introduce new LSM hooks where vfsmount is available.

Add new LSM hooks for path-based checks. Call them on directory-modifying operations at the points where we still know the vfsmount involved. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Kentaro Takeda <takedakn@nttdata.co.jp> 2008-12-16 23:24:15 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-12-31 18:07:37 -0500
commit: be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d (patch)
tree: 3a770f4cc676efeba443b28caa1ad195eeff49bc /security
parent: 6a94cb73064c952255336cc57731904174b2c58f (diff)
3 files changed, 132 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index d9f47ce7e207..9438535d7fd0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -81,6 +81,15 @@ config SECURITY_NETWORK_XFRM
          IPSec.
          If you are unsure how to answer this question, answer N.
+config SECURITY_PATH
+        bool "Security hooks for pathname based access control"
+        depends on SECURITY
+        help
+          This enables the security hooks for pathname based access control.
+          If enabled, a security module can use these hooks to
+          implement pathname based access controls.
+          If you are unsure how to answer this question, answer N.
 config SECURITY_FILE_CAPABILITIES
        bool "File POSIX Capabilities"
        default n
diff --git a/security/capability.c b/security/capability.c
index 2dce66fcb992..c545bd1300b5 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -263,6 +263,53 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
        *secid = 0;
 }
+#ifdef CONFIG_SECURITY_PATH
+static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode,
+                          unsigned int dev)
+{
+        return 0;
+}
+static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
+{
+        return 0;
+}
+static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
+{
+        return 0;
+}
+static int cap_path_unlink(struct path *dir, struct dentry *dentry)
+{
+        return 0;
+}
+static int cap_path_symlink(struct path *dir, struct dentry *dentry,
+                            const char *old_name)
+{
+        return 0;
+}
+static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
+                         struct dentry *new_dentry)
+{
+        return 0;
+}
+static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
+                           struct path *new_path, struct dentry *new_dentry)
+{
+        return 0;
+}
+static int cap_path_truncate(struct path *path, loff_t length,
+                             unsigned int time_attrs)
+{
+        return 0;
+}
+#endif
 static int cap_file_permission(struct file *file, int mask)
 {
        return 0;
@@ -883,6 +930,16 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, inode_setsecurity);
        set_to_cap_if_null(ops, inode_listsecurity);
        set_to_cap_if_null(ops, inode_getsecid);
+#ifdef CONFIG_SECURITY_PATH
+        set_to_cap_if_null(ops, path_mknod);
+        set_to_cap_if_null(ops, path_mkdir);
+        set_to_cap_if_null(ops, path_rmdir);
+        set_to_cap_if_null(ops, path_unlink);
+        set_to_cap_if_null(ops, path_symlink);
+        set_to_cap_if_null(ops, path_link);
+        set_to_cap_if_null(ops, path_rename);
+        set_to_cap_if_null(ops, path_truncate);
+#endif
        set_to_cap_if_null(ops, file_permission);
        set_to_cap_if_null(ops, file_alloc_security);
        set_to_cap_if_null(ops, file_free_security);
diff --git a/security/security.c b/security/security.c
index d85dbb37c972..678d4d07b852 100644
--- a/security/security.c
+++ b/security/security.c
@@ -355,6 +355,72 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 }
 EXPORT_SYMBOL(security_inode_init_security);
+#ifdef CONFIG_SECURITY_PATH
+int security_path_mknod(struct path *path, struct dentry *dentry, int mode,
+                        unsigned int dev)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_mknod(path, dentry, mode, dev);
+}
+EXPORT_SYMBOL(security_path_mknod);
+int security_path_mkdir(struct path *path, struct dentry *dentry, int mode)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_mkdir(path, dentry, mode);
+}
+int security_path_rmdir(struct path *path, struct dentry *dentry)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_rmdir(path, dentry);
+}
+int security_path_unlink(struct path *path, struct dentry *dentry)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_unlink(path, dentry);
+}
+int security_path_symlink(struct path *path, struct dentry *dentry,
+                          const char *old_name)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_symlink(path, dentry, old_name);
+}
+int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+                       struct dentry *new_dentry)
+{
+        if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
+                return 0;
+        return security_ops->path_link(old_dentry, new_dir, new_dentry);
+}
+int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
+                         struct path *new_dir, struct dentry *new_dentry)
+{
+        if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
+                     (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
+                return 0;
+        return security_ops->path_rename(old_dir, old_dentry, new_dir,
+                                         new_dentry);
+}
+int security_path_truncate(struct path *path, loff_t length,
+                           unsigned int time_attrs)
+{
+        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
+                return 0;
+        return security_ops->path_truncate(path, length, time_attrs);
+}
+#endif
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
 {
        if (unlikely(IS_PRIVATE(dir)))
author	Kentaro Takeda <takedakn@nttdata.co.jp>	2008-12-16 23:24:15 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-12-31 18:07:37 -0500
commit	be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d (patch)
tree	3a770f4cc676efeba443b28caa1ad195eeff49bc /security
parent	6a94cb73064c952255336cc57731904174b2c58f (diff)

diff --git a/security/Kconfig b/security/Kconfig index d9f47ce7e207..9438535d7fd0 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -81,6 +81,15 @@ config SECURITY_NETWORK_XFRM
81	IPSec.	81	IPSec.
82	If you are unsure how to answer this question, answer N.	82	If you are unsure how to answer this question, answer N.
83		83
		84	config SECURITY_PATH
		85	bool "Security hooks for pathname based access control"
		86	depends on SECURITY
		87	help
		88	This enables the security hooks for pathname based access control.
		89	If enabled, a security module can use these hooks to
		90	implement pathname based access controls.
		91	If you are unsure how to answer this question, answer N.
		92
84	config SECURITY_FILE_CAPABILITIES	93	config SECURITY_FILE_CAPABILITIES
85	bool "File POSIX Capabilities"	94	bool "File POSIX Capabilities"
86	default n	95	default n


diff --git a/security/capability.c b/security/capability.c index 2dce66fcb992..c545bd1300b5 100644 --- a/security/capability.c +++ b/security/capability.c
@@ -263,6 +263,53 @@ static void cap_inode_getsecid(const struct inode inode, u32 secid)
263	*secid = 0;	263	*secid = 0;
264	}	264	}
265		265
		266	#ifdef CONFIG_SECURITY_PATH
		267	static int cap_path_mknod(struct path dir, struct dentry dentry, int mode,
		268	unsigned int dev)
		269	{
		270	return 0;
		271	}
		272
		273	static int cap_path_mkdir(struct path dir, struct dentry dentry, int mode)
		274	{
		275	return 0;
		276	}
		277
		278	static int cap_path_rmdir(struct path dir, struct dentry dentry)
		279	{
		280	return 0;
		281	}
		282
		283	static int cap_path_unlink(struct path dir, struct dentry dentry)
		284	{
		285	return 0;
		286	}
		287
		288	static int cap_path_symlink(struct path dir, struct dentry dentry,
		289	const char *old_name)
		290	{
		291	return 0;
		292	}
		293
		294	static int cap_path_link(struct dentry old_dentry, struct path new_dir,
		295	struct dentry *new_dentry)
		296	{
		297	return 0;
		298	}
		299
		300	static int cap_path_rename(struct path old_path, struct dentry old_dentry,
		301	struct path new_path, struct dentry new_dentry)
		302	{
		303	return 0;
		304	}
		305
		306	static int cap_path_truncate(struct path *path, loff_t length,
		307	unsigned int time_attrs)
		308	{
		309	return 0;
		310	}
		311	#endif
		312
266	static int cap_file_permission(struct file *file, int mask)	313	static int cap_file_permission(struct file *file, int mask)
267	{	314	{
268	return 0;	315	return 0;
@@ -883,6 +930,16 @@ void security_fixup_ops(struct security_operations *ops)
883	set_to_cap_if_null(ops, inode_setsecurity);	930	set_to_cap_if_null(ops, inode_setsecurity);
884	set_to_cap_if_null(ops, inode_listsecurity);	931	set_to_cap_if_null(ops, inode_listsecurity);
885	set_to_cap_if_null(ops, inode_getsecid);	932	set_to_cap_if_null(ops, inode_getsecid);
		933	#ifdef CONFIG_SECURITY_PATH
		934	set_to_cap_if_null(ops, path_mknod);
		935	set_to_cap_if_null(ops, path_mkdir);
		936	set_to_cap_if_null(ops, path_rmdir);
		937	set_to_cap_if_null(ops, path_unlink);
		938	set_to_cap_if_null(ops, path_symlink);
		939	set_to_cap_if_null(ops, path_link);
		940	set_to_cap_if_null(ops, path_rename);
		941	set_to_cap_if_null(ops, path_truncate);
		942	#endif
886	set_to_cap_if_null(ops, file_permission);	943	set_to_cap_if_null(ops, file_permission);
887	set_to_cap_if_null(ops, file_alloc_security);	944	set_to_cap_if_null(ops, file_alloc_security);
888	set_to_cap_if_null(ops, file_free_security);	945	set_to_cap_if_null(ops, file_free_security);


diff --git a/security/security.c b/security/security.c index d85dbb37c972..678d4d07b852 100644 --- a/security/security.c +++ b/security/security.c
@@ -355,6 +355,72 @@ int security_inode_init_security(struct inode inode, struct inode dir,
355	}	355	}
356	EXPORT_SYMBOL(security_inode_init_security);	356	EXPORT_SYMBOL(security_inode_init_security);
357		357
		358	#ifdef CONFIG_SECURITY_PATH
		359	int security_path_mknod(struct path path, struct dentry dentry, int mode,
		360	unsigned int dev)
		361	{
		362	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		363	return 0;
		364	return security_ops->path_mknod(path, dentry, mode, dev);
		365	}
		366	EXPORT_SYMBOL(security_path_mknod);
		367
		368	int security_path_mkdir(struct path path, struct dentry dentry, int mode)
		369	{
		370	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		371	return 0;
		372	return security_ops->path_mkdir(path, dentry, mode);
		373	}
		374
		375	int security_path_rmdir(struct path path, struct dentry dentry)
		376	{
		377	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		378	return 0;
		379	return security_ops->path_rmdir(path, dentry);
		380	}
		381
		382	int security_path_unlink(struct path path, struct dentry dentry)
		383	{
		384	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		385	return 0;
		386	return security_ops->path_unlink(path, dentry);
		387	}
		388
		389	int security_path_symlink(struct path path, struct dentry dentry,
		390	const char *old_name)
		391	{
		392	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		393	return 0;
		394	return security_ops->path_symlink(path, dentry, old_name);
		395	}
		396
		397	int security_path_link(struct dentry old_dentry, struct path new_dir,
		398	struct dentry *new_dentry)
		399	{
		400	if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
		401	return 0;
		402	return security_ops->path_link(old_dentry, new_dir, new_dentry);
		403	}
		404
		405	int security_path_rename(struct path old_dir, struct dentry old_dentry,
		406	struct path new_dir, struct dentry new_dentry)
		407	{
		408	if (unlikely(IS_PRIVATE(old_dentry->d_inode) \|\|
		409	(new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
		410	return 0;
		411	return security_ops->path_rename(old_dir, old_dentry, new_dir,
		412	new_dentry);
		413	}
		414
		415	int security_path_truncate(struct path *path, loff_t length,
		416	unsigned int time_attrs)
		417	{
		418	if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
		419	return 0;
		420	return security_ops->path_truncate(path, length, time_attrs);
		421	}
		422	#endif
		423
358	int security_inode_create(struct inode dir, struct dentry dentry, int mode)	424	int security_inode_create(struct inode dir, struct dentry dentry, int mode)
359	{	425	{
360	if (unlikely(IS_PRIVATE(dir)))	426	if (unlikely(IS_PRIVATE(dir)))