1 files changed, 41 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 7aab6ab7c57f..d4f3b7a94ea6 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -250,6 +250,25 @@ struct swap_info_struct;
 *      @inode contains the inode structure.
 *      Deallocate the inode security structure and set @inode->i_security to
 *      NULL. 
+ * @inode_init_security:
+ *      Obtain the security attribute name suffix and value to set on a newly
+ *      created inode and set up the incore security field for the new inode.
+ *      This hook is called by the fs code as part of the inode creation
+ *      transaction and provides for atomic labeling of the inode, unlike
+ *      the post_create/mkdir/... hooks called by the VFS.  The hook function
+ *      is expected to allocate the name and value via kmalloc, with the caller
+ *      being responsible for calling kfree after using them.
+ *      If the security module does not use security attributes or does
+ *      not wish to put a security attribute on this particular inode,
+ *      then it should return -EOPNOTSUPP to skip this processing.
+ *      @inode contains the inode structure of the newly created inode.
+ *      @dir contains the inode structure of the parent directory.
+ *      @name will be set to the allocated name suffix (e.g. selinux).
+ *      @value will be set to the allocated attribute value.
+ *      @len will be set to the length of the value.
+ *      Returns 0 if @name and @value have been successfully set,
+ *              -EOPNOTSUPP if no security attribute is needed, or
+ *              -ENOMEM on memory allocation failure.
 * @inode_create:
 *      Check permission to create a regular file.
 *      @dir contains inode structure of the parent of the new file.
@@ -1080,6 +1099,8 @@ struct security_operations {
        int (*inode_alloc_security) (struct inode *inode);      
        void (*inode_free_security) (struct inode *inode);
+        int (*inode_init_security) (struct inode *inode, struct inode *dir,
+                                    char **name, void **value, size_t *len);
        int (*inode_create) (struct inode *dir,
                             struct dentry *dentry, int mode);
        void (*inode_post_create) (struct inode *dir,
@@ -1442,6 +1463,17 @@ static inline void security_inode_free (struct inode *inode)
                return;
        security_ops->inode_free_security (inode);
 }
+static inline int security_inode_init_security (struct inode *inode,
+                                                struct inode *dir,
+                                                char **name,
+                                                void **value,
+                                                size_t *len)
+{
+        if (unlikely (IS_PRIVATE (inode)))
+                return -EOPNOTSUPP;
+        return security_ops->inode_init_security (inode, dir, name, value, len);
+}
        
 static inline int security_inode_create (struct inode *dir,
                                         struct dentry *dentry,
@@ -2171,6 +2203,15 @@ static inline int security_inode_alloc (struct inode *inode)
 static inline void security_inode_free (struct inode *inode)
 { }
+static inline int security_inode_init_security (struct inode *inode,
+                                                struct inode *dir,
+                                                char **name,
+                                                void **value,
+                                                size_t *len)
+{
+        return -EOPNOTSUPP;
+}
        
 static inline int security_inode_create (struct inode *dir,
                                         struct dentry *dentry,

diff --git a/include/linux/security.h b/include/linux/security.h index 7aab6ab7c57f..d4f3b7a94ea6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -250,6 +250,25 @@ struct swap_info_struct;
250	* @inode contains the inode structure.	250	* @inode contains the inode structure.
251	* Deallocate the inode security structure and set @inode->i_security to	251	* Deallocate the inode security structure and set @inode->i_security to
252	* NULL.	252	* NULL.
		253	* @inode_init_security:
		254	* Obtain the security attribute name suffix and value to set on a newly
		255	* created inode and set up the incore security field for the new inode.
		256	* This hook is called by the fs code as part of the inode creation
		257	* transaction and provides for atomic labeling of the inode, unlike
		258	* the post_create/mkdir/... hooks called by the VFS. The hook function
		259	* is expected to allocate the name and value via kmalloc, with the caller
		260	* being responsible for calling kfree after using them.
		261	* If the security module does not use security attributes or does
		262	* not wish to put a security attribute on this particular inode,
		263	* then it should return -EOPNOTSUPP to skip this processing.
		264	* @inode contains the inode structure of the newly created inode.
		265	* @dir contains the inode structure of the parent directory.
		266	* @name will be set to the allocated name suffix (e.g. selinux).
		267	* @value will be set to the allocated attribute value.
		268	* @len will be set to the length of the value.
		269	* Returns 0 if @name and @value have been successfully set,
		270	* -EOPNOTSUPP if no security attribute is needed, or
		271	* -ENOMEM on memory allocation failure.
253	* @inode_create:	272	* @inode_create:
254	* Check permission to create a regular file.	273	* Check permission to create a regular file.
255	* @dir contains inode structure of the parent of the new file.	274	* @dir contains inode structure of the parent of the new file.
@@ -1080,6 +1099,8 @@ struct security_operations {
1080		1099
1081	int (inode_alloc_security) (struct inode inode);	1100	int (inode_alloc_security) (struct inode inode);
1082	void (inode_free_security) (struct inode inode);	1101	void (inode_free_security) (struct inode inode);
		1102	int (inode_init_security) (struct inode inode, struct inode *dir,
		1103	char name, void value, size_t *len);
1083	int (inode_create) (struct inode dir,	1104	int (inode_create) (struct inode dir,
1084	struct dentry *dentry, int mode);	1105	struct dentry *dentry, int mode);
1085	void (inode_post_create) (struct inode dir,	1106	void (inode_post_create) (struct inode dir,
@@ -1442,6 +1463,17 @@ static inline void security_inode_free (struct inode *inode)
1442	return;	1463	return;
1443	security_ops->inode_free_security (inode);	1464	security_ops->inode_free_security (inode);
1444	}	1465	}
		1466
		1467	static inline int security_inode_init_security (struct inode *inode,
		1468	struct inode *dir,
		1469	char **name,
		1470	void **value,
		1471	size_t *len)
		1472	{
		1473	if (unlikely (IS_PRIVATE (inode)))
		1474	return -EOPNOTSUPP;
		1475	return security_ops->inode_init_security (inode, dir, name, value, len);
		1476	}
1445		1477
1446	static inline int security_inode_create (struct inode *dir,	1478	static inline int security_inode_create (struct inode *dir,
1447	struct dentry *dentry,	1479	struct dentry *dentry,
@@ -2171,6 +2203,15 @@ static inline int security_inode_alloc (struct inode *inode)
2171		2203
2172	static inline void security_inode_free (struct inode *inode)	2204	static inline void security_inode_free (struct inode *inode)
2173	{ }	2205	{ }
		2206
		2207	static inline int security_inode_init_security (struct inode *inode,
		2208	struct inode *dir,
		2209	char **name,
		2210	void **value,
		2211	size_t *len)
		2212	{
		2213	return -EOPNOTSUPP;
		2214	}
2174		2215
2175	static inline int security_inode_create (struct inode *dir,	2216	static inline int security_inode_create (struct inode *dir,
2176	struct dentry *dentry,	2217	struct dentry *dentry,