summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLokesh Gidra <lokeshgidra@google.com>2021-01-09 01:22:20 +0300
committerPaul Moore <paul@paul-moore.com>2021-01-15 01:28:24 +0300
commit215b674b84dd052098fe6389e32a5afaff8b4d56 (patch)
tree70382b40681e709a8f7790d03cc00adbad4726fa /security
parent08abe46b2cfcf5f815cd4961b1bf9e10b1714c6d (diff)
downloadlinux-215b674b84dd052098fe6389e32a5afaff8b4d56.tar.xz
security: add inode_init_security_anon() LSM hook
This change adds a new LSM hook, inode_init_security_anon(), that will be used while creating secure anonymous inodes. The hook allows/denies its creation and assigns a security context to the inode. The new hook accepts an optional context_inode parameter that callers can use to provide additional contextual information to security modules for granting/denying permission to create an anon-inode of the same type. This context_inode's security_context can also be used to initialize the newly created anon-inode's security_context. Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/security.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 7b09cfbae94f..401663b5b70e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1059,6 +1059,14 @@ out:
}
EXPORT_SYMBOL(security_inode_init_security);
+int security_inode_init_security_anon(struct inode *inode,
+ const struct qstr *name,
+ const struct inode *context_inode)
+{
+ return call_int_hook(inode_init_security_anon, 0, inode, name,
+ context_inode);
+}
+
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr, const char **name,
void **value, size_t *len)