2 files changed, 29 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b005acbcc6e9..062b459b62bf 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -17,6 +17,7 @@
 *      Paul Moore <paul@paul-moore.com>
 *  Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
 *                     Yuichi Nakamura <ynakam@hitachisoft.jp>
+ *  Copyright (C) 2016 Mellanox Technologies
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License version 2,
@@ -6144,7 +6145,26 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
        *_buffer = context;
        return rc;
 }
+#endif
+#ifdef CONFIG_SECURITY_INFINIBAND
+static int selinux_ib_alloc_security(void **ib_sec)
+{
+        struct ib_security_struct *sec;
+        sec = kzalloc(sizeof(*sec), GFP_KERNEL);
+        if (!sec)
+                return -ENOMEM;
+        sec->sid = current_sid();
+        *ib_sec = sec;
+        return 0;
+}
+static void selinux_ib_free_security(void *ib_sec)
+{
+        kfree(ib_sec);
+}
 #endif
 static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
@@ -6331,7 +6351,10 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
        LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
        LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
        LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
+#ifdef CONFIG_SECURITY_INFINIBAND
+        LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
+        LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
+#endif
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
        LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
        LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index c03cdcd12a3b..b7f15f7dc9af 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -10,6 +10,7 @@
 *
 *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
 *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *  Copyright (C) 2016 Mellanox Technologies
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License version 2,
@@ -139,6 +140,10 @@ struct key_security_struct {
        u32 sid;        /* SID of key */
 };
+struct ib_security_struct {
+        u32 sid;        /* SID of the queue pair or MAD agent */
+};
 extern unsigned int selinux_checkreqprot;
 #endif /* _SELINUX_OBJSEC_H_ */

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b005acbcc6e9..062b459b62bf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -17,6 +17,7 @@
17	* Paul Moore <paul@paul-moore.com>	17	* Paul Moore <paul@paul-moore.com>
18	* Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.	18	* Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
19	* Yuichi Nakamura <ynakam@hitachisoft.jp>	19	* Yuichi Nakamura <ynakam@hitachisoft.jp>
		20	* Copyright (C) 2016 Mellanox Technologies
20	*	21	*
21	* This program is free software; you can redistribute it and/or modify	22	* This program is free software; you can redistribute it and/or modify
22	* it under the terms of the GNU General Public License version 2,	23	* it under the terms of the GNU General Public License version 2,
@@ -6144,7 +6145,26 @@ static int selinux_key_getsecurity(struct key key, char *_buffer)
6144	*_buffer = context;	6145	*_buffer = context;
6145	return rc;	6146	return rc;
6146	}	6147	}
		6148	#endif
		6149
		6150	#ifdef CONFIG_SECURITY_INFINIBAND
		6151	static int selinux_ib_alloc_security(void **ib_sec)
		6152	{
		6153	struct ib_security_struct *sec;
		6154
		6155	sec = kzalloc(sizeof(*sec), GFP_KERNEL);
		6156	if (!sec)
		6157	return -ENOMEM;
		6158	sec->sid = current_sid();
		6159
		6160	*ib_sec = sec;
		6161	return 0;
		6162	}
6147		6163
		6164	static void selinux_ib_free_security(void *ib_sec)
		6165	{
		6166	kfree(ib_sec);
		6167	}
6148	#endif	6168	#endif
6149		6169
6150	static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {	6170	static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
@@ -6331,7 +6351,10 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6331	LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),	6351	LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
6332	LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),	6352	LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
6333	LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),	6353	LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
6334		6354	#ifdef CONFIG_SECURITY_INFINIBAND
		6355	LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
		6356	LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
		6357	#endif
6335	#ifdef CONFIG_SECURITY_NETWORK_XFRM	6358	#ifdef CONFIG_SECURITY_NETWORK_XFRM
6336	LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),	6359	LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
6337	LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),	6360	LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),


diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index c03cdcd12a3b..b7f15f7dc9af 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h
@@ -10,6 +10,7 @@
10	*	10	*
11	* Copyright (C) 2001,2002 Networks Associates Technology, Inc.	11	* Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12	* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>	12	* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
		13	* Copyright (C) 2016 Mellanox Technologies
13	*	14	*
14	* This program is free software; you can redistribute it and/or modify	15	* This program is free software; you can redistribute it and/or modify
15	* it under the terms of the GNU General Public License version 2,	16	* it under the terms of the GNU General Public License version 2,
@@ -139,6 +140,10 @@ struct key_security_struct {
139	u32 sid; /* SID of key */	140	u32 sid; /* SID of key */
140	};	141	};
141		142
		143	struct ib_security_struct {
		144	u32 sid; /* SID of the queue pair or MAD agent */
		145	};
		146
142	extern unsigned int selinux_checkreqprot;	147	extern unsigned int selinux_checkreqprot;
143		148
144	#endif /* _SELINUX_OBJSEC_H_ */	149	#endif /* _SELINUX_OBJSEC_H_ */