return inode_has_perm(cred, inode, av, &ad, 0);
}
+/* Same as path_has_perm, but uses the inode from the file struct. */
+static inline int file_path_has_perm(const struct cred *cred,
+ struct file *file,
+ u32 av)
+{
+ struct common_audit_data ad;
+
+ ad.type = LSM_AUDIT_DATA_PATH;
+ ad.u.path = file->f_path;
+ return inode_has_perm(cred, file_inode(file), av, &ad, 0);
+}
+
/* Check whether a task can use an open file descriptor to
access an inode in a given way. Check access to the
descriptor itself, and then use dentry_has_perm to
struct tty_file_private *file_priv;
/* Revalidate access to controlling tty.
- Use path_has_perm on the tty path directly rather
- than using file_has_perm, as this particular open
- file may belong to another process and we are only
- interested in the inode-based check here. */
+ Use file_path_has_perm on the tty path directly
+ rather than using file_has_perm, as this particular
+ open file may belong to another process and we are
+ only interested in the inode-based check here. */
file_priv = list_first_entry(&tty->tty_files,
struct tty_file_private, list);
file = file_priv->file;
- if (path_has_perm(cred, &file->f_path, FILE__READ | FILE__WRITE))
+ if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
drop_tty = 1;
}
spin_unlock(&tty_files_lock);
* new inode label or new policy.
* This check is not redundant - do not remove.
*/
- return path_has_perm(cred, &file->f_path, open_file_to_av(file));
+ return file_path_has_perm(cred, file, open_file_to_av(file));
}
/* task security operations */