Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
[sfrench/cifs-2.6.git] / fs / proc / base.c
index 511b279ec69cdce7a3e434d9d9152fd95678bd36..fca9fa5f23d85cd8975b06baade0fe395db23538 100644 (file)
@@ -140,9 +140,13 @@ struct pid_entry {
 #define REG(NAME, MODE, fops)                          \
        NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {})
 #define ONE(NAME, MODE, show)                          \
-       NOD(NAME, (S_IFREG|(MODE)),                     \
+       NOD(NAME, (S_IFREG|(MODE)),                     \
                NULL, &proc_single_file_operations,     \
                { .proc_show = show } )
+#define ATTR(LSM, NAME, MODE)                          \
+       NOD(NAME, (S_IFREG|(MODE)),                     \
+               NULL, &proc_pid_attr_operations,        \
+               { .lsm = LSM })
 
 /*
  * Count the number of hardlinks for the pid_entry table, excluding the .
@@ -2521,7 +2525,7 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
        if (!task)
                return -ESRCH;
 
-       length = security_getprocattr(task,
+       length = security_getprocattr(task, PROC_I(inode)->op.lsm,
                                      (char*)file->f_path.dentry->d_name.name,
                                      &p);
        put_task_struct(task);
@@ -2570,7 +2574,9 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
        if (rv < 0)
                goto out_free;
 
-       rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count);
+       rv = security_setprocattr(PROC_I(inode)->op.lsm,
+                                 file->f_path.dentry->d_name.name, page,
+                                 count);
        mutex_unlock(&current->signal->cred_guard_mutex);
 out_free:
        kfree(page);
@@ -2584,13 +2590,53 @@ static const struct file_operations proc_pid_attr_operations = {
        .llseek         = generic_file_llseek,
 };
 
+#define LSM_DIR_OPS(LSM) \
+static int proc_##LSM##_attr_dir_iterate(struct file *filp, \
+                            struct dir_context *ctx) \
+{ \
+       return proc_pident_readdir(filp, ctx, \
+                                  LSM##_attr_dir_stuff, \
+                                  ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+} \
+\
+static const struct file_operations proc_##LSM##_attr_dir_ops = { \
+       .read           = generic_read_dir, \
+       .iterate        = proc_##LSM##_attr_dir_iterate, \
+       .llseek         = default_llseek, \
+}; \
+\
+static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \
+                               struct dentry *dentry, unsigned int flags) \
+{ \
+       return proc_pident_lookup(dir, dentry, \
+                                 LSM##_attr_dir_stuff, \
+                                 ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+} \
+\
+static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \
+       .lookup         = proc_##LSM##_attr_dir_lookup, \
+       .getattr        = pid_getattr, \
+       .setattr        = proc_setattr, \
+}
+
+#ifdef CONFIG_SECURITY_SMACK
+static const struct pid_entry smack_attr_dir_stuff[] = {
+       ATTR("smack", "current",        0666),
+};
+LSM_DIR_OPS(smack);
+#endif
+
 static const struct pid_entry attr_dir_stuff[] = {
-       REG("current",    S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("prev",       S_IRUGO,         proc_pid_attr_operations),
-       REG("exec",       S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("fscreate",   S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("keycreate",  S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+       ATTR(NULL, "current",           0666),
+       ATTR(NULL, "prev",              0444),
+       ATTR(NULL, "exec",              0666),
+       ATTR(NULL, "fscreate",          0666),
+       ATTR(NULL, "keycreate",         0666),
+       ATTR(NULL, "sockcreate",        0666),
+#ifdef CONFIG_SECURITY_SMACK
+       DIR("smack",                    0555,
+           proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
+#endif
 };
 
 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)