tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb

mediated_filesystem() should use dentry->d_sb not dentry->d_inode->i_sb and
should avoid file_inode() also since it is really dealing with the path.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

authored by

David Howells and committed by
Al Viro 7ac2856d 44bdb5e5

+12 -12
+2 -2
security/apparmor/include/apparmor.h
··· 112 112 return aa_dfa_next(dfa, start, 0); 113 113 } 114 114 115 - static inline bool mediated_filesystem(struct inode *inode) 115 + static inline bool mediated_filesystem(struct dentry *dentry) 116 116 { 117 - return !(inode->i_sb->s_flags & MS_NOUSER); 117 + return !(dentry->d_sb->s_flags & MS_NOUSER); 118 118 } 119 119 120 120 #endif /* __APPARMOR_H */
+10 -10
security/apparmor/lsm.c
··· 226 226 struct inode *inode = dentry->d_inode; 227 227 struct path_cond cond = { }; 228 228 229 - if (!inode || !dir->mnt || !mediated_filesystem(inode)) 229 + if (!inode || !dir->mnt || !mediated_filesystem(dentry)) 230 230 return 0; 231 231 232 232 cond.uid = inode->i_uid; ··· 250 250 { 251 251 struct path_cond cond = { current_fsuid(), mode }; 252 252 253 - if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode)) 253 + if (!dir->mnt || !mediated_filesystem(dir->dentry)) 254 254 return 0; 255 255 256 256 return common_perm_dir_dentry(op, dir, dentry, mask, &cond); ··· 285 285 path->dentry->d_inode->i_mode 286 286 }; 287 287 288 - if (!path->mnt || !mediated_filesystem(path->dentry->d_inode)) 288 + if (!path->mnt || !mediated_filesystem(path->dentry)) 289 289 return 0; 290 290 291 291 return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, ··· 305 305 struct aa_profile *profile; 306 306 int error = 0; 307 307 308 - if (!mediated_filesystem(old_dentry->d_inode)) 308 + if (!mediated_filesystem(old_dentry)) 309 309 return 0; 310 310 311 311 profile = aa_current_profile(); ··· 320 320 struct aa_profile *profile; 321 321 int error = 0; 322 322 323 - if (!mediated_filesystem(old_dentry->d_inode)) 323 + if (!mediated_filesystem(old_dentry)) 324 324 return 0; 325 325 326 326 profile = aa_current_profile(); ··· 346 346 347 347 static int apparmor_path_chmod(struct path *path, umode_t mode) 348 348 { 349 - if (!mediated_filesystem(path->dentry->d_inode)) 349 + if (!mediated_filesystem(path->dentry)) 350 350 return 0; 351 351 352 352 return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); ··· 358 358 path->dentry->d_inode->i_mode 359 359 }; 360 360 361 - if (!mediated_filesystem(path->dentry->d_inode)) 361 + if (!mediated_filesystem(path->dentry)) 362 362 return 0; 363 363 364 364 return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); ··· 366 366 367 367 static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 368 368 { 369 - if (!mediated_filesystem(dentry->d_inode)) 369 + if (!mediated_filesystem(dentry)) 370 370 return 0; 371 371 372 372 return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry, ··· 379 379 struct aa_profile *profile; 380 380 int error = 0; 381 381 382 - if (!mediated_filesystem(file_inode(file))) 382 + if (!mediated_filesystem(file->f_path.dentry)) 383 383 return 0; 384 384 385 385 /* If in exec, permission is handled by bprm hooks. ··· 432 432 BUG_ON(!fprofile); 433 433 434 434 if (!file->f_path.mnt || 435 - !mediated_filesystem(file_inode(file))) 435 + !mediated_filesystem(file->f_path.dentry)) 436 436 return 0; 437 437 438 438 profile = __aa_current_profile();