Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
selinux: implement inode_file_[g|s]etattr hooks
These hooks are called on inode extended attribute retrieval/change.
Cc: selinux@vger.kernel.org
Cc: Paul Moore <paul@paul-moore.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
Link: https://lore.kernel.org/20250630-xattrat-syscall-v6-3-c4e3bc35227b@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
authored by
Andrey Albershteyn
and committed by
Christian Brauner
bd14e462
defdd02d
+14
+14
security/selinux/hooks.c
+14
security/selinux/hooks.c
···
3480
3480
return -EACCES;
3481
3481
}
3482
3482
3483
+
static int selinux_inode_file_setattr(struct dentry *dentry,
3484
+
struct fileattr *fa)
3485
+
{
3486
+
return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3487
+
}
3488
+
3489
+
static int selinux_inode_file_getattr(struct dentry *dentry,
3490
+
struct fileattr *fa)
3491
+
{
3492
+
return dentry_has_perm(current_cred(), dentry, FILE__GETATTR);
3493
+
}
3494
+
3483
3495
static int selinux_path_notify(const struct path *path, u64 mask,
3484
3496
unsigned int obj_type)
3485
3497
{
···
7362
7350
LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
7363
7351
LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
7364
7352
LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
7353
+
LSM_HOOK_INIT(inode_file_getattr, selinux_inode_file_getattr),
7354
+
LSM_HOOK_INIT(inode_file_setattr, selinux_inode_file_setattr),
7365
7355
LSM_HOOK_INIT(inode_set_acl, selinux_inode_set_acl),
7366
7356
LSM_HOOK_INIT(inode_get_acl, selinux_inode_get_acl),
7367
7357
LSM_HOOK_INIT(inode_remove_acl, selinux_inode_remove_acl),