summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-03-31 13:42:57 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2012-03-31 13:42:57 -0700
commit8bb1f229527dee95644e0f8496980bb767c6f620 (patch)
tree511551e9772f11f855bd5b759b6d449da47e8820 /security
parentf22e08a79f3765fecf060b225a46931c94fb0a92 (diff)
parentc0d0259481cc6ec2a38cad810055e455de35c733 (diff)
downloadlinux-3.10-8bb1f229527dee95644e0f8496980bb767c6f620.tar.gz
linux-3.10-8bb1f229527dee95644e0f8496980bb767c6f620.tar.bz2
linux-3.10-8bb1f229527dee95644e0f8496980bb767c6f620.zip
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull second try at vfs part d#2 from Al Viro: "Miklos' first series (with do_lookup() rewrite split into edible chunks) + assorted bits and pieces. The 'untangling of do_lookup()' series is is a splitup of what used to be a monolithic patch from Miklos, so this series is basically "how do I convince myself that his patch is correct (or find a hole in it)". No holes found and I like the resulting cleanup, so in it went..." Changes from try 1: Fix a boot problem with selinux, and commit messages prettied up a bit. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits) vfs: fix out-of-date dentry_unhash() comment vfs: split __lookup_hash untangling do_lookup() - take __lookup_hash()-calling case out of line. untangling do_lookup() - switch to calling __lookup_hash() untangling do_lookup() - merge d_alloc_and_lookup() callers untangling do_lookup() - merge failure exits in !dentry case untangling do_lookup() - massage !dentry case towards __lookup_hash() untangling do_lookup() - get rid of need_reval in !dentry case untangling do_lookup() - eliminate a loop. untangling do_lookup() - expand the area under ->i_mutex untangling do_lookup() - isolate !dentry stuff from the rest of it. vfs: move MAY_EXEC check from __lookup_hash() vfs: don't revalidate just looked up dentry vfs: fix d_need_lookup/d_revalidate order in do_lookup ext3: move headers to fs/ext3/ migrate ext2_fs.h guts to fs/ext2/ext2.h new helper: ext2_image_size() get rid of pointless includes of ext2_fs.h ext2: No longer export ext2_fs.h to user space mtdchar: kill persistently held vfsmount ...
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c9
-rw-r--r--security/selinux/selinuxfs.c110
2 files changed, 48 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 15c6c567468..28482f9e15b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -28,7 +28,6 @@
#include <linux/kernel.h>
#include <linux/tracehook.h>
#include <linux/errno.h>
-#include <linux/ext2_fs.h>
#include <linux/sched.h>
#include <linux/security.h>
#include <linux/xattr.h>
@@ -2971,15 +2970,15 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
/* fall through */
case FIGETBSZ:
/* fall through */
- case EXT2_IOC_GETFLAGS:
+ case FS_IOC_GETFLAGS:
/* fall through */
- case EXT2_IOC_GETVERSION:
+ case FS_IOC_GETVERSION:
error = file_has_perm(cred, file, FILE__GETATTR);
break;
- case EXT2_IOC_SETFLAGS:
+ case FS_IOC_SETFLAGS:
/* fall through */
- case EXT2_IOC_SETVERSION:
+ case FS_IOC_SETVERSION:
error = file_has_perm(cred, file, FILE__SETATTR);
break;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 48a7d0014b4..d7018bfa1f0 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -344,7 +344,7 @@ static int sel_make_classes(void);
static int sel_make_policycap(void);
/* declaration for sel_make_class_dirs */
-static int sel_make_dir(struct inode *dir, struct dentry *dentry,
+static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
unsigned long *ino);
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
@@ -1678,13 +1678,9 @@ static int sel_make_class_dir_entries(char *classname, int index,
inode->i_ino = sel_class_to_ino(index);
d_add(dentry, inode);
- dentry = d_alloc_name(dir, "perms");
- if (!dentry)
- return -ENOMEM;
-
- rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino);
- if (rc)
- return rc;
+ dentry = sel_make_dir(dir, "perms", &last_class_ino);
+ if (IS_ERR(dentry))
+ return PTR_ERR(dentry);
rc = sel_make_perm_files(classname, index, dentry);
@@ -1733,15 +1729,12 @@ static int sel_make_classes(void)
for (i = 0; i < nclasses; i++) {
struct dentry *class_name_dir;
- rc = -ENOMEM;
- class_name_dir = d_alloc_name(class_dir, classes[i]);
- if (!class_name_dir)
- goto out;
-
- rc = sel_make_dir(class_dir->d_inode, class_name_dir,
+ class_name_dir = sel_make_dir(class_dir, classes[i],
&last_class_ino);
- if (rc)
+ if (IS_ERR(class_name_dir)) {
+ rc = PTR_ERR(class_name_dir);
goto out;
+ }
/* i+1 since class values are 1-indexed */
rc = sel_make_class_dir_entries(classes[i], i + 1,
@@ -1787,14 +1780,20 @@ static int sel_make_policycap(void)
return 0;
}
-static int sel_make_dir(struct inode *dir, struct dentry *dentry,
+static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
unsigned long *ino)
{
+ struct dentry *dentry = d_alloc_name(dir, name);
struct inode *inode;
- inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO);
- if (!inode)
- return -ENOMEM;
+ if (!dentry)
+ return ERR_PTR(-ENOMEM);
+
+ inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
+ if (!inode) {
+ dput(dentry);
+ return ERR_PTR(-ENOMEM);
+ }
inode->i_op = &simple_dir_inode_operations;
inode->i_fop = &simple_dir_operations;
@@ -1803,16 +1802,16 @@ static int sel_make_dir(struct inode *dir, struct dentry *dentry,
inc_nlink(inode);
d_add(dentry, inode);
/* bump link count on parent directory, too */
- inc_nlink(dir);
+ inc_nlink(dir->d_inode);
- return 0;
+ return dentry;
}
static int sel_fill_super(struct super_block *sb, void *data, int silent)
{
int ret;
struct dentry *dentry;
- struct inode *inode, *root_inode;
+ struct inode *inode;
struct inode_security_struct *isec;
static struct tree_descr selinux_files[] = {
@@ -1839,18 +1838,12 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
if (ret)
goto err;
- root_inode = sb->s_root->d_inode;
-
- ret = -ENOMEM;
- dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME);
- if (!dentry)
+ bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
+ if (IS_ERR(bool_dir)) {
+ ret = PTR_ERR(bool_dir);
+ bool_dir = NULL;
goto err;
-
- ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
- if (ret)
- goto err;
-
- bool_dir = dentry;
+ }
ret = -ENOMEM;
dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
@@ -1872,54 +1865,39 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
d_add(dentry, inode);
selinux_null = dentry;
- ret = -ENOMEM;
- dentry = d_alloc_name(sb->s_root, "avc");
- if (!dentry)
- goto err;
-
- ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
- if (ret)
+ dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
+ if (IS_ERR(dentry)) {
+ ret = PTR_ERR(dentry);
goto err;
+ }
ret = sel_make_avc_files(dentry);
if (ret)
goto err;
- ret = -ENOMEM;
- dentry = d_alloc_name(sb->s_root, "initial_contexts");
- if (!dentry)
- goto err;
-
- ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
- if (ret)
+ dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
+ if (IS_ERR(dentry)) {
+ ret = PTR_ERR(dentry);
goto err;
+ }
ret = sel_make_initcon_files(dentry);
if (ret)
goto err;
- ret = -ENOMEM;
- dentry = d_alloc_name(sb->s_root, "class");
- if (!dentry)
- goto err;
-
- ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
- if (ret)
- goto err;
-
- class_dir = dentry;
-
- ret = -ENOMEM;
- dentry = d_alloc_name(sb->s_root, "policy_capabilities");
- if (!dentry)
+ class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
+ if (IS_ERR(class_dir)) {
+ ret = PTR_ERR(class_dir);
+ class_dir = NULL;
goto err;
+ }
- ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
- if (ret)
+ policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
+ if (IS_ERR(policycap_dir)) {
+ ret = PTR_ERR(policycap_dir);
+ policycap_dir = NULL;
goto err;
-
- policycap_dir = dentry;
-
+ }
return 0;
err:
printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",