diff options
author | Eric Paris <eparis@redhat.com> | 2009-12-17 21:24:34 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2010-07-28 09:59:02 -0400 |
commit | 9e66e4233db9c7e31e9ee706be2c9ddd54cf99b3 (patch) | |
tree | 9d778b358fb6e5f02fb2cf634c2163f34982b7dd /include | |
parent | c4ec54b40d33f8016fea970a383cc584dd0e6019 (diff) | |
download | op-kernel-dev-9e66e4233db9c7e31e9ee706be2c9ddd54cf99b3.zip op-kernel-dev-9e66e4233db9c7e31e9ee706be2c9ddd54cf99b3.tar.gz |
fanotify: permissions and blocking
This is the backend work needed for fanotify to support the new
FS_OPEN_PERM and FS_ACCESS_PERM fsnotify events. This is done using the
new fsnotify secondary queue. No userspace interface is provided actually
respond to or request these events.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/fanotify.h | 18 | ||||
-rw-r--r-- | include/linux/fsnotify_backend.h | 12 |
2 files changed, 30 insertions, 0 deletions
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index 385896c..02f8067 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -15,6 +15,9 @@ /* FIXME currently Q's have no limit.... */ #define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ +#define FAN_OPEN_PERM 0x00010000 /* File open in perm check */ +#define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */ + /* helper events */ #define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */ @@ -52,7 +55,14 @@ FAN_CLOSE |\ FAN_OPEN) +/* + * All events which require a permission response from userspace + */ +#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\ + FAN_ACCESS_PERM) + #define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\ + FAN_ALL_PERM_EVENTS |\ FAN_Q_OVERFLOW) #define FANOTIFY_METADATA_VERSION 1 @@ -65,6 +75,10 @@ struct fanotify_event_metadata { __s64 pid; } __attribute__ ((packed)); +/* Legit userspace responses to a _PERM event */ +#define FAN_ALLOW 0x01 +#define FAN_DENY 0x02 + /* Helper functions to deal with fanotify_event_metadata buffers */ #define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata)) @@ -78,5 +92,9 @@ struct fanotify_event_metadata { #ifdef __KERNEL__ +struct fanotify_wait { + struct fsnotify_event *event; + __s32 fd; +}; #endif /* __KERNEL__ */ #endif /* _LINUX_FANOTIFY_H */ diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h index c34728e..b0d00fd 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -160,6 +160,14 @@ struct fsnotify_group { struct user_struct *user; } inotify_data; #endif +#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS + struct fanotify_group_private_data { + /* allows a group to block waiting for a userspace response */ + struct mutex access_mutex; + struct list_head access_list; + wait_queue_head_t access_waitq; + } fanotify_data; +#endif }; }; @@ -227,6 +235,10 @@ struct fsnotify_event { size_t name_len; struct pid *tgid; +#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS + __u32 response; /* userspace answer to question */ +#endif /* CONFIG_FANOTIFY_ACCESS_PERMISSIONS */ + struct list_head private_data_list; /* groups can store private data here */ }; |