security: Create file_truncate hook from path_truncate hook

Like path_truncate, the file_truncate hook also restricts file truncation, but is called in the cases where truncation is attempted on an already-opened file. This is required in a subsequent commit to handle ftruncate() operations differently to truncate() operations. Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221018182216.301684-2-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün <mic@digikod.net>
author: Günther Noack <gnoack3000@gmail.com> 2022-10-18 20:22:06 +0200
committer: Mickaël Salaün <mic@digikod.net> 2022-10-19 09:01:40 +0200
commit: 3350607dc5637be2563f484dcfe2fed456f3d4ff (patch)
tree: fda8bd79084e26e2062fec46370c1a572b0d187f /security/security.c
parent: Linux 6.1-rc1 (diff)
download: linux-3350607dc5637be2563f484dcfe2fed456f3d4ff.tar.xz
linux-3350607dc5637be2563f484dcfe2fed456f3d4ff.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 79d82cb6e469..b55596958d0c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1652,6 +1652,11 @@ int security_file_open(struct file *file)
 	return fsnotify_perm(file, MAY_OPEN);
 }
 
+int security_file_truncate(struct file *file)
+{
+	return call_int_hook(file_truncate, 0, file);
+}
+
 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
 {
 	int rc = lsm_task_alloc(task);
author	Günther Noack <gnoack3000@gmail.com>	2022-10-18 20:22:06 +0200
committer	Mickaël Salaün <mic@digikod.net>	2022-10-19 09:01:40 +0200
commit	3350607dc5637be2563f484dcfe2fed456f3d4ff (patch)
tree	fda8bd79084e26e2062fec46370c1a572b0d187f /security/security.c
parent	Linux 6.1-rc1 (diff)
download	linux-3350607dc5637be2563f484dcfe2fed456f3d4ff.tar.xz linux-3350607dc5637be2563f484dcfe2fed456f3d4ff.zip