diff options
author | Andreas Gruenbacher <agruenba@redhat.com> | 2015-12-24 11:09:40 -0500 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2015-12-24 11:09:40 -0500 |
commit | 6f3be9f562e3027c77bc4482ccf2cea8600a7f74 (patch) | |
tree | 3f854d23263cefa95365b9e671b3347404083079 /security/security.c | |
parent | 83da53c5a34564a0a63b26f84293c6e2a639e1e4 (diff) |
security: Add hook to invalidate inode security labels
Add a hook to invalidate an inode's security label when the cached
information becomes invalid.
Add the new hook in selinux: set a flag when a security label becomes
invalid.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index c5beb7e90721..e8ffd92ae2eb 100644 --- a/security/security.c +++ b/security/security.c @@ -1161,6 +1161,12 @@ void security_release_secctx(char *secdata, u32 seclen) } EXPORT_SYMBOL(security_release_secctx); +void security_inode_invalidate_secctx(struct inode *inode) +{ + call_void_hook(inode_invalidate_secctx, inode); +} +EXPORT_SYMBOL(security_inode_invalidate_secctx); + int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) { return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen); @@ -1763,6 +1769,8 @@ struct security_hook_heads security_hook_heads = { LIST_HEAD_INIT(security_hook_heads.secctx_to_secid), .release_secctx = LIST_HEAD_INIT(security_hook_heads.release_secctx), + .inode_invalidate_secctx = + LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx), .inode_notifysecctx = LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx), .inode_setsecctx = |