summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorAndreas Gruenbacher <agruenba@redhat.com>2015-12-24 19:09:40 +0300
committerPaul Moore <pmoore@redhat.com>2015-12-24 19:09:40 +0300
commit6f3be9f562e3027c77bc4482ccf2cea8600a7f74 (patch)
tree3f854d23263cefa95365b9e671b3347404083079 /security/security.c
parent83da53c5a34564a0a63b26f84293c6e2a639e1e4 (diff)
downloadlinux-6f3be9f562e3027c77bc4482ccf2cea8600a7f74.tar.xz
security: Add hook to invalidate inode security labels
Add a hook to invalidate an inode's security label when the cached information becomes invalid. Add the new hook in selinux: set a flag when a security label becomes invalid. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index c5beb7e90721..e8ffd92ae2eb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1161,6 +1161,12 @@ void security_release_secctx(char *secdata, u32 seclen)
}
EXPORT_SYMBOL(security_release_secctx);
+void security_inode_invalidate_secctx(struct inode *inode)
+{
+ call_void_hook(inode_invalidate_secctx, inode);
+}
+EXPORT_SYMBOL(security_inode_invalidate_secctx);
+
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen);
@@ -1763,6 +1769,8 @@ struct security_hook_heads security_hook_heads = {
LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
.release_secctx =
LIST_HEAD_INIT(security_hook_heads.release_secctx),
+ .inode_invalidate_secctx =
+ LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
.inode_notifysecctx =
LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
.inode_setsecctx =