integrity: IMA hooks

[net-next-2.6.git] / fs / file_table.c

diff --git a/fs/file_table.c b/fs/file_table.c
index 5ad0eca6eea27b1ee33fcd8415c05edfeac97d82..55895ccc08c6eadb8b51404bc7ef91f5ed0bcb18 100644 (file)
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -13,6 +13,7 @@
 #include <linux/module.h>
 #include <linux/fs.h>
 #include <linux/security.h>
+#include <linux/ima.h>
 #include <linux/eventpoll.h>
 #include <linux/rcupdate.h>
 #include <linux/mount.h>
@@ -36,7 +37,9 @@ static struct percpu_counter nr_files __cacheline_aligned_in_smp;
 
 static inline void file_free_rcu(struct rcu_head *head)
 {
-       struct file *f =  container_of(head, struct file, f_u.fu_rcuhead);
+       struct file *f = container_of(head, struct file, f_u.fu_rcuhead);
+
+       put_cred(f->f_cred);
        kmem_cache_free(filp_cachep, f);
 }
 
@@ -94,7 +97,7 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp,
  */
 struct file *get_empty_filp(void)
 {
-       struct task_struct *tsk;
+       const struct cred *cred = current_cred();
        static int old_max;
        struct file * f;
 
@@ -118,12 +121,10 @@ struct file *get_empty_filp(void)
        if (security_file_alloc(f))
                goto fail_sec;
 
-       tsk = current;
        INIT_LIST_HEAD(&f->f_u.fu_list);
        atomic_long_set(&f->f_count, 1);
        rwlock_init(&f->f_owner.lock);
-       f->f_uid = tsk->fsuid;
-       f->f_gid = tsk->fsgid;
+       f->f_cred = get_cred(cred);
        eventpoll_init_file(f);
        /* f->f_version: 0 */
        return f;
@@ -276,6 +277,7 @@ void __fput(struct file *file)
        if (file->f_op && file->f_op->release)
                file->f_op->release(inode, file);
        security_file_free(file);
+       ima_file_free(file);
        if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL))
                cdev_put(inode->i_cdev);
        fops_put(file->f_op);