mirror of
https://gitee.com/bianbu-linux/linux-6.6
synced 2025-07-01 23:53:16 -04:00
Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next
This commit is contained in:
commit
de2f4b3453
13 changed files with 211 additions and 65 deletions
|
@ -151,6 +151,16 @@
|
|||
* @name name of the last path component used to create file
|
||||
* @ctx pointer to place the pointer to the resulting context in.
|
||||
* @ctxlen point to place the length of the resulting context.
|
||||
* @dentry_create_files_as:
|
||||
* Compute a context for a dentry as the inode is not yet available
|
||||
* and set that context in passed in creds so that new files are
|
||||
* created using that context. Context is calculated using the
|
||||
* passed in creds and not the creds of the caller.
|
||||
* @dentry dentry to use in calculating the context.
|
||||
* @mode mode used to determine resource type.
|
||||
* @name name of the last path component used to create file
|
||||
* @old creds which should be used for context calculation
|
||||
* @new creds to modify
|
||||
*
|
||||
*
|
||||
* Security hooks for inode operations.
|
||||
|
@ -401,6 +411,23 @@
|
|||
* @inode contains a pointer to the inode.
|
||||
* @secid contains a pointer to the location where result will be saved.
|
||||
* In case of failure, @secid will be set to zero.
|
||||
* @inode_copy_up:
|
||||
* A file is about to be copied up from lower layer to upper layer of
|
||||
* overlay filesystem. Security module can prepare a set of new creds
|
||||
* and modify as need be and return new creds. Caller will switch to
|
||||
* new creds temporarily to create new file and release newly allocated
|
||||
* creds.
|
||||
* @src indicates the union dentry of file that is being copied up.
|
||||
* @new pointer to pointer to return newly allocated creds.
|
||||
* Returns 0 on success or a negative error code on error.
|
||||
* @inode_copy_up_xattr:
|
||||
* Filter the xattrs being copied up when a unioned file is copied
|
||||
* up from a lower layer to the union/overlay layer.
|
||||
* @name indicates the name of the xattr.
|
||||
* Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP if
|
||||
* security module does not know about attribute or a negative error code
|
||||
* to abort the copy up. Note that the caller is responsible for reading
|
||||
* and writing the xattrs as this hook is merely a filter.
|
||||
*
|
||||
* Security hooks for file operations
|
||||
*
|
||||
|
@ -1358,6 +1385,10 @@ union security_list_options {
|
|||
int (*dentry_init_security)(struct dentry *dentry, int mode,
|
||||
const struct qstr *name, void **ctx,
|
||||
u32 *ctxlen);
|
||||
int (*dentry_create_files_as)(struct dentry *dentry, int mode,
|
||||
struct qstr *name,
|
||||
const struct cred *old,
|
||||
struct cred *new);
|
||||
|
||||
|
||||
#ifdef CONFIG_SECURITY_PATH
|
||||
|
@ -1425,6 +1456,8 @@ union security_list_options {
|
|||
int (*inode_listsecurity)(struct inode *inode, char *buffer,
|
||||
size_t buffer_size);
|
||||
void (*inode_getsecid)(struct inode *inode, u32 *secid);
|
||||
int (*inode_copy_up)(struct dentry *src, struct cred **new);
|
||||
int (*inode_copy_up_xattr)(const char *name);
|
||||
|
||||
int (*file_permission)(struct file *file, int mask);
|
||||
int (*file_alloc_security)(struct file *file);
|
||||
|
@ -1655,6 +1688,7 @@ struct security_hook_heads {
|
|||
struct list_head sb_clone_mnt_opts;
|
||||
struct list_head sb_parse_opts_str;
|
||||
struct list_head dentry_init_security;
|
||||
struct list_head dentry_create_files_as;
|
||||
#ifdef CONFIG_SECURITY_PATH
|
||||
struct list_head path_unlink;
|
||||
struct list_head path_mkdir;
|
||||
|
@ -1695,6 +1729,8 @@ struct security_hook_heads {
|
|||
struct list_head inode_setsecurity;
|
||||
struct list_head inode_listsecurity;
|
||||
struct list_head inode_getsecid;
|
||||
struct list_head inode_copy_up;
|
||||
struct list_head inode_copy_up_xattr;
|
||||
struct list_head file_permission;
|
||||
struct list_head file_alloc_security;
|
||||
struct list_head file_free_security;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue