From: Andrey Albershteyn <aalbersh@redhat.com>
To: "Richard Henderson" <richard.henderson@linaro.org>,
"Matt Turner" <mattst88@gmail.com>,
"Russell King" <linux@armlinux.org.uk>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Michal Simek" <monstr@monstr.eu>,
"Thomas Bogendoerfer" <tsbogend@alpha.franken.de>,
"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
"Helge Deller" <deller@gmx.de>,
"Madhavan Srinivasan" <maddy@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Christophe Leroy" <christophe.leroy@csgroup.eu>,
"Naveen N Rao" <naveen@kernel.org>,
"Heiko Carstens" <hca@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
"Alexander Gordeev" <agordeev@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
"Yoshinori Sato" <ysato@users.sourceforge.jp>,
"Rich Felker" <dalias@libc.org>,
"John Paul Adrian Glaubitz" <glaubitz@physik.fu-berlin.de>,
"David S. Miller" <davem@davemloft.net>,
"Andreas Larsson" <andreas@gaisler.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Chris Zankel" <chris@zankel.net>,
"Max Filippov" <jcmvbkbc@gmail.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Christian Brauner" <brauner@kernel.org>,
"Jan Kara" <jack@suse.cz>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Pali Rohár" <pali@kernel.org>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Stephen Smalley" <stephen.smalley.work@gmail.com>,
"Ondrej Mosnacek" <omosnace@redhat.com>,
"Tyler Hicks" <code@tyhicks.com>,
"Miklos Szeredi" <miklos@szeredi.hu>,
"Amir Goldstein" <amir73il@gmail.com>
Cc: linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org,
linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-s390@vger.kernel.org, linux-sh@vger.kernel.org,
sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
selinux@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org,
Andrey Albershteyn <aalbersh@kernel.org>
Subject: [PATCH v5 3/7] selinux: implement inode_file_[g|s]etattr hooks
Date: Tue, 13 May 2025 11:17:56 +0200 [thread overview]
Message-ID: <20250513-xattrat-syscall-v5-3-22bb9c6c767f@kernel.org> (raw)
In-Reply-To: <20250513-xattrat-syscall-v5-0-22bb9c6c767f@kernel.org>
These hooks are called on inode extended attribute retrieval/change.
Cc: selinux@vger.kernel.org
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
security/selinux/hooks.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e7a7dcab81db6a8735877eeb911975e06a9de688..9c6e264b090f9038d6848546760860bfe74b7341 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3366,6 +3366,18 @@ static int selinux_inode_removexattr(struct mnt_idmap *idmap,
return -EACCES;
}
+static int selinux_inode_file_setattr(struct dentry *dentry,
+ struct fileattr *fa)
+{
+ return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
+}
+
+static int selinux_inode_file_getattr(struct dentry *dentry,
+ struct fileattr *fa)
+{
+ return dentry_has_perm(current_cred(), dentry, FILE__GETATTR);
+}
+
static int selinux_path_notify(const struct path *path, u64 mask,
unsigned int obj_type)
{
@@ -7272,6 +7284,8 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
+ LSM_HOOK_INIT(inode_file_getattr, selinux_inode_file_getattr),
+ LSM_HOOK_INIT(inode_file_setattr, selinux_inode_file_setattr),
LSM_HOOK_INIT(inode_set_acl, selinux_inode_set_acl),
LSM_HOOK_INIT(inode_get_acl, selinux_inode_get_acl),
LSM_HOOK_INIT(inode_remove_acl, selinux_inode_remove_acl),
--
2.47.2
next prev parent reply other threads:[~2025-05-13 9:18 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-13 9:17 [PATCH v5 0/7] fs: introduce file_getattr and file_setattr syscalls Andrey Albershteyn
2025-05-13 9:17 ` [PATCH v5 1/7] fs: split fileattr related helpers into separate file Andrey Albershteyn
2025-05-13 9:17 ` [PATCH v5 2/7] lsm: introduce new hooks for setting/getting inode fsxattr Andrey Albershteyn
2025-05-22 22:26 ` Paul Moore
2025-05-13 9:17 ` Andrey Albershteyn [this message]
2025-05-22 22:26 ` [PATCH v5 3/7] selinux: implement inode_file_[g|s]etattr hooks Paul Moore
2025-05-13 9:17 ` [PATCH v5 4/7] fs: split fileattr/fsxattr converters into helpers Andrey Albershteyn
2025-05-13 9:17 ` [PATCH v5 5/7] fs: make vfs_fileattr_[get|set] return -EOPNOSUPP Andrey Albershteyn
2025-05-13 9:17 ` [PATCH v5 6/7] fs: prepare for extending file_get/setattr() Andrey Albershteyn
2025-05-13 9:18 ` [PATCH v5 7/7] fs: introduce file_getattr and file_setattr syscalls Andrey Albershteyn
2025-05-13 9:53 ` [PATCH v5 0/7] " Arnd Bergmann
2025-05-13 12:53 ` Amir Goldstein
2025-05-14 15:10 ` H. Peter Anvin
2025-05-15 9:02 ` Christian Brauner
2025-05-15 10:33 ` Amir Goldstein
2025-05-19 10:12 ` Christian Brauner
2025-05-19 11:37 ` Dave Chinner
2025-05-21 8:48 ` Andrey Albershteyn
2025-05-21 8:57 ` Pali Rohár
2025-05-21 9:02 ` Arnd Bergmann
2025-05-21 9:36 ` Amir Goldstein
2025-05-21 10:06 ` Andrey Albershteyn
2025-05-21 10:44 ` Amir Goldstein
-- strict thread matches above, loose matches on Subject: below --
2025-05-12 13:18 Andrey Albershteyn
2025-05-12 13:18 ` [PATCH v5 3/7] selinux: implement inode_file_[g|s]etattr hooks Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250513-xattrat-syscall-v5-3-22bb9c6c767f@kernel.org \
--to=aalbersh@redhat.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=aalbersh@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=amir73il@gmail.com \
--cc=andreas@gaisler.com \
--cc=arnd@arndb.de \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=chris@zankel.net \
--cc=christophe.leroy@csgroup.eu \
--cc=code@tyhicks.com \
--cc=dalias@libc.org \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=ecryptfs@vger.kernel.org \
--cc=geert@linux-m68k.org \
--cc=glaubitz@physik.fu-berlin.de \
--cc=gnoack@google.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=jack@suse.cz \
--cc=jcmvbkbc@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mattst88@gmail.com \
--cc=mic@digikod.net \
--cc=miklos@szeredi.hu \
--cc=mingo@redhat.com \
--cc=monstr@monstr.eu \
--cc=mpe@ellerman.id.au \
--cc=naveen@kernel.org \
--cc=npiggin@gmail.com \
--cc=omosnace@redhat.com \
--cc=pali@kernel.org \
--cc=paul@paul-moore.com \
--cc=richard.henderson@linaro.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=sparclinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tsbogend@alpha.franken.de \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).