summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorMickaël Salaün <mic@digikod.net>2025-01-08 16:43:11 +0100
committerMickaël Salaün <mic@digikod.net>2025-01-17 19:05:33 +0100
commit924f4403d869ad24bd2c54ad97ad87d4b838d09c (patch)
tree139f43d5a0fc68ed5430bfed02bad55b38e569b6 /security
parent0e4db4f843c2c0115b5981bd6f6b75dea62e7d60 (diff)
downloadlinux-924f4403d869ad24bd2c54ad97ad87d4b838d09c.tar.gz
linux-924f4403d869ad24bd2c54ad97ad87d4b838d09c.tar.bz2
linux-924f4403d869ad24bd2c54ad97ad87d4b838d09c.zip
landlock: Factor out check_access_path()
Merge check_access_path() into current_check_access_path() and make hook_path_mknod() use it. Cc: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20250108154338.1129069-4-mic@digikod.net Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'security')
-rw-r--r--security/landlock/fs.c32
1 files changed, 11 insertions, 21 deletions
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index f81d0335b825..4023354dd8e3 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -908,28 +908,22 @@ jump_up:
return allowed_parent1 && allowed_parent2;
}
-static int check_access_path(const struct landlock_ruleset *const domain,
- const struct path *const path,
- access_mask_t access_request)
-{
- layer_mask_t layer_masks[LANDLOCK_NUM_ACCESS_FS] = {};
-
- access_request = landlock_init_layer_masks(
- domain, access_request, &layer_masks, LANDLOCK_KEY_INODE);
- if (is_access_to_paths_allowed(domain, path, access_request,
- &layer_masks, NULL, 0, NULL, NULL))
- return 0;
- return -EACCES;
-}
-
static int current_check_access_path(const struct path *const path,
- const access_mask_t access_request)
+ access_mask_t access_request)
{
const struct landlock_ruleset *const dom = get_current_fs_domain();
+ layer_mask_t layer_masks[LANDLOCK_NUM_ACCESS_FS] = {};
if (!dom)
return 0;
- return check_access_path(dom, path, access_request);
+
+ access_request = landlock_init_layer_masks(
+ dom, access_request, &layer_masks, LANDLOCK_KEY_INODE);
+ if (is_access_to_paths_allowed(dom, path, access_request, &layer_masks,
+ NULL, 0, NULL, NULL))
+ return 0;
+
+ return -EACCES;
}
static __attribute_const__ access_mask_t get_mode_access(const umode_t mode)
@@ -1413,11 +1407,7 @@ static int hook_path_mknod(const struct path *const dir,
struct dentry *const dentry, const umode_t mode,
const unsigned int dev)
{
- const struct landlock_ruleset *const dom = get_current_fs_domain();
-
- if (!dom)
- return 0;
- return check_access_path(dom, dir, get_mode_access(mode));
+ return current_check_access_path(dir, get_mode_access(mode));
}
static int hook_path_symlink(const struct path *const dir,
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-01 04:33:32 +0000