aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2009-10-04 21:49:47 +0900
committerJames Morris <jmorris@namei.org>2009-10-12 10:56:00 +1100
commit89eda06837094ce9f34fae269b8773fcfd70f046 (patch)
treedc11701c68ebcc8346d7567cfb53b9c7327ef445 /security/capability.c
parent941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e (diff)
downloadkernel_samsung_aries-89eda06837094ce9f34fae269b8773fcfd70f046.zip
kernel_samsung_aries-89eda06837094ce9f34fae269b8773fcfd70f046.tar.gz
kernel_samsung_aries-89eda06837094ce9f34fae269b8773fcfd70f046.tar.bz2
LSM: Add security_path_chmod() and security_path_chown().
This patch allows pathname based LSM modules to check chmod()/chown() operations. Since notify_change() does not receive "struct vfsmount *", we add security_path_chmod() and security_path_chown() to the caller of notify_change(). These hooks are used by TOMOYO. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index fce07a7..09279a8 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -308,6 +308,17 @@ static int cap_path_truncate(struct path *path, loff_t length,
{
return 0;
}
+
+static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+ mode_t mode)
+{
+ return 0;
+}
+
+static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+ return 0;
+}
#endif
static int cap_file_permission(struct file *file, int mask)
@@ -977,6 +988,8 @@ void security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, path_link);
set_to_cap_if_null(ops, path_rename);
set_to_cap_if_null(ops, path_truncate);
+ set_to_cap_if_null(ops, path_chmod);
+ set_to_cap_if_null(ops, path_chown);
#endif
set_to_cap_if_null(ops, file_permission);
set_to_cap_if_null(ops, file_alloc_security);