d_path: Use struct path in struct avc_audit_data
authorJan Blunck <jblunck@suse.de>
Fri, 15 Feb 2008 03:38:33 +0000 (19:38 -0800)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Fri, 15 Feb 2008 05:17:08 +0000 (21:17 -0800)
audit_log_d_path() is a d_path() wrapper that is used by the audit code.  To
use a struct path in audit_log_d_path() I need to embed it into struct
avc_audit_data.

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Jan Blunck <jblunck@suse.de>
Acked-by: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Neil Brown <neilb@suse.de>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/audit.h
kernel/audit.c
kernel/auditsc.c
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/avc.h

index 97153027207a27d3ded23f099c105321613c9372..2af9ec025015c92d31f90259d699744993c60a81 100644 (file)
@@ -534,8 +534,7 @@ extern void             audit_log_n_untrustedstring(struct audit_buffer *ab,
                                                        const char *string);
 extern void                audit_log_d_path(struct audit_buffer *ab,
                                             const char *prefix,
-                                            struct dentry *dentry,
-                                            struct vfsmount *vfsmnt);
+                                            struct path *path);
 extern void                audit_log_lost(const char *message);
                                /* Private API (for audit.c only) */
 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
@@ -552,7 +551,7 @@ extern int audit_enabled;
 #define audit_log_hex(a,b,l) do { ; } while (0)
 #define audit_log_untrustedstring(a,s) do { ; } while (0)
 #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
-#define audit_log_d_path(b,p,d,v) do { ; } while (0)
+#define audit_log_d_path(b, p, d) do { ; } while (0)
 #define audit_enabled 0
 #endif
 #endif
index c8555b18021386b59a089b2e34fe4db355deab40..783e65701247f43cdb0d13d6ca161a5c1fbd0526 100644 (file)
@@ -1312,26 +1312,26 @@ void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
 
 /* This is a helper-function to print the escaped d_path */
 void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
-                     struct dentry *dentry, struct vfsmount *vfsmnt)
+                     struct path *path)
 {
-       char *p, *path;
+       char *p, *pathname;
 
        if (prefix)
                audit_log_format(ab, " %s", prefix);
 
        /* We will allow 11 spaces for ' (deleted)' to be appended */
-       path = kmalloc(PATH_MAX+11, ab->gfp_mask);
-       if (!path) {
+       pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
+       if (!pathname) {
                audit_log_format(ab, "<no memory>");
                return;
        }
-       p = d_path(dentry, vfsmnt, path, PATH_MAX+11);
+       p = d_path(path->dentry, path->mnt, pathname, PATH_MAX+11);
        if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
                /* FIXME: can we save some information here? */
                audit_log_format(ab, "<too long>");
        } else
                audit_log_untrustedstring(ab, p);
-       kfree(path);
+       kfree(pathname);
 }
 
 /**
index 741291a1de0dc9a73c49b8f0368d327bdf279a0f..ac6d9b23b018676873026cc0334baccedeb2a7cc 100644 (file)
@@ -208,8 +208,7 @@ struct audit_context {
        int                 name_count;
        struct audit_names  names[AUDIT_NAMES];
        char *              filterkey;  /* key for rule that triggered record */
-       struct dentry *     pwd;
-       struct vfsmount *   pwdmnt;
+       struct path         pwd;
        struct audit_context *previous; /* For nested syscalls */
        struct audit_aux_data *aux;
        struct audit_aux_data *aux_pids;
@@ -786,12 +785,9 @@ static inline void audit_free_names(struct audit_context *context)
                        __putname(context->names[i].name);
        }
        context->name_count = 0;
-       if (context->pwd)
-               dput(context->pwd);
-       if (context->pwdmnt)
-               mntput(context->pwdmnt);
-       context->pwd = NULL;
-       context->pwdmnt = NULL;
+       path_put(&context->pwd);
+       context->pwd.dentry = NULL;
+       context->pwd.mnt = NULL;
 }
 
 static inline void audit_free_aux(struct audit_context *context)
@@ -930,8 +926,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
                        if ((vma->vm_flags & VM_EXECUTABLE) &&
                            vma->vm_file) {
                                audit_log_d_path(ab, "exe=",
-                                                vma->vm_file->f_path.dentry,
-                                                vma->vm_file->f_path.mnt);
+                                                &vma->vm_file->f_path);
                                break;
                        }
                        vma = vma->vm_next;
@@ -1341,10 +1336,10 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                                  context->target_sid, context->target_comm))
                        call_panic = 1;
 
-       if (context->pwd && context->pwdmnt) {
+       if (context->pwd.dentry && context->pwd.mnt) {
                ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
                if (ab) {
-                       audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
+                       audit_log_d_path(ab, "cwd=", &context->pwd);
                        audit_log_end(ab);
                }
        }
@@ -1367,8 +1362,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                        case 0:
                                /* name was specified as a relative path and the
                                 * directory component is the cwd */
-                               audit_log_d_path(ab, " name=", context->pwd,
-                                                context->pwdmnt);
+                               audit_log_d_path(ab, " name=", &context->pwd);
                                break;
                        default:
                                /* log the name's directory component */
@@ -1695,10 +1689,10 @@ void __audit_getname(const char *name)
        context->names[context->name_count].ino  = (unsigned long)-1;
        context->names[context->name_count].osid = 0;
        ++context->name_count;
-       if (!context->pwd) {
+       if (!context->pwd.dentry) {
                read_lock(&current->fs->lock);
-               context->pwd = dget(current->fs->pwd.dentry);
-               context->pwdmnt = mntget(current->fs->pwd.mnt);
+               context->pwd = current->fs->pwd;
+               path_get(&current->fs->pwd);
                read_unlock(&current->fs->lock);
        }
 
index e8529e2f51e5ba24042ccd88b77e481c9457a5aa..187964e88af1513f79940e025a2353407eff107a 100644 (file)
@@ -568,10 +568,11 @@ void avc_audit(u32 ssid, u32 tsid,
                        audit_log_format(ab, " capability=%d", a->u.cap);
                        break;
                case AVC_AUDIT_DATA_FS:
-                       if (a->u.fs.dentry) {
-                               struct dentry *dentry = a->u.fs.dentry;
-                               if (a->u.fs.mnt) {
-                                       audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt);
+                       if (a->u.fs.path.dentry) {
+                               struct dentry *dentry = a->u.fs.path.dentry;
+                               if (a->u.fs.path.mnt) {
+                                       audit_log_d_path(ab, "path=",
+                                                        &a->u.fs.path);
                                } else {
                                        audit_log_format(ab, " name=");
                                        audit_log_untrustedstring(ab, dentry->d_name.name);
@@ -626,8 +627,12 @@ void avc_audit(u32 ssid, u32 tsid,
                                case AF_UNIX:
                                        u = unix_sk(sk);
                                        if (u->dentry) {
+                                               struct path path = {
+                                                       .dentry = u->dentry,
+                                                       .mnt = u->mnt
+                                               };
                                                audit_log_d_path(ab, "path=",
-                                                                u->dentry, u->mnt);
+                                                                &path);
                                                break;
                                        }
                                        if (!u->addr)
index ffeefa3c2c77071e2823f830c78fec5c0a61ed66..75c2e99bfb813a0653350bf18572d1359878dde5 100644 (file)
@@ -1356,8 +1356,8 @@ static inline int dentry_has_perm(struct task_struct *tsk,
        struct inode *inode = dentry->d_inode;
        struct avc_audit_data ad;
        AVC_AUDIT_DATA_INIT(&ad,FS);
-       ad.u.fs.mnt = mnt;
-       ad.u.fs.dentry = dentry;
+       ad.u.fs.path.mnt = mnt;
+       ad.u.fs.path.dentry = dentry;
        return inode_has_perm(tsk, inode, av, &ad);
 }
 
@@ -1375,15 +1375,12 @@ static int file_has_perm(struct task_struct *tsk,
 {
        struct task_security_struct *tsec = tsk->security;
        struct file_security_struct *fsec = file->f_security;
-       struct vfsmount *mnt = file->f_path.mnt;
-       struct dentry *dentry = file->f_path.dentry;
-       struct inode *inode = dentry->d_inode;
+       struct inode *inode = file->f_path.dentry->d_inode;
        struct avc_audit_data ad;
        int rc;
 
        AVC_AUDIT_DATA_INIT(&ad, FS);
-       ad.u.fs.mnt = mnt;
-       ad.u.fs.dentry = dentry;
+       ad.u.fs.path = file->f_path;
 
        if (tsec->sid != fsec->sid) {
                rc = avc_has_perm(tsec->sid, fsec->sid,
@@ -1418,7 +1415,7 @@ static int may_create(struct inode *dir,
        sbsec = dir->i_sb->s_security;
 
        AVC_AUDIT_DATA_INIT(&ad, FS);
-       ad.u.fs.dentry = dentry;
+       ad.u.fs.path.dentry = dentry;
 
        rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
                          DIR__ADD_NAME | DIR__SEARCH,
@@ -1476,7 +1473,7 @@ static int may_link(struct inode *dir,
        isec = dentry->d_inode->i_security;
 
        AVC_AUDIT_DATA_INIT(&ad, FS);
-       ad.u.fs.dentry = dentry;
+       ad.u.fs.path.dentry = dentry;
 
        av = DIR__SEARCH;
        av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
@@ -1523,7 +1520,7 @@ static inline int may_rename(struct inode *old_dir,
 
        AVC_AUDIT_DATA_INIT(&ad, FS);
 
-       ad.u.fs.dentry = old_dentry;
+       ad.u.fs.path.dentry = old_dentry;
        rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
                          DIR__REMOVE_NAME | DIR__SEARCH, &ad);
        if (rc)
@@ -1539,7 +1536,7 @@ static inline int may_rename(struct inode *old_dir,
                        return rc;
        }
 
-       ad.u.fs.dentry = new_dentry;
+       ad.u.fs.path.dentry = new_dentry;
        av = DIR__ADD_NAME | DIR__SEARCH;
        if (new_dentry->d_inode)
                av |= DIR__REMOVE_NAME;
@@ -1918,8 +1915,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
        }
 
        AVC_AUDIT_DATA_INIT(&ad, FS);
-       ad.u.fs.mnt = bprm->file->f_path.mnt;
-       ad.u.fs.dentry = bprm->file->f_path.dentry;
+       ad.u.fs.path = bprm->file->f_path;
 
        if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
                newsid = tsec->sid;
@@ -2315,7 +2311,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
                return rc;
 
        AVC_AUDIT_DATA_INIT(&ad,FS);
-       ad.u.fs.dentry = sb->s_root;
+       ad.u.fs.path.dentry = sb->s_root;
        return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
 }
 
@@ -2324,7 +2320,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
        struct avc_audit_data ad;
 
        AVC_AUDIT_DATA_INIT(&ad,FS);
-       ad.u.fs.dentry = dentry->d_sb->s_root;
+       ad.u.fs.path.dentry = dentry->d_sb->s_root;
        return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
 }
 
@@ -2587,7 +2583,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
                return -EPERM;
 
        AVC_AUDIT_DATA_INIT(&ad,FS);
-       ad.u.fs.dentry = dentry;
+       ad.u.fs.path.dentry = dentry;
 
        rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
                          FILE__RELABELFROM, &ad);
index 80c28fa6621c78527a23ee3fa8f9aa3e20ec6d55..8e23d7a873a4a3453d77bb87b235a2ebcd137649 100644 (file)
@@ -13,6 +13,7 @@
 #include <linux/spinlock.h>
 #include <linux/init.h>
 #include <linux/in6.h>
+#include <linux/path.h>
 #include <asm/system.h>
 #include "flask.h"
 #include "av_permissions.h"
@@ -30,8 +31,6 @@ extern int selinux_enforcing;
 struct avc_entry;
 
 struct task_struct;
-struct vfsmount;
-struct dentry;
 struct inode;
 struct sock;
 struct sk_buff;
@@ -46,8 +45,7 @@ struct avc_audit_data {
        struct task_struct *tsk;
        union   {
                struct {
-                       struct vfsmount *mnt;
-                       struct dentry *dentry;
+                       struct path path;
                        struct inode *inode;
                } fs;
                struct {