The dcache rcu patch removed the most of the fast_walk patch, and consequently, exec_permission_lite is no longer called with the dcache lock held. Standard inode_permission hook is sufficient, and capable no longer needs to be concerned with that lock being held when it's called. Noted by Stephen Smalley. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net ===== fs/namei.c 1.56 vs edited ===== --- 1.56/fs/namei.c Mon Mar 17 16:23:41 2003 +++ edited/fs/namei.c Tue Mar 25 23:55:00 2003 @@ -319,7 +319,7 @@ return -EACCES; ok: - return security_inode_permission_lite(inode, MAY_EXEC); + return security_inode_permission(inode, MAY_EXEC); } /* ===== include/linux/security.h 1.29 vs edited ===== --- 1.29/include/linux/security.h Tue Mar 25 23:51:38 2003 +++ edited/include/linux/security.h Tue Mar 25 23:54:29 2003 @@ -338,16 +338,6 @@ * @inode contains the inode structure to check. * @mask contains the permission mask. * Return 0 if permission is granted. - * @inode_permission_lite: - * Check permission before accessing an inode. This hook is - * currently only called when checking MAY_EXEC access during - * pathname resolution. The dcache lock is held and thus modules - * that could sleep or contend the lock should return -EAGAIN to - * inform the kernel to drop the lock and try again calling the - * full permission hook. - * @inode contains the inode structure to check. - * @mask contains the permission mask. - * Return 0 if permission is granted. * @inode_setattr: * Check permission before setting file attributes. Note that the kernel * call to notify_change is performed from several locations, whenever @@ -1249,7 +1239,6 @@ int (*inode_readlink) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask); - int (*inode_permission_lite) (struct inode *inode, int mask); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); void (*inode_delete) (struct inode *inode); @@ -1729,12 +1718,6 @@ return security_ops->inode_permission (inode, mask); } -static inline int security_inode_permission_lite (struct inode *inode, - int mask) -{ - return security_ops->inode_permission_lite (inode, mask); -} - static inline int security_inode_setattr (struct dentry *dentry, struct iattr *attr) { @@ -2372,12 +2355,6 @@ } static inline int security_inode_permission (struct inode *inode, int mask) -{ - return 0; -} - -static inline int security_inode_permission_lite (struct inode *inode, - int mask) { return 0; } ===== security/dummy.c 1.32 vs edited ===== --- 1.32/security/dummy.c Tue Mar 25 23:51:38 2003 +++ edited/security/dummy.c Wed Mar 26 00:00:40 2003 @@ -349,11 +349,6 @@ return 0; } -static int dummy_inode_permission_lite (struct inode *inode, int mask) -{ - return 0; -} - static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr) { return 0; @@ -955,7 +950,6 @@ set_to_dummy_if_null(ops, inode_readlink); set_to_dummy_if_null(ops, inode_follow_link); set_to_dummy_if_null(ops, inode_permission); - set_to_dummy_if_null(ops, inode_permission_lite); set_to_dummy_if_null(ops, inode_setattr); set_to_dummy_if_null(ops, inode_getattr); set_to_dummy_if_null(ops, inode_delete); ===== security/dte/dte.c 1.42 vs edited ===== --- 1.42/security/dte/dte.c Tue Mar 25 23:51:38 2003 +++ edited/security/dte/dte.c Tue Mar 25 23:58:21 2003 @@ -52,7 +52,6 @@ extern void dte_inode_free_security (struct inode *inode); extern void dte_inode_post_create (struct inode *inode, struct dentry *dentry, int mask); extern int dte_inode_permission (struct inode *inode, int mask); -extern int dte_inode_permission_lite(struct inode *inode, int mask); extern int dte_task_alloc_security (struct task_struct *p); extern void dte_task_free_security (struct task_struct *p); extern int dte_sb_alloc_security (struct super_block *sb); @@ -784,7 +783,6 @@ inode_readlink: dte_inode_readlink, inode_follow_link: dte_inode_follow_link, inode_permission: dte_inode_permission, - inode_permission_lite: dte_inode_permission_lite, inode_setattr: dte_inode_setattr, inode_getattr: dte_inode_getattr, inode_delete: dte_delete, ===== security/dte/inode.c 1.5 vs edited ===== --- 1.5/security/dte/inode.c Mon Jan 6 23:31:09 2003 +++ edited/security/dte/inode.c Tue Mar 25 23:59:13 2003 @@ -500,39 +500,3 @@ else return dte_real_inode_permission(inode, mask); } - -/* - * At the moment, permission_lite is only called for directory x perm - * optimze for that. - */ -int dte_inode_permission_lite(struct inode *inode, int mask) -{ - struct dte_inode_sec *s = inode->i_security; - struct dte_task_sec *ts = current->security; - struct dte_domain_t *d; - struct dte_ta *ta; - int h; - - if (!dte_initialized) return 0; /* only during setup, particularly - dte.conf and dteeaf */ - if (!s || !s->etype) { - return 0; - } - if (!ts) { - return 0; - } - d = ts->dte_domain; - if (!d) { - return 0; - } - h = dte_hash(s->etype, ts->dte_domain->num_ta); - ta = &d->ta[h]; - while (ta && ta->type != s->etype) - ta = ta->hash_next; - if (!ta) { - return -EACCES; - } - if (!dte_descend_access(ta->access)) - return -EACCES; - return 0; -} ===== security/lids/lids_lsm.c 1.37 vs edited ===== --- 1.37/security/lids/lids_lsm.c Tue Mar 25 23:51:38 2003 +++ edited/security/lids/lids_lsm.c Tue Mar 25 23:59:34 2003 @@ -434,11 +434,6 @@ return error; } -static int lids_inode_permission_lite (struct inode *inode, int mask) -{ - return 0; -} - static int lids_inode_setattr (struct dentry *dentry, struct iattr *iattr) { if( lids_load && lids_local_load) { @@ -761,7 +756,6 @@ .inode_readlink = lids_inode_readlink, .inode_follow_link = lids_inode_follow_link, .inode_permission = lids_inode_permission, - .inode_permission_lite = lids_inode_permission_lite, .inode_setattr = lids_inode_setattr, .inode_getattr = lids_inode_getattr, .inode_delete = lids_delete, ===== security/selinux/hooks.c 1.82 vs edited ===== --- 1.82/security/selinux/hooks.c Tue Mar 25 23:51:38 2003 +++ edited/security/selinux/hooks.c Tue Mar 25 23:59:46 2003 @@ -4011,7 +4011,6 @@ inode_readlink: selinux_inode_readlink, inode_follow_link: selinux_inode_follow_link, inode_permission: selinux_inode_permission, - inode_permission_lite: selinux_inode_permission, inode_setattr: selinux_inode_setattr, inode_getattr: selinux_inode_getattr, inode_delete: selinux_inode_delete, _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 00:19:07 PST