* Stephen D. Smalley (sdsat_private) wrote: > > The attached patches for lsm-2.4 and lsm-2.5 are updated versions of the > patches that were posted earlier by James, with a release_private_file > function that encapsulates the release and file_free_security calls, > as suggested by Chris Wright. Any objections to committing these patches? This won't work for modular nfsd, for example. The symbol needs to be exported. Also, this seems like the kind of change that should be run past linux-fsdevel (for vanilla 2.5 at least, w/out the selinux bit). example of 2.5 vanilla patch below. i changed the init_private_file a bit to something that looks simpler to me... -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net ===== fs/file_table.c 1.23 vs edited ===== --- 1.23/fs/file_table.c Mon Nov 4 16:17:07 2002 +++ edited/fs/file_table.c Fri Nov 8 13:06:04 2002 @@ -96,6 +96,7 @@ */ int init_private_file(struct file *filp, struct dentry *dentry, int mode) { + int error; memset(filp, 0, sizeof(*filp)); filp->f_mode = mode; atomic_set(&filp->f_count, 1); @@ -103,10 +104,23 @@ filp->f_uid = current->fsuid; filp->f_gid = current->fsgid; filp->f_op = dentry->d_inode->i_fop; - if (filp->f_op->open) - return filp->f_op->open(dentry->d_inode, filp); - else - return 0; + error = security_ops->file_alloc_security(filp); + if (!error) + if (filp->f_op->open) { + error = filp->f_op->open(dentry->d_inode, filp); + if (error) + security_ops->file_free_security(filp); + } + return error; +} + +void release_private_file(struct file *file) +{ + struct inode * inode = file->f_dentry->d_inode; + + if (file->f_op && file->f_op->release) + file->f_op->release(inode, file); + security_ops->file_free_security(file); } void fput(struct file * file) ===== fs/exportfs/expfs.c 1.8 vs edited ===== --- 1.8/fs/exportfs/expfs.c Fri Oct 11 14:22:55 2002 +++ edited/fs/exportfs/expfs.c Fri Nov 8 12:03:04 2002 @@ -381,8 +381,7 @@ } out_close: - if (file.f_op->release) - file.f_op->release(dir, &file); + release_private_file(&file); out: return error; } ===== fs/nfsd/vfs.c 1.30 vs edited ===== --- 1.30/fs/nfsd/vfs.c Wed Oct 30 08:44:27 2002 +++ edited/fs/nfsd/vfs.c Fri Nov 8 12:03:04 2002 @@ -488,8 +488,7 @@ struct dentry *dentry = filp->f_dentry; struct inode *inode = dentry->d_inode; - if (filp->f_op->release) - filp->f_op->release(inode, filp); + release_private_file(filp); if (filp->f_mode & FMODE_WRITE) put_write_access(inode); } ===== include/linux/fs.h 1.89 vs edited ===== --- 1.89/include/linux/fs.h Mon Nov 4 16:17:08 2002 +++ edited/include/linux/fs.h Fri Nov 8 12:45:24 2002 @@ -515,6 +515,7 @@ #define file_count(x) atomic_read(&(x)->f_count) extern int init_private_file(struct file *, struct dentry *, int); +extern void release_private_file(struct file *file); #define MAX_NON_LFS ((1UL<<31) - 1) ===== kernel/ksyms.c 1.75 vs edited ===== --- 1.75/kernel/ksyms.c Mon Nov 4 16:17:09 2002 +++ edited/kernel/ksyms.c Fri Nov 8 12:24:07 2002 @@ -180,6 +180,7 @@ EXPORT_SYMBOL(__mark_inode_dirty); EXPORT_SYMBOL(get_empty_filp); EXPORT_SYMBOL(init_private_file); +EXPORT_SYMBOL(release_private_file); EXPORT_SYMBOL(filp_open); EXPORT_SYMBOL(filp_close); EXPORT_SYMBOL(put_filp); _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Nov 08 2002 - 12:21:42 PST