diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-01-21 10:54:10 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-01-25 12:17:57 -0500 |
| commit | 79af73079d753b2d04e46f7445716d3b5f914dbd (patch) | |
| tree | 565ce3d58ccae8765fe13e20064b3ba48eaa0ebc /security/security.c | |
| parent | 79563db9ddd37908343103debf20da716ccc5ce4 (diff) | |
Add security hooks to binder and implement the hooks for SELinux.
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC. The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability of a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).
These hooks have been included in the Android kernel trees since Android 4.3.
(Updated to reflect upstream relocation and changes to the binder driver,
changes to the LSM audit data structures, coding style cleanups, and
to add inline documentation for the hooks).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Nick Kralevich <nnk@google.com>
Acked-by: Jeffrey Vander Stoep <jeffv@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 18b35c63fc0c..b196de34b19f 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -135,6 +135,29 @@ int __init register_security(struct security_operations *ops) | |||
| 135 | 135 | ||
| 136 | /* Security operations */ | 136 | /* Security operations */ |
| 137 | 137 | ||
| 138 | int security_binder_set_context_mgr(struct task_struct *mgr) | ||
| 139 | { | ||
| 140 | return security_ops->binder_set_context_mgr(mgr); | ||
| 141 | } | ||
| 142 | |||
| 143 | int security_binder_transaction(struct task_struct *from, | ||
| 144 | struct task_struct *to) | ||
| 145 | { | ||
| 146 | return security_ops->binder_transaction(from, to); | ||
| 147 | } | ||
| 148 | |||
| 149 | int security_binder_transfer_binder(struct task_struct *from, | ||
| 150 | struct task_struct *to) | ||
| 151 | { | ||
| 152 | return security_ops->binder_transfer_binder(from, to); | ||
| 153 | } | ||
| 154 | |||
| 155 | int security_binder_transfer_file(struct task_struct *from, | ||
| 156 | struct task_struct *to, struct file *file) | ||
| 157 | { | ||
| 158 | return security_ops->binder_transfer_file(from, to, file); | ||
| 159 | } | ||
| 160 | |||
| 138 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode) | 161 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode) |
| 139 | { | 162 | { |
| 140 | #ifdef CONFIG_SECURITY_YAMA_STACKED | 163 | #ifdef CONFIG_SECURITY_YAMA_STACKED |