diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-12-29 00:02:29 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2016-02-19 01:14:03 +0300 |
commit | b44a7dfc6fa16e01f2497c9fa62c3926f94be174 (patch) | |
tree | b48ced5b7c84986778ca4ac3b6bf3f13c74f2ef2 /include/linux/security.h | |
parent | 4b2530d819e179ae3352c38a1ceff929a922d070 (diff) | |
download | linux-b44a7dfc6fa16e01f2497c9fa62c3926f94be174.tar.xz |
vfs: define a generic function to read a file from the kernel
For a while it was looked down upon to directly read files from Linux.
These days there exists a few mechanisms in the kernel that do just
this though to load a file into a local buffer. There are minor but
important checks differences on each. This patch set is the first
attempt at resolving some of these differences.
This patch introduces a common function for reading files from the kernel
with the corresponding security post-read hook and function.
Changelog v4+:
- export security_kernel_post_read_file() - Fengguang Wu
v3:
- additional bounds checking - Luis
v2:
- To simplify patch review, re-ordered patches
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: Luis R. Rodriguez <mcgrof@suse.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 4824a4ccaf1c..f30f5647d1e1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -301,6 +301,7 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_fw_from_file(struct file *file, char *buf, size_t size); int security_kernel_module_request(char *kmod_name); int security_kernel_module_from_file(struct file *file); +int security_kernel_post_read_file(struct file *file, char *buf, loff_t size); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); int security_task_setpgid(struct task_struct *p, pid_t pgid); @@ -866,6 +867,12 @@ static inline int security_kernel_module_from_file(struct file *file) return 0; } +static inline int security_kernel_post_read_file(struct file *file, + char *buf, loff_t size) +{ + return 0; +} + static inline int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) |