summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2020-02-12 16:58:35 +0300
committerDavid Howells <dhowells@redhat.com>2020-05-19 17:08:23 +0300
commit344fa64ef8f6740e99b32ab788b6e3742d7284b3 (patch)
tree44170f4c17e4e98be3bec9972ef6fa6531a52582 /security
parent0858caa419e6cf9d31e734d09d70b34f64443ef6 (diff)
downloadlinux-344fa64ef8f6740e99b32ab788b6e3742d7284b3.tar.xz
security: Add a hook for the point of notification insertion
Add a security hook that allows an LSM to rule on whether a notification message is allowed to be inserted into a particular watch queue. The hook is given the following information: (1) The credentials of the triggerer (which may be init_cred for a system notification, eg. a hardware error). (2) The credentials of the whoever set the watch. (3) The notification message. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jamorris@linux.microsoft.com> cc: Casey Schaufler <casey@schaufler-ca.com> cc: Stephen Smalley <sds@tycho.nsa.gov> cc: linux-security-module@vger.kernel.org
Diffstat (limited to 'security')
-rw-r--r--security/security.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 7fed24b9d57e..7d55607120b4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2007,6 +2007,15 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_WATCH_QUEUE
+int security_post_notification(const struct cred *w_cred,
+ const struct cred *cred,
+ struct watch_notification *n)
+{
+ return call_int_hook(post_notification, 0, w_cred, cred, n);
+}
+#endif /* CONFIG_WATCH_QUEUE */
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)