From 064dc9472fa2bc31a7b178882bd7eff782c3d239 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Fri, 9 Jun 2017 17:15:56 -0700 Subject: apparmor: mediate files when they are received Signed-off-by: John Johansen --- security/apparmor/include/audit.h | 1 + security/apparmor/lsm.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 20fa6c77db05..99ed83cf6941 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -64,6 +64,7 @@ enum audit_type { #define OP_GETATTR "getattr" #define OP_OPEN "open" +#define OP_FRECEIVE "file_receive" #define OP_FPERM "file_perm" #define OP_FLOCK "file_lock" #define OP_FMMAP "file_mmap" diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7a986763b2b7..0f7c5c2be732 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -456,6 +456,11 @@ static int common_file_perm(const char *op, struct file *file, u32 mask) return error; } +static int apparmor_file_receive(struct file *file) +{ + return common_file_perm(OP_FRECEIVE, file, aa_map_file_to_perms(file)); +} + static int apparmor_file_permission(struct file *file, int mask) { return common_file_perm(OP_FPERM, file, mask); @@ -665,6 +670,7 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr), LSM_HOOK_INIT(file_open, apparmor_file_open), + LSM_HOOK_INIT(file_receive, apparmor_file_receive), LSM_HOOK_INIT(file_permission, apparmor_file_permission), LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security), LSM_HOOK_INIT(file_free_security, apparmor_file_free_security), -- cgit v1.2.3-59-g8ed1b