1 files changed, 25 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b59255f86274..91ec46dd34d9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6169,6 +6169,29 @@ static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
                            INFINIBAND_PKEY__ACCESS, &ad);
 }
+static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
+                                            u8 port_num)
+{
+        struct common_audit_data ad;
+        int err;
+        u32 sid = 0;
+        struct ib_security_struct *sec = ib_sec;
+        struct lsm_ibendport_audit ibendport;
+        err = security_ib_endport_sid(dev_name, port_num, &sid);
+        if (err)
+                return err;
+        ad.type = LSM_AUDIT_DATA_IBENDPORT;
+        strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
+        ibendport.port = port_num;
+        ad.u.ibendport = &ibendport;
+        return avc_has_perm(sec->sid, sid,
+                            SECCLASS_INFINIBAND_ENDPORT,
+                            INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
+}
 static int selinux_ib_alloc_security(void **ib_sec)
 {
        struct ib_security_struct *sec;
@@ -6374,6 +6397,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
        LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
 #ifdef CONFIG_SECURITY_INFINIBAND
        LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
+        LSM_HOOK_INIT(ib_endport_manage_subnet,
+                      selinux_ib_endport_manage_subnet),
        LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
        LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
 #endif

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b59255f86274..91ec46dd34d9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -6169,6 +6169,29 @@ static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6169	INFINIBAND_PKEY__ACCESS, &ad);	6169	INFINIBAND_PKEY__ACCESS, &ad);
6170	}	6170	}
6171		6171
		6172	static int selinux_ib_endport_manage_subnet(void ib_sec, const char dev_name,
		6173	u8 port_num)
		6174	{
		6175	struct common_audit_data ad;
		6176	int err;
		6177	u32 sid = 0;
		6178	struct ib_security_struct *sec = ib_sec;
		6179	struct lsm_ibendport_audit ibendport;
		6180
		6181	err = security_ib_endport_sid(dev_name, port_num, &sid);
		6182
		6183	if (err)
		6184	return err;
		6185
		6186	ad.type = LSM_AUDIT_DATA_IBENDPORT;
		6187	strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
		6188	ibendport.port = port_num;
		6189	ad.u.ibendport = &ibendport;
		6190	return avc_has_perm(sec->sid, sid,
		6191	SECCLASS_INFINIBAND_ENDPORT,
		6192	INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
		6193	}
		6194
6172	static int selinux_ib_alloc_security(void **ib_sec)	6195	static int selinux_ib_alloc_security(void **ib_sec)
6173	{	6196	{
6174	struct ib_security_struct *sec;	6197	struct ib_security_struct *sec;
@@ -6374,6 +6397,8 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6374	LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),	6397	LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
6375	#ifdef CONFIG_SECURITY_INFINIBAND	6398	#ifdef CONFIG_SECURITY_INFINIBAND
6376	LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),	6399	LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
		6400	LSM_HOOK_INIT(ib_endport_manage_subnet,
		6401	selinux_ib_endport_manage_subnet),
6377	LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),	6402	LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
6378	LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),	6403	LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
6379	#endif	6404	#endif