diff options
author | Kentaro Takeda <takedakn@nttdata.co.jp> | 2008-12-16 23:24:15 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-31 18:07:37 -0500 |
commit | be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d (patch) | |
tree | 3a770f4cc676efeba443b28caa1ad195eeff49bc /security/capability.c | |
parent | 6a94cb73064c952255336cc57731904174b2c58f (diff) |
introduce new LSM hooks where vfsmount is available.
Add new LSM hooks for path-based checks. Call them on directory-modifying
operations at the points where we still know the vfsmount involved.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/capability.c')
-rw-r--r-- | security/capability.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c index 2dce66fcb992..c545bd1300b5 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -263,6 +263,53 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid) | |||
263 | *secid = 0; | 263 | *secid = 0; |
264 | } | 264 | } |
265 | 265 | ||
266 | #ifdef CONFIG_SECURITY_PATH | ||
267 | static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, | ||
268 | unsigned int dev) | ||
269 | { | ||
270 | return 0; | ||
271 | } | ||
272 | |||
273 | static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode) | ||
274 | { | ||
275 | return 0; | ||
276 | } | ||
277 | |||
278 | static int cap_path_rmdir(struct path *dir, struct dentry *dentry) | ||
279 | { | ||
280 | return 0; | ||
281 | } | ||
282 | |||
283 | static int cap_path_unlink(struct path *dir, struct dentry *dentry) | ||
284 | { | ||
285 | return 0; | ||
286 | } | ||
287 | |||
288 | static int cap_path_symlink(struct path *dir, struct dentry *dentry, | ||
289 | const char *old_name) | ||
290 | { | ||
291 | return 0; | ||
292 | } | ||
293 | |||
294 | static int cap_path_link(struct dentry *old_dentry, struct path *new_dir, | ||
295 | struct dentry *new_dentry) | ||
296 | { | ||
297 | return 0; | ||
298 | } | ||
299 | |||
300 | static int cap_path_rename(struct path *old_path, struct dentry *old_dentry, | ||
301 | struct path *new_path, struct dentry *new_dentry) | ||
302 | { | ||
303 | return 0; | ||
304 | } | ||
305 | |||
306 | static int cap_path_truncate(struct path *path, loff_t length, | ||
307 | unsigned int time_attrs) | ||
308 | { | ||
309 | return 0; | ||
310 | } | ||
311 | #endif | ||
312 | |||
266 | static int cap_file_permission(struct file *file, int mask) | 313 | static int cap_file_permission(struct file *file, int mask) |
267 | { | 314 | { |
268 | return 0; | 315 | return 0; |
@@ -883,6 +930,16 @@ void security_fixup_ops(struct security_operations *ops) | |||
883 | set_to_cap_if_null(ops, inode_setsecurity); | 930 | set_to_cap_if_null(ops, inode_setsecurity); |
884 | set_to_cap_if_null(ops, inode_listsecurity); | 931 | set_to_cap_if_null(ops, inode_listsecurity); |
885 | set_to_cap_if_null(ops, inode_getsecid); | 932 | set_to_cap_if_null(ops, inode_getsecid); |
933 | #ifdef CONFIG_SECURITY_PATH | ||
934 | set_to_cap_if_null(ops, path_mknod); | ||
935 | set_to_cap_if_null(ops, path_mkdir); | ||
936 | set_to_cap_if_null(ops, path_rmdir); | ||
937 | set_to_cap_if_null(ops, path_unlink); | ||
938 | set_to_cap_if_null(ops, path_symlink); | ||
939 | set_to_cap_if_null(ops, path_link); | ||
940 | set_to_cap_if_null(ops, path_rename); | ||
941 | set_to_cap_if_null(ops, path_truncate); | ||
942 | #endif | ||
886 | set_to_cap_if_null(ops, file_permission); | 943 | set_to_cap_if_null(ops, file_permission); |
887 | set_to_cap_if_null(ops, file_alloc_security); | 944 | set_to_cap_if_null(ops, file_alloc_security); |
888 | set_to_cap_if_null(ops, file_free_security); | 945 | set_to_cap_if_null(ops, file_free_security); |