Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: - Add LSM hooks, and SELinux access control hooks, for dnotify, fanotify, and inotify watches. This has been discussed with both the LSM and fs/notify folks and everybody is good with these new hooks. - The LSM stacking changes missed a few calls to current_security() in the SELinux code; we fix those and remove current_security() for good. - Improve our network object labeling cache so that we always return the object's label, even when under memory pressure. Previously we would return an error if we couldn't allocate a new cache entry, now we always return the label even if we can't create a new cache entry for it. - Convert the sidtab atomic_t counter to a normal u32 with READ/WRITE_ONCE() and memory barrier protection. - A few patches to policydb.c to clean things up (remove forward declarations, long lines, bad variable names, etc) * tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: lsm: remove current_security() selinux: fix residual uses of current_security() for the SELinux blob selinux: avoid atomic_t usage in sidtab fanotify, inotify, dnotify, security: add security hook for fs notifications selinux: always return a secid from the network caches if we find one selinux: policydb - rename type_val_to_struct_array selinux: policydb - fix some checkpatch.pl warnings selinux: shuffle around policydb.c to get rid of forward declarations
This commit is contained in:
Linus Torvalds
@@ -339,6 +339,9 @@
|
||||
* Check for permission to change root directory.
|
||||
* @path contains the path structure.
|
||||
* Return 0 if permission is granted.
|
||||
* @path_notify:
|
||||
* Check permissions before setting a watch on events as defined by @mask,
|
||||
* on an object at @path, whose type is defined by @obj_type.
|
||||
* @inode_readlink:
|
||||
* Check the permission to read the symbolic link.
|
||||
* @dentry contains the dentry structure for the file link.
|
||||
@@ -1535,7 +1538,9 @@ union security_list_options {
|
||||
int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);
|
||||
int (*path_chroot)(const struct path *path);
|
||||
#endif
|
||||
|
||||
/* Needed for inode based security check */
|
||||
int (*path_notify)(const struct path *path, u64 mask,
|
||||
unsigned int obj_type);
|
||||
int (*inode_alloc_security)(struct inode *inode);
|
||||
void (*inode_free_security)(struct inode *inode);
|
||||
int (*inode_init_security)(struct inode *inode, struct inode *dir,
|
||||
@@ -1860,6 +1865,8 @@ struct security_hook_heads {
|
||||
struct hlist_head path_chown;
|
||||
struct hlist_head path_chroot;
|
||||
#endif
|
||||
/* Needed for inode based modules as well */
|
||||
struct hlist_head path_notify;
|
||||
struct hlist_head inode_alloc_security;
|
||||
struct hlist_head inode_free_security;
|
||||
struct hlist_head inode_init_security;
|
||||
|
||||
Reference in New Issue
Block a user