fs: Avoid premature clearing of capabilities

[pandora-kernel.git] / fs / attr.c

diff --git a/fs/attr.c b/fs/attr.c
index 7ee7ba4..a7f0c75 100644 (file)
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -16,19 +16,22 @@
 #include <linux/evm.h>
 
 /**
- * inode_change_ok - check if attribute changes to an inode are allowed
- * @inode:     inode to check
+ * setattr_prepare - check if attribute changes to a dentry are allowed
+ * @dentry:    dentry to check
  * @attr:      attributes to change
  *
  * Check if we are allowed to change the attributes contained in @attr
- * in the given inode.  This includes the normal unix access permission
- * checks, as well as checks for rlimits and others.
+ * in the given dentry.  This includes the normal unix access permission
+ * checks, as well as checks for rlimits and others. The function also clears
+ * SGID bit from mode if user is not allowed to set it. Also file capabilities
+ * and IMA extended attributes are cleared if ATTR_KILL_PRIV is set.
  *
  * Should be called as the first thing in ->setattr implementations,
  * possibly after taking additional locks.
  */
-int inode_change_ok(const struct inode *inode, struct iattr *attr)
+int setattr_prepare(struct dentry *dentry, struct iattr *attr)
 {
+       struct inode *inode = dentry->d_inode;
        unsigned int ia_valid = attr->ia_valid;
 
        /*
@@ -43,7 +46,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
 
        /* If force is set do it anyway. */
        if (ia_valid & ATTR_FORCE)
-               return 0;
+               goto kill_priv;
 
        /* Make sure a caller can chown. */
        if ((ia_valid & ATTR_UID) &&
@@ -74,9 +77,19 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
                        return -EPERM;
        }
 
+kill_priv:
+       /* User has permission for the change */
+       if (ia_valid & ATTR_KILL_PRIV) {
+               int error;
+
+               error = security_inode_killpriv(dentry);
+               if (error)
+                       return error;
+       }
+
        return 0;
 }
-EXPORT_SYMBOL(inode_change_ok);
+EXPORT_SYMBOL(setattr_prepare);
 
 /**
  * inode_newsize_ok - may this inode be truncated to a given size
@@ -176,6 +189,11 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
                        return -EPERM;
        }
 
+       if ((ia_valid & ATTR_SIZE) && IS_I_VERSION(inode)) {
+               if (attr->ia_size != inode->i_size)
+                       inode_inc_iversion(inode);
+       }
+
        if ((ia_valid & ATTR_MODE)) {
                mode_t amode = attr->ia_mode;
                /* Flag setting protected by i_mutex */
@@ -191,13 +209,11 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
        if (!(ia_valid & ATTR_MTIME_SET))
                attr->ia_mtime = now;
        if (ia_valid & ATTR_KILL_PRIV) {
-               attr->ia_valid &= ~ATTR_KILL_PRIV;
-               ia_valid &= ~ATTR_KILL_PRIV;
                error = security_inode_need_killpriv(dentry);
-               if (error > 0)
-                       error = security_inode_killpriv(dentry);
-               if (error)
+               if (error < 0)
                        return error;
+               if (error == 0)
+                       ia_valid = attr->ia_valid &= ~ATTR_KILL_PRIV;
        }
 
        /*