From: Miklos Szeredi <mszeredi@suse.cz>

In the inode_link() security operation and related functions pass the
path (vfsmount + dentry) to the parent directory instead of the inode.
AppArmor will need this.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---
 fs/namei.c                 |   10 +++++-----
 include/linux/security.h   |    8 ++++----
 security/dummy.c           |    4 ++--
 security/security.c        |    2 +-
 security/selinux/hooks.c   |    5 +++--
 security/smack/smack_lsm.c |    2 +-
 6 files changed, 16 insertions(+), 15 deletions(-)

Index: linux-2.6/fs/namei.c
===================================================================
--- linux-2.6.orig/fs/namei.c	2008-05-29 12:20:54.000000000 +0200
+++ linux-2.6/fs/namei.c	2008-05-29 12:20:55.000000000 +0200
@@ -2531,17 +2531,17 @@ asmlinkage long sys_symlink(const char _
 	return sys_symlinkat(oldname, AT_FDCWD, newname);
 }
 
-static int vfs_link(struct dentry *old_dentry, struct dentry *new_dir_dentry,
+static int vfs_link(struct dentry *old_dentry, struct path *new_dir_path,
 		    struct dentry *new_dentry)
 {
-	struct inode *dir = new_dir_dentry->d_inode;
+	struct inode *dir = new_dir_path->dentry->d_inode;
 	struct inode *inode = old_dentry->d_inode;
 	int error;
 
 	if (!inode)
 		return -ENOENT;
 
-	error = may_create(new_dir_dentry, new_dentry);
+	error = may_create(new_dir_path->dentry, new_dentry);
 	if (error)
 		return error;
 
@@ -2558,7 +2558,7 @@ static int vfs_link(struct dentry *old_d
 	if (S_ISDIR(inode->i_mode))
 		return -EPERM;
 
-	error = security_inode_link(old_dentry, dir, new_dentry);
+	error = security_inode_link(old_dentry, new_dir_path, new_dentry);
 	if (error)
 		return error;
 
@@ -2577,7 +2577,7 @@ int path_link(struct dentry *old_dentry,
 	int error = mnt_want_write(dir_path->mnt);
 
 	if (!error) {
-		error = vfs_link(old_dentry, dir_path->dentry, new_dentry);
+		error = vfs_link(old_dentry, dir_path, new_dentry);
 		mnt_drop_write(dir_path->mnt);
 	}
 
Index: linux-2.6/include/linux/security.h
===================================================================
--- linux-2.6.orig/include/linux/security.h	2008-05-29 12:20:54.000000000 +0200
+++ linux-2.6/include/linux/security.h	2008-05-29 12:20:55.000000000 +0200
@@ -346,7 +346,7 @@ static inline void security_free_mnt_opt
  * @inode_link:
  *	Check permission before creating a new hard link to a file.
  *	@old_dentry contains the dentry structure for an existing link to the file.
- *	@dir contains the inode structure of the parent directory of the new link.
+ *	@dir contains the path to the parent of the new link.
  *	@new_dentry contains the dentry structure for the new link.
  *	Return 0 if permission is granted.
  * @inode_unlink:
@@ -1355,7 +1355,7 @@ struct security_operations {
 				    char **name, void **value, size_t *len);
 	int (*inode_create) (struct path *dir, struct dentry *dentry, int mode);
 	int (*inode_link) (struct dentry *old_dentry,
-			   struct inode *dir, struct dentry *new_dentry);
+			   struct path *dir, struct dentry *new_dentry);
 	int (*inode_unlink) (struct path *dir, struct dentry *dentry);
 	int (*inode_symlink) (struct path *dir,
 			      struct dentry *dentry, const char *old_name);
@@ -1626,7 +1626,7 @@ void security_inode_free(struct inode *i
 int security_inode_init_security(struct inode *inode, struct inode *dir,
 				  char **name, void **value, size_t *len);
 int security_inode_create(struct path *dir, struct dentry *dentry, int mode);
-int security_inode_link(struct dentry *old_dentry, struct inode *dir,
+int security_inode_link(struct dentry *old_dentry, struct path *dir,
 			 struct dentry *new_dentry);
 int security_inode_unlink(struct path *dir, struct dentry *dentry);
 int security_inode_symlink(struct path *dir, struct dentry *dentry,
@@ -1972,7 +1972,7 @@ static inline int security_inode_create(
 }
 
 static inline int security_inode_link(struct dentry *old_dentry,
-				       struct inode *dir,
+				       struct path *dir,
 				       struct dentry *new_dentry)
 {
 	return 0;
Index: linux-2.6/security/dummy.c
===================================================================
--- linux-2.6.orig/security/dummy.c	2008-05-29 12:20:54.000000000 +0200
+++ linux-2.6/security/dummy.c	2008-05-29 12:20:55.000000000 +0200
@@ -292,8 +292,8 @@ static int dummy_inode_create(struct pat
 	return 0;
 }
 
-static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
-			     struct dentry *new_dentry)
+static int dummy_inode_link(struct dentry *old_dentry, struct path *dir,
+			    struct dentry *new_dentry)
 {
 	return 0;
 }
Index: linux-2.6/security/security.c
===================================================================
--- linux-2.6.orig/security/security.c	2008-05-29 12:20:54.000000000 +0200
+++ linux-2.6/security/security.c	2008-05-29 12:20:55.000000000 +0200
@@ -395,7 +395,7 @@ int security_inode_create(struct path *d
 	return security_ops->inode_create(dir, dentry, mode);
 }
 
-int security_inode_link(struct dentry *old_dentry, struct inode *dir,
+int security_inode_link(struct dentry *old_dentry, struct path *dir,
 			 struct dentry *new_dentry)
 {
 	if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
Index: linux-2.6/security/selinux/hooks.c
===================================================================
--- linux-2.6.orig/security/selinux/hooks.c	2008-05-29 12:20:54.000000000 +0200
+++ linux-2.6/security/selinux/hooks.c	2008-05-29 12:20:55.000000000 +0200
@@ -2488,14 +2488,15 @@ static int selinux_inode_create(struct p
 	return may_create(dir->dentry->d_inode, dentry, SECCLASS_FILE);
 }
 
-static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
+static int selinux_inode_link(struct dentry *old_dentry, struct path *dir,
+			      struct dentry *new_dentry)
 {
 	int rc;
 
 	rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
 	if (rc)
 		return rc;
-	return may_link(dir, old_dentry, MAY_LINK);
+	return may_link(dir->dentry->d_inode, old_dentry, MAY_LINK);
 }
 
 static int selinux_inode_unlink(struct path *dir, struct dentry *dentry)
Index: linux-2.6/security/smack/smack_lsm.c
===================================================================
--- linux-2.6.orig/security/smack/smack_lsm.c	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/security/smack/smack_lsm.c	2008-05-29 12:20:55.000000000 +0200
@@ -412,7 +412,7 @@ static int smack_inode_init_security(str
  *
  * Returns 0 if access is permitted, an error code otherwise
  */
-static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
+static int smack_inode_link(struct dentry *old_dentry, struct path *dir,
 			    struct dentry *new_dentry)
 {
 	int rc;

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/