summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorLokesh Gidra <lokeshgidra@google.com>2021-01-08 23:22:20 +0100
committerPaul Moore <paul@paul-moore.com>2021-01-14 23:28:24 +0100
commit215b674b84dd052098fe6389e32a5afaff8b4d56 (patch)
tree70382b40681e709a8f7790d03cc00adbad4726fa /security/security.c
parentselinux: fall back to SECURITY_FS_USE_GENFS if no xattr support (diff)
downloadlinux-215b674b84dd052098fe6389e32a5afaff8b4d56.tar.xz
linux-215b674b84dd052098fe6389e32a5afaff8b4d56.zip
security: add inode_init_security_anon() LSM hook
This change adds a new LSM hook, inode_init_security_anon(), that will be used while creating secure anonymous inodes. The hook allows/denies its creation and assigns a security context to the inode. The new hook accepts an optional context_inode parameter that callers can use to provide additional contextual information to security modules for granting/denying permission to create an anon-inode of the same type. This context_inode's security_context can also be used to initialize the newly created anon-inode's security_context. Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 7b09cfbae94f..401663b5b70e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1059,6 +1059,14 @@ out:
}
EXPORT_SYMBOL(security_inode_init_security);
+int security_inode_init_security_anon(struct inode *inode,
+ const struct qstr *name,
+ const struct inode *context_inode)
+{
+ return call_int_hook(inode_init_security_anon, 0, inode, name,
+ context_inode);
+}
+
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr, const char **name,
void **value, size_t *len)