[PATCH] switch a bunch of LSM hooks from nameidata to path

Namely, ones from namespace.c Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>

[PATCH] switch a bunch of LSM hooks from nameidata to path
Namely, ones from namespace.c Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>
b5266eb4 · Al Viro · 1a60a280 · b5266eb4 · b5266eb4 · b5266eb4
6 changed file
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1220,7 +1220,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
 	if (IS_DEADDIR(nd->path.dentry->d_inode))
 		goto out_unlock;
-	err = security_sb_check_sb(mnt, nd);
+	err = security_sb_check_sb(mnt, &nd->path);
 	if (err)
 		goto out_unlock;
@@ -1230,7 +1230,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
 out_unlock:
 	mutex_unlock(&nd->path.dentry->d_inode->i_mutex);
 	if (!err)
-		security_sb_post_addmount(mnt, nd);
+		security_sb_post_addmount(mnt, &nd->path);
 	return err;
 }
@@ -1746,7 +1746,8 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
 	if (retval)
 		return retval;
-	retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
+	retval = security_sb_mount(dev_name, &nd.path,
+				   type_page, flags, data_page);
 	if (retval)
 		goto dput_out;
@@ -2007,7 +2008,7 @@ asmlinkage long sys_pivot_root(const char __user * new_root,
 	if (error)
 		goto out1;
-	error = security_sb_pivotroot(&old_nd, &new_nd);
+	error = security_sb_pivotroot(&old_nd.path, &new_nd.path);
 	if (error) {
 		path_put(&old_nd.path);
 		goto out1;
@@ -2070,7 +2071,7 @@ asmlinkage long sys_pivot_root(const char __user * new_root,
 	touch_mnt_namespace(current->nsproxy->mnt_ns);
 	spin_unlock(&vfsmount_lock);
 	chroot_fs_refs(&user_nd.path, &new_nd.path);
-	security_sb_post_pivotroot(&user_nd, &new_nd);
+	security_sb_post_pivotroot(&user_nd.path, &new_nd.path);
 	error = 0;
 	path_put(&root_parent);
 	path_put(&parent_path);

--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -230,7 +230,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *	loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
 *	pathname of the object being mounted.
 *	@dev_name contains the name for object being mounted.
- *	@nd contains the nameidata structure for mount point object.
+ *	@path contains the path for mount point object.
 *	@type contains the filesystem type.
 *	@flags contains the mount flags.
 *	@data contains the filesystem-specific data.
@@ -249,7 +249,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *	Check permission before the device with superblock @mnt->sb is mounted
 *	on the mount point named by @nd.
 *	@mnt contains the vfsmount for device being mounted.
- *	@nd contains the nameidata object for the mount point.
+ *	@path contains the path for the mount point.
 *	Return 0 if permission is granted.
 * @sb_umount:
 *	Check permission before the @mnt file system is unmounted.
@@ -278,16 +278,16 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *	This hook is called any time a mount is successfully grafetd to
 *	the tree.
 *	@mnt contains the mounted filesystem.
- *	@mountpoint_nd contains the nameidata structure for the mount point.
+ *	@mountpoint contains the path for the mount point.
 * @sb_pivotroot:
 *	Check permission before pivoting the root filesystem.
- *	@old_nd contains the nameidata structure for the new location of the current root (put_old).
+ *	@old_path contains the path for the new location of the current root (put_old).
- *      @new_nd contains the nameidata structure for the new root (new_root).
+ *      @new_path contains the path for the new root (new_root).
 *	Return 0 if permission is granted.
 * @sb_post_pivotroot:
 *	Update module state after a successful pivot.
- *	@old_nd contains the nameidata structure for the old root.
+ *	@old_path contains the path for the old root.
- *      @new_nd contains the nameidata structure for the new root.
+ *      @new_path contains the path for the new root.
 * @sb_get_mnt_opts:
 *	Get the security relevant mount options used for a superblock
 *	@sb the superblock to get security mount options from
@@ -1315,20 +1315,20 @@ struct security_operations {
 	int (*sb_copy_data)(char *orig, char *copy);
 	int (*sb_kern_mount) (struct super_block *sb, void *data);
 	int (*sb_statfs) (struct dentry *dentry);
-	int (*sb_mount) (char *dev_name, struct nameidata * nd,
+	int (*sb_mount) (char *dev_name, struct path *path,
 			 char *type, unsigned long flags, void *data);
-	int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd);
+	int (*sb_check_sb) (struct vfsmount * mnt, struct path *path);
 	int (*sb_umount) (struct vfsmount * mnt, int flags);
 	void (*sb_umount_close) (struct vfsmount * mnt);
 	void (*sb_umount_busy) (struct vfsmount * mnt);
 	void (*sb_post_remount) (struct vfsmount * mnt,
 				 unsigned long flags, void *data);
 	void (*sb_post_addmount) (struct vfsmount * mnt,
-				  struct nameidata * mountpoint_nd);
+				  struct path *mountpoint);
-	int (*sb_pivotroot) (struct nameidata * old_nd,
+	int (*sb_pivotroot) (struct path *old_path,
-			     struct nameidata * new_nd);
+			     struct path *new_path);
-	void (*sb_post_pivotroot) (struct nameidata * old_nd,
+	void (*sb_post_pivotroot) (struct path *old_path,
-				   struct nameidata * new_nd);
+				   struct path *new_path);
 	int (*sb_get_mnt_opts) (const struct super_block *sb,
 				struct security_mnt_opts *opts);
 	int (*sb_set_mnt_opts) (struct super_block *sb,
@@ -1593,16 +1593,16 @@ void security_sb_free(struct super_block *sb);
 int security_sb_copy_data(char *orig, char *copy);
 int security_sb_kern_mount(struct super_block *sb, void *data);
 int security_sb_statfs(struct dentry *dentry);
-int security_sb_mount(char *dev_name, struct nameidata *nd,
+int security_sb_mount(char *dev_name, struct path *path,
                       char *type, unsigned long flags, void *data);
-int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd);
+int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
 int security_sb_umount(struct vfsmount *mnt, int flags);
 void security_sb_umount_close(struct vfsmount *mnt);
 void security_sb_umount_busy(struct vfsmount *mnt);
 void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
-void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
+void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint);
-int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
+int security_sb_pivotroot(struct path *old_path, struct path *new_path);
-void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
+void security_sb_post_pivotroot(struct path *old_path, struct path *new_path);
 int security_sb_get_mnt_opts(const struct super_block *sb,
 				struct security_mnt_opts *opts);
 int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
@@ -1872,7 +1872,7 @@ static inline int security_sb_statfs (struct dentry *dentry)
 	return 0;
 }
-static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+static inline int security_sb_mount (char *dev_name, struct path *path,
 				    char *type, unsigned long flags,
 				    void *data)
 {
@@ -1880,7 +1880,7 @@ static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
 }
 static inline int security_sb_check_sb (struct vfsmount *mnt,
-					struct nameidata *nd)
+					struct path *path)
 {
 	return 0;
 }
@@ -1901,17 +1901,17 @@ static inline void security_sb_post_remount (struct vfsmount *mnt,
 { }
 static inline void security_sb_post_addmount (struct vfsmount *mnt,
-					      struct nameidata *mountpoint_nd)
+					      struct path *mountpoint)
 { }
-static inline int security_sb_pivotroot (struct nameidata *old_nd,
+static inline int security_sb_pivotroot (struct path *old_path,
-					 struct nameidata *new_nd)
+					 struct path *new_path)
 {
 	return 0;
 }
-static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+static inline void security_sb_post_pivotroot (struct path *old_path,
-					       struct nameidata *new_nd)
+					       struct path *new_path)
 { }
 static inline int security_sb_get_mnt_opts(const struct super_block *sb,
 					   struct security_mnt_opts *opts)

--- a/security/dummy.c
+++ b/security/dummy.c
@@ -196,13 +196,13 @@ static int dummy_sb_statfs (struct dentry *dentry)
 	return 0;
 }
-static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,
+static int dummy_sb_mount (char *dev_name, struct path *path, char *type,
 			   unsigned long flags, void *data)
 {
 	return 0;
 }
-static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path)
 {
 	return 0;
 }
@@ -229,17 +229,17 @@ static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
 }
-static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path)
 {
 	return;
 }
-static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path)
 {
 	return 0;
 }
-static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path)
 {
 	return;
 }

--- a/security/security.c
+++ b/security/security.c
@@ -296,15 +296,15 @@ int security_sb_statfs(struct dentry *dentry)
 	return security_ops->sb_statfs(dentry);
 }
-int security_sb_mount(char *dev_name, struct nameidata *nd,
+int security_sb_mount(char *dev_name, struct path *path,
                       char *type, unsigned long flags, void *data)
 {
-	return security_ops->sb_mount(dev_name, nd, type, flags, data);
+	return security_ops->sb_mount(dev_name, path, type, flags, data);
 }
-int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd)
+int security_sb_check_sb(struct vfsmount *mnt, struct path *path)
 {
-	return security_ops->sb_check_sb(mnt, nd);
+	return security_ops->sb_check_sb(mnt, path);
 }
 int security_sb_umount(struct vfsmount *mnt, int flags)
@@ -327,19 +327,19 @@ void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *d
 	security_ops->sb_post_remount(mnt, flags, data);
 }
-void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd)
+void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)
 {
-	security_ops->sb_post_addmount(mnt, mountpoint_nd);
+	security_ops->sb_post_addmount(mnt, mountpoint);
 }
-int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
+int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
-	return security_ops->sb_pivotroot(old_nd, new_nd);
+	return security_ops->sb_pivotroot(old_path, new_path);
 }
-void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
+void security_sb_post_pivotroot(struct path *old_path, struct path *new_path)
 {
-	security_ops->sb_post_pivotroot(old_nd, new_nd);
+	security_ops->sb_post_pivotroot(old_path, new_path);
 }
 int security_sb_get_mnt_opts(const struct super_block *sb,

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2392,22 +2392,22 @@ static int selinux_sb_statfs(struct dentry *dentry)
 }
 static int selinux_mount(char *dev_name,
-			 struct nameidata *nd,
+			 struct path *path,
 			 char *type,
 			 unsigned long flags,
 			 void *data)
 {
 	int rc;
-	rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
+	rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
 	if (rc)
 		return rc;
 	if (flags & MS_REMOUNT)
-		return superblock_has_perm(current, nd->path.mnt->mnt_sb,
+		return superblock_has_perm(current, path->mnt->mnt_sb,
 					   FILESYSTEM__REMOUNT, NULL);
 	else
-		return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,
+		return dentry_has_perm(current, path->mnt, path->dentry,
 				       FILE__MOUNTON);
 }

--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -315,10 +315,10 @@ static int smack_sb_statfs(struct dentry *dentry)
 * Returns 0 if current can write the floor of the filesystem
 * being mounted on, an error code otherwise.
 */
-static int smack_sb_mount(char *dev_name, struct nameidata *nd,
+static int smack_sb_mount(char *dev_name, struct path *path,
 			  char *type, unsigned long flags, void *data)
 {
-	struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
+	struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
 	return smk_curacc(sbp->smk_floor, MAY_WRITE);
 }