| Message ID | 1467733854-6314-4-git-send-email-vgoyal@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 7/5/2016 8:50 AM, Vivek Goyal wrote: > Right now selinux_determine_inode_label() works on security pointer of > current task. Soon I need this to work on a security pointer retrieved > from a set of creds. So start passing in a pointer and caller can decide > where to fetch security pointer from. > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com> > --- > security/selinux/hooks.c | 17 +++++++++-------- > 1 file changed, 9 insertions(+), 8 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index c68223c..86a07ed 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1785,13 +1785,13 @@ out: > /* > * Determine the label for an inode that might be unioned. > */ > -static int selinux_determine_inode_label(struct inode *dir, > - const struct qstr *name, > - u16 tclass, > +static int selinux_determine_inode_label(const void *security, You know the type. Why not use it? static int selinux_determine_inode_label(const struct task_security_struct *tsec, > + struct inode *dir, > + const struct qstr *name, u16 tclass, > u32 *_new_isid) > { > const struct superblock_security_struct *sbsec = dir->i_sb->s_security; > - const struct task_security_struct *tsec = current_security(); > + const struct task_security_struct *tsec = security; > > if ((sbsec->flags & SE_SBINITIALIZED) && > (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { > @@ -1834,8 +1834,8 @@ static int may_create(struct inode *dir, > if (rc) > return rc; > > - rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass, > - &newsid); > + rc = selinux_determine_inode_label(current_security(), dir, > + &dentry->d_name, tclass, &newsid); > if (rc) > return rc; > > @@ -2815,7 +2815,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, > u32 newsid; > int rc; > > - rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name, > + rc = selinux_determine_inode_label(current_security(), > + d_inode(dentry->d_parent), name, > inode_mode_to_security_class(mode), > &newsid); > if (rc) > @@ -2840,7 +2841,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, > sid = tsec->sid; > newsid = tsec->create_sid; > > - rc = selinux_determine_inode_label( > + rc = selinux_determine_inode_label(current_security(), > dir, qstr, > inode_mode_to_security_class(inode->i_mode), > &newsid); -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jul 05, 2016 at 01:25:22PM -0700, Casey Schaufler wrote: > On 7/5/2016 8:50 AM, Vivek Goyal wrote: > > Right now selinux_determine_inode_label() works on security pointer of > > current task. Soon I need this to work on a security pointer retrieved > > from a set of creds. So start passing in a pointer and caller can decide > > where to fetch security pointer from. > > > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com> > > --- > > security/selinux/hooks.c | 17 +++++++++-------- > > 1 file changed, 9 insertions(+), 8 deletions(-) > > > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index c68223c..86a07ed 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -1785,13 +1785,13 @@ out: > > /* > > * Determine the label for an inode that might be unioned. > > */ > > -static int selinux_determine_inode_label(struct inode *dir, > > - const struct qstr *name, > > - u16 tclass, > > +static int selinux_determine_inode_label(const void *security, > > You know the type. Why not use it? > > static int selinux_determine_inode_label(const struct task_security_struct *tsec, Will change it. All callers use current_security() to fetch this pointer and it returns void * and I guess I assumed that compiler will complain but it does not seem to complain. Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c68223c..86a07ed 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1785,13 +1785,13 @@ out: /* * Determine the label for an inode that might be unioned. */ -static int selinux_determine_inode_label(struct inode *dir, - const struct qstr *name, - u16 tclass, +static int selinux_determine_inode_label(const void *security, + struct inode *dir, + const struct qstr *name, u16 tclass, u32 *_new_isid) { const struct superblock_security_struct *sbsec = dir->i_sb->s_security; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = security; if ((sbsec->flags & SE_SBINITIALIZED) && (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { @@ -1834,8 +1834,8 @@ static int may_create(struct inode *dir, if (rc) return rc; - rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass, - &newsid); + rc = selinux_determine_inode_label(current_security(), dir, + &dentry->d_name, tclass, &newsid); if (rc) return rc; @@ -2815,7 +2815,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, u32 newsid; int rc; - rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name, + rc = selinux_determine_inode_label(current_security(), + d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); if (rc) @@ -2840,7 +2841,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, sid = tsec->sid; newsid = tsec->create_sid; - rc = selinux_determine_inode_label( + rc = selinux_determine_inode_label(current_security(), dir, qstr, inode_mode_to_security_class(inode->i_mode), &newsid);
Right now selinux_determine_inode_label() works on security pointer of current task. Soon I need this to work on a security pointer retrieved from a set of creds. So start passing in a pointer and caller can decide where to fetch security pointer from. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- security/selinux/hooks.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-)