Blame view
security/inode.c
10.5 KB
b67dbf9d4 [PATCH] add secur... |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
/* * inode.c - securityfs * * Copyright (C) 2005 Greg Kroah-Hartman <gregkh@suse.de> * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License version * 2 as published by the Free Software Foundation. * * Based on fs/debugfs/inode.c which had the following copyright notice: * Copyright (C) 2004 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2004 IBM Inc. */ /* #define DEBUG */ |
b67dbf9d4 [PATCH] add secur... |
16 17 18 19 20 21 22 |
#include <linux/module.h> #include <linux/fs.h> #include <linux/mount.h> #include <linux/pagemap.h> #include <linux/init.h> #include <linux/namei.h> #include <linux/security.h> |
d69dece5f LSM: Add /sys/ker... |
23 |
#include <linux/lsm_hooks.h> |
925629278 integrity: specia... |
24 |
#include <linux/magic.h> |
b67dbf9d4 [PATCH] add secur... |
25 26 27 |
static struct vfsmount *mount; static int mount_count; |
6623ec7c4 securityfs: add t... |
28 29 30 31 32 33 34 35 36 37 38 39 |
static void securityfs_evict_inode(struct inode *inode) { truncate_inode_pages_final(&inode->i_data); clear_inode(inode); if (S_ISLNK(inode->i_mode)) kfree(inode->i_link); } static const struct super_operations securityfs_super_operations = { .statfs = simple_statfs, .evict_inode = securityfs_evict_inode, }; |
b67dbf9d4 [PATCH] add secur... |
40 41 |
static int fill_super(struct super_block *sb, void *data, int silent) { |
cda37124f fs: constify tree... |
42 |
static const struct tree_descr files[] = {{""}}; |
6623ec7c4 securityfs: add t... |
43 44 45 46 47 48 49 |
int error; error = simple_fill_super(sb, SECURITYFS_MAGIC, files); if (error) return error; sb->s_op = &securityfs_super_operations; |
b67dbf9d4 [PATCH] add secur... |
50 |
|
6623ec7c4 securityfs: add t... |
51 |
return 0; |
b67dbf9d4 [PATCH] add secur... |
52 |
} |
fc14f2fef convert get_sb_si... |
53 |
static struct dentry *get_sb(struct file_system_type *fs_type, |
454e2398b [PATCH] VFS: Perm... |
54 |
int flags, const char *dev_name, |
fc14f2fef convert get_sb_si... |
55 |
void *data) |
b67dbf9d4 [PATCH] add secur... |
56 |
{ |
fc14f2fef convert get_sb_si... |
57 |
return mount_single(fs_type, flags, data, fill_super); |
b67dbf9d4 [PATCH] add secur... |
58 59 60 61 62 |
} static struct file_system_type fs_type = { .owner = THIS_MODULE, .name = "securityfs", |
fc14f2fef convert get_sb_si... |
63 |
.mount = get_sb, |
b67dbf9d4 [PATCH] add secur... |
64 65 |
.kill_sb = kill_litter_super, }; |
b67dbf9d4 [PATCH] add secur... |
66 |
/** |
6623ec7c4 securityfs: add t... |
67 |
* securityfs_create_dentry - create a dentry in the securityfs filesystem |
b67dbf9d4 [PATCH] add secur... |
68 69 70 71 |
* * @name: a pointer to a string containing the name of the file to create. * @mode: the permission that the file should have * @parent: a pointer to the parent dentry for this file. This should be a |
3f23d815c security: add/fix... |
72 |
* directory dentry if set. If this parameter is %NULL, then the |
b67dbf9d4 [PATCH] add secur... |
73 74 |
* file will be created in the root of the securityfs filesystem. * @data: a pointer to something that the caller will want to get to later |
8e18e2941 [PATCH] inode_die... |
75 |
* on. The inode.i_private pointer will point to this value on |
b67dbf9d4 [PATCH] add secur... |
76 77 78 |
* the open() call. * @fops: a pointer to a struct file_operations that should be used for * this file. |
6623ec7c4 securityfs: add t... |
79 80 |
* @iops: a point to a struct of inode_operations that should be used for * this file/dir |
b67dbf9d4 [PATCH] add secur... |
81 |
* |
6623ec7c4 securityfs: add t... |
82 83 84 85 86 |
* This is the basic "create a file/dir/symlink" function for * securityfs. It allows for a wide range of flexibility in creating * a file, or a directory (if you want to create a directory, the * securityfs_create_dir() function is recommended to be used * instead). |
b67dbf9d4 [PATCH] add secur... |
87 |
* |
3f23d815c security: add/fix... |
88 |
* This function returns a pointer to a dentry if it succeeds. This |
6623ec7c4 securityfs: add t... |
89 90 91 92 |
* pointer must be passed to the securityfs_remove() function when the * file is to be removed (no automatic cleanup happens if your module * is unloaded, you are responsible here). If an error occurs, the * function will return the error value (via ERR_PTR). |
b67dbf9d4 [PATCH] add secur... |
93 |
* |
3f23d815c security: add/fix... |
94 |
* If securityfs is not enabled in the kernel, the value %-ENODEV is |
faa3aad75 securityfs: fix l... |
95 |
* returned. |
b67dbf9d4 [PATCH] add secur... |
96 |
*/ |
6623ec7c4 securityfs: add t... |
97 98 99 100 |
static struct dentry *securityfs_create_dentry(const char *name, umode_t mode, struct dentry *parent, void *data, const struct file_operations *fops, const struct inode_operations *iops) |
b67dbf9d4 [PATCH] add secur... |
101 |
{ |
3e25eb9c4 securityfs: fix o... |
102 |
struct dentry *dentry; |
3e25eb9c4 securityfs: fix o... |
103 |
struct inode *dir, *inode; |
b67dbf9d4 [PATCH] add secur... |
104 |
int error; |
6623ec7c4 securityfs: add t... |
105 |
if (!(mode & S_IFMT)) |
3e25eb9c4 securityfs: fix o... |
106 |
mode = (mode & S_IALLUGO) | S_IFREG; |
3e25eb9c4 securityfs: fix o... |
107 |
|
b67dbf9d4 [PATCH] add secur... |
108 109 |
pr_debug("securityfs: creating file '%s' ",name); |
1f5ce9e93 VFS: Unexport do_... |
110 |
error = simple_pin_fs(&fs_type, &mount, &mount_count); |
3e25eb9c4 securityfs: fix o... |
111 112 113 114 115 |
if (error) return ERR_PTR(error); if (!parent) parent = mount->mnt_root; |
ce0b16ddf VFS: security/: d... |
116 |
dir = d_inode(parent); |
3e25eb9c4 securityfs: fix o... |
117 |
|
5955102c9 wrappers for ->i_... |
118 |
inode_lock(dir); |
3e25eb9c4 securityfs: fix o... |
119 120 121 |
dentry = lookup_one_len(name, parent, strlen(name)); if (IS_ERR(dentry)) goto out; |
ce0b16ddf VFS: security/: d... |
122 |
if (d_really_is_positive(dentry)) { |
3e25eb9c4 securityfs: fix o... |
123 124 |
error = -EEXIST; goto out1; |
b67dbf9d4 [PATCH] add secur... |
125 |
} |
3e25eb9c4 securityfs: fix o... |
126 127 128 129 |
inode = new_inode(dir->i_sb); if (!inode) { error = -ENOMEM; goto out1; |
b67dbf9d4 [PATCH] add secur... |
130 |
} |
3e25eb9c4 securityfs: fix o... |
131 132 |
inode->i_ino = get_next_ino(); inode->i_mode = mode; |
078cd8279 fs: Replace CURRE... |
133 |
inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); |
3e25eb9c4 securityfs: fix o... |
134 |
inode->i_private = data; |
6623ec7c4 securityfs: add t... |
135 |
if (S_ISDIR(mode)) { |
3e25eb9c4 securityfs: fix o... |
136 137 138 139 |
inode->i_op = &simple_dir_inode_operations; inode->i_fop = &simple_dir_operations; inc_nlink(inode); inc_nlink(dir); |
6623ec7c4 securityfs: add t... |
140 141 142 |
} else if (S_ISLNK(mode)) { inode->i_op = iops ? iops : &simple_symlink_inode_operations; inode->i_link = data; |
3e25eb9c4 securityfs: fix o... |
143 144 |
} else { inode->i_fop = fops; |
b67dbf9d4 [PATCH] add secur... |
145 |
} |
3e25eb9c4 securityfs: fix o... |
146 147 |
d_instantiate(dentry, inode); dget(dentry); |
5955102c9 wrappers for ->i_... |
148 |
inode_unlock(dir); |
3e25eb9c4 securityfs: fix o... |
149 150 151 152 153 154 |
return dentry; out1: dput(dentry); dentry = ERR_PTR(error); out: |
5955102c9 wrappers for ->i_... |
155 |
inode_unlock(dir); |
3e25eb9c4 securityfs: fix o... |
156 |
simple_release_fs(&mount, &mount_count); |
b67dbf9d4 [PATCH] add secur... |
157 158 |
return dentry; } |
6623ec7c4 securityfs: add t... |
159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 |
/** * securityfs_create_file - create a file in the securityfs filesystem * * @name: a pointer to a string containing the name of the file to create. * @mode: the permission that the file should have * @parent: a pointer to the parent dentry for this file. This should be a * directory dentry if set. If this parameter is %NULL, then the * file will be created in the root of the securityfs filesystem. * @data: a pointer to something that the caller will want to get to later * on. The inode.i_private pointer will point to this value on * the open() call. * @fops: a pointer to a struct file_operations that should be used for * this file. * * This function creates a file in securityfs with the given @name. * * This function returns a pointer to a dentry if it succeeds. This * pointer must be passed to the securityfs_remove() function when the file is * to be removed (no automatic cleanup happens if your module is unloaded, * you are responsible here). If an error occurs, the function will return * the error value (via ERR_PTR). * * If securityfs is not enabled in the kernel, the value %-ENODEV is * returned. */ struct dentry *securityfs_create_file(const char *name, umode_t mode, struct dentry *parent, void *data, const struct file_operations *fops) { return securityfs_create_dentry(name, mode, parent, data, fops, NULL); } |
b67dbf9d4 [PATCH] add secur... |
191 192 193 194 195 196 197 198 |
EXPORT_SYMBOL_GPL(securityfs_create_file); /** * securityfs_create_dir - create a directory in the securityfs filesystem * * @name: a pointer to a string containing the name of the directory to * create. * @parent: a pointer to the parent dentry for this file. This should be a |
3f23d815c security: add/fix... |
199 |
* directory dentry if set. If this parameter is %NULL, then the |
b67dbf9d4 [PATCH] add secur... |
200 201 |
* directory will be created in the root of the securityfs filesystem. * |
3f23d815c security: add/fix... |
202 |
* This function creates a directory in securityfs with the given @name. |
b67dbf9d4 [PATCH] add secur... |
203 |
* |
3f23d815c security: add/fix... |
204 |
* This function returns a pointer to a dentry if it succeeds. This |
b67dbf9d4 [PATCH] add secur... |
205 206 |
* pointer must be passed to the securityfs_remove() function when the file is * to be removed (no automatic cleanup happens if your module is unloaded, |
1b4606511 securityfs: fix s... |
207 208 |
* you are responsible here). If an error occurs, the function will return * the error value (via ERR_PTR). |
b67dbf9d4 [PATCH] add secur... |
209 |
* |
3f23d815c security: add/fix... |
210 |
* If securityfs is not enabled in the kernel, the value %-ENODEV is |
1b4606511 securityfs: fix s... |
211 |
* returned. |
b67dbf9d4 [PATCH] add secur... |
212 213 214 |
*/ struct dentry *securityfs_create_dir(const char *name, struct dentry *parent) { |
6623ec7c4 securityfs: add t... |
215 |
return securityfs_create_file(name, S_IFDIR | 0755, parent, NULL, NULL); |
b67dbf9d4 [PATCH] add secur... |
216 217 218 219 |
} EXPORT_SYMBOL_GPL(securityfs_create_dir); /** |
6623ec7c4 securityfs: add t... |
220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 |
* securityfs_create_symlink - create a symlink in the securityfs filesystem * * @name: a pointer to a string containing the name of the symlink to * create. * @parent: a pointer to the parent dentry for the symlink. This should be a * directory dentry if set. If this parameter is %NULL, then the * directory will be created in the root of the securityfs filesystem. * @target: a pointer to a string containing the name of the symlink's target. * If this parameter is %NULL, then the @iops parameter needs to be * setup to handle .readlink and .get_link inode_operations. * @iops: a pointer to the struct inode_operations to use for the symlink. If * this parameter is %NULL, then the default simple_symlink_inode * operations will be used. * * This function creates a symlink in securityfs with the given @name. * * This function returns a pointer to a dentry if it succeeds. This * pointer must be passed to the securityfs_remove() function when the file is * to be removed (no automatic cleanup happens if your module is unloaded, * you are responsible here). If an error occurs, the function will return * the error value (via ERR_PTR). * * If securityfs is not enabled in the kernel, the value %-ENODEV is * returned. */ struct dentry *securityfs_create_symlink(const char *name, struct dentry *parent, const char *target, const struct inode_operations *iops) { struct dentry *dent; char *link = NULL; if (target) { link = kstrdup(target, GFP_KERNEL); if (!link) return ERR_PTR(-ENOMEM); } dent = securityfs_create_dentry(name, S_IFLNK | 0444, parent, link, NULL, iops); if (IS_ERR(dent)) kfree(link); return dent; } EXPORT_SYMBOL_GPL(securityfs_create_symlink); /** |
b67dbf9d4 [PATCH] add secur... |
268 269 |
* securityfs_remove - removes a file or directory from the securityfs filesystem * |
3f23d815c security: add/fix... |
270 |
* @dentry: a pointer to a the dentry of the file or directory to be removed. |
b67dbf9d4 [PATCH] add secur... |
271 272 273 274 275 276 |
* * This function removes a file or directory in securityfs that was previously * created with a call to another securityfs function (like * securityfs_create_file() or variants thereof.) * * This function is required to be called in order for the file to be |
3f23d815c security: add/fix... |
277 278 |
* removed. No automatic cleanup of files will happen when a module is * removed; you are responsible here. |
b67dbf9d4 [PATCH] add secur... |
279 280 281 |
*/ void securityfs_remove(struct dentry *dentry) { |
4093d306a securityfs: ->d_p... |
282 |
struct inode *dir; |
b67dbf9d4 [PATCH] add secur... |
283 |
|
d93e4c940 securityfs: secur... |
284 |
if (!dentry || IS_ERR(dentry)) |
b67dbf9d4 [PATCH] add secur... |
285 |
return; |
4093d306a securityfs: ->d_p... |
286 287 |
dir = d_inode(dentry->d_parent); inode_lock(dir); |
dc3f4198e make simple_posit... |
288 289 |
if (simple_positive(dentry)) { if (d_is_dir(dentry)) |
4093d306a securityfs: ->d_p... |
290 |
simple_rmdir(dir, dentry); |
dc3f4198e make simple_posit... |
291 |
else |
4093d306a securityfs: ->d_p... |
292 |
simple_unlink(dir, dentry); |
dc3f4198e make simple_posit... |
293 |
dput(dentry); |
b67dbf9d4 [PATCH] add secur... |
294 |
} |
4093d306a securityfs: ->d_p... |
295 |
inode_unlock(dir); |
b67dbf9d4 [PATCH] add secur... |
296 297 298 |
simple_release_fs(&mount, &mount_count); } EXPORT_SYMBOL_GPL(securityfs_remove); |
d69dece5f LSM: Add /sys/ker... |
299 300 301 302 303 304 305 306 307 308 309 310 311 312 |
#ifdef CONFIG_SECURITY static struct dentry *lsm_dentry; static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { return simple_read_from_buffer(buf, count, ppos, lsm_names, strlen(lsm_names)); } static const struct file_operations lsm_ops = { .read = lsm_read, .llseek = generic_file_llseek, }; #endif |
b67dbf9d4 [PATCH] add secur... |
313 314 315 |
static int __init securityfs_init(void) { int retval; |
f9bb48825 sysfs: Create mou... |
316 317 318 |
retval = sysfs_create_mount_point(kernel_kobj, "security"); if (retval) return retval; |
b67dbf9d4 [PATCH] add secur... |
319 320 |
retval = register_filesystem(&fs_type); |
d69dece5f LSM: Add /sys/ker... |
321 |
if (retval) { |
f9bb48825 sysfs: Create mou... |
322 |
sysfs_remove_mount_point(kernel_kobj, "security"); |
d69dece5f LSM: Add /sys/ker... |
323 324 325 326 327 328 329 |
return retval; } #ifdef CONFIG_SECURITY lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops); #endif return 0; |
b67dbf9d4 [PATCH] add secur... |
330 |
} |
b67dbf9d4 [PATCH] add secur... |
331 |
core_initcall(securityfs_init); |
b67dbf9d4 [PATCH] add secur... |
332 |
MODULE_LICENSE("GPL"); |