diff options
author | Paul Moore <paul@paul-moore.com> | 2023-02-16 17:28:31 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2023-03-06 13:41:07 -0500 |
commit | 1cd2aca64a5dc4edb65539dc26f24e162ab0e11c (patch) | |
tree | 0b9a8aea4ba81a2bcb8dd8549c7c68d55fdb80e4 /security | |
parent | 452b670c7222c7bf11b45b13f5a736f96d0be1e3 (diff) |
lsm: move the io_uring hook comments to security/security.c
This patch relocates the LSM hook function comments to the function
definitions, in keeping with the current kernel conventions. This
should make the hook descriptions more easily discoverable and easier
to maintain.
While formatting changes have been done to better fit the kernel-doc
style, content changes have been kept to a minimum and limited to
text which was obviously incorrect and/or outdated. It is expected
the future patches will improve the quality of the function header
comments.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 47506ae1b187..af1db3fa7cd0 100644 --- a/security/security.c +++ b/security/security.c @@ -4993,15 +4993,41 @@ int security_perf_event_write(struct perf_event *event) #endif /* CONFIG_PERF_EVENTS */ #ifdef CONFIG_IO_URING +/** + * security_uring_override_creds() - Check if overriding creds is allowed + * @new: new credentials + * + * Check if the current task, executing an io_uring operation, is allowed to + * override it's credentials with @new. + * + * Return: Returns 0 if permission is granted. + */ int security_uring_override_creds(const struct cred *new) { return call_int_hook(uring_override_creds, 0, new); } +/** + * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed + * + * Check whether the current task is allowed to spawn a io_uring polling thread + * (IORING_SETUP_SQPOLL). + * + * Return: Returns 0 if permission is granted. + */ int security_uring_sqpoll(void) { return call_int_hook(uring_sqpoll, 0); } + +/** + * security_uring_cmd() - Check if a io_uring passthrough command is allowed + * @ioucmd: command + * + * Check whether the file_operations uring_cmd is allowed to run. + * + * Return: Returns 0 if permission is granted. + */ int security_uring_cmd(struct io_uring_cmd *ioucmd) { return call_int_hook(uring_cmd, 0, ioucmd); |