From: Miklos Szeredi <mszeredi@suse.cz>

In the inode_unlink() security operation and related functions pass the
path (vfsmount + dentry) to the parent directory instead of the inode.
AppArmor will need this.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---
 fs/namei.c                 |   10 +++++-----
 include/linux/security.h   |    8 ++++----
 security/dummy.c           |    2 +-
 security/security.c        |    2 +-
 security/selinux/hooks.c   |    4 ++--
 security/smack/smack_lsm.c |    4 ++--
 6 files changed, 15 insertions(+), 15 deletions(-)

Index: linux-2.6/fs/namei.c
===================================================================
--- linux-2.6.orig/fs/namei.c	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/fs/namei.c	2008-05-29 12:20:53.000000000 +0200
@@ -2338,10 +2338,10 @@ asmlinkage long sys_rmdir(const char __u
 	return do_rmdir(AT_FDCWD, pathname);
 }
 
-static int vfs_unlink(struct dentry *dir_dentry, struct dentry *dentry)
+static int vfs_unlink(struct path *dir_path, struct dentry *dentry)
 {
-	struct inode *dir = dir_dentry->d_inode;
-	int error = may_delete(dir_dentry, dentry, 0);
+	struct inode *dir = dir_path->dentry->d_inode;
+	int error = may_delete(dir_path->dentry, dentry, 0);
 
 	if (error)
 		return error;
@@ -2355,7 +2355,7 @@ static int vfs_unlink(struct dentry *dir
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_inode_unlink(dir, dentry);
+		error = security_inode_unlink(dir_path, dentry);
 		if (!error)
 			error = dir->i_op->unlink(dir, dentry);
 	}
@@ -2375,7 +2375,7 @@ int path_unlink(struct path *dir_path, s
 	int error = mnt_want_write(dir_path->mnt);
 
 	if (!error) {
-		error = vfs_unlink(dir_path->dentry, dentry);
+		error = vfs_unlink(dir_path, dentry);
 		mnt_drop_write(dir_path->mnt);
 	}
 
Index: linux-2.6/include/linux/security.h
===================================================================
--- linux-2.6.orig/include/linux/security.h	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/include/linux/security.h	2008-05-29 12:20:53.000000000 +0200
@@ -351,7 +351,7 @@ static inline void security_free_mnt_opt
  *	Return 0 if permission is granted.
  * @inode_unlink:
  *	Check the permission to remove a hard link to a file.
- *	@dir contains the inode structure of parent directory of the file.
+ *	@dir contains the path to the parent of the file to be removed.
  *	@dentry contains the dentry structure for file to be unlinked.
  *	Return 0 if permission is granted.
  * @inode_symlink:
@@ -1356,7 +1356,7 @@ struct security_operations {
 	int (*inode_create) (struct path *dir, struct dentry *dentry, int mode);
 	int (*inode_link) (struct dentry *old_dentry,
 			   struct inode *dir, struct dentry *new_dentry);
-	int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
+	int (*inode_unlink) (struct path *dir, struct dentry *dentry);
 	int (*inode_symlink) (struct inode *dir,
 			      struct dentry *dentry, const char *old_name);
 	int (*inode_mkdir) (struct path *dir, struct dentry *dentry, int mode);
@@ -1628,7 +1628,7 @@ int security_inode_init_security(struct 
 int security_inode_create(struct path *dir, struct dentry *dentry, int mode);
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
 			 struct dentry *new_dentry);
-int security_inode_unlink(struct inode *dir, struct dentry *dentry);
+int security_inode_unlink(struct path *dir, struct dentry *dentry);
 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
 			   const char *old_name);
 int security_inode_mkdir(struct path *dir, struct dentry *dentry, int mode);
@@ -1978,7 +1978,7 @@ static inline int security_inode_link(st
 	return 0;
 }
 
-static inline int security_inode_unlink(struct inode *dir,
+static inline int security_inode_unlink(struct path *dir,
 					 struct dentry *dentry)
 {
 	return 0;
Index: linux-2.6/security/dummy.c
===================================================================
--- linux-2.6.orig/security/dummy.c	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/security/dummy.c	2008-05-29 12:20:53.000000000 +0200
@@ -298,7 +298,7 @@ static int dummy_inode_link (struct dent
 	return 0;
 }
 
-static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
+static int dummy_inode_unlink(struct path *dir, struct dentry *dentry)
 {
 	return 0;
 }
Index: linux-2.6/security/security.c
===================================================================
--- linux-2.6.orig/security/security.c	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/security/security.c	2008-05-29 12:20:53.000000000 +0200
@@ -403,7 +403,7 @@ int security_inode_link(struct dentry *o
 	return security_ops->inode_link(old_dentry, dir, new_dentry);
 }
 
-int security_inode_unlink(struct inode *dir, struct dentry *dentry)
+int security_inode_unlink(struct path *dir, struct dentry *dentry)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
 		return 0;
Index: linux-2.6/security/selinux/hooks.c
===================================================================
--- linux-2.6.orig/security/selinux/hooks.c	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/security/selinux/hooks.c	2008-05-29 12:20:53.000000000 +0200
@@ -2498,14 +2498,14 @@ static int selinux_inode_link(struct den
 	return may_link(dir, old_dentry, MAY_LINK);
 }
 
-static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
+static int selinux_inode_unlink(struct path *dir, struct dentry *dentry)
 {
 	int rc;
 
 	rc = secondary_ops->inode_unlink(dir, dentry);
 	if (rc)
 		return rc;
-	return may_link(dir, dentry, MAY_UNLINK);
+	return may_link(dir->dentry->d_inode, dentry, MAY_UNLINK);
 }
 
 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
Index: linux-2.6/security/smack/smack_lsm.c
===================================================================
--- linux-2.6.orig/security/smack/smack_lsm.c	2008-05-29 12:20:53.000000000 +0200
+++ linux-2.6/security/smack/smack_lsm.c	2008-05-29 12:20:53.000000000 +0200
@@ -437,7 +437,7 @@ static int smack_inode_link(struct dentr
  * Returns 0 if current can write the containing directory
  * and the object, error code otherwise
  */
-static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
+static int smack_inode_unlink(struct path *dir, struct dentry *dentry)
 {
 	struct inode *ip = dentry->d_inode;
 	int rc;
@@ -450,7 +450,7 @@ static int smack_inode_unlink(struct ino
 		/*
 		 * You also need write access to the containing directory
 		 */
-		rc = smk_curacc(smk_of_inode(dir), MAY_WRITE);
+		rc = smk_curacc(smk_of_inode(dir->dentry->d_inode), MAY_WRITE);
 
 	return rc;
 }

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/