diff options
| author | Christian Brauner <brauner@kernel.org> | 2022-06-26 18:06:01 +0200 |
|---|---|---|
| committer | Christian Brauner (Microsoft) <brauner@kernel.org> | 2022-10-26 10:03:19 +0200 |
| commit | 5e26a01e56fd03647d14b4461eeb69abde88a4e3 (patch) | |
| tree | 24c7151042372ef13ac666d835b67a87eb72e3d3 /security/apparmor/lsm.c | |
| parent | b7c9b6751242fec703c1b7d1bcfea1d80fe00c8d (diff) | |
apparmor: use type safe idmapping helpers
We already ported most parts and filesystems over for v6.0 to the new
vfs{g,u}id_t type and associated helpers for v6.0. Convert the remaining
places so we can remove all the old helpers.
This is a non-functional change.
Reviewed-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'security/apparmor/lsm.c')
| -rw-r--r-- | security/apparmor/lsm.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index f56070270c69..f34675f7c3df 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -225,8 +225,10 @@ static int common_perm(const char *op, const struct path *path, u32 mask, static int common_perm_cond(const char *op, const struct path *path, u32 mask) { struct user_namespace *mnt_userns = mnt_user_ns(path->mnt); + vfsuid_t vfsuid = i_uid_into_vfsuid(mnt_userns, + d_backing_inode(path->dentry)); struct path_cond cond = { - i_uid_into_mnt(mnt_userns, d_backing_inode(path->dentry)), + vfsuid_into_kuid(vfsuid), d_backing_inode(path->dentry)->i_mode }; @@ -270,11 +272,13 @@ static int common_perm_rm(const char *op, const struct path *dir, struct inode *inode = d_backing_inode(dentry); struct user_namespace *mnt_userns = mnt_user_ns(dir->mnt); struct path_cond cond = { }; + vfsuid_t vfsuid; if (!inode || !path_mediated_fs(dentry)) return 0; - cond.uid = i_uid_into_mnt(mnt_userns, inode); + vfsuid = i_uid_into_vfsuid(mnt_userns, inode); + cond.uid = vfsuid_into_kuid(vfsuid); cond.mode = inode->i_mode; return common_perm_dir_dentry(op, dir, dentry, mask, &cond); @@ -368,20 +372,23 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d label = begin_current_label_crit_section(); if (!unconfined(label)) { struct user_namespace *mnt_userns = mnt_user_ns(old_dir->mnt); + vfsuid_t vfsuid; struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; struct path_cond cond = { - i_uid_into_mnt(mnt_userns, d_backing_inode(old_dentry)), - d_backing_inode(old_dentry)->i_mode + .mode = d_backing_inode(old_dentry)->i_mode }; + vfsuid = i_uid_into_vfsuid(mnt_userns, d_backing_inode(old_dentry)); + cond.uid = vfsuid_into_kuid(vfsuid); if (flags & RENAME_EXCHANGE) { struct path_cond cond_exchange = { - i_uid_into_mnt(mnt_userns, d_backing_inode(new_dentry)), - d_backing_inode(new_dentry)->i_mode + .mode = d_backing_inode(new_dentry)->i_mode, }; + vfsuid = i_uid_into_vfsuid(mnt_userns, d_backing_inode(old_dentry)); + cond_exchange.uid = vfsuid_into_kuid(vfsuid); error = aa_path_perm(OP_RENAME_SRC, label, &new_path, 0, MAY_READ | AA_MAY_GETATTR | MAY_WRITE | @@ -447,10 +454,12 @@ static int apparmor_file_open(struct file *file) if (!unconfined(label)) { struct user_namespace *mnt_userns = file_mnt_user_ns(file); struct inode *inode = file_inode(file); + vfsuid_t vfsuid; struct path_cond cond = { - i_uid_into_mnt(mnt_userns, inode), - inode->i_mode + .mode = inode->i_mode, }; + vfsuid = i_uid_into_vfsuid(mnt_userns, inode); + cond.uid = vfsuid_into_kuid(vfsuid); error = aa_path_perm(OP_OPEN, label, &file->f_path, 0, aa_map_file_to_perms(file), &cond); |