diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-06-10 02:15:56 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 02:11:45 +0200 |
| commit | 064dc9472fa2bc31a7b178882bd7eff782c3d239 (patch) | |
| tree | cb00df746773f501309f21d5da8dbf16664a0c96 /security/apparmor/lsm.c | |
| parent | apparmor: rework file permission to cache file access in file->ctx (diff) | |
| download | linux-064dc9472fa2bc31a7b178882bd7eff782c3d239.tar.xz linux-064dc9472fa2bc31a7b178882bd7eff782c3d239.zip | |
apparmor: mediate files when they are received
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
| -rw-r--r-- | security/apparmor/lsm.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7a986763b2b7..0f7c5c2be732 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -456,6 +456,11 @@ static int common_file_perm(const char *op, struct file *file, u32 mask) return error; } +static int apparmor_file_receive(struct file *file) +{ + return common_file_perm(OP_FRECEIVE, file, aa_map_file_to_perms(file)); +} + static int apparmor_file_permission(struct file *file, int mask) { return common_file_perm(OP_FPERM, file, mask); @@ -665,6 +670,7 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr), LSM_HOOK_INIT(file_open, apparmor_file_open), + LSM_HOOK_INIT(file_receive, apparmor_file_receive), LSM_HOOK_INIT(file_permission, apparmor_file_permission), LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security), LSM_HOOK_INIT(file_free_security, apparmor_file_free_security), |