diff options
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/security.h | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 7aab6ab7c57f..d4f3b7a94ea6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -250,6 +250,25 @@ struct swap_info_struct; | |||
250 | * @inode contains the inode structure. | 250 | * @inode contains the inode structure. |
251 | * Deallocate the inode security structure and set @inode->i_security to | 251 | * Deallocate the inode security structure and set @inode->i_security to |
252 | * NULL. | 252 | * NULL. |
253 | * @inode_init_security: | ||
254 | * Obtain the security attribute name suffix and value to set on a newly | ||
255 | * created inode and set up the incore security field for the new inode. | ||
256 | * This hook is called by the fs code as part of the inode creation | ||
257 | * transaction and provides for atomic labeling of the inode, unlike | ||
258 | * the post_create/mkdir/... hooks called by the VFS. The hook function | ||
259 | * is expected to allocate the name and value via kmalloc, with the caller | ||
260 | * being responsible for calling kfree after using them. | ||
261 | * If the security module does not use security attributes or does | ||
262 | * not wish to put a security attribute on this particular inode, | ||
263 | * then it should return -EOPNOTSUPP to skip this processing. | ||
264 | * @inode contains the inode structure of the newly created inode. | ||
265 | * @dir contains the inode structure of the parent directory. | ||
266 | * @name will be set to the allocated name suffix (e.g. selinux). | ||
267 | * @value will be set to the allocated attribute value. | ||
268 | * @len will be set to the length of the value. | ||
269 | * Returns 0 if @name and @value have been successfully set, | ||
270 | * -EOPNOTSUPP if no security attribute is needed, or | ||
271 | * -ENOMEM on memory allocation failure. | ||
253 | * @inode_create: | 272 | * @inode_create: |
254 | * Check permission to create a regular file. | 273 | * Check permission to create a regular file. |
255 | * @dir contains inode structure of the parent of the new file. | 274 | * @dir contains inode structure of the parent of the new file. |
@@ -1080,6 +1099,8 @@ struct security_operations { | |||
1080 | 1099 | ||
1081 | int (*inode_alloc_security) (struct inode *inode); | 1100 | int (*inode_alloc_security) (struct inode *inode); |
1082 | void (*inode_free_security) (struct inode *inode); | 1101 | void (*inode_free_security) (struct inode *inode); |
1102 | int (*inode_init_security) (struct inode *inode, struct inode *dir, | ||
1103 | char **name, void **value, size_t *len); | ||
1083 | int (*inode_create) (struct inode *dir, | 1104 | int (*inode_create) (struct inode *dir, |
1084 | struct dentry *dentry, int mode); | 1105 | struct dentry *dentry, int mode); |
1085 | void (*inode_post_create) (struct inode *dir, | 1106 | void (*inode_post_create) (struct inode *dir, |
@@ -1442,6 +1463,17 @@ static inline void security_inode_free (struct inode *inode) | |||
1442 | return; | 1463 | return; |
1443 | security_ops->inode_free_security (inode); | 1464 | security_ops->inode_free_security (inode); |
1444 | } | 1465 | } |
1466 | |||
1467 | static inline int security_inode_init_security (struct inode *inode, | ||
1468 | struct inode *dir, | ||
1469 | char **name, | ||
1470 | void **value, | ||
1471 | size_t *len) | ||
1472 | { | ||
1473 | if (unlikely (IS_PRIVATE (inode))) | ||
1474 | return -EOPNOTSUPP; | ||
1475 | return security_ops->inode_init_security (inode, dir, name, value, len); | ||
1476 | } | ||
1445 | 1477 | ||
1446 | static inline int security_inode_create (struct inode *dir, | 1478 | static inline int security_inode_create (struct inode *dir, |
1447 | struct dentry *dentry, | 1479 | struct dentry *dentry, |
@@ -2171,6 +2203,15 @@ static inline int security_inode_alloc (struct inode *inode) | |||
2171 | 2203 | ||
2172 | static inline void security_inode_free (struct inode *inode) | 2204 | static inline void security_inode_free (struct inode *inode) |
2173 | { } | 2205 | { } |
2206 | |||
2207 | static inline int security_inode_init_security (struct inode *inode, | ||
2208 | struct inode *dir, | ||
2209 | char **name, | ||
2210 | void **value, | ||
2211 | size_t *len) | ||
2212 | { | ||
2213 | return -EOPNOTSUPP; | ||
2214 | } | ||
2174 | 2215 | ||
2175 | static inline int security_inode_create (struct inode *dir, | 2216 | static inline int security_inode_create (struct inode *dir, |
2176 | struct dentry *dentry, | 2217 | struct dentry *dentry, |