[PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications

Thu Aug 1 12:47:56 UTC 2019

On Thu, Aug 1, 2019 at 7:31 AM Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On 7/31/19 8:27 PM, Paul Moore wrote:
> > On Wed, Jul 31, 2019 at 1:26 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> >> On 7/31/2019 8:34 AM, Aaron Goidel wrote:

...

> >>> +static int selinux_path_notify(const struct path *path, u64 mask,
> >>> +                                             unsigned int obj_type)
> >>> +{
> >>> +     int ret;
> >>> +     u32 perm;
> >>> +
> >>> +     struct common_audit_data ad;
> >>> +
> >>> +     ad.type = LSM_AUDIT_DATA_PATH;
> >>> +     ad.u.path = *path;
> >>> +
> >>> +     /*
> >>> +      * Set permission needed based on the type of mark being set.
> >>> +      * Performs an additional check for sb watches.
> >>> +      */
> >>> +     switch (obj_type) {
> >>> +     case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
> >>> +             perm = FILE__WATCH_MOUNT;
> >>> +             break;
> >>> +     case FSNOTIFY_OBJ_TYPE_SB:
> >>> +             perm = FILE__WATCH_SB;
> >>> +             ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
> >>> +                                             FILESYSTEM__WATCH, &ad);
> >>> +             if (ret)
> >>> +                     return ret;
> >>> +             break;
> >>> +     case FSNOTIFY_OBJ_TYPE_INODE:
> >>> +             perm = FILE__WATCH;
> >>> +             break;
> >>> +     default:
> >>> +             return -EINVAL;
> >>> +     }
> >>> +
> >>> +     // check if the mask is requesting ability to set a blocking watch
> >
> > ... in the future please don't use "// XXX", use "/* XXX */" instead :)
> >
> > Don't respin the patch just for this, but if you have to do it for
> > some other reason please fix the C++ style comments.  Thanks.
>
> This was discussed during the earlier RFC series but ultimately someone
> pointed to:
> https://lkml.org/lkml/2016/7/8/625
> where Linus blessed the use of C++/C99 style comments.  And checkpatch
> accepts them these days.

Yep, I'm aware of both, it is simply a personal preference of mine.
I'm not going to reject patches with C++ style comments, but I would
ask people to stick to the good ol' fashioned comments for patches
they submit.

> Obviously if you truly don't want them in the SELinux code, that's your
> call.  But note that all files now have at least one such comment as a
> result of the mass SPDX license headers that were added throughout the
> tree using that style.

FYI, the sky is blue.

It isn't just the license headers either, Al dropped one into hooks.c
:).  Just like I don't plan to reject patches due only to the comment
style, you don't see me pushing patches to change the C++ comments.

-- 
paul moore
www.paul-moore.com