diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2009-10-04 08:49:47 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-11 19:56:00 -0400 |
commit | 89eda06837094ce9f34fae269b8773fcfd70f046 (patch) | |
tree | dc11701c68ebcc8346d7567cfb53b9c7327ef445 /include/linux | |
parent | 941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e (diff) |
LSM: Add security_path_chmod() and security_path_chown().
This patch allows pathname based LSM modules to check chmod()/chown()
operations. Since notify_change() does not receive "struct vfsmount *",
we add security_path_chmod() and security_path_chown() to the caller of
notify_change().
These hooks are used by TOMOYO.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/security.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 239e40d0450b..c8a584c26f7b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -447,6 +447,18 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
447 | * @new_dir contains the path structure for parent of the new link. | 447 | * @new_dir contains the path structure for parent of the new link. |
448 | * @new_dentry contains the dentry structure of the new link. | 448 | * @new_dentry contains the dentry structure of the new link. |
449 | * Return 0 if permission is granted. | 449 | * Return 0 if permission is granted. |
450 | * @path_chmod: | ||
451 | * Check for permission to change DAC's permission of a file or directory. | ||
452 | * @dentry contains the dentry structure. | ||
453 | * @mnt contains the vfsmnt structure. | ||
454 | * @mode contains DAC's mode. | ||
455 | * Return 0 if permission is granted. | ||
456 | * @path_chown: | ||
457 | * Check for permission to change owner/group of a file or directory. | ||
458 | * @path contains the path structure. | ||
459 | * @uid contains new owner's ID. | ||
460 | * @gid contains new group's ID. | ||
461 | * Return 0 if permission is granted. | ||
450 | * @inode_readlink: | 462 | * @inode_readlink: |
451 | * Check the permission to read the symbolic link. | 463 | * Check the permission to read the symbolic link. |
452 | * @dentry contains the dentry structure for the file link. | 464 | * @dentry contains the dentry structure for the file link. |
@@ -1488,6 +1500,9 @@ struct security_operations { | |||
1488 | struct dentry *new_dentry); | 1500 | struct dentry *new_dentry); |
1489 | int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, | 1501 | int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, |
1490 | struct path *new_dir, struct dentry *new_dentry); | 1502 | struct path *new_dir, struct dentry *new_dentry); |
1503 | int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt, | ||
1504 | mode_t mode); | ||
1505 | int (*path_chown) (struct path *path, uid_t uid, gid_t gid); | ||
1491 | #endif | 1506 | #endif |
1492 | 1507 | ||
1493 | int (*inode_alloc_security) (struct inode *inode); | 1508 | int (*inode_alloc_security) (struct inode *inode); |
@@ -2952,6 +2967,9 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
2952 | struct dentry *new_dentry); | 2967 | struct dentry *new_dentry); |
2953 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 2968 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, |
2954 | struct path *new_dir, struct dentry *new_dentry); | 2969 | struct path *new_dir, struct dentry *new_dentry); |
2970 | int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, | ||
2971 | mode_t mode); | ||
2972 | int security_path_chown(struct path *path, uid_t uid, gid_t gid); | ||
2955 | #else /* CONFIG_SECURITY_PATH */ | 2973 | #else /* CONFIG_SECURITY_PATH */ |
2956 | static inline int security_path_unlink(struct path *dir, struct dentry *dentry) | 2974 | static inline int security_path_unlink(struct path *dir, struct dentry *dentry) |
2957 | { | 2975 | { |
@@ -3001,6 +3019,18 @@ static inline int security_path_rename(struct path *old_dir, | |||
3001 | { | 3019 | { |
3002 | return 0; | 3020 | return 0; |
3003 | } | 3021 | } |
3022 | |||
3023 | static inline int security_path_chmod(struct dentry *dentry, | ||
3024 | struct vfsmount *mnt, | ||
3025 | mode_t mode) | ||
3026 | { | ||
3027 | return 0; | ||
3028 | } | ||
3029 | |||
3030 | static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid) | ||
3031 | { | ||
3032 | return 0; | ||
3033 | } | ||
3004 | #endif /* CONFIG_SECURITY_PATH */ | 3034 | #endif /* CONFIG_SECURITY_PATH */ |
3005 | 3035 | ||
3006 | #ifdef CONFIG_KEYS | 3036 | #ifdef CONFIG_KEYS |