Lines Matching defs:inode
203 * The inode blob gets an rcu_head in addition to
376 init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
619 * lsm_inode_alloc - allocate a composite inode blob
620 * @inode: the inode that needs a blob
622 * Allocate the inode blob for all the modules
626 int lsm_inode_alloc(struct inode *inode)
629 inode->i_security = NULL;
633 inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_NOFS);
634 if (inode->i_security == NULL)
1483 * security_inode_alloc() - Allocate an inode LSM blob
1484 * @inode: the inode
1486 * Allocate and attach a security structure to @inode->i_security. The
1487 * i_security field is initialized to NULL when the inode structure is
1492 int security_inode_alloc(struct inode *inode)
1494 int rc = lsm_inode_alloc(inode);
1498 rc = call_int_hook(inode_alloc_security, 0, inode);
1500 security_inode_free(inode);
1507 * The rcu head is at the start of the inode blob
1513 * security_inode_free() - Free an inode's LSM blob
1514 * @inode: the inode
1516 * Deallocate the inode security structure and set @inode->i_security to NULL.
1518 void security_inode_free(struct inode *inode)
1520 integrity_inode_free(inode);
1521 call_void_hook(inode_free_security, inode);
1523 * The inode may still be referenced in a path walk and
1528 * leave the current inode->i_security pointer intact.
1529 * The inode will be freed after the RCU grace period too.
1531 if (inode->i_security)
1532 call_rcu((struct rcu_head *)inode->i_security,
1545 * Compute a context for a dentry as the inode is not yet available since NFSv4
1581 * Compute a context for a dentry as the inode is not yet available and set
1598 * security_inode_init_security() - Initialize an inode's LSM context
1599 * @inode: the inode
1606 * created inode and set up the incore security field for the new inode. This
1607 * hook is called by the fs code as part of the inode creation transaction and
1608 * provides for atomic labeling of the inode, unlike the post_create/mkdir/...
1618 * a security attribute on this particular inode, then it should return
1621 * Return: Returns 0 if the LSM successfully initialized all of the inode
1624 int security_inode_init_security(struct inode *inode, struct inode *dir,
1632 if (unlikely(IS_PRIVATE(inode)))
1648 ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1664 ret = evm_inode_init_security(inode, dir, qstr, new_xattrs,
1668 ret = initxattrs(inode, new_xattrs, fs_data);
1678 * security_inode_init_security_anon() - Initialize an anonymous inode
1679 * @inode: the inode
1680 * @name: the anonymous inode class
1681 * @context_inode: an optional related inode
1683 * Set up the incore security field for the new anonymous inode and return
1684 * whether the inode creation is permitted by the security module or not.
1687 * creation of this inode, or another -errno upon other errors.
1689 int security_inode_init_security_anon(struct inode *inode,
1691 const struct inode *context_inode)
1693 return call_int_hook(inode_init_security_anon, 0, inode, name,
1909 int security_inode_create(struct inode *dir, struct dentry *dentry,
1928 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1945 int security_inode_unlink(struct inode *dir, struct dentry *dentry)
1962 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1977 * associated with inode structure @dir.
1981 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1998 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
2019 int security_inode_mknod(struct inode *dir, struct dentry *dentry,
2039 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
2040 struct inode *new_dir, struct dentry *new_dentry,
2077 * @inode: link inode
2081 * @rcu is true, @inode is not stable.
2085 int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
2088 if (unlikely(IS_PRIVATE(inode)))
2090 return call_int_hook(inode_follow_link, 0, dentry, inode, rcu);
2094 * security_inode_permission() - Check if accessing an inode is allowed
2095 * @inode: inode
2098 * Check permission before accessing an inode. This hook is called by the
2107 int security_inode_permission(struct inode *inode, int mask)
2109 if (unlikely(IS_PRIVATE(inode)))
2111 return call_int_hook(inode_permission, 0, inode, mask);
2271 * security_inode_post_setxattr() - Update the inode after a setxattr operation
2278 * Update inode security field after successful setxattr operation.
2359 * Called when an inode has been changed to determine if
2362 * Return: Return <0 on error to abort the inode change operation, return 0 if
2389 * security_inode_getsecurity() - Get the xattr security label of an inode
2391 * @inode: inode
2397 * label associated with @name for @inode via @buffer. Note that @name is the
2405 struct inode *inode, const char *name,
2411 if (unlikely(IS_PRIVATE(inode)))
2417 rc = hp->hook.inode_getsecurity(idmap, inode, name, buffer,
2426 * security_inode_setsecurity() - Set the xattr security label of an inode
2427 * @inode: inode
2433 * Set the security label associated with @name for @inode from the extended
2440 int security_inode_setsecurity(struct inode *inode, const char *name,
2446 if (unlikely(IS_PRIVATE(inode)))
2452 rc = hp->hook.inode_setsecurity(inode, name, value, size,
2462 * @inode: inode
2467 * @inode into @buffer. The maximum size of @buffer is specified by
2473 int security_inode_listsecurity(struct inode *inode,
2476 if (unlikely(IS_PRIVATE(inode)))
2478 return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
2483 * security_inode_getsecid() - Get an inode's secid
2484 * @inode: inode
2490 void security_inode_getsecid(struct inode *inode, u32 *secid)
2492 call_void_hook(inode_getsecid, inode, secid);
3022 * security_kernel_create_files_as() - Set file creation context using an inode
3024 * @inode: reference inode
3027 * objective context of the specified inode. The current task must be the one
3028 * that nominated @inode.
3032 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
3034 return call_int_hook(kernel_create_files_as, 0, new, inode);
3449 * security_task_to_inode() - Set the security attributes of a task's inode
3451 * @inode: inode
3453 * Set the security attributes for an inode based on an associated task's
3456 void security_task_to_inode(struct task_struct *p, struct inode *inode)
3458 call_void_hook(task_to_inode, p, inode);
3807 * security_d_instantiate() - Populate an inode's LSM state based on a dentry
3809 * @inode: inode
3811 * Fill in @inode security information for a @dentry if allowed.
3813 void security_d_instantiate(struct dentry *dentry, struct inode *inode)
3815 if (unlikely(inode && IS_PRIVATE(inode)))
3817 call_void_hook(d_instantiate, dentry, inode);
3965 * security_inode_invalidate_secctx() - Invalidate an inode's security label
3966 * @inode: inode
3969 * an inode.
3971 void security_inode_invalidate_secctx(struct inode *inode)
3973 call_void_hook(inode_invalidate_secctx, inode);
3978 * security_inode_notifysecctx() - Nofify the LSM of an inode's security label
3979 * @inode: inode
3983 * Notify the security module of what the security context of an inode should
3985 * for this inode. Example usage: NFS client invokes this hook to initialize
3986 * the security context in its incore inode to the value provided by the server
3988 * Must be called with inode->i_mutex locked.
3992 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3994 return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen);
3999 * security_inode_setsecctx() - Change the security label of an inode
4000 * @dentry: inode
4004 * Change the security context of an inode. Updates the incore security
4008 * context in its incore inode and on the backing filesystem to a value
4010 * inode->i_mutex locked.
4021 * security_inode_getsecctx() - Get the security label of an inode
4022 * @inode: inode
4027 * context for the given @inode.
4031 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4040 rc = hp->hook.inode_getsecctx(inode, ctx, ctxlen);
4166 * associated inode. Typically, the inode alloc_security hook will allocate
4169 * information that wasn't available when the inode was allocated.
4523 * Sets @parent's inode secid to @sk's secid and update @sk with any necessary