apparmor: new helper - common_path_perm()

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

apparmor: new helper - common_path_perm()

was open-coded in several places...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 10 years ago 741aca71 be01f9f2

+12 -35

1 changed file

expand all

security

apparmor

lsm.c

+12 -35

security/apparmor/lsm.c

··· 182 182 } 183 183 184 184 /** 185 - * common_perm_mnt_dentry - common permission wrapper when mnt, dentry 185 + * common_perm_path - common permission wrapper when mnt, dentry 186 186 * @op: operation being checked 187 - * @mnt: mount point of dentry (NOT NULL) 188 - * @dentry: dentry to check (NOT NULL) 187 + * @path: location to check (NOT NULL) 189 188 * @mask: requested permissions mask 190 189 * 191 190 * Returns: %0 else error code if error or permission denied 192 191 */ 193 - static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, 194 - struct dentry *dentry, u32 mask) 192 + static inline int common_perm_path(int op, const struct path *path, u32 mask) 195 193 { 196 - struct path path = { mnt, dentry }; 197 - struct path_cond cond = { d_backing_inode(dentry)->i_uid, 198 - d_backing_inode(dentry)->i_mode 194 + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, 195 + d_backing_inode(path->dentry)->i_mode 199 196 }; 197 + if (!mediated_filesystem(path->dentry)) 198 + return 0; 200 199 201 - return common_perm(op, &path, mask, &cond); 200 + return common_perm(op, path, mask, &cond); 202 201 } 203 202 204 203 /** ··· 270 271 271 272 static int apparmor_path_truncate(const struct path *path) 272 273 { 273 - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, 274 - d_backing_inode(path->dentry)->i_mode 275 - }; 276 - 277 - if (!mediated_filesystem(path->dentry)) 278 - return 0; 279 - 280 - return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, 281 - &cond); 274 + return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); 282 275 } 283 276 284 277 static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, ··· 327 336 328 337 static int apparmor_path_chmod(const struct path *path, umode_t mode) 329 338 { 330 - if (!mediated_filesystem(path->dentry)) 331 - return 0; 332 - 333 - return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); 339 + return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD); 334 340 } 335 341 336 342 static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 337 343 { 338 - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, 339 - d_backing_inode(path->dentry)->i_mode 340 - }; 341 - 342 - if (!mediated_filesystem(path->dentry)) 343 - return 0; 344 - 345 - return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); 344 + return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN); 346 345 } 347 346 348 347 static int apparmor_inode_getattr(const struct path *path) 349 348 { 350 - if (!mediated_filesystem(path->dentry)) 351 - return 0; 352 - 353 - return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, 354 - AA_MAY_META_READ); 349 + return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ); 355 350 } 356 351 357 352 static int apparmor_file_open(struct file *file, const struct cred *cred)