1 /* 2 * inode.c - securityfs 3 * 4 * Copyright (C) 2005 Greg Kroah-Hartman <gregkh@suse.de> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License version 8 * 2 as published by the Free Software Foundation. 9 * 10 * Based on fs/debugfs/inode.c which had the following copyright notice: 11 * Copyright (C) 2004 Greg Kroah-Hartman <greg@kroah.com> 12 * Copyright (C) 2004 IBM Inc. 13 */ 14 15 /* #define DEBUG */ 16 #include <linux/module.h> 17 #include <linux/fs.h> 18 #include <linux/mount.h> 19 #include <linux/pagemap.h> 20 #include <linux/init.h> 21 #include <linux/namei.h> 22 #include <linux/security.h> 23 #include <linux/magic.h> 24 25 static struct vfsmount *mount; 26 static int mount_count; 27 28 static inline int positive(struct dentry *dentry) 29 { 30 return d_really_is_positive(dentry) && !d_unhashed(dentry); 31 } 32 33 static int fill_super(struct super_block *sb, void *data, int silent) 34 { 35 static struct tree_descr files[] = {{""}}; 36 37 return simple_fill_super(sb, SECURITYFS_MAGIC, files); 38 } 39 40 static struct dentry *get_sb(struct file_system_type *fs_type, 41 int flags, const char *dev_name, 42 void *data) 43 { 44 return mount_single(fs_type, flags, data, fill_super); 45 } 46 47 static struct file_system_type fs_type = { 48 .owner = THIS_MODULE, 49 .name = "securityfs", 50 .mount = get_sb, 51 .kill_sb = kill_litter_super, 52 }; 53 54 /** 55 * securityfs_create_file - create a file in the securityfs filesystem 56 * 57 * @name: a pointer to a string containing the name of the file to create. 58 * @mode: the permission that the file should have 59 * @parent: a pointer to the parent dentry for this file. This should be a 60 * directory dentry if set. If this parameter is %NULL, then the 61 * file will be created in the root of the securityfs filesystem. 62 * @data: a pointer to something that the caller will want to get to later 63 * on. The inode.i_private pointer will point to this value on 64 * the open() call. 65 * @fops: a pointer to a struct file_operations that should be used for 66 * this file. 67 * 68 * This is the basic "create a file" function for securityfs. It allows for a 69 * wide range of flexibility in creating a file, or a directory (if you 70 * want to create a directory, the securityfs_create_dir() function is 71 * recommended to be used instead). 72 * 73 * This function returns a pointer to a dentry if it succeeds. This 74 * pointer must be passed to the securityfs_remove() function when the file is 75 * to be removed (no automatic cleanup happens if your module is unloaded, 76 * you are responsible here). If an error occurs, the function will return 77 * the error value (via ERR_PTR). 78 * 79 * If securityfs is not enabled in the kernel, the value %-ENODEV is 80 * returned. 81 */ 82 struct dentry *securityfs_create_file(const char *name, umode_t mode, 83 struct dentry *parent, void *data, 84 const struct file_operations *fops) 85 { 86 struct dentry *dentry; 87 int is_dir = S_ISDIR(mode); 88 struct inode *dir, *inode; 89 int error; 90 91 if (!is_dir) { 92 BUG_ON(!fops); 93 mode = (mode & S_IALLUGO) | S_IFREG; 94 } 95 96 pr_debug("securityfs: creating file '%s'\n",name); 97 98 error = simple_pin_fs(&fs_type, &mount, &mount_count); 99 if (error) 100 return ERR_PTR(error); 101 102 if (!parent) 103 parent = mount->mnt_root; 104 105 dir = d_inode(parent); 106 107 mutex_lock(&dir->i_mutex); 108 dentry = lookup_one_len(name, parent, strlen(name)); 109 if (IS_ERR(dentry)) 110 goto out; 111 112 if (d_really_is_positive(dentry)) { 113 error = -EEXIST; 114 goto out1; 115 } 116 117 inode = new_inode(dir->i_sb); 118 if (!inode) { 119 error = -ENOMEM; 120 goto out1; 121 } 122 123 inode->i_ino = get_next_ino(); 124 inode->i_mode = mode; 125 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 126 inode->i_private = data; 127 if (is_dir) { 128 inode->i_op = &simple_dir_inode_operations; 129 inode->i_fop = &simple_dir_operations; 130 inc_nlink(inode); 131 inc_nlink(dir); 132 } else { 133 inode->i_fop = fops; 134 } 135 d_instantiate(dentry, inode); 136 dget(dentry); 137 mutex_unlock(&dir->i_mutex); 138 return dentry; 139 140 out1: 141 dput(dentry); 142 dentry = ERR_PTR(error); 143 out: 144 mutex_unlock(&dir->i_mutex); 145 simple_release_fs(&mount, &mount_count); 146 return dentry; 147 } 148 EXPORT_SYMBOL_GPL(securityfs_create_file); 149 150 /** 151 * securityfs_create_dir - create a directory in the securityfs filesystem 152 * 153 * @name: a pointer to a string containing the name of the directory to 154 * create. 155 * @parent: a pointer to the parent dentry for this file. This should be a 156 * directory dentry if set. If this parameter is %NULL, then the 157 * directory will be created in the root of the securityfs filesystem. 158 * 159 * This function creates a directory in securityfs with the given @name. 160 * 161 * This function returns a pointer to a dentry if it succeeds. This 162 * pointer must be passed to the securityfs_remove() function when the file is 163 * to be removed (no automatic cleanup happens if your module is unloaded, 164 * you are responsible here). If an error occurs, %NULL will be returned. 165 * 166 * If securityfs is not enabled in the kernel, the value %-ENODEV is 167 * returned. It is not wise to check for this value, but rather, check for 168 * %NULL or !%NULL instead as to eliminate the need for #ifdef in the calling 169 * code. 170 */ 171 struct dentry *securityfs_create_dir(const char *name, struct dentry *parent) 172 { 173 return securityfs_create_file(name, 174 S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, 175 parent, NULL, NULL); 176 } 177 EXPORT_SYMBOL_GPL(securityfs_create_dir); 178 179 /** 180 * securityfs_remove - removes a file or directory from the securityfs filesystem 181 * 182 * @dentry: a pointer to a the dentry of the file or directory to be removed. 183 * 184 * This function removes a file or directory in securityfs that was previously 185 * created with a call to another securityfs function (like 186 * securityfs_create_file() or variants thereof.) 187 * 188 * This function is required to be called in order for the file to be 189 * removed. No automatic cleanup of files will happen when a module is 190 * removed; you are responsible here. 191 */ 192 void securityfs_remove(struct dentry *dentry) 193 { 194 struct dentry *parent; 195 196 if (!dentry || IS_ERR(dentry)) 197 return; 198 199 parent = dentry->d_parent; 200 if (!parent || d_really_is_negative(parent)) 201 return; 202 203 mutex_lock(&d_inode(parent)->i_mutex); 204 if (positive(dentry)) { 205 if (d_really_is_positive(dentry)) { 206 if (d_is_dir(dentry)) 207 simple_rmdir(d_inode(parent), dentry); 208 else 209 simple_unlink(d_inode(parent), dentry); 210 dput(dentry); 211 } 212 } 213 mutex_unlock(&d_inode(parent)->i_mutex); 214 simple_release_fs(&mount, &mount_count); 215 } 216 EXPORT_SYMBOL_GPL(securityfs_remove); 217 218 static struct kobject *security_kobj; 219 220 static int __init securityfs_init(void) 221 { 222 int retval; 223 224 security_kobj = kobject_create_and_add("security", kernel_kobj); 225 if (!security_kobj) 226 return -EINVAL; 227 228 retval = register_filesystem(&fs_type); 229 if (retval) 230 kobject_put(security_kobj); 231 return retval; 232 } 233 234 core_initcall(securityfs_init); 235 MODULE_LICENSE("GPL"); 236 237