diff options
| author | Andrew Morton <akpm@digeo.com> | 2003-05-07 08:20:52 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.transmeta.com> | 2003-05-07 08:20:52 -0700 |
| commit | 667b93eb42f7b7d81f70af0aa63cb5b19e1dccac (patch) | |
| tree | 3091939d5b7dd48be82389a2f4eb465bce4ed042 /include/linux/security.h | |
| parent | 16685211ee82cd8ec22cd1b2e72de6303f4bc6c0 (diff) | |
[PATCH] Change LSM hooks in setxattr
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch against 2.5.69 adds a security_inode_post_setxattr hook so that
security modules can update the inode security structure after a successful
setxattr, and it moves the existing security_inode_setxattr hook call after
the taking the inode semaphore so that atomicity is provided for the
security check and the update to the inode security structure.
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 6a98cb692bf8..4d052ad9759d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -361,6 +361,9 @@ struct swap_info_struct; * Check permission before setting the extended attributes * @value identified by @name for @dentry. * Return 0 if permission is granted. + * @inode_post_setxattr: + * Update inode security field after successful setxattr operation. + * @value identified by @name for @dentry. * @inode_getxattr: * Check permission before obtaining the extended attributes * identified by @name for @dentry. @@ -1036,6 +1039,8 @@ struct security_operations { void (*inode_delete) (struct inode *inode); int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, size_t size, int flags); + void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value, + size_t size, int flags); int (*inode_getxattr) (struct dentry *dentry, char *name); int (*inode_listxattr) (struct dentry *dentry); int (*inode_removexattr) (struct dentry *dentry, char *name); @@ -1464,6 +1469,12 @@ static inline int security_inode_setxattr (struct dentry *dentry, char *name, return security_ops->inode_setxattr (dentry, name, value, size, flags); } +static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, + void *value, size_t size, int flags) +{ + security_ops->inode_post_setxattr (dentry, name, value, size, flags); +} + static inline int security_inode_getxattr (struct dentry *dentry, char *name) { return security_ops->inode_getxattr (dentry, name); @@ -2063,6 +2074,10 @@ static inline int security_inode_setxattr (struct dentry *dentry, char *name, return 0; } +static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, + void *value, size_t size, int flags) +{ } + static inline int security_inode_getxattr (struct dentry *dentry, char *name) { return 0; |