Nick Piggin wrote:
> On Wed, Jun 02, 2010 at 12:28:24PM +0900, Tetsuo Handa wrote:
> > When commit be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d "introduce new LSM hooks
> > where vfsmount is available." was proposed, regarding security_path_truncate(),
> > only "struct file *" argument (which AppArmor wanted to use) was removed.
> > But length and time_attrs arguments are not used by TOMOYO nor AppArmor.
>
> Well if length is not used either, can we remove that too seeing as
> we're changing the API anyway.
Yes. Here is the updated patch.
----------
[PATCH] LSM: Remove unused arguments from security_path_truncate().
When commit be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d "introduce new LSM hooks
where vfsmount is available." was proposed, regarding security_path_truncate(),
only "struct file *" argument (which AppArmor wanted to use) was removed.
But length and time_attrs arguments are not used by TOMOYO nor AppArmor.
Thus, let's remove these arguments.
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
fs/namei.c | 3 +--
fs/open.c | 5 ++---
include/linux/security.h | 11 +++--------
security/capability.c | 3 +--
security/security.c | 5 ++---
security/tomoyo/tomoyo.c | 3 +--
6 files changed, 10 insertions(+), 20 deletions(-)
--- security-testing-2.6.orig/fs/namei.c
+++ security-testing-2.6/fs/namei.c
@@ -1484,8 +1484,7 @@ static int handle_truncate(struct path *
*/
error = locks_verify_locked(inode);
if (!error)
- error = security_path_truncate(path, 0,
- ATTR_MTIME|ATTR_CTIME|ATTR_OPEN);
+ error = security_path_truncate(path);
if (!error) {
error = do_truncate(path->dentry, 0,
ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
--- security-testing-2.6.orig/fs/open.c
+++ security-testing-2.6/fs/open.c
@@ -110,7 +110,7 @@ static long do_sys_truncate(const char _
error = locks_verify_truncate(inode, NULL, length);
if (!error)
- error = security_path_truncate(&path, length, 0);
+ error = security_path_truncate(&path);
if (!error)
error = do_truncate(path.dentry, length, 0, NULL);
@@ -165,8 +165,7 @@ static long do_sys_ftruncate(unsigned in
error = locks_verify_truncate(inode, file, length);
if (!error)
- error = security_path_truncate(&file->f_path, length,
- ATTR_MTIME|ATTR_CTIME);
+ error = security_path_truncate(&file->f_path);
if (!error)
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
out_putf:
--- security-testing-2.6.orig/include/linux/security.h
+++ security-testing-2.6/include/linux/security.h
@@ -470,8 +470,6 @@ static inline void security_free_mnt_opt
* @path_truncate:
* Check permission before truncating a file.
* @path contains the path structure for the file.
- * @length is the new length of the file.
- * @time_attrs is the flags passed to do_truncate().
* Return 0 if permission is granted.
* @inode_getattr:
* Check permission before obtaining file attributes.
@@ -1412,8 +1410,7 @@ struct security_operations {
int (*path_rmdir) (struct path *dir, struct dentry *dentry);
int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
unsigned int dev);
- int (*path_truncate) (struct path *path, loff_t length,
- unsigned int time_attrs);
+ int (*path_truncate) (struct path *path);
int (*path_symlink) (struct path *dir, struct dentry *dentry,
const char *old_name);
int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
@@ -2806,8 +2803,7 @@ int security_path_mkdir(struct path *dir
int security_path_rmdir(struct path *dir, struct dentry *dentry);
int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
unsigned int dev);
-int security_path_truncate(struct path *path, loff_t length,
- unsigned int time_attrs);
+int security_path_truncate(struct path *path);
int security_path_symlink(struct path *dir, struct dentry *dentry,
const char *old_name);
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -2841,8 +2837,7 @@ static inline int security_path_mknod(st
return 0;
}
-static inline int security_path_truncate(struct path *path, loff_t length,
- unsigned int time_attrs)
+static inline int security_path_truncate(struct path *path)
{
return 0;
}
--- security-testing-2.6.orig/security/capability.c
+++ security-testing-2.6/security/capability.c
@@ -268,8 +268,7 @@ static int cap_path_rename(struct path *
return 0;
}
-static int cap_path_truncate(struct path *path, loff_t length,
- unsigned int time_attrs)
+static int cap_path_truncate(struct path *path)
{
return 0;
}
--- security-testing-2.6.orig/security/security.c
+++ security-testing-2.6/security/security.c
@@ -417,12 +417,11 @@ int security_path_rename(struct path *ol
new_dentry);
}
-int security_path_truncate(struct path *path, loff_t length,
- unsigned int time_attrs)
+int security_path_truncate(struct path *path)
{
if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
return 0;
- return security_ops->path_truncate(path, length, time_attrs);
+ return security_ops->path_truncate(path);
}
int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
--- security-testing-2.6.orig/security/tomoyo/tomoyo.c
+++ security-testing-2.6/security/tomoyo/tomoyo.c
@@ -93,8 +93,7 @@ static int tomoyo_bprm_check_security(st
return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
}
-static int tomoyo_path_truncate(struct path *path, loff_t length,
- unsigned int time_attrs)
+static int tomoyo_path_truncate(struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
