summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c21
1 files changed, 19 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index f972ee1f10eb..bdc295ad5fba 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1376,9 +1376,18 @@ int security_inode_set_acl(struct user_namespace *mnt_userns,
struct dentry *dentry, const char *acl_name,
struct posix_acl *kacl)
{
+ int ret;
+
if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
return 0;
- return call_int_hook(inode_set_acl, 0, mnt_userns, dentry, acl_name, kacl);
+ ret = call_int_hook(inode_set_acl, 0, mnt_userns, dentry, acl_name,
+ kacl);
+ if (ret)
+ return ret;
+ ret = ima_inode_set_acl(mnt_userns, dentry, acl_name, kacl);
+ if (ret)
+ return ret;
+ return evm_inode_set_acl(mnt_userns, dentry, acl_name, kacl);
}
int security_inode_get_acl(struct user_namespace *mnt_userns,
@@ -1392,9 +1401,17 @@ int security_inode_get_acl(struct user_namespace *mnt_userns,
int security_inode_remove_acl(struct user_namespace *mnt_userns,
struct dentry *dentry, const char *acl_name)
{
+ int ret;
+
if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
return 0;
- return call_int_hook(inode_remove_acl, 0, mnt_userns, dentry, acl_name);
+ ret = call_int_hook(inode_remove_acl, 0, mnt_userns, dentry, acl_name);
+ if (ret)
+ return ret;
+ ret = ima_inode_remove_acl(mnt_userns, dentry, acl_name);
+ if (ret)
+ return ret;
+ return evm_inode_remove_acl(mnt_userns, dentry, acl_name);
}
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-01 08:01:59 +0300