summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-01 21:51:09 +0200
committerJames Morris <jmorris@namei.org>2008-04-19 09:52:32 +1000
commit8a076191f373abaeb4aa5f6755d22e49db98940f (patch)
tree1311a11332abb0828999a7347a07509a68dffb5f /security/security.c
parentd1a4be630fb068f251d64b62919f143c49ca8057 (diff)
downloadlinux-next-8a076191f373abaeb4aa5f6755d22e49db98940f.tar.gz
LSM: Introduce inode_getsecid and ipc_getsecid hooks
Introduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid) LSM hooks. These hooks will be used instead of similar exported SELinux interfaces. Let {inode,ipc,task}_getsecid hooks set the secid to 0 by default if CONFIG_SECURITY is not defined or if the hook is set to NULL (dummy). This is done to notify the caller that no valid secid exists. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 9beecac933b4..290482bdbbb0 100644
--- a/security/security.c
+++ b/security/security.c
@@ -523,6 +523,11 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
return security_ops->inode_listsecurity(inode, buffer, buffer_size);
}
+void security_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+ security_ops->inode_getsecid(inode, secid);
+}
+
int security_file_permission(struct file *file, int mask)
{
return security_ops->file_permission(file, mask);
@@ -712,6 +717,11 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
return security_ops->ipc_permission(ipcp, flag);
}
+void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+ security_ops->ipc_getsecid(ipcp, secid);
+}
+
int security_msg_msg_alloc(struct msg_msg *msg)
{
return security_ops->msg_msg_alloc_security(msg);