return error;
DQUOT_INIT(dir);
error = dir->i_op->create(dir, dentry, mode, nd);
- if (!error) {
+ if (!error)
fsnotify_create(dir, dentry->d_name.name);
- security_inode_post_create(dir, dentry, mode);
- }
return error;
}
DQUOT_INIT(dir);
error = dir->i_op->mknod(dir, dentry, mode, dev);
- if (!error) {
+ if (!error)
fsnotify_create(dir, dentry->d_name.name);
- security_inode_post_mknod(dir, dentry, mode, dev);
- }
return error;
}
DQUOT_INIT(dir);
error = dir->i_op->mkdir(dir, dentry, mode);
- if (!error) {
+ if (!error)
fsnotify_mkdir(dir, dentry->d_name.name);
- security_inode_post_mkdir(dir,dentry, mode);
- }
return error;
}
DQUOT_INIT(dir);
error = dir->i_op->symlink(dir, dentry, oldname);
- if (!error) {
+ if (!error)
fsnotify_create(dir, dentry->d_name.name);
- security_inode_post_symlink(dir, dentry, oldname);
- }
return error;
}
* @dentry contains the dentry structure for the file to be created.
* @mode contains the file mode of the file to be created.
* Return 0 if permission is granted.
- * @inode_post_create:
- * Set the security attributes on a newly created regular file. This hook
- * is called after a file has been successfully created.
- * @dir contains the inode structure of the parent directory of the new file.
- * @dentry contains the the dentry structure for the newly created file.
- * @mode contains the file mode.
* @inode_link:
* Check permission before creating a new hard link to a file.
* @old_dentry contains the dentry structure for an existing link to the file.
* @dentry contains the dentry structure of the symbolic link.
* @old_name contains the pathname of file.
* Return 0 if permission is granted.
- * @inode_post_symlink:
- * @dir contains the inode structure of the parent directory of the new link.
- * @dentry contains the dentry structure of new symbolic link.
- * @old_name contains the pathname of file.
- * Set security attributes for a newly created symbolic link. Note that
- * @dentry->d_inode may be NULL, since the filesystem might not
- * instantiate the dentry (e.g. NFS).
* @inode_mkdir:
* Check permissions to create a new directory in the existing directory
* associated with inode strcture @dir.
* @dentry contains the dentry structure of new directory.
* @mode contains the mode of new directory.
* Return 0 if permission is granted.
- * @inode_post_mkdir:
- * Set security attributes on a newly created directory.
- * @dir contains the inode structure of parent of the directory to be created.
- * @dentry contains the dentry structure of new directory.
- * @mode contains the mode of new directory.
* @inode_rmdir:
* Check the permission to remove a directory.
* @dir contains the inode structure of parent of the directory to be removed.
* @mode contains the mode of the new file.
* @dev contains the the device number.
* Return 0 if permission is granted.
- * @inode_post_mknod:
- * Set security attributes on a newly created special file (or socket or
- * fifo file created via the mknod system call).
- * @dir contains the inode structure of parent of the new node.
- * @dentry contains the dentry structure of the new node.
- * @mode contains the mode of the new node.
- * @dev contains the the device number.
* @inode_rename:
* Check for permission to rename a file or directory.
* @old_dir contains the inode structure for parent of the old link.
char **name, void **value, size_t *len);
int (*inode_create) (struct inode *dir,
struct dentry *dentry, int mode);
- void (*inode_post_create) (struct inode *dir,
- struct dentry *dentry, int mode);
int (*inode_link) (struct dentry *old_dentry,
struct inode *dir, struct dentry *new_dentry);
void (*inode_post_link) (struct dentry *old_dentry,
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
int (*inode_symlink) (struct inode *dir,
struct dentry *dentry, const char *old_name);
- void (*inode_post_symlink) (struct inode *dir,
- struct dentry *dentry,
- const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
- void (*inode_post_mkdir) (struct inode *dir, struct dentry *dentry,
- int mode);
int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
int mode, dev_t dev);
- void (*inode_post_mknod) (struct inode *dir, struct dentry *dentry,
- int mode, dev_t dev);
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry);
void (*inode_post_rename) (struct inode *old_dir,
return security_ops->inode_create (dir, dentry, mode);
}
-static inline void security_inode_post_create (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{
- if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
- return;
- security_ops->inode_post_create (dir, dentry, mode);
-}
-
static inline int security_inode_link (struct dentry *old_dentry,
struct inode *dir,
struct dentry *new_dentry)
return security_ops->inode_symlink (dir, dentry, old_name);
}
-static inline void security_inode_post_symlink (struct inode *dir,
- struct dentry *dentry,
- const char *old_name)
-{
- if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
- return;
- security_ops->inode_post_symlink (dir, dentry, old_name);
-}
-
static inline int security_inode_mkdir (struct inode *dir,
struct dentry *dentry,
int mode)
return security_ops->inode_mkdir (dir, dentry, mode);
}
-static inline void security_inode_post_mkdir (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{
- if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
- return;
- security_ops->inode_post_mkdir (dir, dentry, mode);
-}
-
static inline int security_inode_rmdir (struct inode *dir,
struct dentry *dentry)
{
return security_ops->inode_mknod (dir, dentry, mode, dev);
}
-static inline void security_inode_post_mknod (struct inode *dir,
- struct dentry *dentry,
- int mode, dev_t dev)
-{
- if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
- return;
- security_ops->inode_post_mknod (dir, dentry, mode, dev);
-}
-
static inline int security_inode_rename (struct inode *old_dir,
struct dentry *old_dentry,
struct inode *new_dir,
return 0;
}
-static inline void security_inode_post_create (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{ }
-
static inline int security_inode_link (struct dentry *old_dentry,
struct inode *dir,
struct dentry *new_dentry)
return 0;
}
-static inline void security_inode_post_symlink (struct inode *dir,
- struct dentry *dentry,
- const char *old_name)
-{ }
-
static inline int security_inode_mkdir (struct inode *dir,
struct dentry *dentry,
int mode)
return 0;
}
-static inline void security_inode_post_mkdir (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{ }
-
static inline int security_inode_rmdir (struct inode *dir,
struct dentry *dentry)
{
return 0;
}
-static inline void security_inode_post_mknod (struct inode *dir,
- struct dentry *dentry,
- int mode, dev_t dev)
-{ }
-
static inline int security_inode_rename (struct inode *old_dir,
struct dentry *old_dentry,
struct inode *new_dir,
return 0;
}
-static void dummy_inode_post_create (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return;
-}
-
static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
struct dentry *new_dentry)
{
return 0;
}
-static void dummy_inode_post_symlink (struct inode *inode,
- struct dentry *dentry, const char *name)
-{
- return;
-}
-
static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
int mask)
{
return 0;
}
-static void dummy_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return;
-}
-
static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
{
return 0;
return 0;
}
-static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
-{
- return;
-}
-
static int dummy_inode_rename (struct inode *old_inode,
struct dentry *old_dentry,
struct inode *new_inode,
set_to_dummy_if_null(ops, inode_free_security);
set_to_dummy_if_null(ops, inode_init_security);
set_to_dummy_if_null(ops, inode_create);
- set_to_dummy_if_null(ops, inode_post_create);
set_to_dummy_if_null(ops, inode_link);
set_to_dummy_if_null(ops, inode_post_link);
set_to_dummy_if_null(ops, inode_unlink);
set_to_dummy_if_null(ops, inode_symlink);
- set_to_dummy_if_null(ops, inode_post_symlink);
set_to_dummy_if_null(ops, inode_mkdir);
- set_to_dummy_if_null(ops, inode_post_mkdir);
set_to_dummy_if_null(ops, inode_rmdir);
set_to_dummy_if_null(ops, inode_mknod);
- set_to_dummy_if_null(ops, inode_post_mknod);
set_to_dummy_if_null(ops, inode_rename);
set_to_dummy_if_null(ops, inode_post_rename);
set_to_dummy_if_null(ops, inode_readlink);
return 0;
}
-/* Set the security attributes on a newly created file. */
-static int post_create(struct inode *dir,
- struct dentry *dentry)
-{
-
- struct task_security_struct *tsec;
- struct inode *inode;
- struct inode_security_struct *dsec;
- struct superblock_security_struct *sbsec;
- struct inode_security_struct *isec;
- u32 newsid;
- char *context;
- unsigned int len;
- int rc;
-
- tsec = current->security;
- dsec = dir->i_security;
- sbsec = dir->i_sb->s_security;
-
- inode = dentry->d_inode;
- if (!inode) {
- /* Some file system types (e.g. NFS) may not instantiate
- a dentry for all create operations (e.g. symlink),
- so we have to check to see if the inode is non-NULL. */
- printk(KERN_WARNING "post_create: no inode, dir (dev=%s, "
- "ino=%ld)\n", dir->i_sb->s_id, dir->i_ino);
- return 0;
- }
-
- isec = inode->i_security;
-
- if (isec->security_attr_init)
- return 0;
-
- if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
- newsid = tsec->create_sid;
- } else {
- rc = security_transition_sid(tsec->sid, dsec->sid,
- inode_mode_to_security_class(inode->i_mode),
- &newsid);
- if (rc) {
- printk(KERN_WARNING "post_create: "
- "security_transition_sid failed, rc=%d (dev=%s "
- "ino=%ld)\n",
- -rc, inode->i_sb->s_id, inode->i_ino);
- return rc;
- }
- }
-
- rc = inode_security_set_sid(inode, newsid);
- if (rc) {
- printk(KERN_WARNING "post_create: inode_security_set_sid "
- "failed, rc=%d (dev=%s ino=%ld)\n",
- -rc, inode->i_sb->s_id, inode->i_ino);
- return rc;
- }
-
- if (sbsec->behavior == SECURITY_FS_USE_XATTR &&
- inode->i_op->setxattr) {
- /* Use extended attributes. */
- rc = security_sid_to_context(newsid, &context, &len);
- if (rc) {
- printk(KERN_WARNING "post_create: sid_to_context "
- "failed, rc=%d (dev=%s ino=%ld)\n",
- -rc, inode->i_sb->s_id, inode->i_ino);
- return rc;
- }
- down(&inode->i_sem);
- rc = inode->i_op->setxattr(dentry,
- XATTR_NAME_SELINUX,
- context, len, 0);
- up(&inode->i_sem);
- kfree(context);
- if (rc < 0) {
- printk(KERN_WARNING "post_create: setxattr failed, "
- "rc=%d (dev=%s ino=%ld)\n",
- -rc, inode->i_sb->s_id, inode->i_ino);
- return rc;
- }
- }
-
- return 0;
-}
-
-
/* Hook functions begin here. */
static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
*len = clen;
}
- isec->security_attr_init = 1;
-
return 0;
}
return may_create(dir, dentry, SECCLASS_FILE);
}
-static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask)
-{
- post_create(dir, dentry);
-}
-
static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
{
int rc;
return may_create(dir, dentry, SECCLASS_LNK_FILE);
}
-static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name)
-{
- post_create(dir, dentry);
-}
-
static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
{
return may_create(dir, dentry, SECCLASS_DIR);
}
-static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask)
-{
- post_create(dir, dentry);
-}
-
static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
{
return may_link(dir, dentry, MAY_RMDIR);
return may_create(dir, dentry, inode_mode_to_security_class(mode));
}
-static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
-{
- post_create(dir, dentry);
-}
-
static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
struct inode *new_inode, struct dentry *new_dentry)
{
.inode_free_security = selinux_inode_free_security,
.inode_init_security = selinux_inode_init_security,
.inode_create = selinux_inode_create,
- .inode_post_create = selinux_inode_post_create,
.inode_link = selinux_inode_link,
.inode_post_link = selinux_inode_post_link,
.inode_unlink = selinux_inode_unlink,
.inode_symlink = selinux_inode_symlink,
- .inode_post_symlink = selinux_inode_post_symlink,
.inode_mkdir = selinux_inode_mkdir,
- .inode_post_mkdir = selinux_inode_post_mkdir,
.inode_rmdir = selinux_inode_rmdir,
.inode_mknod = selinux_inode_mknod,
- .inode_post_mknod = selinux_inode_post_mknod,
.inode_rename = selinux_inode_rename,
.inode_post_rename = selinux_inode_post_rename,
.inode_readlink = selinux_inode_readlink,
unsigned char initialized; /* initialization flag */
struct semaphore sem;
unsigned char inherit; /* inherit SID from parent entry */
- unsigned char security_attr_init; /* security attributes init flag */
};
struct file_security_struct {
projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff