (rc == -EOPNOTSUPP) 1106 1106 return 0;

+2 -2

fs/ocfs2/namei.c

reviewed

··· 294 294 } 295 295 296 296 /* get security xattr */ 297 297 - status = ocfs2_init_security_get(inode, dir, &si); 297 297 + status = ocfs2_init_security_get(inode, dir, &dentry->d_name, &si); 298 298 if (status) { 299 299 if (status == -EOPNOTSUPP) 300 300 si.enable = 0; ··· 1665 1665 } 1666 1666 1667 1667 /* get security xattr */ 1668 1668 - status = ocfs2_init_security_get(inode, dir, &si); 1668 1668 + status = ocfs2_init_security_get(inode, dir, &dentry->d_name, &si); 1669 1669 if (status) { 1670 1670 if (status == -EOPNOTSUPP) 1671 1671 si.enable = 0;

+2 -1

fs/ocfs2/refcounttree.c

reviewed

··· 4325 4325 4326 4326 /* If the security isn't preserved, we need to re-initialize them. */ 4327 4327 if (!preserve) { 4328 4328 - error = ocfs2_init_security_and_acl(dir, new_orphan_inode); 4328 4328 + error = ocfs2_init_security_and_acl(dir, new_orphan_inode, 4329 4329 + &new_dentry->d_name); 4329 4330 if (error) 4330 4331 mlog_errno(error); 4331 4332 }

+6 -4

fs/ocfs2/xattr.c

reviewed

··· 7185 7185 * must not hold any lock expect i_mutex. 7186 7186 */ 7187 7187 int ocfs2_init_security_and_acl(struct inode *dir, 7188 7188 - struct inode *inode) 7188 7188 + struct inode *inode, 7189 7189 + const struct qstr *qstr) 7189 7190 { 7190 7191 int ret = 0; 7191 7192 struct buffer_head *dir_bh = NULL; ··· 7194 7193 .enable = 1, 7195 7194 }; 7196 7195 7197 7197 - ret = ocfs2_init_security_get(inode, dir, &si); 7196 7196 + ret = ocfs2_init_security_get(inode, dir, qstr, &si); 7198 7197 if (!ret) { 7199 7198 ret = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, 7200 7199 si.name, si.value, si.value_len, ··· 7262 7261 7263 7262 int ocfs2_init_security_get(struct inode *inode, 7264 7263 struct inode *dir, 7264 7264 + const struct qstr *qstr, 7265 7265 struct ocfs2_security_xattr_info *si) 7266 7266 { 7267 7267 /* check whether ocfs2 support feature xattr */ 7268 7268 if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb))) 7269 7269 return -EOPNOTSUPP; 7270 7270 - return security_inode_init_security(inode, dir, &si->name, &si->value, 7271 7271 - &si->value_len); 7270 7270 + return security_inode_init_security(inode, dir, qstr, &si->name, 7271 7271 + &si->value, &si->value_len); 7272 7272 } 7273 7273 7274 7274 int ocfs2_init_security_set(handle_t *handle,

+3 -1

fs/ocfs2/xattr.h

reviewed

··· 57 57 struct ocfs2_dinode *di); 58 58 int ocfs2_xattr_remove(struct inode *, struct buffer_head *); 59 59 int ocfs2_init_security_get(struct inode *, struct inode *, 60 60 + const struct qstr *, 60 61 struct ocfs2_security_xattr_info *); 61 62 int ocfs2_init_security_set(handle_t *, struct inode *, 62 63 struct buffer_head *, ··· 95 94 struct buffer_head *new_bh, 96 95 bool preserve_security); 97 96 int ocfs2_init_security_and_acl(struct inode *dir, 98 98 - struct inode *inode); 97 97 + struct inode *inode, 98 98 + const struct qstr *qstr); 99 99 #endif /* OCFS2_XATTR_H */

+5 -4

fs/reiserfs/namei.c

reviewed

··· 593 593 new_inode_init(inode, dir, mode); 594 594 595 595 jbegin_count += reiserfs_cache_default_acl(dir); 596 596 - retval = reiserfs_security_init(dir, inode, &security); 596 596 + retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); 597 597 if (retval < 0) { 598 598 drop_new_inode(inode); 599 599 return retval; ··· 667 667 new_inode_init(inode, dir, mode); 668 668 669 669 jbegin_count += reiserfs_cache_default_acl(dir); 670 670 - retval = reiserfs_security_init(dir, inode, &security); 670 670 + retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); 671 671 if (retval < 0) { 672 672 drop_new_inode(inode); 673 673 return retval; ··· 747 747 new_inode_init(inode, dir, mode); 748 748 749 749 jbegin_count += reiserfs_cache_default_acl(dir); 750 750 - retval = reiserfs_security_init(dir, inode, &security); 750 750 + retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); 751 751 if (retval < 0) { 752 752 drop_new_inode(inode); 753 753 return retval; ··· 1032 1032 } 1033 1033 new_inode_init(inode, parent_dir, mode); 1034 1034 1035 1035 - retval = reiserfs_security_init(parent_dir, inode, &security); 1035 1035 + retval = reiserfs_security_init(parent_dir, inode, &dentry->d_name, 1036 1036 + &security); 1036 1037 if (retval < 0) { 1037 1038 drop_new_inode(inode); 1038 1039 return retval;

+2 -1

fs/reiserfs/xattr_security.c

reviewed

··· 54 54 * of blocks needed for the transaction. If successful, reiserfs_security 55 55 * must be released using reiserfs_security_free when the caller is done. */ 56 56 int reiserfs_security_init(struct inode *dir, struct inode *inode, 57 57 + const struct qstr *qstr, 57 58 struct reiserfs_security_handle *sec) 58 59 { 59 60 int blocks = 0; ··· 66 65 if (IS_PRIVATE(dir)) 67 66 return 0; 68 67 69 69 - error = security_inode_init_security(inode, dir, &sec->name, 68 68 + error = security_inode_init_security(inode, dir, qstr, &sec->name, 70 69 &sec->value, &sec->length); 71 70 if (error) { 72 71 if (error == -EOPNOTSUPP)

+5 -4

fs/xfs/linux-2.6/xfs_iops.c

reviewed

··· 103 103 STATIC int 104 104 xfs_init_security( 105 105 struct inode *inode, 106 106 - struct inode *dir) 106 106 + struct inode *dir, 107 107 + const struct qstr *qstr) 107 108 { 108 109 struct xfs_inode *ip = XFS_I(inode); 109 110 size_t length; ··· 112 111 unsigned char *name; 113 112 int error; 114 113 115 115 - error = security_inode_init_security(inode, dir, (char **)&name, 114 114 + error = security_inode_init_security(inode, dir, qstr, (char **)&name, 116 115 &value, &length); 117 116 if (error) { 118 117 if (error == -EOPNOTSUPP) ··· 196 195 197 196 inode = VFS_I(ip); 198 197 199 199 - error = xfs_init_security(inode, dir); 198 198 + error = xfs_init_security(inode, dir, &dentry->d_name); 200 199 if (unlikely(error)) 201 200 goto out_cleanup_inode; 202 201 ··· 369 368 370 369 inode = VFS_I(cip); 371 370 372 372 - error = xfs_init_security(inode, dir); 371 371 + error = xfs_init_security(inode, dir, &dentry->d_name); 373 372 if (unlikely(error)) 374 373 goto out_cleanup_inode; 375 374

+2 -1

include/linux/ext3_fs.h

reviewed

··· 874 874 dx_hash_info *hinfo); 875 875 876 876 /* ialloc.c */ 877 877 - extern struct inode * ext3_new_inode (handle_t *, struct inode *, int); 877 877 + extern struct inode * ext3_new_inode (handle_t *, struct inode *, 878 878 + const struct qstr *, int); 878 879 extern void ext3_free_inode (handle_t *, struct inode *); 879 880 extern struct inode * ext3_orphan_get (struct super_block *, unsigned long); 880 881 extern unsigned long ext3_count_free_inodes (struct super_block *);

include/linux/reiserfs_xattr.h

reviewed

··· 63 63 extern const struct xattr_handler reiserfs_xattr_security_handler; 64 64 #ifdef CONFIG_REISERFS_FS_SECURITY 65 65 int reiserfs_security_init(struct inode *dir, struct inode *inode, 66 66 + const struct qstr *qstr, 66 67 struct reiserfs_security_handle *sec); 67 68 int reiserfs_security_write(struct reiserfs_transaction_handle *th, 68 69 struct inode *inode, ··· 131 130 #ifndef CONFIG_REISERFS_FS_SECURITY 132 131 static inline int reiserfs_security_init(struct inode *dir, 133 132 struct inode *inode, 133 133 + const struct qstr *qstr, 134 134 struct reiserfs_security_handle *sec) 135 135 { 136 136 return 0;

+7 -2

include/linux/security.h

reviewed

··· 25 25 #include <linux/fs.h> 26 26 #include <linux/fsnotify.h> 27 27 #include <linux/binfmts.h> 28 28 + #include <linux/dcache.h> 28 29 #include <linux/signal.h> 29 30 #include <linux/resource.h> 30 31 #include <linux/sem.h> ··· 316 315 * then it should return -EOPNOTSUPP to skip this processing. 317 316 * @inode contains the inode structure of the newly created inode. 318 317 * @dir contains the inode structure of the parent directory. 318 318 + * @qstr contains the last path component of the new object 319 319 * @name will be set to the allocated name suffix (e.g. selinux). 320 320 * @value will be set to the allocated attribute value. 321 321 * @len will be set to the length of the value. ··· 1437 1435 int (*inode_alloc_security) (struct inode *inode); 1438 1436 void (*inode_free_security) (struct inode *inode); 1439 1437 int (*inode_init_security) (struct inode *inode, struct inode *dir, 1440 1440 - char **name, void **value, size_t *len); 1438 1438 + const struct qstr *qstr, char **name, 1439 1439 + void **value, size_t *len); 1441 1440 int (*inode_create) (struct inode *dir, 1442 1441 struct dentry *dentry, int mode); 1443 1442 int (*inode_link) (struct dentry *old_dentry, ··· 1699 1696 int security_inode_alloc(struct inode *inode); 1700 1697 void security_inode_free(struct inode *inode); 1701 1698 int security_inode_init_security(struct inode *inode, struct inode *dir, 1702 1702 - char **name, void **value, size_t *len); 1699 1699 + const struct qstr *qstr, char **name, 1700 1700 + void **value, size_t *len); 1703 1701 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode); 1704 1702 int security_inode_link(struct dentry *old_dentry, struct inode *dir, 1705 1703 struct dentry *new_dentry); ··· 2027 2023 2028 2024 static inline int security_inode_init_security(struct inode *inode, 2029 2025 struct inode *dir, 2026 2026 + const struct qstr *qstr, 2030 2027 char **name, 2031 2028 void **value, 2032 2029 size_t *len)

+5 -4

mm/shmem.c

reviewed

··· 1843 1843 1844 1844 inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE); 1845 1845 if (inode) { 1846 1846 - error = security_inode_init_security(inode, dir, NULL, NULL, 1847 1847 - NULL); 1846 1846 + error = security_inode_init_security(inode, dir, 1847 1847 + &dentry->d_name, NULL, 1848 1848 + NULL, NULL); 1848 1849 if (error) { 1849 1850 if (error != -EOPNOTSUPP) { 1850 1851 iput(inode); ··· 1984 1983 if (!inode) 1985 1984 return -ENOSPC; 1986 1985 1987 1987 - error = security_inode_init_security(inode, dir, NULL, NULL, 1988 1988 - NULL); 1986 1986 + error = security_inode_init_security(inode, dir, &dentry->d_name, NULL, 1987 1987 + NULL, NULL); 1989 1988 if (error) { 1990 1989 if (error != -EOPNOTSUPP) { 1991 1990 iput(inode);

+2 -1

security/capability.c

reviewed

··· 118 118 } 119 119 120 120 static int cap_inode_init_security(struct inode *inode, struct inode *dir, 121 121 - char **name, void **value, size_t *len) 121 121 + const struct qstr *qstr, char **name, 122 122 + void **value, size_t *len) 122 123 { 123 124 return -EOPNOTSUPP; 124 125 }

+4 -2

security/security.c

reviewed

··· 336 336 } 337 337 338 338 int security_inode_init_security(struct inode *inode, struct inode *dir, 339 339 - char **name, void **value, size_t *len) 339 339 + const struct qstr *qstr, char **name, 340 340 + void **value, size_t *len) 340 341 { 341 342 if (unlikely(IS_PRIVATE(inode))) 342 343 return -EOPNOTSUPP; 343 343 - return security_ops->inode_init_security(inode, dir, name, value, len); 344 344 + return security_ops->inode_init_security(inode, dir, qstr, name, value, 345 345 + len); 344 346 } 345 347 EXPORT_SYMBOL(security_inode_init_security); 346 348

+3 -2

security/selinux/hooks.c

reviewed

··· 39 39 #include <linux/swap.h> 40 40 #include <linux/spinlock.h> 41 41 #include <linux/syscalls.h> 42 42 + #include <linux/dcache.h> 42 43 #include <linux/file.h> 43 44 #include <linux/fdtable.h> 44 45 #include <linux/namei.h> ··· 2510 2509 } 2511 2510 2512 2511 static int selinux_inode_init_security(struct inode *inode, struct inode *dir, 2513 2513 - char **name, void **value, 2514 2514 - size_t *len) 2512 2512 + const struct qstr *qstr, char **name, 2513 2513 + void **value, size_t *len) 2515 2514 { 2516 2515 const struct task_security_struct *tsec = current_security(); 2517 2516 struct inode_security_struct *dsec;

+4 -1

security/smack/smack_lsm.c

reviewed

··· 33 33 #include <net/cipso_ipv4.h> 34 34 #include <linux/audit.h> 35 35 #include <linux/magic.h> 36 36 + #include <linux/dcache.h> 36 37 #include "smack.h" 37 38 38 39 #define task_security(task) (task_cred_xxx((task), security)) ··· 502 501 * smack_inode_init_security - copy out the smack from an inode 503 502 * @inode: the inode 504 503 * @dir: unused 504 504 + * @qstr: unused 505 505 * @name: where to put the attribute name 506 506 * @value: where to put the attribute value 507 507 * @len: where to put the length of the attribute ··· 510 508 * Returns 0 if it all works out, -ENOMEM if there's no memory 511 509 */ 512 510 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 513 513 - char **name, void **value, size_t *len) 511 511 + const struct qstr *qstr, char **name, 512 512 + void **value, size_t *len) 514 513 { 515 514 char *isp = smk_of_inode(inode); 516 515 char *dsp = smk_of_inode(dir);