fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
Extending the secure anonymous inode support to other subsystems requires that we have a secure anon_inode_getfile() variant in addition to the existing secure anon_inode_getfd() variant. Thankfully we can reuse the existing __anon_inode_getfile() function and just wrap it with the proper arguments. Acked-by: Mickaël Salaün <mic@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore
parent
67daf270ce
commit
3a862cacf8
|
|
@ -148,6 +148,35 @@ struct file *anon_inode_getfile(const char *name,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(anon_inode_getfile);
|
EXPORT_SYMBOL_GPL(anon_inode_getfile);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* anon_inode_getfile_secure - Like anon_inode_getfile(), but creates a new
|
||||||
|
* !S_PRIVATE anon inode rather than reuse the
|
||||||
|
* singleton anon inode and calls the
|
||||||
|
* inode_init_security_anon() LSM hook. This
|
||||||
|
* allows for both the inode to have its own
|
||||||
|
* security context and for the LSM to enforce
|
||||||
|
* policy on the inode's creation.
|
||||||
|
*
|
||||||
|
* @name: [in] name of the "class" of the new file
|
||||||
|
* @fops: [in] file operations for the new file
|
||||||
|
* @priv: [in] private data for the new file (will be file's private_data)
|
||||||
|
* @flags: [in] flags
|
||||||
|
* @context_inode:
|
||||||
|
* [in] the logical relationship with the new inode (optional)
|
||||||
|
*
|
||||||
|
* The LSM may use @context_inode in inode_init_security_anon(), but a
|
||||||
|
* reference to it is not held. Returns the newly created file* or an error
|
||||||
|
* pointer. See the anon_inode_getfile() documentation for more information.
|
||||||
|
*/
|
||||||
|
struct file *anon_inode_getfile_secure(const char *name,
|
||||||
|
const struct file_operations *fops,
|
||||||
|
void *priv, int flags,
|
||||||
|
const struct inode *context_inode)
|
||||||
|
{
|
||||||
|
return __anon_inode_getfile(name, fops, priv, flags,
|
||||||
|
context_inode, true);
|
||||||
|
}
|
||||||
|
|
||||||
static int __anon_inode_getfd(const char *name,
|
static int __anon_inode_getfd(const char *name,
|
||||||
const struct file_operations *fops,
|
const struct file_operations *fops,
|
||||||
void *priv, int flags,
|
void *priv, int flags,
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,10 @@ struct inode;
|
||||||
struct file *anon_inode_getfile(const char *name,
|
struct file *anon_inode_getfile(const char *name,
|
||||||
const struct file_operations *fops,
|
const struct file_operations *fops,
|
||||||
void *priv, int flags);
|
void *priv, int flags);
|
||||||
|
struct file *anon_inode_getfile_secure(const char *name,
|
||||||
|
const struct file_operations *fops,
|
||||||
|
void *priv, int flags,
|
||||||
|
const struct inode *context_inode);
|
||||||
int anon_inode_getfd(const char *name, const struct file_operations *fops,
|
int anon_inode_getfd(const char *name, const struct file_operations *fops,
|
||||||
void *priv, int flags);
|
void *priv, int flags);
|
||||||
int anon_inode_getfd_secure(const char *name,
|
int anon_inode_getfd_secure(const char *name,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue