path: root/security
diff options
authorEric Paris <eparis@redhat.com>2009-12-17 21:24:34 -0500
committerEric Paris <eparis@redhat.com>2010-07-28 09:59:01 -0400
commitc4ec54b40d33f8016fea970a383cc584dd0e6019 (patch)
tree8e8865170cf340d1e79dc379f56417588715b2c8 /security
parentd14f1729483fad3a8817fbbcbd017678b7d1ad26 (diff)
fsnotify: new fsnotify hooks and events types for access decisions
introduce a new fsnotify hook, fsnotify_perm(), which is called from the security code. This hook is used to allow fsnotify groups to make access control decisions about events on the system. We also must change the generic fsnotify function to return an error code if we intend these hooks to be in any way useful. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
1 files changed, 14 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index 351942a4ca0..f6ac27cd345 100644
--- a/security/security.c
+++ b/security/security.c
@@ -620,7 +620,13 @@ void security_inode_getsecid(const struct inode *inode, u32 *secid)
int security_file_permission(struct file *file, int mask)
- return security_ops->file_permission(file, mask);
+ int ret;
+ ret = security_ops->file_permission(file, mask);
+ if (ret)
+ return ret;
+ return fsnotify_perm(file, mask);
int security_file_alloc(struct file *file)
@@ -684,7 +690,13 @@ int security_file_receive(struct file *file)
int security_dentry_open(struct file *file, const struct cred *cred)
- return security_ops->dentry_open(file, cred);
+ int ret;
+ ret = security_ops->dentry_open(file, cred);
+ if (ret)
+ return ret;
+ return fsnotify_perm(file, MAY_OPEN);
int security_task_create(unsigned long clone_flags)