fsnotify: new fsnotify hooks and events types for access decisions introduce a new fsnotify hook, fsnotify_perm(), which is called from the security code. This hook is used to allow fsnotify groups to make access control decisions about events on the system. We also must change the generic fsnotify function to return an error code if we intend these hooks to be in any way useful. Signed-off-by: Eric Paris <eparis@redhat.com>

commit: c4ec54b40d33f8016fea970a383cc584dd0e6019 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Thu Dec 17 21:24:34 2009 -0500
committer: Eric Paris <eparis@redhat.com> Wed Jul 28 09:59:01 2010 -0400
tree: 8e8865170cf340d1e79dc379f56417588715b2c8
parent: d14f1729483fad3a8817fbbcbd017678b7d1ad26 [diff] [blame]
diff --git a/security/security.c b/security/security.c
index 351942a..f6ac27c 100644
--- a/security/security.c
+++ b/security/security.c

@@ -620,7 +620,13 @@
 
 int security_file_permission(struct file *file, int mask)
 {
-	return security_ops->file_permission(file, mask);
+	int ret;
+
+	ret = security_ops->file_permission(file, mask);
+	if (ret)
+		return ret;
+
+	return fsnotify_perm(file, mask);
 }
 
 int security_file_alloc(struct file *file)
@@ -684,7 +690,13 @@
 
 int security_dentry_open(struct file *file, const struct cred *cred)
 {
-	return security_ops->dentry_open(file, cred);
+	int ret;
+
+	ret = security_ops->dentry_open(file, cred);
+	if (ret)
+		return ret;
+
+	return fsnotify_perm(file, MAY_OPEN);
 }
 
 int security_task_create(unsigned long clone_flags)
commit	c4ec54b40d33f8016fea970a383cc584dd0e6019	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Thu Dec 17 21:24:34 2009 -0500
committer	Eric Paris <eparis@redhat.com>	Wed Jul 28 09:59:01 2010 -0400
tree	8e8865170cf340d1e79dc379f56417588715b2c8
parent	d14f1729483fad3a8817fbbcbd017678b7d1ad26 [diff] [blame]