>From 819e94ae3a6d9235196d137a39afa4e0bbd79770 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 12 May 2014 21:54:05 +0900
Subject: [PATCH (for 3.15) 3/5] AppArmor: Handle the rename flags.
For AppArmor, the RENAME_EXCHANGE flag means "check permissions with
reversed arguments" and "distinguish condition of source and target".
Future patches will stop re-calculating pathnames.
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
security/apparmor/lsm.c | 22 ++++++++++++++++++++--
1 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c0b4366..9f21296 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -331,7 +331,14 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct path_cond cond = { old_dentry->d_inode->i_uid,
old_dentry->d_inode->i_mode
};
+ struct path_cond new_cond = cond;
+ if (flags & RENAME_EXCHANGE) {
+ /* Cross rename requires both inodes to exist. */
+ new_cond.uid = new_dentry->d_inode->i_uid;
+ new_cond.mode = new_dentry->d_inode->i_mode;
+ }
+retry:
error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0,
MAY_READ | AA_MAY_META_READ | MAY_WRITE |
AA_MAY_META_WRITE | AA_MAY_DELETE,
@@ -339,7 +346,18 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
if (!error)
error = aa_path_perm(OP_RENAME_DEST, profile, &new_path,
0, MAY_WRITE | AA_MAY_META_WRITE |
- AA_MAY_CREATE, &cond);
+ AA_MAY_CREATE, &new_cond);
+ if (!error && (flags & RENAME_EXCHANGE)) {
+ struct path tmp_path = new_path;
+ struct path_cond tmp_cond = new_cond;
+
+ new_path = old_path;
+ old_path = tmp_path;
+ new_cond = cond;
+ cond = tmp_cond;
+ flags = 0;
+ goto retry;
+ }
}
return error;
--
1.7.1
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
