diff options
| author | Greg Kroah-Hartman <greg@kroah.com> | 2002-10-28 21:30:34 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <greg@kroah.com> | 2002-10-28 21:30:34 -0800 |
| commit | 267ebfd662f32df647e0803ca5d2a26e7d7cc060 (patch) | |
| tree | e6b8e4e05219645e13ab2af4fba0ff85f40cf850 /fs | |
| parent | 9179a307bffc558ccd8cff8334ca08ef2b68ea1b (diff) | |
| parent | efdddf70cc1946feb4b00b1771cce3aef8efcc0e (diff) | |
Merge kroah.com:/home/greg/linux/BK/bleeding_edge-2.5
into kroah.com:/home/greg/linux/BK/lsm-2.5
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/attr.c | 5 | ||||
| -rw-r--r-- | fs/dquot.c | 4 | ||||
| -rw-r--r-- | fs/exec.c | 16 | ||||
| -rw-r--r-- | fs/fcntl.c | 11 | ||||
| -rw-r--r-- | fs/file_table.c | 6 | ||||
| -rw-r--r-- | fs/inode.c | 6 | ||||
| -rw-r--r-- | fs/ioctl.c | 3 | ||||
| -rw-r--r-- | fs/locks.c | 13 | ||||
| -rw-r--r-- | fs/namei.c | 58 | ||||
| -rw-r--r-- | fs/namespace.c | 23 | ||||
| -rw-r--r-- | fs/open.c | 3 | ||||
| -rw-r--r-- | fs/proc/base.c | 3 | ||||
| -rw-r--r-- | fs/quota.c | 2 | ||||
| -rw-r--r-- | fs/read_write.c | 12 | ||||
| -rw-r--r-- | fs/readdir.c | 4 | ||||
| -rw-r--r-- | fs/stat.c | 6 | ||||
| -rw-r--r-- | fs/super.c | 6 | ||||
| -rw-r--r-- | fs/xattr.c | 14 |
18 files changed, 80 insertions, 115 deletions
diff --git a/fs/attr.c b/fs/attr.c index c65e0f33643f..57fc85a7687f 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -153,13 +153,12 @@ int notify_change(struct dentry * dentry, struct iattr * attr) } if (inode->i_op && inode->i_op->setattr) { - error = security_ops->inode_setattr(dentry, attr); - if (!error) + if (!(error = security_inode_setattr(dentry, attr))) error = inode->i_op->setattr(dentry, attr); } else { error = inode_change_ok(inode, attr); if (!error) - error = security_ops->inode_setattr(dentry, attr); + error = security_inode_setattr(dentry, attr); if (!error) { if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) diff --git a/fs/dquot.c b/fs/dquot.c index 24d50ae34824..82756bec8d91 100644 --- a/fs/dquot.c +++ b/fs/dquot.c @@ -69,6 +69,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/proc_fs.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -1305,8 +1306,7 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path) error = -EIO; if (!f->f_op || !f->f_op->read || !f->f_op->write) goto out_f; - error = security_ops->quota_on(f); - if (error) + if ((error = security_quota_on(f))) goto out_f; inode = f->f_dentry->d_inode; error = -EACCES; diff --git a/fs/exec.c b/fs/exec.c index eef86f55c0cb..26a485d62ce9 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -43,6 +43,7 @@ #include <linux/namei.h> #include <linux/proc_fs.h> #include <linux/ptrace.h> +#include <linux/security.h> #include <asm/uaccess.h> #include <asm/pgalloc.h> @@ -818,8 +819,7 @@ int prepare_binprm(struct linux_binprm *bprm) } /* fill in binprm security blob */ - retval = security_ops->bprm_set_security(bprm); - if (retval) + if ((retval = security_bprm_set(bprm))) return retval; memset(bprm->buf,0,BINPRM_BUF_SIZE); @@ -867,7 +867,7 @@ void compute_creds(struct linux_binprm *bprm) if(do_unlock) unlock_kernel(); - security_ops->bprm_compute_creds(bprm); + security_bprm_compute_creds(bprm); } void remove_arg_zero(struct linux_binprm *bprm) @@ -936,8 +936,7 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) } } #endif - retval = security_ops->bprm_check_security(bprm); - if (retval) + if ((retval = security_bprm_check(bprm))) return retval; /* kernel module loader fixup */ @@ -1033,8 +1032,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs if ((retval = bprm.envc) < 0) goto out_mm; - retval = security_ops->bprm_alloc_security(&bprm); - if (retval) + if ((retval = security_bprm_alloc(&bprm))) goto out; retval = prepare_binprm(&bprm); @@ -1057,7 +1055,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs retval = search_binary_handler(&bprm,regs); if (retval >= 0) { /* execve success */ - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); return retval; } @@ -1070,7 +1068,7 @@ out: } if (bprm.security) - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); out_mm: mmdrop(bprm.mm); diff --git a/fs/fcntl.c b/fs/fcntl.c index c2fc83cdfed6..90900d2188a0 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -274,8 +274,7 @@ int f_setown(struct file *filp, unsigned long arg, int force) { int err; - err = security_ops->file_set_fowner(filp); - if (err) + if ((err = security_file_set_fowner(filp))) return err; f_modown(filp, arg, current->uid, current->euid, force); @@ -368,8 +367,7 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) if (!filp) goto out; - err = security_ops->file_fcntl(filp, cmd, arg); - if (err) { + if ((err = security_file_fcntl(filp, cmd, arg))) { fput(filp); return err; } @@ -392,8 +390,7 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg if (!filp) goto out; - err = security_ops->file_fcntl(filp, cmd, arg); - if (err) { + if ((err = security_file_fcntl(filp, cmd, arg))) { fput(filp); return err; } @@ -444,7 +441,7 @@ static void send_sigio_to_task(struct task_struct *p, if (!sigio_perm(p, fown)) return; - if (security_ops->file_send_sigiotask(p, fown, fd, reason)) + if (security_file_send_sigiotask(p, fown, fd, reason)) return; switch (fown->signum) { diff --git a/fs/file_table.c b/fs/file_table.c index fe6c048c2bab..57765820047c 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -46,7 +46,7 @@ struct file * get_empty_filp(void) files_stat.nr_free_files--; new_one: memset(f, 0, sizeof(*f)); - if (security_ops->file_alloc_security(f)) { + if (security_file_alloc(f)) { list_add(&f->f_list, &free_list); files_stat.nr_free_files++; file_list_unlock(); @@ -127,7 +127,7 @@ void __fput(struct file * file) if (file->f_op && file->f_op->release) file->f_op->release(inode, file); - security_ops->file_free_security(file); + security_file_free(file); fops_put(file->f_op); if (file->f_mode & FMODE_WRITE) put_write_access(inode); @@ -160,7 +160,7 @@ struct file * fget(unsigned int fd) void put_filp(struct file *file) { if(atomic_dec_and_test(&file->f_count)) { - security_ops->file_free_security(file); + security_file_free(file); file_list_lock(); list_del(&file->f_list); list_add(&file->f_list, &free_list); diff --git a/fs/inode.c b/fs/inode.c index 4f56d96031ea..bf67998c45e4 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -120,7 +120,7 @@ static struct inode *alloc_inode(struct super_block *sb) inode->i_bdev = NULL; inode->i_cdev = NULL; inode->i_security = NULL; - if (security_ops->inode_alloc_security(inode)) { + if (security_inode_alloc(inode)) { if (inode->i_sb->s_op->destroy_inode) inode->i_sb->s_op->destroy_inode(inode); else @@ -146,7 +146,7 @@ static void destroy_inode(struct inode *inode) { if (inode_has_buffers(inode)) BUG(); - security_ops->inode_free_security(inode); + security_inode_free(inode); if (inode->i_sb->s_op->destroy_inode) { inode->i_sb->s_op->destroy_inode(inode); } else { @@ -922,7 +922,7 @@ void generic_delete_inode(struct inode *inode) if (inode->i_data.nrpages) truncate_inode_pages(&inode->i_data, 0); - security_ops->inode_delete(inode); + security_inode_delete(inode); if (op && op->delete_inode) { void (*delete)(struct inode *) = op->delete_inode; diff --git a/fs/ioctl.c b/fs/ioctl.c index 8f2d67ade88e..b0b6b2ed4c3b 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -59,8 +59,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) goto out; error = 0; - error = security_ops->file_ioctl(filp, cmd, arg); - if (error) { + if ((error = security_file_ioctl(filp, cmd, arg))) { fput(filp); goto out; } diff --git a/fs/locks.c b/fs/locks.c index c723de3be272..1257f3711e45 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -122,6 +122,7 @@ #include <linux/timer.h> #include <linux/time.h> #include <linux/fs.h> +#include <linux/security.h> #include <asm/semaphore.h> #include <asm/uaccess.h> @@ -1174,8 +1175,7 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = security_ops->file_lock(filp, arg); - if (error) + if ((error = security_file_lock(filp, arg))) return error; lock_kernel(); @@ -1288,8 +1288,7 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd) if (error) goto out_putf; - error = security_ops->file_lock(filp, cmd); - if (error) + if ((error = security_file_lock(filp, cmd))) goto out_free; for (;;) { @@ -1438,8 +1437,7 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l) goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type); - if (error) + if ((error = security_file_lock(filp, file_lock->fl_type))) goto out; if (filp->f_op && filp->f_op->lock != NULL) { @@ -1578,8 +1576,7 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l) goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type); - if (error) + if ((error = security_file_lock(filp, file_lock->fl_type))) goto out; if (filp->f_op && filp->f_op->lock != NULL) { diff --git a/fs/namei.c b/fs/namei.c index d198ee69aa6f..e300498a6b08 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -218,7 +218,7 @@ int permission(struct inode * inode,int mask) if (retval) return retval; - return security_ops->inode_permission(inode, mask); + return security_inode_permission(inode, mask); } /* @@ -340,7 +340,7 @@ static inline int exec_permission_lite(struct inode *inode) return -EACCES; ok: - return security_ops->inode_permission_lite(inode, MAY_EXEC); + return security_inode_permission_lite(inode, MAY_EXEC); } /* @@ -374,7 +374,7 @@ static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, i dput(dentry); else { result = dentry; - security_ops->inode_post_lookup(dir, result); + security_inode_post_lookup(dir, result); } } up(&dir->i_sem); @@ -413,8 +413,7 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) current->state = TASK_RUNNING; schedule(); } - err = security_ops->inode_follow_link(dentry, nd); - if (err) + if ((err = security_inode_follow_link(dentry, nd))) goto loop; current->link_count++; current->total_link_count++; @@ -918,7 +917,7 @@ struct dentry * lookup_hash(struct qstr *name, struct dentry * base) dentry = inode->i_op->lookup(inode, new); if (!dentry) { dentry = new; - security_ops->inode_post_lookup(inode, dentry); + security_inode_post_lookup(inode, dentry); } else dput(new); } @@ -1125,14 +1124,13 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode) return -EACCES; /* shouldn't it be ENOSYS? */ mode &= S_IALLUGO; mode |= S_IFREG; - error = security_ops->inode_create(dir, dentry, mode); - if (error) + if ((error = security_inode_create(dir, dentry, mode))) return error; DQUOT_INIT(dir); error = dir->i_op->create(dir, dentry, mode); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_create(dir, dentry, mode); + security_inode_post_create(dir, dentry, mode); } return error; } @@ -1344,8 +1342,7 @@ do_link: * stored in nd->last.name and we will have to putname() it when we * are done. Procfs-like symlinks just set LAST_BIND. */ - error = security_ops->inode_follow_link(dentry, nd); - if (error) + if ((error = security_inode_follow_link(dentry, nd))) goto exit_dput; UPDATE_ATIME(dentry->d_inode); error = dentry->d_inode->i_op->follow_link(dentry, nd); @@ -1410,15 +1407,14 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) if (!dir->i_op || !dir->i_op->mknod) return -EPERM; - error = security_ops->inode_mknod(dir, dentry, mode, dev); - if (error) + if ((error = security_inode_mknod(dir, dentry, mode, dev))) return error; DQUOT_INIT(dir); error = dir->i_op->mknod(dir, dentry, mode, dev); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_mknod(dir, dentry, mode, dev); + security_inode_post_mknod(dir, dentry, mode, dev); } return error; } @@ -1478,15 +1474,14 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) return -EPERM; mode &= (S_IRWXUGO|S_ISVTX); - error = security_ops->inode_mkdir(dir, dentry, mode); - if (error) + if ((error = security_inode_mkdir(dir, dentry, mode))) return error; DQUOT_INIT(dir); error = dir->i_op->mkdir(dir, dentry, mode); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_mkdir(dir,dentry, mode); + security_inode_post_mkdir(dir,dentry, mode); } return error; } @@ -1570,8 +1565,7 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry) if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_ops->inode_rmdir(dir, dentry); - if (!error) { + if (!(error = security_inode_rmdir(dir, dentry))) { error = dir->i_op->rmdir(dir, dentry); if (!error) dentry->d_inode->i_flags |= S_DEAD; @@ -1644,10 +1638,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry) if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_ops->inode_unlink(dir, dentry); - if (!error) { + if (!(error = security_inode_unlink(dir, dentry))) error = dir->i_op->unlink(dir, dentry); - } } up(&dentry->d_inode->i_sem); if (!error) { @@ -1709,15 +1701,14 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname) if (!dir->i_op || !dir->i_op->symlink) return -EPERM; - error = security_ops->inode_symlink(dir, dentry, oldname); - if (error) + if ((error = security_inode_symlink(dir, dentry, oldname))) return error; DQUOT_INIT(dir); error = dir->i_op->symlink(dir, dentry, oldname); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_symlink(dir, dentry, oldname); + security_inode_post_symlink(dir, dentry, oldname); } return error; } @@ -1780,8 +1771,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de if (S_ISDIR(old_dentry->d_inode->i_mode)) return -EPERM; - error = security_ops->inode_link(old_dentry, dir, new_dentry); - if (error) + if ((error = security_inode_link(old_dentry, dir, new_dentry))) return error; down(&old_dentry->d_inode->i_sem); @@ -1790,7 +1780,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de up(&old_dentry->d_inode->i_sem); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_link(old_dentry, dir, new_dentry); + security_inode_post_link(old_dentry, dir, new_dentry); } return error; } @@ -1889,8 +1879,7 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, return error; } - error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry); - if (error) + if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry))) return error; target = new_dentry->d_inode; @@ -1912,8 +1901,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, } if (!error) { d_move(old_dentry,new_dentry); - security_ops->inode_post_rename(old_dir, old_dentry, - new_dir, new_dentry); + security_inode_post_rename(old_dir, old_dentry, + new_dir, new_dentry); } return error; } @@ -1924,8 +1913,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, struct inode *target; int error; - error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry); - if (error) + if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry))) return error; dget(new_dentry); @@ -1940,7 +1928,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, /* The following d_move() should become unconditional */ if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) d_move(old_dentry, new_dentry); - security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); + security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); } if (target) up(&target->i_sem); diff --git a/fs/namespace.c b/fs/namespace.c index 57d6c0d6a5c5..e3bc142c1c88 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -19,6 +19,7 @@ #include <linux/seq_file.h> #include <linux/namespace.h> #include <linux/namei.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -288,8 +289,7 @@ static int do_umount(struct vfsmount *mnt, int flags) struct super_block * sb = mnt->mnt_sb; int retval = 0; - retval = security_ops->sb_umount(mnt, flags); - if (retval) + if ((retval = security_sb_umount(mnt, flags))) return retval; /* @@ -341,7 +341,7 @@ static int do_umount(struct vfsmount *mnt, int flags) DQUOT_OFF(sb); acct_auto_close(sb); unlock_kernel(); - security_ops->sb_umount_close(mnt); + security_sb_umount_close(mnt); spin_lock(&dcache_lock); } retval = -EBUSY; @@ -352,7 +352,7 @@ static int do_umount(struct vfsmount *mnt, int flags) } spin_unlock(&dcache_lock); if (retval) - security_ops->sb_umount_busy(mnt); + security_sb_umount_busy(mnt); up_write(¤t->namespace->sem); return retval; } @@ -470,8 +470,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd) if (IS_DEADDIR(nd->dentry->d_inode)) goto out_unlock; - err = security_ops->sb_check_sb(mnt, nd); - if (err) + if ((err = security_sb_check_sb(mnt, nd))) goto out_unlock; spin_lock(&dcache_lock); @@ -487,7 +486,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd) out_unlock: up(&nd->dentry->d_inode->i_sem); if (!err) - security_ops->sb_post_addmount(mnt, nd); + security_sb_post_addmount(mnt, nd); return err; } @@ -558,7 +557,7 @@ static int do_remount(struct nameidata *nd,int flags,int mnt_flags,void *data) nd->mnt->mnt_flags=mnt_flags; up_write(&sb->s_umount); if (!err) - security_ops->sb_post_remount(nd->mnt, flags, data); + security_sb_post_remount(nd->mnt, flags, data); return err; } @@ -741,8 +740,7 @@ long do_mount(char * dev_name, char * dir_name, char *type_page, if (retval) return retval; - retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page); - if (retval) + if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page))) goto dput_out; if (flags & MS_REMOUNT) @@ -939,8 +937,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old) if (error) goto out1; - error = security_ops->sb_pivotroot(&old_nd, &new_nd); - if (error) { + if ((error = security_sb_pivotroot(&old_nd, &new_nd))) { path_release(&old_nd); goto out1; } @@ -989,7 +986,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old) attach_mnt(new_nd.mnt, &root_parent); spin_unlock(&dcache_lock); chroot_fs_refs(&user_nd, &new_nd); - security_ops->sb_post_pivotroot(&user_nd, &new_nd); + security_sb_post_pivotroot(&user_nd, &new_nd); error = 0; path_release(&root_parent); path_release(&parent_nd); diff --git a/fs/open.c b/fs/open.c index fd39b596cce6..feccb01ec390 100644 --- a/fs/open.c +++ b/fs/open.c @@ -30,8 +30,7 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf) retval = -ENOSYS; if (sb->s_op && sb->s_op->statfs) { memset(buf, 0, sizeof(struct statfs)); - retval = security_ops->sb_statfs(sb); - if (retval) + if ((retval = security_sb_statfs(sb))) return retval; retval = sb->s_op->statfs(sb, buf); } diff --git a/fs/proc/base.c b/fs/proc/base.c index fdf6a5afec94..45bd3e2e01b7 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -28,6 +28,7 @@ #include <linux/namespace.h> #include <linux/mm.h> #include <linux/smp_lock.h> +#include <linux/security.h> /* * For hysterical raisins we keep the same inumbers as in the old procfs. @@ -394,7 +395,7 @@ static struct file_operations proc_info_file_operations = { }; #define MAY_PTRACE(p) \ -(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0)) +(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0)) static int mem_open(struct inode* inode, struct file* file) diff --git a/fs/quota.c b/fs/quota.c index 0cc95fe48a91..600765da6ecb 100644 --- a/fs/quota.c +++ b/fs/quota.c @@ -98,7 +98,7 @@ static int check_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t if (!capable(CAP_SYS_ADMIN)) return -EPERM; - return security_ops->quotactl (cmd, type, id, sb); + return security_quotactl (cmd, type, id, sb); } /* Resolve device pathname to superblock */ diff --git a/fs/read_write.c b/fs/read_write.c index a8b23e6367ee..a7fc9459f172 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -193,8 +193,7 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos) ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count); if (!ret) { - ret = security_ops->file_permission (file, MAY_READ); - if (!ret) { + if (!(ret = security_file_permission (file, MAY_READ))) { if (file->f_op->read) ret = file->f_op->read(file, buf, count, pos); else @@ -233,8 +232,7 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos) ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count); if (!ret) { - ret = security_ops->file_permission (file, MAY_WRITE); - if (!ret) { + if (!(ret = security_file_permission (file, MAY_WRITE))) { if (file->f_op->write) ret = file->f_op->write(file, buf, count, pos); else @@ -465,8 +463,7 @@ sys_readv(unsigned long fd, const struct iovec *vector, unsigned long nr_segs) goto bad_file; if (file->f_op && (file->f_mode & FMODE_READ) && (file->f_op->readv || file->f_op->read)) { - ret = security_ops->file_permission (file, MAY_READ); - if (!ret) + if (!(ret = security_file_permission (file, MAY_READ))) ret = do_readv_writev(READ, file, vector, nr_segs); } fput(file); @@ -488,8 +485,7 @@ sys_writev(unsigned long fd, const struct iovec * vector, unsigned long nr_segs) goto bad_file; if (file->f_op && (file->f_mode & FMODE_WRITE) && (file->f_op->writev || file->f_op->write)) { - ret = security_ops->file_permission (file, MAY_WRITE); - if (!ret) + if (!(ret = security_file_permission (file, MAY_WRITE))) ret = do_readv_writev(WRITE, file, vector, nr_segs); } fput(file); diff --git a/fs/readdir.c b/fs/readdir.c index 24e91a059be5..31c6298d6202 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -11,6 +11,7 @@ #include <linux/file.h> #include <linux/smp_lock.h> #include <linux/fs.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -21,8 +22,7 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf) if (!file->f_op || !file->f_op->readdir) goto out; - res = security_ops->file_permission(file, MAY_READ); - if (res) + if ((res = security_file_permission(file, MAY_READ))) goto out; down(&inode->i_sem); diff --git a/fs/stat.c b/fs/stat.c index 727a854fd0af..80a321930de9 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -39,8 +39,7 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) struct inode *inode = dentry->d_inode; int retval; - retval = security_ops->inode_getattr(mnt, dentry); - if (retval) + if ((retval = security_inode_getattr(mnt, dentry))) return retval; if (inode->i_op->getattr) @@ -238,8 +237,7 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz) error = -EINVAL; if (inode->i_op && inode->i_op->readlink) { - error = security_ops->inode_readlink(nd.dentry); - if (!error) { + if (!(error = security_inode_readlink(nd.dentry))) { UPDATE_ATIME(inode); error = inode->i_op->readlink(nd.dentry, buf, bufsiz); } diff --git a/fs/super.c b/fs/super.c index aeab024ea53d..57f5f952b02b 100644 --- a/fs/super.c +++ b/fs/super.c @@ -28,9 +28,9 @@ #include <linux/quotaops.h> #include <linux/namei.h> #include <linux/buffer_head.h> /* for fsync_super() */ +#include <linux/security.h> #include <asm/uaccess.h> -#include <linux/security.h> void get_filesystem(struct file_system_type *fs); void put_filesystem(struct file_system_type *fs); @@ -50,7 +50,7 @@ static struct super_block *alloc_super(void) struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER); if (s) { memset(s, 0, sizeof(struct super_block)); - if (security_ops->sb_alloc_security(s)) { + if (security_sb_alloc(s)) { kfree(s); s = NULL; goto out; @@ -84,7 +84,7 @@ out: */ static inline void destroy_super(struct super_block *s) { - security_ops->sb_free_security(s); + security_sb_free(s); kfree(s); } diff --git a/fs/xattr.c b/fs/xattr.c index d878ebb317bd..933a94031f5b 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -13,6 +13,7 @@ #include <linux/file.h> #include <linux/xattr.h> #include <linux/namei.h> +#include <linux/security.h> #include <asm/uaccess.h> /* @@ -85,9 +86,7 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->setxattr) { - error = security_ops->inode_setxattr(d, kname, kvalue, - size, flags); - if (error) + if ((error = security_inode_setxattr(d, kname, kvalue, size, flags))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags); @@ -163,8 +162,7 @@ getxattr(struct dentry *d, char *name, void *value, size_t size) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->getxattr) { - error = security_ops->inode_getxattr(d, kname); - if (error) + if ((error = security_inode_getxattr(d, kname))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->getxattr(d, kname, kvalue, size); @@ -236,8 +234,7 @@ listxattr(struct dentry *d, char *list, size_t size) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { - error = security_ops->inode_listxattr(d); - if (error) + if ((error = security_inode_listxattr(d))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->listxattr(d, klist, size); @@ -311,8 +308,7 @@ removexattr(struct dentry *d, char *name) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->removexattr) { - error = security_ops->inode_removexattr(d, kname); - if (error) + if ((error = security_inode_removexattr(d, kname))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->removexattr(d, kname); |