Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
IronPort-PHdr: A9a23:YLtoMBfm5VeEmyS1DH01krdjlGM+49/LVj580XJao6wbK/fr9sH4J
 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E
 tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK
 xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC
 JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvBabJrgT+vORa2CSZYs7nYrUPfQids
 5w2VxWvlAFaLSdlrm3o0dFrjK5Xu0fywn43ydv1bqeYLdNUIfz7XYMka3R+ZeRKB3BvLqa+b
 LMWM+QsBb9FobWlugAwkwmQWy+RGP22yiMUqifu7IYB1/4mSiKf0VA8J+M/vSjuk9HcZaU0V
 fqp7PH60zzqMu5E2TD36LaWch8Y/9uGfaM3Nsv+zVEBFCrVigSxqoffZyvJ0vgKs1Oa4u4jB
 eujl3wOmSJ+k3+BwMgi1MrIgLw52lvuzyN/wJQvAoSmEFNpMcHxQ9NA8iCAMI1uRdk+Bntlo
 zs+1ugesIWgL0Diqbwizh/bLvGLfIWkzki/EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt
 StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i
 6r+Sw==
IronPort-SDR: 6538e321_8uYvttgzKjzemzUDq3GF7/M7Ych4sU7/REFbzrxKIGAcXaX
 +ALTrQ/Bym+v+lRHkrxupvO8EPpsovw9xTFleZA==
IronPort-PHdr: A9a23:1DOoMhHh3nJzvaA+sPt+9p1Gf29NhN3EVzX9l7I53usdOq325Y/re
 Vff7K8w0gyBVtDB5vZNm+fa9LrtXWUQ7JrS1RJKfMlCTRYYj8URkQE6RsmDDEzwNvnxaCImW
 s9FUQwt5CSgPExYE9r5fQeXrGe78DgSHRvyL09yIOH0EZTVlMO5y6W5/JiABmcAhG+Te7R3f
 jm/sQiDjdQcg4ZpNvQUxwDSq3RFPsV6l0hvI06emQq52tao8cxG0gF9/sws7dVBVqOoT+Edd
 vl1HD8mOmY66YjQuB/PQBGmylAcX24VwX8qSwLFuUrLZovetiH0kepw23aZLOLzdpQIZmiZs
 rhhDwPO1T0ea2A1zzrKkcx8gLkO83fD7xYq4oDybZi8HqUhWIONQ/0EelFjRZYNeQBkAICEd
 rcBItJYIOhk95SmmWUcg0WYOBWyXePzlhMQnk7d5qkg1L8CSAyawDQRLt9SikvQhYT3EqMIT
 cDt/rfB5GjeffNR0zfDtojHS04Lq9GdGvVxXs7J50oGBweUr1abk9T9YzeJ0eQ2smWfrLppW
 f69olwEpDA2jD6gyJlvi4/3qpIe4GrC8yVr2qFsO4WlWh5kNI3sAN5RrSacL4xsXoY4Tnp1v
 Dpv0rQdos3TlEkizZ0mw1vad/WkWtLWpBz5XfuXITB2iWgjdL/szxqx8E310uTnTYH0y1dFq
 CNZj8PB/m4AzR3d68WLC7N9806t1CzJ1lX75PtNPEY0kqTWMdgmxLsxnYAUqkPNAmn9n0Ces
 Q==
IronPort-Data: A9a23:KE+0tqAHvBV3oRVW/6znw5YqxClBgxIJ4kV8jS/XYbTApD8qgjFUz
 mIWWGuPP/bZNjOmfNkgPYm3pxsOsMeGmINkOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA
 /02M4WGdoZuJpPljk/FGqD7qnVh3r2/SLP5CerVUgh8XgYMpB0J0HqPoMZnxNYz6TSFK1nV4
 4ir+5eCYAbNNwNcawr41YrT8HuDg9yv4Fv0jnRmDdhXsVnXkWUiDZ53Dcld+FOhH+G4tsbjL
 wry5OnRElHxpn/BOfv5+lrPSXDmd5aJVeS4Ztq6bID56vRKjnRaPq/Wr5PwY28P49mCt4gZJ
 NmgKfVcRC9xVpAgltjxXDFVOBphGrFjxYOABiSgjtLD/UT7VETFlqAG4EEeZeX0+85sBH1Ws
 /EIIzBLYAqKmuS2x7y2UK9gi6zPLuGyYdhZ6y4mlG6IS698HvgvQI2SjTNc9DIxjcBHEPKYe
 McYciFHZRXbbhYJNE0eFZQ+m+mlnD/zflW0rXrL9fZnvTKMkGSd1pC9HuHOdPvJX/x+j3ek9
 j7C+k/XXiAjYYn3JT2ttyjEavX0tSr/VZIbErG17NZvgV2awm0YGRtQXly+ydGzkEejXd9FA
 08Z4Cwjqe417kPDZtDmQzW7rWSCsxpaXMBfe8Ui4RyJ4rLd/gLcA28DVDMHY9sj3Oc6TDor2
 1uhntTmCDV1urqFD3SQ6t+8pDW+IykUBWwPfykJSU0C+daLiIQ6lA7OSJBnGbOditzzBCG2z
 z2UxAAlgLMcpc0GzaO2+RbAmT3EjonJVSY77EPcWWfNxgF+ZIjjaYWz9VHR4PBMBImcR1iF+
 nMDnqC27/gVDJeClASOTf8LEbXv4OyKWBXHjVBHEJ4m+DCgvXWkeOh44Dh5IFpuGskDfjDtb
 QnYvgY5zJ1UOGCjRax6eYS8D4It16eIPc34W/bIb9xmY4N2agaD8SdyI0WX2gjFjkk2loktN
 JGab4CoDHAHGeJg1jXwWuR1+boqxSQ53kvIV53hwhiml7qDDFacTLYfbwCPasg26aqFpEPe9
 NM3H9CH0RpSeO33Zi3G98gYKlViBXIjC7jopMFNMO2OOAxrHCcmEfC56bcgfZF12qdYjOHF+
 lmjVUJCjlnyn3vKLUONcH8LQLfuW4tv6HwgMSEyMFKAxXcue8Cs4b0Zep9xeqMonNGP1tYtE
 qJAKprFW6seD22dpHIDaN/26oJ4fQmthQWAMjDjbDVXk4NcejElM+TMJ2PH3CcUBzextcwwr
 qfm0QXeQJEZQB9lAtqQY/Wqp25dd1BH8A6rdxqZfotgaw/3/ZJ0Kif8qPYyLoteYV/A3zaWn
 ULeSxsRueCH8cd//cjrlJK0id6jM9J/OU5GQEjdz7K9bhfB8kSZnIRvbeevfBLmbl3SxpmMX
 +tv8qzDAKU1p2oS64tYOJR3/J06/Orq9uN7zBw7PXDlbGaLK7JHI1uG1Plpspxcm7pSvCXvU
 EeP5OtfB6StPfnhMV8OJTgKavaI+uEUlwLzs9U0AhTezw1m8IWXVX59O0G3txVcC79uIaUZw
 esFk+wH2TyV0xYFHI6PsXFJyj6qMHcFbZQCirgbJ43a0iwQ1VBIZM3nOB/cuZ2gRY1FDRg3H
 2WymqHHurV7w3jCeVoVEVzm/7JUpbYKiSBw4G4yHXa7sfubuaZvxzxUyyo9cSpNxBYe0+5TB
 HliB3coGYqwpQVXlOpxdEHyPTpeBS+p2F37kHoIs2z7c3OGdELwKE8FBOLc23xBrkx9eGBA8
 aC62VTVd2/gXPvM0xsYXW9nrP3eTuJNyDDSpfD/H+m4G8gVXDm0pI6vemsClDX/C+wTmkDsh
 Ldn7cRwW4LBJA8SpKwKNI2I54s1VSKCBmxOfqxm9vk7GWrdJTKA4hmVCkWLYsgWDef7wUy5L
 M1PJ8x0SBW10hiVnA0bHaIhJ7xVnuYjwdg/JoPQOm8NtoWAogpTsJ7/8jb0gEkpSY5MlfkRB
 5zwdTXYNECtnlpRxnHwqfdbNlqCYdUrYBP22Ma3+r4rE7MBqORdTlEg4ICrvnm6MBpVwDzMh
 VntP5Tp9u1FzZhgu6DOEa8ZXgW9Fo7VZdSyqQu2t4xDUMPLPcLwrDgqk1jAPTlNHL4vSt9yx
 KWsstn24Rv/h4wIcVvlwruPK6oYwv+JfrtzEtn2J3xkjye9SJfSwx8cyVuZd71Nsv1gv/eCe
 SXpSfGNZeY0WshczkJ7cyJxMQgQIIWpY7bCpRGSleWtCB8c2laedNiMqHvkQkdcUio6KqzON
 BL9lKer1OB5sbZjOR4gLNNlCq9eP1XMd/YHddrwlD/AFUiuoAqIlYXDnCoaywPgKye7Auejx
 rydXTn4VhC5mJ+Q/eFjq4Yo4yEmVidss9c/bmc22oBQiQnjKEUkMO5EE5ENKq8MoxzIzJuiO
 Q38NjozOx7cAwZBXw73uun4fwGlAecLBNf1Cxop826QaAa0HImwO6RgxAgx/0ZJfibf88//J
 eE84nHQOj2D8qNtT8sX5d25hr5D7dHezXQq50v8spLTBzAzPLY070FiTTF9DXH/L8LwlUv1f
 Dl/ASgORUygUkf+HPpxY3MfSllToDrryC5udiuVhsrWv4KA1uBb1fnjIKfJ36YeaNgRbqs7L
 Z8tq7BhP0jNspDLhZYUhg==
IronPort-HdrOrdr: A9a23:7n0efKAmlQrleynlHemR55DYdb4zR+YMi2TDj3oBLCC9Afbo8/
 xG/c5rrSMc5wxhO03I9ertBEDiewKmyXcW2/hyAV7KZmCP0wHEEGgI1+XfKkjbexEWgdQ96U
 4PScdD4ZbLfD9HZI7BkW+F+vgbsaC6zJw=
From:   =?UTF-8?q?Michael=20Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
To:     Alexander Mikhalitsyn <alexander@mihalicyn.com>,
        Christian Brauner <brauner@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Paul Moore <paul@paul-moore.com>
CC:     Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <martin.lau@linux.dev>,
        Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>,
        Stanislav Fomichev <sdf@google.com>,
        Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
        Quentin Monnet <quentin@isovalent.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Amir Goldstein <amir73il@gmail.com>,
        "Serge E. Hallyn" <serge@hallyn.com>, <bpf@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
        <gyroidos@aisec.fraunhofer.de>,
        =?UTF-8?q?Michael=20Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
Subject: [RESEND RFC PATCH v2 04/14] lsm: Add security_dev_permission() hook
Date:   Wed, 25 Oct 2023 11:42:14 +0200
Message-Id: <20231025094224.72858-5-michael.weiss@aisec.fraunhofer.de>
In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de>
References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cHdaQkg4TnlSbFplZGxxYTQ4QUhzQ0xoaGZqa05PV000d2x6WDJiYlErcW05?=
 =?utf-8?B?SzBCWDBRYjRDMjZGMUkzVWI1RkhQSjNJY2dxa3NMMEt6TXlnb2RrTENIT3pi?=
 =?utf-8?B?a2d0eWFCMnA4NUJOaUlOMU4rb1lHM2h5bGRnQnBKRHNxZ1JGM2xpRHlzcS9u?=
 =?utf-8?B?RE1VbEJUSXZYcmdtU3QyMzlocnFEZnRHSCtzZ21OaTFlY2k4dWdzRXlLZWFh?=
 =?utf-8?B?VFc5RVg5MEt1OGxFQTVDQzJma011YTRTT3diSnlqT0ZOdW1IWGVBanpISVBR?=
 =?utf-8?B?RCs5RGxXdUxLbkVXOGRrVkZCSGdhWlE2eXJqS0ZXV2RyVXRrTzMwNmdWVDYy?=
 =?utf-8?B?YnptbVZpTDgyVjZ4bDRGNGNoN0sxZXAzbjl6VlhqQVdaQWd0QlB2cWZJSXpa?=
 =?utf-8?B?dWxBcjdRTGIzMTF2TFB4NWRuOWY1TDZOKytjT2hOd2pwdlk0VS9zZ0lOQ3hj?=
 =?utf-8?B?SXptaVAvVWFudnNCTnJJblVzT1k2eEFOVEl4WFB5SWFMTi9BUkpBSXhyTkRQ?=
 =?utf-8?B?M1lWci95NDJ4YU15MjNYZFJtVHdLaFFaTnJCbkU5US8xRTdYVnU0Y1U3eEts?=
 =?utf-8?B?TTYzUGFxMTJiZmtLZEJZSEJoS3NXblpmRUplS1hpa2lBY3c5dUdaaTFNRUJC?=
 =?utf-8?B?a3hIK29tQ0haRk9neHhNYklvUE5sU1h0R1crMndteHRtc1FpZmQ0Q3l5VXFW?=
 =?utf-8?B?SXdIZ1pJNkV1UHllcVBxY2RiaEF6NWljNzVrZDhvV0xBQVZ0YWQwTnEyTktU?=
 =?utf-8?B?NHQ0RFdONkl0aDZsOE8xRG1XZEM3YktxTCtxbFFBNW5hZklPd1JwQlFkcFpJ?=
 =?utf-8?B?cWFGOVgzUlhrdTVnWklkbjhrcU1mYm1FOVVRSHl0NDltNWFtMTNaNHNnMWdU?=
 =?utf-8?B?ZDlZNmZwaGk3S1ZyVGFTU1pQak4xTlM2b0V0NkU5aGkzS00vZDBWdXFjRTdU?=
 =?utf-8?B?OWtPeUdGNDl3WUw2aEU3UUV5cmV1RllCVzZaNytTYXdsN2FsL1ZZMFdBa0NY?=
 =?utf-8?B?QW5wZFc5OUFqUU9UUWNQc1lRTVpGWjRibU9ZYjZnS3ZZVlVCdlNvVVpzbzBI?=
 =?utf-8?B?Nm5tOEl2VG5PSFFldUdjNi9kbXR3YjUvNGR4dzJnSThEU1ZXMUpSRXdvS0JY?=
 =?utf-8?B?NE9lVXRaVjk0SmpDVWtmYmVobTFsVTYraGZkNTViRHdkOHMxRHVMS05CTldi?=
 =?utf-8?B?ekJrN1E0TFUycHQ3WDQ0TTQxZ01odU1vMUx5RTZtcEJYUmJWOTUvMmthWDZB?=
 =?utf-8?B?SmVEdys2dDltbVZ0VnM5emZYOUhmbEowUUsvekFqTHZYQU5WN1RQVmtzUkJT?=
 =?utf-8?B?dWZ4WEdaaXlWa2JsUXFHcDNsS2p3TDVnTEc2KysvQUNJbFlkWStlOE5rUVpN?=
 =?utf-8?B?alN4dmlSODgwM0J1WE1zNUhjczlKTlU4QStiRzczc0huTmJudVM5QXJHcU9B?=
 =?utf-8?B?WnVOY0tnTDNtT01lc1BaekIrVXJTUmQyZ1NzOHhObGNmM3NXRTg5R2hTeVJW?=
 =?utf-8?B?NmRCaHJva0lWdi9KUFFNRnRsQWN5T2dkSU5Jb1FkeWFYbFFqNmMyaGJZSndO?=
 =?utf-8?B?S0FpbWlJTGdxZGZzbWRZbDdTdkdWVzBSc2VaZGtmbDlaNFM1Nzh0RG85M0dV?=
 =?utf-8?B?VUxidmJMVkNqTnZ0ZVFHeFB3bGxxSjI1c0psRmpVZ3R0U3AyUyswWnIzWHlp?=
 =?utf-8?B?aEF0WkVGSVVVU0dQa1VLYlhvZXRISmw3MmtZVE82UTRiRTN6cFVSM2JkYmJG?=
 =?utf-8?B?VXlhaHZjUWVsZXFhYitMK2d5a3R0VjlLazNNRnV2cGhSOHFRdDVUamEwL2t4?=
 =?utf-8?B?dlA0a2RGWlFmL1dTMG9WL1hoUUVIbVI3S0lLU1htNjBJcmdXT000N1JRSWNi?=
 =?utf-8?B?dzRBU1ZXZEpDOGVxTDM3QUt6d0xEci9CZTQxZjN2aERXRVFhbE8yTWhUMnE1?=
 =?utf-8?B?T1dzUmJpdDZGbTd4U0FSQmkxd1hsNGhnMnVhN3QyQTJUeDZ1WHF5OXlyUEIz?=
 =?utf-8?B?WkVLS2dIc3RpR0Y0Z1Azdnh6SnpMallkdkNDeHJ0ZVhUNkZFWHRkSHpDV2tr?=
 =?utf-8?B?ZWwwdW9ycm9OMVl6dFcxRi9VZE1qSEppbzNOaTZxdHB6SWNjVHJUdUpHYk5T?=
 =?utf-8?B?clE3akdxc25TQVNSZU5qREJQaFpIcmxjVXF0RlkyWC9OQ091TzFBS21JbjVI?=
 =?utf-8?B?VGZEVUoxOXNZcFo2U25VZDdmVnZkR2RjTkJOMVpKdzdwSThiNzlkQnArb1Bq?=
 =?utf-8?Q?aPNNGCNsWnnys0/gepIGAAicK4TyHvTeXFN4n2V+nA=3D?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 25109b51-b884-4bf4-bd14-08dbd53ec457
X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:56.3254
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: nNQFbFkTT2YqM3/5C6BGsxNfAQU+B4F02gvmmxjusFyHMl7TPimZLaGldB65yPFx3B4pfTH1ZCNJWJtCNkcX5NzcxOQ/QCEdmJnTxa/XydIt0Q882WfPYW/s3frcqXx2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116
X-OriginatorOrg: aisec.fraunhofer.de
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:39 -0700 (PDT)

Provide a new lsm hook which may be used to check permission on
a device by its dev_t representation only. This could be used if
an inode is not available and the security_inode_permission
check is not applicable.

A first lsm to use this will be the lately converted cgroup_device
module, to allow permission checks inside driver implementations.

Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
 include/linux/lsm_hook_defs.h |  1 +
 include/linux/security.h      |  5 +++++
 security/security.c           | 18 ++++++++++++++++++
 3 files changed, 24 insertions(+)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index ac962c4cb44b..a868982725a9 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -275,6 +275,7 @@ LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen)
 LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen)
 LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx,
 	 u32 *ctxlen)
+LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask)
 
 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
 LSM_HOOK(int, 0, post_notification, const struct cred *w_cred,
diff --git a/include/linux/security.h b/include/linux/security.h
index 5f16eecde00b..8bc6ac8816c6 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -484,6 +484,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
 int security_locked_down(enum lockdown_reason what);
+int security_dev_permission(umode_t mode, dev_t dev, int mask);
 #else /* CONFIG_SECURITY */
 
 static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1395,6 +1396,10 @@ static inline int security_locked_down(enum lockdown_reason what)
 {
 	return 0;
 }
+static inline int security_dev_permission(umode_t mode, dev_t dev, int mask)
+{
+	return 0;
+}
 #endif	/* CONFIG_SECURITY */
 
 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
diff --git a/security/security.c b/security/security.c
index 23b129d482a7..40f6787df3b1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4016,6 +4016,24 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 }
 EXPORT_SYMBOL(security_inode_getsecctx);
 
+/**
+ * security_dev_permission() - Check if accessing a dev is allowed
+ * @mode: file mode holding device type
+ * @dev: device
+ * @mask: access mask
+ *
+ * Check permission before accessing an device by its major minor.
+ * This hook is called by drivers which may not have an inode but only
+ * the dev_t representation of a device to check permission.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
+int security_dev_permission(umode_t mode, dev_t dev, int mask)
+{
+	return call_int_hook(dev_permission, 0, mode, dev, mask);
+}
+EXPORT_SYMBOL(security_dev_permission);
+
 #ifdef CONFIG_WATCH_QUEUE
 /**
  * security_post_notification() - Check if a watch notification can be posted
-- 
2.30.2