aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorKentaro Takeda <takedakn@nttdata.co.jp>2008-12-16 23:24:15 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-12-31 18:07:37 -0500
commitbe6d3e56a6b9b3a4ee44a0685e39e595073c6f0d (patch)
tree3a770f4cc676efeba443b28caa1ad195eeff49bc /security/capability.c
parent6a94cb73064c952255336cc57731904174b2c58f (diff)
introduce new LSM hooks where vfsmount is available.
Add new LSM hooks for path-based checks. Call them on directory-modifying operations at the points where we still know the vfsmount involved. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c57
1 files changed, 57 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 2dce66fcb992..c545bd1300b5 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -263,6 +263,53 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
263 *secid = 0; 263 *secid = 0;
264} 264}
265 265
266#ifdef CONFIG_SECURITY_PATH
267static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode,
268 unsigned int dev)
269{
270 return 0;
271}
272
273static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
274{
275 return 0;
276}
277
278static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
279{
280 return 0;
281}
282
283static int cap_path_unlink(struct path *dir, struct dentry *dentry)
284{
285 return 0;
286}
287
288static int cap_path_symlink(struct path *dir, struct dentry *dentry,
289 const char *old_name)
290{
291 return 0;
292}
293
294static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
295 struct dentry *new_dentry)
296{
297 return 0;
298}
299
300static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
301 struct path *new_path, struct dentry *new_dentry)
302{
303 return 0;
304}
305
306static int cap_path_truncate(struct path *path, loff_t length,
307 unsigned int time_attrs)
308{
309 return 0;
310}
311#endif
312
266static int cap_file_permission(struct file *file, int mask) 313static int cap_file_permission(struct file *file, int mask)
267{ 314{
268 return 0; 315 return 0;
@@ -883,6 +930,16 @@ void security_fixup_ops(struct security_operations *ops)
883 set_to_cap_if_null(ops, inode_setsecurity); 930 set_to_cap_if_null(ops, inode_setsecurity);
884 set_to_cap_if_null(ops, inode_listsecurity); 931 set_to_cap_if_null(ops, inode_listsecurity);
885 set_to_cap_if_null(ops, inode_getsecid); 932 set_to_cap_if_null(ops, inode_getsecid);
933#ifdef CONFIG_SECURITY_PATH
934 set_to_cap_if_null(ops, path_mknod);
935 set_to_cap_if_null(ops, path_mkdir);
936 set_to_cap_if_null(ops, path_rmdir);
937 set_to_cap_if_null(ops, path_unlink);
938 set_to_cap_if_null(ops, path_symlink);
939 set_to_cap_if_null(ops, path_link);
940 set_to_cap_if_null(ops, path_rename);
941 set_to_cap_if_null(ops, path_truncate);
942#endif
886 set_to_cap_if_null(ops, file_permission); 943 set_to_cap_if_null(ops, file_permission);
887 set_to_cap_if_null(ops, file_alloc_security); 944 set_to_cap_if_null(ops, file_alloc_security);
888 set_to_cap_if_null(ops, file_free_security); 945 set_to_cap_if_null(ops, file_free_security);