fanotify: permissions and blocking

This is the backend work needed for fanotify to support the new FS_OPEN_PERM and FS_ACCESS_PERM fsnotify events. This is done using the new fsnotify secondary queue. No userspace interface is provided actually respond to or request these events. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2009-12-17 21:24:34 -0500
committer: Eric Paris <eparis@redhat.com> 2010-07-28 09:59:02 -0400
commit: 9e66e4233db9c7e31e9ee706be2c9ddd54cf99b3 (patch)
tree: 9d778b358fb6e5f02fb2cf634c2163f34982b7dd /include
parent: c4ec54b40d33f8016fea970a383cc584dd0e6019 (diff)
2 files changed, 30 insertions, 0 deletions
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 385896c9f82..02f80676c23 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -15,6 +15,9 @@
 /* FIXME currently Q's have no limit.... */
 #define FAN_Q_OVERFLOW          0x00004000      /* Event queued overflowed */
+#define FAN_OPEN_PERM           0x00010000      /* File open in perm check */
+#define FAN_ACCESS_PERM         0x00020000      /* File accessed in perm check */
 /* helper events */
 #define FAN_CLOSE               (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
@@ -52,7 +55,14 @@
                        FAN_CLOSE |\
                        FAN_OPEN)
+/*
+ * All events which require a permission response from userspace
+ */
+#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\
+                             FAN_ACCESS_PERM)
 #define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\
+                                 FAN_ALL_PERM_EVENTS |\
                                 FAN_Q_OVERFLOW)
 #define FANOTIFY_METADATA_VERSION       1
@@ -65,6 +75,10 @@ struct fanotify_event_metadata {
        __s64 pid;
 } __attribute__ ((packed));
+/* Legit userspace responses to a _PERM event */
+#define FAN_ALLOW       0x01
+#define FAN_DENY        0x02
 /* Helper functions to deal with fanotify_event_metadata buffers */
 #define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata))
@@ -78,5 +92,9 @@ struct fanotify_event_metadata {
 #ifdef __KERNEL__
+struct fanotify_wait {
+        struct fsnotify_event *event;
+        __s32 fd;
+};
 #endif /* __KERNEL__ */
 #endif /* _LINUX_FANOTIFY_H */
diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
index c34728e7d8c..b0d00fd6bfa 100644
--- a/include/linux/fsnotify_backend.h
+++ b/include/linux/fsnotify_backend.h
@@ -160,6 +160,14 @@ struct fsnotify_group {
                        struct user_struct      *user;
                } inotify_data;
 #endif
+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
+                struct fanotify_group_private_data {
+                        /* allows a group to block waiting for a userspace response */
+                        struct mutex access_mutex;
+                        struct list_head access_list;
+                        wait_queue_head_t access_waitq;
+                } fanotify_data;
+#endif
        };
 };
@@ -227,6 +235,10 @@ struct fsnotify_event {
        size_t name_len;
        struct pid *tgid;
+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
+        __u32 response; /* userspace answer to question */
+#endif /* CONFIG_FANOTIFY_ACCESS_PERMISSIONS */
        struct list_head private_data_list;     /* groups can store private data here */
 };
author	Eric Paris <eparis@redhat.com>	2009-12-17 21:24:34 -0500
committer	Eric Paris <eparis@redhat.com>	2010-07-28 09:59:02 -0400
commit	9e66e4233db9c7e31e9ee706be2c9ddd54cf99b3 (patch)
tree	9d778b358fb6e5f02fb2cf634c2163f34982b7dd /include
parent	c4ec54b40d33f8016fea970a383cc584dd0e6019 (diff)