diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2024-02-15 11:31:01 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2024-02-15 23:43:43 -0500 |
commit | f09068b5a114ed28d2df2e82a7d30dde0145dc69 (patch) | |
tree | 4715033da382ada0ce040640f58a84fe9be26b81 /security | |
parent | 8f46ff5767b0b18329140d80d6bcabd818f42c4c (diff) |
security: Introduce file_release hook
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_release hook.
IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.
The new hook cannot return an error and cannot cause the operation to be
reverted.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 207405a84902..99004c44ce55 100644 --- a/security/security.c +++ b/security/security.c @@ -2719,6 +2719,17 @@ int security_file_alloc(struct file *file) } /** + * security_file_release() - Perform actions before releasing the file ref + * @file: the file + * + * Perform actions before releasing the last reference to a file. + */ +void security_file_release(struct file *file) +{ + call_void_hook(file_release, file); +} + +/** * security_file_free() - Free a file's LSM blob * @file: the file * |