apparmor: new helper - common_path_perm()
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 25 Mar 2016 19:04:36 +0000 (15:04 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 28 Mar 2016 04:47:25 +0000 (00:47 -0400)
was open-coded in several places...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
security/apparmor/lsm.c

index 8d19615dcb73d698f1cedd7d8e16ff5464ba71b0..ead56bfaa056e0244d784972ba78279aca22ce89 100644 (file)
@@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir,
 }
 
 /**
- * common_perm_mnt_dentry - common permission wrapper when mnt, dentry
+ * common_perm_path - common permission wrapper when mnt, dentry
  * @op: operation being checked
- * @mnt: mount point of dentry (NOT NULL)
- * @dentry: dentry to check  (NOT NULL)
+ * @path: location to check (NOT NULL)
  * @mask: requested permissions mask
  *
  * Returns: %0 else error code if error or permission denied
  */
-static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
-                                 struct dentry *dentry, u32 mask)
+static inline int common_perm_path(int op, const struct path *path, u32 mask)
 {
-       struct path path = { mnt, dentry };
-       struct path_cond cond = { d_backing_inode(dentry)->i_uid,
-                                 d_backing_inode(dentry)->i_mode
+       struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
+                                 d_backing_inode(path->dentry)->i_mode
        };
+       if (!mediated_filesystem(path->dentry))
+               return 0;
 
-       return common_perm(op, &path, mask, &cond);
+       return common_perm(op, path, mask, &cond);
 }
 
 /**
@@ -271,15 +270,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
 
 static int apparmor_path_truncate(const struct path *path)
 {
-       struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
-                                 d_backing_inode(path->dentry)->i_mode
-       };
-
-       if (!mediated_filesystem(path->dentry))
-               return 0;
-
-       return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
-                          &cond);
+       return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
 }
 
 static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
@@ -336,31 +327,17 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
 
 static int apparmor_path_chmod(const struct path *path, umode_t mode)
 {
-       if (!mediated_filesystem(path->dentry))
-               return 0;
-
-       return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
+       return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
 }
 
 static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
 {
-       struct path_cond cond =  { d_backing_inode(path->dentry)->i_uid,
-                                  d_backing_inode(path->dentry)->i_mode
-       };
-
-       if (!mediated_filesystem(path->dentry))
-               return 0;
-
-       return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
+       return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
 }
 
 static int apparmor_inode_getattr(const struct path *path)
 {
-       if (!mediated_filesystem(path->dentry))
-               return 0;
-
-       return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry,
-                                     AA_MAY_META_READ);
+       return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
 }
 
 static int apparmor_file_open(struct file *file, const struct cred *cred)