The attached patches for lsm-2.4 and lsm-2.5 are updated versions of the patches that were posted earlier by James, with a release_private_file function that encapsulates the release and file_free_security calls, as suggested by Chris Wright. Any objections to committing these patches? -- Stephen Smalley, NSA sdsat_private diff -X /home/sds/dontdiff -ru lsm-2.4-bk/fs/file_table.c lsm-2.4/fs/file_table.c --- lsm-2.4-bk/fs/file_table.c Thu Nov 7 15:46:07 2002 +++ lsm-2.4/fs/file_table.c Thu Nov 7 14:08:44 2002 @@ -91,6 +91,7 @@ */ int init_private_file(struct file *filp, struct dentry *dentry, int mode) { + int error; memset(filp, 0, sizeof(*filp)); filp->f_mode = mode; atomic_set(&filp->f_count, 1); @@ -98,12 +99,29 @@ filp->f_uid = current->fsuid; filp->f_gid = current->fsgid; filp->f_op = dentry->d_inode->i_fop; - if (filp->f_op->open) - return filp->f_op->open(dentry->d_inode, filp); - else + error = security_ops->file_alloc_security(filp); + if (error) + return error; + if (filp->f_op->open) { + error = filp->f_op->open(dentry->d_inode, filp); + if (error) + security_ops->file_free_security(filp); + return error; + } else return 0; } +void release_private_file(struct file * file) +{ + struct dentry * dentry = file->f_dentry; + struct inode * inode = dentry->d_inode; + + + if (file->f_op && file->f_op->release) + file->f_op->release(inode, file); + security_ops->file_free_security(file); +} + void fput(struct file * file) { struct dentry * dentry = file->f_dentry; diff -X /home/sds/dontdiff -ru lsm-2.4-bk/fs/nfsd/nfsfh.c lsm-2.4/fs/nfsd/nfsfh.c --- lsm-2.4-bk/fs/nfsd/nfsfh.c Thu Nov 7 15:46:17 2002 +++ lsm-2.4/fs/nfsd/nfsfh.c Thu Nov 7 14:09:16 2002 @@ -113,8 +113,7 @@ } out_close: - if (file.f_op->release) - file.f_op->release(dir, &file); + release_private_file(&file); out: return error; } diff -X /home/sds/dontdiff -ru lsm-2.4-bk/include/linux/fs.h lsm-2.4/include/linux/fs.h --- lsm-2.4-bk/include/linux/fs.h Thu Nov 7 15:47:26 2002 +++ lsm-2.4/include/linux/fs.h Thu Nov 7 14:09:40 2002 @@ -554,6 +554,7 @@ #define file_count(x) atomic_read(&(x)->f_count) extern int init_private_file(struct file *, struct dentry *, int); +extern void release_private_file(struct file *); #define MAX_NON_LFS ((1UL<<31) - 1) diff -X /home/sds/dontdiff -ru lsm-2.4-bk/security/selinux/psid.c lsm-2.4/security/selinux/psid.c --- lsm-2.4-bk/security/selinux/psid.c Thu Nov 7 15:48:01 2002 +++ lsm-2.4/security/selinux/psid.c Fri Nov 8 07:58:13 2002 @@ -178,6 +178,7 @@ for (i = 0; i < PSEC_NFILES; i++) { if (t->files[i].f_dentry) { dput(t->files[i].f_dentry); + release_private_file(&t->files[i]); } } diff -X /home/sds/dontdiff -ru lsm-2.5-bk/fs/exportfs/expfs.c lsm-2.5/fs/exportfs/expfs.c --- lsm-2.5-bk/fs/exportfs/expfs.c Fri Nov 8 07:27:32 2002 +++ lsm-2.5/fs/exportfs/expfs.c Thu Nov 7 14:04:39 2002 @@ -381,8 +381,7 @@ } out_close: - if (file.f_op->release) - file.f_op->release(dir, &file); + release_private_file(&file); out: return error; } diff -X /home/sds/dontdiff -ru lsm-2.5-bk/fs/file_table.c lsm-2.5/fs/file_table.c --- lsm-2.5-bk/fs/file_table.c Fri Nov 8 07:27:26 2002 +++ lsm-2.5/fs/file_table.c Thu Nov 7 14:08:41 2002 @@ -96,6 +96,7 @@ */ int init_private_file(struct file *filp, struct dentry *dentry, int mode) { + int error; memset(filp, 0, sizeof(*filp)); filp->f_mode = mode; atomic_set(&filp->f_count, 1); @@ -103,12 +104,29 @@ filp->f_uid = current->fsuid; filp->f_gid = current->fsgid; filp->f_op = dentry->d_inode->i_fop; - if (filp->f_op->open) - return filp->f_op->open(dentry->d_inode, filp); - else + error = security_ops->file_alloc_security(filp); + if (error) + return error; + if (filp->f_op->open) { + error = filp->f_op->open(dentry->d_inode, filp); + if (error) + security_ops->file_free_security(filp); + return error; + } else return 0; } +void release_private_file(struct file * file) +{ + struct dentry * dentry = file->f_dentry; + struct inode * inode = dentry->d_inode; + + + if (file->f_op && file->f_op->release) + file->f_op->release(inode, file); + security_ops->file_free_security(file); +} + void fput(struct file * file) { if (atomic_dec_and_test(&file->f_count)) diff -X /home/sds/dontdiff -ru lsm-2.5-bk/fs/nfsd/vfs.c lsm-2.5/fs/nfsd/vfs.c --- lsm-2.5-bk/fs/nfsd/vfs.c Fri Nov 8 07:27:44 2002 +++ lsm-2.5/fs/nfsd/vfs.c Thu Nov 7 14:05:10 2002 @@ -488,8 +488,7 @@ struct dentry *dentry = filp->f_dentry; struct inode *inode = dentry->d_inode; - if (filp->f_op->release) - filp->f_op->release(inode, filp); + release_private_file(filp); if (filp->f_mode & FMODE_WRITE) put_write_access(inode); } diff -X /home/sds/dontdiff -ru lsm-2.5-bk/include/linux/fs.h lsm-2.5/include/linux/fs.h --- lsm-2.5-bk/include/linux/fs.h Fri Nov 8 07:29:12 2002 +++ lsm-2.5/include/linux/fs.h Thu Nov 7 14:06:14 2002 @@ -515,6 +515,7 @@ #define file_count(x) atomic_read(&(x)->f_count) extern int init_private_file(struct file *, struct dentry *, int); +extern void release_private_file(struct file *); #define MAX_NON_LFS ((1UL<<31) - 1) diff -X /home/sds/dontdiff -ru lsm-2.5-bk/security/selinux/psid.c lsm-2.5/security/selinux/psid.c --- lsm-2.5-bk/security/selinux/psid.c Fri Nov 8 07:30:03 2002 +++ lsm-2.5/security/selinux/psid.c Fri Nov 8 07:55:42 2002 @@ -179,6 +179,7 @@ for (i = 0; i < PSEC_NFILES; i++) { if (t->files[i].f_dentry) { dput(t->files[i].f_dentry); + release_private_file(&t->files[i]); } } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Nov 08 2002 - 05:30:37 PST