Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 745ca247 authored by David Howells's avatar David Howells Committed by James Morris
Browse files

CRED: Pass credentials through dentry_open() 



Pass credentials through dentry_open() so that the COW creds patch can have
SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
when it opens its null chardev.

The security_dentry_open() call also now takes a creds pointer, as does the
dentry_open hook in struct security_operations.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 88e67f3b

arch/powerpc/platforms/cell/spufs/inode.c

+2 −2
Original line number Diff line number Diff line
@@ -323,7 +323,7 @@ static int spufs_context_open(struct dentry *dentry, struct vfsmount *mnt) 
		goto out;

	}



	filp = dentry_open(dentry, mnt, O_RDONLY);

	filp = dentry_open(dentry, mnt, O_RDONLY, current_cred());

	if (IS_ERR(filp)) {

		put_unused_fd(ret);

		ret = PTR_ERR(filp);
@@ -562,7 +562,7 @@ static int spufs_gang_open(struct dentry *dentry, struct vfsmount *mnt) 
		goto out;

	}



	filp = dentry_open(dentry, mnt, O_RDONLY);

	filp = dentry_open(dentry, mnt, O_RDONLY, current_cred());

	if (IS_ERR(filp)) {

		put_unused_fd(ret);

		ret = PTR_ERR(filp);

arch/um/drivers/mconsole_kern.c

+2 −1
Original line number Diff line number Diff line
@@ -159,7 +159,8 @@ void mconsole_proc(struct mc_request *req) 
		goto out_kill;

	}



	file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY);

	file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,

			   current_cred());

	if (IS_ERR(file)) {

		mconsole_reply(req, "Failed to open file", 1, 0);

		goto out_kill;

fs/autofs4/dev-ioctl.c

+2 −1
Original line number Diff line number Diff line
@@ -307,7 +307,8 @@ static int autofs_dev_ioctl_open_mountpoint(const char *path, dev_t devid) 
			goto out;

		}



		filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY);

		filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,

				   current_cred());

		if (IS_ERR(filp)) {

			err = PTR_ERR(filp);

			goto out;

fs/ecryptfs/ecryptfs_kernel.h

+2 −1
Original line number Diff line number Diff line
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void); 
void ecryptfs_destroy_kthread(void);

int ecryptfs_privileged_open(struct file **lower_file,

			     struct dentry *lower_dentry,

			     struct vfsmount *lower_mnt);

			     struct vfsmount *lower_mnt,

			     const struct cred *cred);

int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);



#endif /* #ifndef ECRYPTFS_KERNEL_H */

fs/ecryptfs/kthread.c

+5 −4
Original line number Diff line number Diff line
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored) 
				mntget(req->lower_mnt);

				(*req->lower_file) = dentry_open(

					req->lower_dentry, req->lower_mnt,

					(O_RDWR | O_LARGEFILE));

					(O_RDWR | O_LARGEFILE), current_cred());

				req->flags |= ECRYPTFS_REQ_PROCESSED;

			}

			wake_up(&req->wait);
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void) 
 */

int ecryptfs_privileged_open(struct file **lower_file,

			     struct dentry *lower_dentry,

			     struct vfsmount *lower_mnt)

			     struct vfsmount *lower_mnt,

			     const struct cred *cred)

{

	struct ecryptfs_open_req *req;

	int rc = 0;
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file, 
	dget(lower_dentry);

	mntget(lower_mnt);

	(*lower_file) = dentry_open(lower_dentry, lower_mnt,

				    (O_RDWR | O_LARGEFILE));

				    (O_RDWR | O_LARGEFILE), cred);

	if (!IS_ERR(*lower_file))

		goto out;

	req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file, 
		dget(lower_dentry);

		mntget(lower_mnt);

		(*lower_file) = dentry_open(lower_dentry, lower_mnt,

					    (O_RDONLY | O_LARGEFILE));

					    (O_RDONLY | O_LARGEFILE), cred);

		if (IS_ERR(*lower_file)) {

			rc = PTR_ERR(*req->lower_file);

			(*lower_file) = NULL;