diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 21:51:09 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-19 09:52:32 +1000 |
commit | 8a076191f373abaeb4aa5f6755d22e49db98940f (patch) | |
tree | 1311a11332abb0828999a7347a07509a68dffb5f /security/security.c | |
parent | d1a4be630fb068f251d64b62919f143c49ca8057 (diff) | |
download | linux-next-8a076191f373abaeb4aa5f6755d22e49db98940f.tar.gz |
LSM: Introduce inode_getsecid and ipc_getsecid hooks
Introduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid)
LSM hooks. These hooks will be used instead of similar exported
SELinux interfaces.
Let {inode,ipc,task}_getsecid hooks set the secid to 0 by default
if CONFIG_SECURITY is not defined or if the hook is set to
NULL (dummy). This is done to notify the caller that no valid
secid exists.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 9beecac933b4..290482bdbbb0 100644 --- a/security/security.c +++ b/security/security.c @@ -523,6 +523,11 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer return security_ops->inode_listsecurity(inode, buffer, buffer_size); } +void security_inode_getsecid(const struct inode *inode, u32 *secid) +{ + security_ops->inode_getsecid(inode, secid); +} + int security_file_permission(struct file *file, int mask) { return security_ops->file_permission(file, mask); @@ -712,6 +717,11 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return security_ops->ipc_permission(ipcp, flag); } +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +{ + security_ops->ipc_getsecid(ipcp, secid); +} + int security_msg_msg_alloc(struct msg_msg *msg) { return security_ops->msg_msg_alloc_security(msg); |