fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap

[linux-block.git] / security / apparmor / lsm.c

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c6728a62943737427e161791bcce9ef2d164a26c..d6cc4812ca5372749f8be66d00d2614ea2268a2f 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -227,8 +227,7 @@ static int common_perm(const char *op, const struct path *path, u32 mask,
  */
 static int common_perm_cond(const char *op, const struct path *path, u32 mask)
 {
-       struct user_namespace *mnt_userns = mnt_user_ns(path->mnt);
-       vfsuid_t vfsuid = i_uid_into_vfsuid(mnt_userns,
+       vfsuid_t vfsuid = i_uid_into_vfsuid(mnt_idmap(path->mnt),
                                            d_backing_inode(path->dentry));
        struct path_cond cond = {
                vfsuid_into_kuid(vfsuid),
@@ -273,14 +272,13 @@ static int common_perm_rm(const char *op, const struct path *dir,
                          struct dentry *dentry, u32 mask)
 {
        struct inode *inode = d_backing_inode(dentry);
-       struct user_namespace *mnt_userns = mnt_user_ns(dir->mnt);
        struct path_cond cond = { };
        vfsuid_t vfsuid;
 
        if (!inode || !path_mediated_fs(dentry))
                return 0;
 
-       vfsuid = i_uid_into_vfsuid(mnt_userns, inode);
+       vfsuid = i_uid_into_vfsuid(mnt_idmap(dir->mnt), inode);
        cond.uid = vfsuid_into_kuid(vfsuid);
        cond.mode = inode->i_mode;
 
@@ -379,7 +377,7 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
 
        label = begin_current_label_crit_section();
        if (!unconfined(label)) {
-               struct user_namespace *mnt_userns = mnt_user_ns(old_dir->mnt);
+               struct mnt_idmap *idmap = mnt_idmap(old_dir->mnt);
                vfsuid_t vfsuid;
                struct path old_path = { .mnt = old_dir->mnt,
                                         .dentry = old_dentry };
@@ -388,14 +386,14 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
                struct path_cond cond = {
                        .mode = d_backing_inode(old_dentry)->i_mode
                };
-               vfsuid = i_uid_into_vfsuid(mnt_userns, d_backing_inode(old_dentry));
+               vfsuid = i_uid_into_vfsuid(idmap, d_backing_inode(old_dentry));
                cond.uid = vfsuid_into_kuid(vfsuid);
 
                if (flags & RENAME_EXCHANGE) {
                        struct path_cond cond_exchange = {
                                .mode = d_backing_inode(new_dentry)->i_mode,
                        };
-                       vfsuid = i_uid_into_vfsuid(mnt_userns, d_backing_inode(old_dentry));
+                       vfsuid = i_uid_into_vfsuid(idmap, d_backing_inode(old_dentry));
                        cond_exchange.uid = vfsuid_into_kuid(vfsuid);
 
                        error = aa_path_perm(OP_RENAME_SRC, label, &new_path, 0,
@@ -460,13 +458,13 @@ static int apparmor_file_open(struct file *file)
 
        label = aa_get_newest_cred_label(file->f_cred);
        if (!unconfined(label)) {
-               struct user_namespace *mnt_userns = file_mnt_user_ns(file);
+               struct mnt_idmap *idmap = file_mnt_idmap(file);
                struct inode *inode = file_inode(file);
                vfsuid_t vfsuid;
                struct path_cond cond = {
                        .mode = inode->i_mode,
                };
-               vfsuid = i_uid_into_vfsuid(mnt_userns, inode);
+               vfsuid = i_uid_into_vfsuid(idmap, inode);
                cond.uid = vfsuid_into_kuid(vfsuid);
 
                error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,