aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-12-17 21:24:34 -0500
committerEric Paris <eparis@redhat.com>2010-07-28 09:59:01 -0400
commitc4ec54b40d33f8016fea970a383cc584dd0e6019 (patch)
tree8e8865170cf340d1e79dc379f56417588715b2c8 /security
parentd14f1729483fad3a8817fbbcbd017678b7d1ad26 (diff)
fsnotify: new fsnotify hooks and events types for access decisions
introduce a new fsnotify hook, fsnotify_perm(), which is called from the security code. This hook is used to allow fsnotify groups to make access control decisions about events on the system. We also must change the generic fsnotify function to return an error code if we intend these hooks to be in any way useful. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/security.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index 351942a4ca0e..f6ac27cd3452 100644
--- a/security/security.c
+++ b/security/security.c
@@ -620,7 +620,13 @@ void security_inode_getsecid(const struct inode *inode, u32 *secid)
620 620
621int security_file_permission(struct file *file, int mask) 621int security_file_permission(struct file *file, int mask)
622{ 622{
623 return security_ops->file_permission(file, mask); 623 int ret;
624
625 ret = security_ops->file_permission(file, mask);
626 if (ret)
627 return ret;
628
629 return fsnotify_perm(file, mask);
624} 630}
625 631
626int security_file_alloc(struct file *file) 632int security_file_alloc(struct file *file)
@@ -684,7 +690,13 @@ int security_file_receive(struct file *file)
684 690
685int security_dentry_open(struct file *file, const struct cred *cred) 691int security_dentry_open(struct file *file, const struct cred *cred)
686{ 692{
687 return security_ops->dentry_open(file, cred); 693 int ret;
694
695 ret = security_ops->dentry_open(file, cred);
696 if (ret)
697 return ret;
698
699 return fsnotify_perm(file, MAY_OPEN);
688} 700}
689 701
690int security_task_create(unsigned long clone_flags) 702int security_task_create(unsigned long clone_flags)