apparmor: new helper - common_path_perm()
was open-coded in several places... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
be01f9f28e
commit
741aca71d6
1 changed files with 12 additions and 35 deletions
|
@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir,
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* common_perm_mnt_dentry - common permission wrapper when mnt, dentry
|
* common_perm_path - common permission wrapper when mnt, dentry
|
||||||
* @op: operation being checked
|
* @op: operation being checked
|
||||||
* @mnt: mount point of dentry (NOT NULL)
|
* @path: location to check (NOT NULL)
|
||||||
* @dentry: dentry to check (NOT NULL)
|
|
||||||
* @mask: requested permissions mask
|
* @mask: requested permissions mask
|
||||||
*
|
*
|
||||||
* Returns: %0 else error code if error or permission denied
|
* Returns: %0 else error code if error or permission denied
|
||||||
*/
|
*/
|
||||||
static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
|
static inline int common_perm_path(int op, const struct path *path, u32 mask)
|
||||||
struct dentry *dentry, u32 mask)
|
|
||||||
{
|
{
|
||||||
struct path path = { mnt, dentry };
|
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
|
||||||
struct path_cond cond = { d_backing_inode(dentry)->i_uid,
|
d_backing_inode(path->dentry)->i_mode
|
||||||
d_backing_inode(dentry)->i_mode
|
|
||||||
};
|
};
|
||||||
|
if (!mediated_filesystem(path->dentry))
|
||||||
|
return 0;
|
||||||
|
|
||||||
return common_perm(op, &path, mask, &cond);
|
return common_perm(op, path, mask, &cond);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -271,15 +270,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
|
||||||
|
|
||||||
static int apparmor_path_truncate(const struct path *path)
|
static int apparmor_path_truncate(const struct path *path)
|
||||||
{
|
{
|
||||||
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
|
return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
|
||||||
d_backing_inode(path->dentry)->i_mode
|
|
||||||
};
|
|
||||||
|
|
||||||
if (!mediated_filesystem(path->dentry))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
|
|
||||||
&cond);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
|
static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
|
||||||
|
@ -336,31 +327,17 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
||||||
|
|
||||||
static int apparmor_path_chmod(const struct path *path, umode_t mode)
|
static int apparmor_path_chmod(const struct path *path, umode_t mode)
|
||||||
{
|
{
|
||||||
if (!mediated_filesystem(path->dentry))
|
return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||||
{
|
{
|
||||||
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
|
return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
|
||||||
d_backing_inode(path->dentry)->i_mode
|
|
||||||
};
|
|
||||||
|
|
||||||
if (!mediated_filesystem(path->dentry))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_inode_getattr(const struct path *path)
|
static int apparmor_inode_getattr(const struct path *path)
|
||||||
{
|
{
|
||||||
if (!mediated_filesystem(path->dentry))
|
return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
|
||||||
return 0;
|
|
||||||
|
|
||||||
return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry,
|
|
||||||
AA_MAY_META_READ);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apparmor_file_open(struct file *file, const struct cred *cred)
|
static int apparmor_file_open(struct file *file, const struct cred *cred)
|
||||||
|
|
Loading…
Reference in a new issue