aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2009-10-04 08:49:47 -0400
committerJames Morris <jmorris@namei.org>2009-10-11 19:56:00 -0400
commit89eda06837094ce9f34fae269b8773fcfd70f046 (patch)
treedc11701c68ebcc8346d7567cfb53b9c7327ef445 /include/linux
parent941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e (diff)
LSM: Add security_path_chmod() and security_path_chown().
This patch allows pathname based LSM modules to check chmod()/chown() operations. Since notify_change() does not receive "struct vfsmount *", we add security_path_chmod() and security_path_chown() to the caller of notify_change(). These hooks are used by TOMOYO. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/security.h30
1 files changed, 30 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 239e40d0450b..c8a584c26f7b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -447,6 +447,18 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
447 * @new_dir contains the path structure for parent of the new link. 447 * @new_dir contains the path structure for parent of the new link.
448 * @new_dentry contains the dentry structure of the new link. 448 * @new_dentry contains the dentry structure of the new link.
449 * Return 0 if permission is granted. 449 * Return 0 if permission is granted.
450 * @path_chmod:
451 * Check for permission to change DAC's permission of a file or directory.
452 * @dentry contains the dentry structure.
453 * @mnt contains the vfsmnt structure.
454 * @mode contains DAC's mode.
455 * Return 0 if permission is granted.
456 * @path_chown:
457 * Check for permission to change owner/group of a file or directory.
458 * @path contains the path structure.
459 * @uid contains new owner's ID.
460 * @gid contains new group's ID.
461 * Return 0 if permission is granted.
450 * @inode_readlink: 462 * @inode_readlink:
451 * Check the permission to read the symbolic link. 463 * Check the permission to read the symbolic link.
452 * @dentry contains the dentry structure for the file link. 464 * @dentry contains the dentry structure for the file link.
@@ -1488,6 +1500,9 @@ struct security_operations {
1488 struct dentry *new_dentry); 1500 struct dentry *new_dentry);
1489 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, 1501 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1490 struct path *new_dir, struct dentry *new_dentry); 1502 struct path *new_dir, struct dentry *new_dentry);
1503 int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt,
1504 mode_t mode);
1505 int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
1491#endif 1506#endif
1492 1507
1493 int (*inode_alloc_security) (struct inode *inode); 1508 int (*inode_alloc_security) (struct inode *inode);
@@ -2952,6 +2967,9 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2952 struct dentry *new_dentry); 2967 struct dentry *new_dentry);
2953int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 2968int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2954 struct path *new_dir, struct dentry *new_dentry); 2969 struct path *new_dir, struct dentry *new_dentry);
2970int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
2971 mode_t mode);
2972int security_path_chown(struct path *path, uid_t uid, gid_t gid);
2955#else /* CONFIG_SECURITY_PATH */ 2973#else /* CONFIG_SECURITY_PATH */
2956static inline int security_path_unlink(struct path *dir, struct dentry *dentry) 2974static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
2957{ 2975{
@@ -3001,6 +3019,18 @@ static inline int security_path_rename(struct path *old_dir,
3001{ 3019{
3002 return 0; 3020 return 0;
3003} 3021}
3022
3023static inline int security_path_chmod(struct dentry *dentry,
3024 struct vfsmount *mnt,
3025 mode_t mode)
3026{
3027 return 0;
3028}
3029
3030static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
3031{
3032 return 0;
3033}
3004#endif /* CONFIG_SECURITY_PATH */ 3034#endif /* CONFIG_SECURITY_PATH */
3005 3035
3006#ifdef CONFIG_KEYS 3036#ifdef CONFIG_KEYS