Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 49ac74f2 authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "security: selinux: Add Per-File-Encryption hooks"

parents 9a284a67 dc43671f

block/blk-merge.c

+5 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 
#include <linux/bio.h>

#include <linux/blkdev.h>

#include <linux/scatterlist.h>

#include <linux/security.h>



#include "blk.h"
@@ -527,6 +528,10 @@ bool blk_rq_merge_ok(struct request *rq, struct bio *bio) 
	    !blk_write_same_mergeable(rq->bio, bio))

		return false;



	/* Don't merge bios of files with different encryption */

	if (!security_allow_merge_bio(rq->bio, bio))

		return false;



	return true;

}

fs/namei.c

+15 −3
Original line number Diff line number Diff line
@@ -2328,6 +2328,11 @@ int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, 
	if (error)

		return error;

	error = dir->i_op->create(dir, dentry, mode, want_excl);

	if (error)

		return error;

	error = security_inode_post_create(dir, dentry, mode);

	if (error)

		return error;

	if (!error)

		fsnotify_create(dir, dentry);

	return error;
@@ -3138,9 +3143,16 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) 
		return error;



	error = dir->i_op->mknod(dir, dentry, mode, dev);

	if (!error)

		fsnotify_create(dir, dentry);

	if (error)

		return error;



	error = security_inode_post_create(dir, dentry, mode);

	if (error)

		return error;



	fsnotify_create(dir, dentry);



	return 0;

}



static int may_mknod(umode_t mode)

fs/open.c

+1 −0
Original line number Diff line number Diff line
@@ -1003,6 +1003,7 @@ int filp_close(struct file *filp, fl_owner_t id) 
		dnotify_flush(filp, id);

		locks_remove_posix(filp, id);

	}

	security_file_close(filp);

	fput(filp);

	return retval;

}

include/linux/security.h

+27 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ 
#include <linux/capability.h>

#include <linux/slab.h>

#include <linux/err.h>

#include <linux/bio.h>



struct linux_binprm;

struct cred;
@@ -1474,6 +1475,8 @@ struct security_operations { 
				    void **value, size_t *len);

	int (*inode_create) (struct inode *dir,

			     struct dentry *dentry, umode_t mode);

	int (*inode_post_create) (struct inode *dir,

			     struct dentry *dentry, umode_t mode);

	int (*inode_link) (struct dentry *old_dentry,

			   struct inode *dir, struct dentry *new_dentry);

	int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
@@ -1524,6 +1527,8 @@ struct security_operations { 
				    struct fown_struct *fown, int sig);

	int (*file_receive) (struct file *file);

	int (*file_open) (struct file *file, const struct cred *cred);

	int (*file_close) (struct file *file);

	bool (*allow_merge_bio)(struct bio *bio1, struct bio *bio2);



	int (*task_create) (unsigned long clone_flags);

	void (*task_free) (struct task_struct *task);
@@ -1748,6 +1753,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, 
				     const struct qstr *qstr, char **name,

				     void **value, size_t *len);

int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);

int security_inode_post_create(struct inode *dir, struct dentry *dentry,

			       umode_t mode);

int security_inode_link(struct dentry *old_dentry, struct inode *dir,

			 struct dentry *new_dentry);

int security_inode_unlink(struct inode *dir, struct dentry *dentry);
@@ -1792,6 +1799,9 @@ int security_file_send_sigiotask(struct task_struct *tsk, 
				 struct fown_struct *fown, int sig);

int security_file_receive(struct file *file);

int security_file_open(struct file *file, const struct cred *cred);

int security_file_close(struct file *file);

bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2);



int security_task_create(unsigned long clone_flags);

void security_task_free(struct task_struct *task);

int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
@@ -2089,6 +2099,13 @@ static inline int security_inode_create(struct inode *dir, 
	return 0;

}



static inline int security_inode_post_create(struct inode *dir,

					     struct dentry *dentry,

					     umode_t mode)

{

	return 0;

}



static inline int security_inode_link(struct dentry *old_dentry,

				       struct inode *dir,

				       struct dentry *new_dentry)
@@ -2293,6 +2310,16 @@ static inline int security_file_open(struct file *file, 
	return 0;

}



static inline int security_file_close(struct file *file)

{

	return 0;

}



static inline bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2)

{

	return true;

}



static inline int security_task_create(unsigned long clone_flags)

{

	return 0;

security/security.c

+26 −0
Original line number Diff line number Diff line
@@ -487,6 +487,16 @@ int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode 
}

EXPORT_SYMBOL_GPL(security_inode_create);



int security_inode_post_create(struct inode *dir, struct dentry *dentry,

			       umode_t mode)

{

	if (unlikely(IS_PRIVATE(dir)))

		return 0;

	if (security_ops->inode_post_create == NULL)

		return 0;

	return security_ops->inode_post_create(dir, dentry, mode);

}



int security_inode_link(struct dentry *old_dentry, struct inode *dir,

			 struct dentry *new_dentry)

{
@@ -792,6 +802,22 @@ int security_file_open(struct file *file, const struct cred *cred) 
	return fsnotify_perm(file, MAY_OPEN);

}



int security_file_close(struct file *file)

{

	if (security_ops->file_close)

		return security_ops->file_close(file);



	return 0;

}



bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2)

{

	if (security_ops->allow_merge_bio)

		return security_ops->allow_merge_bio(bio1, bio2);



	return true;

}



int security_task_create(unsigned long clone_flags)

{

	return security_ops->task_create(clone_flags);