[roll] Roll fuchsia [sestarnix] Introduce support for "private" file system nodes

Linux has a notion of inodes which are "private" to the filesystem
and kernel, for which LSM hooks are not invoked.

Since this is only currently required for `Anon` nodes, two APIs
are added:
- `new_private_file()` to allow `FileObject`s to be created backed
  by a private anonymous `Anon` instance.
- `is_private(&FsNode)` to allow LSM hooks to skip access checks if
  the target `FsNode` is a private `Anon` instance.

`is_private()` is checked by the `has_fs_node_permissions()`
helper, so that `[todo_]has_{file|fs_node}_permissions()` callers
do not need to explicitly check the flag.

These checks should ideally be moved into the LSM layer (aka
`crate::security`) so that the desired result is achieved simply by
not invoking the LSM at all.

Original-Bug: 404773987
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1236385
Original-Revision: 6f3684f464a1a52814dec42a5258be6fe142d614
GitOrigin-RevId: d8f9d0cdc209185718a4eab9d43e3ecef51f5903
Change-Id: I7819d69493e1b86ef4d0234d469249ae25a0c801
1 file changed
tree: 1ddb1b440eb5583a758b9f662f270bfcd5c5ed49
  1. ctf/
  2. git-hooks/
  3. infra/
  4. third_party/
  5. cts
  6. firmware
  7. flower
  8. jiri.lock
  9. MILESTONE
  10. minimal
  11. prebuilts
  12. README.md
  13. stem
  14. test_durations
  15. toolchain
README.md

Integration

This repository contains Fuchsia's Global Integration manifest files.

Making changes

All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.

Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance in one of the communication channels documented at get involved.

Obtaining the source

First install Jiri.

Next run:

$ jiri init
$ jiri import minimal https://fuchsia.googlesource.com/integration
$ jiri update

Third party

Third party projects should have their own subdirectory in ./third_party.