From e74f71eb78a4a8b9eaf1bc65f20f761648e85f76 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Mon, 20 Jun 2011 19:38:15 -0400
Subject: ->permission() sanitizing: don't pass flags to ->inode_permission()

pass that via mask instead.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/security.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 4ba6d4cc061f..db3b750da353 100644
--- a/security/security.c
+++ b/security/security.c
@@ -518,14 +518,17 @@ int security_inode_permission(struct inode *inode, int mask)
 {
 	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
-	return security_ops->inode_permission(inode, mask, 0);
+	return security_ops->inode_permission(inode, mask);
 }
 
 int security_inode_exec_permission(struct inode *inode, unsigned int flags)
 {
+	int mask = MAY_EXEC;
 	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
-	return security_ops->inode_permission(inode, MAY_EXEC, flags);
+	if (flags)
+		mask |= MAY_NOT_BLOCK;
+	return security_ops->inode_permission(inode, mask);
 }
 
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
-- 
cgit v1.2.3


From eecdd358b467405a084d400d5ec571bbdbfe97a3 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Mon, 20 Jun 2011 19:48:41 -0400
Subject: ->permission() sanitizing: don't pass flags to exec_permission()

pass mask instead; kill security_inode_exec_permission() since we can use
security_inode_permission() instead.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/security.c | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index db3b750da353..0e4fccfef12c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -521,16 +521,6 @@ int security_inode_permission(struct inode *inode, int mask)
 	return security_ops->inode_permission(inode, mask);
 }
 
-int security_inode_exec_permission(struct inode *inode, unsigned int flags)
-{
-	int mask = MAY_EXEC;
-	if (unlikely(IS_PRIVATE(inode)))
-		return 0;
-	if (flags)
-		mask |= MAY_NOT_BLOCK;
-	return security_ops->inode_permission(inode, mask);
-}
-
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
 {
 	if (unlikely(IS_PRIVATE(dentry->d_inode)))
-- 
cgit v1.2.3