summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-09-23 21:21:04 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2019-09-23 21:21:04 +0300
commit5825a95fe92566ada2292a65de030850b5cff1da (patch)
tree8e210a297844f6e07e0acb6ee793036a2c692976 /security/security.c
parent3c6a6910a81eae3566bb5fef6ea0f624382595e6 (diff)
parent15322a0d90b6fd62ae8f22e5b87f735c3fdfeff7 (diff)
downloadlinux-5825a95fe92566ada2292a65de030850b5cff1da.tar.xz
Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: - Add LSM hooks, and SELinux access control hooks, for dnotify, fanotify, and inotify watches. This has been discussed with both the LSM and fs/notify folks and everybody is good with these new hooks. - The LSM stacking changes missed a few calls to current_security() in the SELinux code; we fix those and remove current_security() for good. - Improve our network object labeling cache so that we always return the object's label, even when under memory pressure. Previously we would return an error if we couldn't allocate a new cache entry, now we always return the label even if we can't create a new cache entry for it. - Convert the sidtab atomic_t counter to a normal u32 with READ/WRITE_ONCE() and memory barrier protection. - A few patches to policydb.c to clean things up (remove forward declarations, long lines, bad variable names, etc) * tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: lsm: remove current_security() selinux: fix residual uses of current_security() for the SELinux blob selinux: avoid atomic_t usage in sidtab fanotify, inotify, dnotify, security: add security hook for fs notifications selinux: always return a secid from the network caches if we find one selinux: policydb - rename type_val_to_struct_array selinux: policydb - fix some checkpatch.pl warnings selinux: shuffle around policydb.c to get rid of forward declarations
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 250ee2d76406..25ee5c75551f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -870,6 +870,12 @@ int security_move_mount(const struct path *from_path, const struct path *to_path
return call_int_hook(move_mount, 0, from_path, to_path);
}
+int security_path_notify(const struct path *path, u64 mask,
+ unsigned int obj_type)
+{
+ return call_int_hook(path_notify, 0, path, mask, obj_type);
+}
+
int security_inode_alloc(struct inode *inode)
{
int rc = lsm_inode_alloc(inode);