smack: Implement the watch_key and post_notification hooks

Implement the watch_key security hook in Smack to make sure that a key grants the caller Read permission in order to set a watch on a key. Also implement the post_notification security hook to make sure that the notification source is granted Write permission by the watch queue. For the moment, the watch_devices security hook is left unimplemented as it's not obvious what the object should be since the queue is global and didn't previously exist. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
author: David Howells <dhowells@redhat.com> 2020-01-14 20:07:13 +0300
committer: David Howells <dhowells@redhat.com> 2020-05-19 17:47:38 +0300
commit: a8478a602913dc89a7cd2060e613edecd07e1dbd (patch)
tree: dab2ce77466d2de20ae20034eda3f17c8f51f422 /include/linux/lsm_audit.h
parent: 3e412ccc22e25666772094fb5ca01af056c54471 (diff)
download: linux-a8478a602913dc89a7cd2060e613edecd07e1dbd.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 99d629fd9944..28f23b341c1c 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -75,6 +75,7 @@ struct common_audit_data {
 #define LSM_AUDIT_DATA_IBPKEY	13
 #define LSM_AUDIT_DATA_IBENDPORT 14
 #define LSM_AUDIT_DATA_LOCKDOWN 15
+#define LSM_AUDIT_DATA_NOTIFICATION 16
 	union 	{
 		struct path path;
 		struct dentry *dentry;
author	David Howells <dhowells@redhat.com>	2020-01-14 20:07:13 +0300
committer	David Howells <dhowells@redhat.com>	2020-05-19 17:47:38 +0300
commit	a8478a602913dc89a7cd2060e613edecd07e1dbd (patch)
tree	dab2ce77466d2de20ae20034eda3f17c8f51f422 /include/linux/lsm_audit.h
parent	3e412ccc22e25666772094fb5ca01af056c54471 (diff)
download	linux-a8478a602913dc89a7cd2060e613edecd07e1dbd.tar.xz