[apparmor] [PATCH 3/4] security: add security_path_access hook

Seth Arnold seth.arnold at canonical.com
Thu Nov 28 08:22:18 UTC 2013 

On Tue, Nov 05, 2013 at 05:35:00AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Very nearly same question with MAY_ACCESS as MAY_CHDIR;
both nfs_permission() and fuse_permission() as well as
probe_sysfs_permissions() use MAY_ACCESS. And again, I believe this patch
as written is correct, but I thought I should ask for confirmation that
those other locations don't need a new security_path_access() hook.

Thanks

> ---
>  fs/open.c                |  4 ++++
>  include/linux/security.h | 12 ++++++++++++
>  security/security.c      |  7 +++++++
>  3 files changed, 23 insertions(+)
> 
> diff --git a/fs/open.c b/fs/open.c
> index 9505fc5..f3e276e 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -343,6 +343,10 @@ retry:
>  			goto out_path_release;
>  	}
>  
> +	res = security_path_access(&path, mode | MAY_ACCESS);
> +	if (res)
> +		goto out_path_release;
> +
>  	res = inode_permission(inode, mode | MAY_ACCESS);
>  	/* SuS v2 requires we report a read only fs too */
>  	if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
> diff --git a/include/linux/security.h b/include/linux/security.h
> index ed693ff..a9a4cd7 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -470,6 +470,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
>   *	Check for permission to change working directory to @path.
>   *	@path contains the path structure.
>   *	Return 0 if permission is granted.
> + * @path_access:
> + *	Check for permission to access a file
> + *	@path contains the path structure.
> + *	@mode contains DAC's mode.
> + *	Return 0 if permission is granted.
>   * @path_chroot:
>   *	Check for permission to change root directory.
>   *	@path contains the path structure.
> @@ -1491,6 +1496,7 @@ struct security_operations {
>  	int (*path_chmod) (struct path *path, umode_t mode);
>  	int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
>  	int (*path_chdir) (struct path *path);
> +	int (*path_access) (struct path *path, umode_t mode);
>  	int (*path_chroot) (struct path *path);
>  #endif
>  
> @@ -2950,6 +2956,7 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
>  int security_path_chmod(struct path *path, umode_t mode);
>  int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
>  int security_path_chdir(struct path *path);
> +int security_path_access(struct path *path, umode_t mode);
>  int security_path_chroot(struct path *path);
>  #else	/* CONFIG_SECURITY_PATH */
>  static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
> @@ -3015,6 +3022,11 @@ static inline int security_path_chdir(struct path *path)
>  	return 0;
>  }
>  
> +static inline int security_path_access(struct path *path, umode_t mode)
> +{
> +	return 0;
> +}
> +
>  static inline int security_path_chroot(struct path *path)
>  {
>  	return 0;
> diff --git a/security/security.c b/security/security.c
> index ca57c35..18556a1 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -471,6 +471,13 @@ int security_path_chdir(struct path *path)
>  	return security_ops->path_chdir(path);
>  }
>  
> +int security_path_access(struct path *path, umode_t mode)
> +{
> +	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
> +		return 0;
> +	return security_ops->path_access(path, mode);
> +}
> +
>  int security_path_chroot(struct path *path)
>  {
>  	return security_ops->path_chroot(path);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131128/ede1ec43/attachment.pgp>

More information about the AppArmor mailing list