Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d2b31ca6 authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

userns: Teach security_path_chown to take kuids and kgids 



Don't make the security modules deal with raw user space uid and
gids instead pass in a kuid_t and a kgid_t so that security modules
only have to deal with internal kernel uids and gids.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Morris <james.l.morris@oracle.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
parent 8b94eea4

fs/open.c

+1 −1
Original line number Diff line number Diff line
@@ -534,7 +534,7 @@ static int chown_common(struct path *path, uid_t user, gid_t group) 
		newattrs.ia_valid |=

			ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;

	mutex_lock(&inode->i_mutex);

	error = security_path_chown(path, user, group);

	error = security_path_chown(path, uid, gid);

	if (!error)

		error = notify_change(path->dentry, &newattrs);

	mutex_unlock(&inode->i_mutex);

include/linux/security.h

+3 −3
Original line number Diff line number Diff line
@@ -1437,7 +1437,7 @@ struct security_operations { 
	int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,

			    struct path *new_dir, struct dentry *new_dentry);

	int (*path_chmod) (struct path *path, umode_t mode);

	int (*path_chown) (struct path *path, uid_t uid, gid_t gid);

	int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);

	int (*path_chroot) (struct path *path);

#endif
@@ -2832,7 +2832,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, 
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,

			 struct path *new_dir, struct dentry *new_dentry);

int security_path_chmod(struct path *path, umode_t mode);

int security_path_chown(struct path *path, uid_t uid, gid_t gid);

int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);

int security_path_chroot(struct path *path);

#else	/* CONFIG_SECURITY_PATH */

static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
@@ -2888,7 +2888,7 @@ static inline int security_path_chmod(struct path *path, umode_t mode) 
	return 0;

}



static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)

static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)

{

	return 0;

}

security/apparmor/lsm.c

+1 −1
Original line number Diff line number Diff line
@@ -352,7 +352,7 @@ static int apparmor_path_chmod(struct path *path, umode_t mode) 
	return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);

}



static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid)

static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)

{

	struct path_cond cond =  { path->dentry->d_inode->i_uid,

				   path->dentry->d_inode->i_mode

security/capability.c

+1 −1
Original line number Diff line number Diff line
@@ -284,7 +284,7 @@ static int cap_path_chmod(struct path *path, umode_t mode) 
	return 0;

}



static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)

static int cap_path_chown(struct path *path, kuid_t uid, kgid_t gid)

{

	return 0;

}

security/security.c

+1 −1
Original line number Diff line number Diff line
@@ -434,7 +434,7 @@ int security_path_chmod(struct path *path, umode_t mode) 
	return security_ops->path_chmod(path, mode);

}



int security_path_chown(struct path *path, uid_t uid, gid_t gid)

int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)

{

	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))

		return 0;