lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <46825D77.4050608@gmail.com>
Date:	Wed, 27 Jun 2007 20:52:07 +0800
From:	Hawk Xu <hxunix@...il.com>
To:	linux-security-module@...r.kernel.org
CC:	linux-kernel@...r.kernel.org, jmorris@...ei.org, serue@...ibm.com,
	chrisw@...s-sol.org, sds@...ho.nsa.gov, greg@...ah.com,
	eparis@...hat.com
Subject: [PATCH] [RFC] security: add hook inode_post_removexattr

Add hook inode_post_removexattr for updating inode security field after successful removexattr operation.

Signed-off-by: Hawk Xu <hxunix@...il.com>
---


  fs/xattr.c               |    7 +++++--
  include/linux/security.h |   19 +++++++++++++++++++
  security/dummy.c         |    6 ++++++
  3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/fs/xattr.c b/fs/xattr.c
index 4523aca..22c2438 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -180,10 +180,13 @@ vfs_removexattr(struct dentry *dentry, char *name)

  	mutex_lock(&inode->i_mutex);
  	error = inode->i_op->removexattr(dentry, name);
+	if (!error) {
+		fsnotify_xattr(dentry);
+		security_inode_post_removexattr(dentry, name, value,
+						size, flags);
+	}
  	mutex_unlock(&inode->i_mutex);

-	if (!error)
-		fsnotify_xattr(dentry);
  	return error;
  }
  EXPORT_SYMBOL_GPL(vfs_removexattr);
diff --git a/include/linux/security.h b/include/linux/security.h
index 1a362c8..5100b23 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -393,6 +393,9 @@ struct request_sock;
   * 	Check permission before removing the extended attribute
   * 	identified by @name for @dentry.
   * 	Return 0 if permission is granted.
+ * @inode_post_removexattr:
+ * 	Update inode security field after successful removexattr operation.
+ * 	@value identified by @name for @dentry.
   * @inode_getsecurity:
   *	Copy the extended attribute representation of the security label
   *	associated with @name for @inode into @buffer.  @buffer may be
@@ -1234,6 +1237,8 @@ struct security_operations {
  	int (*inode_getxattr) (struct dentry *dentry, char *name);
  	int (*inode_listxattr) (struct dentry *dentry);
  	int (*inode_removexattr) (struct dentry *dentry, char *name);
+	void (*inode_post_removexattr) (struct dentry *dentry, char *name,
+					void *value, size_t size, int flags);
  	const char *(*inode_xattr_getsuffix) (void);
    	int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
    	int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
@@ -1769,6 +1774,15 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
  	return security_ops->inode_removexattr (dentry, name);
  }

+static inline void security_inode_post_removexattr (struct dentry *dentry,
+						char *name, void *value,
+						size_t size, int flags)
+{
+	if (unlikely (IS_PRIVATE (dentry->d_inode)))
+		return;
+	security_ops->inode_post_removexattr (dentry, name, value, size, flags);
+}
+
  static inline const char *security_inode_xattr_getsuffix(void)
  {
  	return security_ops->inode_xattr_getsuffix();
@@ -2452,6 +2466,11 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
  	return cap_inode_removexattr(dentry, name);
  }

+static inline void security_inode_post_removexattr (struct dentry *dentry,
+						char *name, void *value,
+						size_t size, int flags)
+{ }
+
  static inline const char *security_inode_xattr_getsuffix (void)
  {
  	return NULL ;
diff --git a/security/dummy.c b/security/dummy.c
index bdd0d70..4953f06 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -377,6 +377,11 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name)
  	return 0;
  }

+static void dummy_inode_post_removexattr (struct dentry *dentry, char *name,
+					void *value, size_t size, int flags)
+{
+}
+
  static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
  {
  	return -EOPNOTSUPP;
@@ -1014,6 +1019,7 @@ void security_fixup_ops (struct security_operations *ops)
  	set_to_dummy_if_null(ops, inode_getxattr);
  	set_to_dummy_if_null(ops, inode_listxattr);
  	set_to_dummy_if_null(ops, inode_removexattr);
+	set_to_dummy_if_null(ops, inode_post_removexattr);
  	set_to_dummy_if_null(ops, inode_xattr_getsuffix);
  	set_to_dummy_if_null(ops, inode_getsecurity);
  	set_to_dummy_if_null(ops, inode_setsecurity);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ