Commit 3a862cac authored by Paul Moore's avatar Paul Moore
Browse files

fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() 



Extending the secure anonymous inode support to other subsystems
requires that we have a secure anon_inode_getfile() variant in
addition to the existing secure anon_inode_getfd() variant.

Thankfully we can reuse the existing __anon_inode_getfile() function
and just wrap it with the proper arguments.

Acked-by: default avatarMickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 67daf270

fs/anon_inodes.c

+29 −0
Original line number Diff line number Diff line
@@ -148,6 +148,35 @@ struct file *anon_inode_getfile(const char *name, 
}

EXPORT_SYMBOL_GPL(anon_inode_getfile);



/**

 * anon_inode_getfile_secure - Like anon_inode_getfile(), but creates a new

 *                             !S_PRIVATE anon inode rather than reuse the

 *                             singleton anon inode and calls the

 *                             inode_init_security_anon() LSM hook.  This

 *                             allows for both the inode to have its own

 *                             security context and for the LSM to enforce

 *                             policy on the inode's creation.

 *

 * @name:    [in]    name of the "class" of the new file

 * @fops:    [in]    file operations for the new file

 * @priv:    [in]    private data for the new file (will be file's private_data)

 * @flags:   [in]    flags

 * @context_inode:

 *           [in]    the logical relationship with the new inode (optional)

 *

 * The LSM may use @context_inode in inode_init_security_anon(), but a

 * reference to it is not held.  Returns the newly created file* or an error

 * pointer.  See the anon_inode_getfile() documentation for more information.

 */

struct file *anon_inode_getfile_secure(const char *name,

				       const struct file_operations *fops,

				       void *priv, int flags,

				       const struct inode *context_inode)

{

	return __anon_inode_getfile(name, fops, priv, flags,

				    context_inode, true);

}



static int __anon_inode_getfd(const char *name,

			      const struct file_operations *fops,

			      void *priv, int flags,

include/linux/anon_inodes.h

+4 −0
Original line number Diff line number Diff line
@@ -15,6 +15,10 @@ struct inode; 
struct file *anon_inode_getfile(const char *name,

				const struct file_operations *fops,

				void *priv, int flags);

struct file *anon_inode_getfile_secure(const char *name,

				       const struct file_operations *fops,

				       void *priv, int flags,

				       const struct inode *context_inode);

int anon_inode_getfd(const char *name, const struct file_operations *fops,

		     void *priv, int flags);

int anon_inode_getfd_secure(const char *name,