Lines Matching defs:inode
269 * The inode blob gets an rcu_head in addition to
470 init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
740 * lsm_inode_alloc - allocate a composite inode blob
741 * @inode: the inode that needs a blob
744 * Allocate the inode blob for all the modules
748 static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
751 inode->i_security = NULL;
755 inode->i_security = kmem_cache_zalloc(lsm_inode_cache, gfp);
756 if (inode->i_security == NULL)
1685 * security_inode_alloc() - Allocate an inode LSM blob
1686 * @inode: the inode
1689 * Allocate and attach a security structure to @inode->i_security. The
1690 * i_security field is initialized to NULL when the inode structure is
1695 int security_inode_alloc(struct inode *inode, gfp_t gfp)
1697 int rc = lsm_inode_alloc(inode, gfp);
1701 rc = call_int_hook(inode_alloc_security, inode);
1703 security_inode_free(inode);
1709 /* The rcu head is at the start of the inode blob */
1715 * security_inode_free() - Free an inode's LSM blob
1716 * @inode: the inode
1718 * Release any LSM resources associated with @inode, although due to the
1719 * inode's RCU protections it is possible that the resources will not be
1723 * security_inode_free(), @inode may still be referenced in a VFS path walk
1725 * a call to security_inode_free(). For this reason the inode->i_security
1727 * retain inode state for use in security_inode_permission() should only
1730 void security_inode_free(struct inode *inode)
1732 call_void_hook(inode_free_security, inode);
1733 if (!inode->i_security)
1735 call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu);
1746 * Compute a context for a dentry as the inode is not yet available since NFSv4
1770 * Compute a context for a dentry as the inode is not yet available and set
1787 * security_inode_init_security() - Initialize an inode's LSM context
1788 * @inode: the inode
1795 * created inode and set up the incore security field for the new inode. This
1796 * hook is called by the fs code as part of the inode creation transaction and
1797 * provides for atomic labeling of the inode, unlike the post_create/mkdir/...
1807 * a security attribute on this particular inode, then it should return
1810 * Return: Returns 0 if the LSM successfully initialized all of the inode
1813 int security_inode_init_security(struct inode *inode, struct inode *dir,
1821 if (unlikely(IS_PRIVATE(inode)))
1836 ret = scall->hl->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1852 ret = initxattrs(inode, new_xattrs, fs_data);
1862 * security_inode_init_security_anon() - Initialize an anonymous inode
1863 * @inode: the inode
1864 * @name: the anonymous inode class
1865 * @context_inode: an optional related inode
1867 * Set up the incore security field for the new anonymous inode and return
1868 * whether the inode creation is permitted by the security module or not.
1871 * creation of this inode, or another -errno upon other errors.
1873 int security_inode_init_security_anon(struct inode *inode,
1875 const struct inode *context_inode)
1877 return call_int_hook(inode_init_security_anon, inode, name,
1904 * security_path_post_mknod() - Update inode security after reg file creation
1908 * Update inode security field after a regular file has been created.
2107 int security_inode_create(struct inode *dir, struct dentry *dentry,
2117 * security_inode_post_create_tmpfile() - Update inode security of new tmpfile
2119 * @inode: inode of the new tmpfile
2121 * Update inode security data after a tmpfile has been created.
2124 struct inode *inode)
2126 if (unlikely(IS_PRIVATE(inode)))
2128 call_void_hook(inode_post_create_tmpfile, idmap, inode);
2141 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
2158 int security_inode_unlink(struct inode *dir, struct dentry *dentry)
2175 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
2190 * associated with inode structure @dir.
2194 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
2211 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
2232 int security_inode_mknod(struct inode *dir, struct dentry *dentry,
2252 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
2253 struct inode *new_dir, struct dentry *new_dentry,
2290 * @inode: link inode
2294 * @rcu is true, @inode is not stable.
2298 int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
2301 if (unlikely(IS_PRIVATE(inode)))
2303 return call_int_hook(inode_follow_link, dentry, inode, rcu);
2307 * security_inode_permission() - Check if accessing an inode is allowed
2308 * @inode: inode
2311 * Check permission before accessing an inode. This hook is called by the
2320 int security_inode_permission(struct inode *inode, int mask)
2322 if (unlikely(IS_PRIVATE(inode)))
2324 return call_int_hook(inode_permission, inode, mask);
2350 * security_inode_post_setattr() - Update the inode after a setattr operation
2355 * Update inode security field after successful setting file attributes.
2448 * security_inode_post_set_acl() - Update inode security from posix acls set
2453 * Update inode security data after successfully setting posix acls on @dentry.
2503 * security_inode_post_remove_acl() - Update inode security after rm posix acls
2508 * Update inode security data after successfully removing posix acls on
2520 * security_inode_post_setxattr() - Update the inode after a setxattr operation
2527 * Update inode security field after successful setxattr operation.
2612 * security_inode_post_removexattr() - Update the inode after a removexattr op
2616 * Update the inode after a successful removexattr operation.
2628 * @fa: extended attributes to set on the inode
2631 * inode
2646 * inode
2659 * Called when an inode has been changed to determine if
2662 * Return: Return <0 on error to abort the inode change operation, return 0 if
2689 * security_inode_getsecurity() - Get the xattr security label of an inode
2691 * @inode: inode
2697 * label associated with @name for @inode via @buffer. Note that @name is the
2705 struct inode *inode, const char *name,
2708 if (unlikely(IS_PRIVATE(inode)))
2711 return call_int_hook(inode_getsecurity, idmap, inode, name, buffer,
2716 * security_inode_setsecurity() - Set the xattr security label of an inode
2717 * @inode: inode
2723 * Set the security label associated with @name for @inode from the extended
2730 int security_inode_setsecurity(struct inode *inode, const char *name,
2733 if (unlikely(IS_PRIVATE(inode)))
2736 return call_int_hook(inode_setsecurity, inode, name, value, size,
2742 * @inode: inode
2747 * @inode into @buffer. The maximum size of @buffer is specified by
2753 int security_inode_listsecurity(struct inode *inode,
2756 if (unlikely(IS_PRIVATE(inode)))
2758 return call_int_hook(inode_listsecurity, inode, buffer, buffer_size);
2763 * security_inode_getlsmprop() - Get an inode's LSM data
2764 * @inode: inode
2769 void security_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
2771 call_void_hook(inode_getlsmprop, inode, prop);
2818 * security_inode_setintegrity() - Set the inode's integrity data
2819 * @inode: inode
2824 * Register a verified integrity measurement of a inode with LSMs.
2829 int security_inode_setintegrity(const struct inode *inode,
2833 return call_int_hook(inode_setintegrity, inode, type, value, size);
3340 * security_kernel_create_files_as() - Set file creation context using an inode
3342 * @inode: reference inode
3345 * objective context of the specified inode. The current task must be the one
3346 * that nominated @inode.
3350 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
3352 return call_int_hook(kernel_create_files_as, new, inode);
3741 * security_task_to_inode() - Set the security attributes of a task's inode
3743 * @inode: inode
3745 * Set the security attributes for an inode based on an associated task's
3748 void security_task_to_inode(struct task_struct *p, struct inode *inode)
3750 call_void_hook(task_to_inode, p, inode);
4099 * security_d_instantiate() - Populate an inode's LSM state based on a dentry
4101 * @inode: inode
4103 * Fill in @inode security information for a @dentry if allowed.
4105 void security_d_instantiate(struct dentry *dentry, struct inode *inode)
4107 if (unlikely(inode && IS_PRIVATE(inode)))
4109 call_void_hook(d_instantiate, dentry, inode);
4390 * security_inode_invalidate_secctx() - Invalidate an inode's security label
4391 * @inode: inode
4394 * an inode.
4396 void security_inode_invalidate_secctx(struct inode *inode)
4398 call_void_hook(inode_invalidate_secctx, inode);
4403 * security_inode_notifysecctx() - Notify the LSM of an inode's security label
4404 * @inode: inode
4408 * Notify the security module of what the security context of an inode should
4410 * for this inode. Example usage: NFS client invokes this hook to initialize
4411 * the security context in its incore inode to the value provided by the server
4413 * Must be called with inode->i_mutex locked.
4417 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4419 return call_int_hook(inode_notifysecctx, inode, ctx, ctxlen);
4424 * security_inode_setsecctx() - Change the security label of an inode
4425 * @dentry: inode
4429 * Change the security context of an inode. Updates the incore security
4433 * context in its incore inode and on the backing filesystem to a value
4435 * inode->i_mutex locked.
4446 * security_inode_getsecctx() - Get the security label of an inode
4447 * @inode: inode
4451 * for the given @inode.
4455 int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
4458 return call_int_hook(inode_getsecctx, inode, cp);
4597 * associated inode. Typically, the inode alloc_security hook will allocate
4600 * information that wasn't available when the inode was allocated.
4953 * Sets @parent's inode secid to @sk's secid and update @sk with any necessary