diff options
author | Steve Grubb <sgrubb@redhat.com> | 2006-03-31 15:22:49 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-05-01 06:09:56 -0400 |
commit | 9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d (patch) | |
tree | 1e1489ed5080ea4aff6206bfa904f549de8e56ca /security | |
parent | 1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (diff) |
[PATCH] change lspp ipc auditing
Hi,
The patch below converts IPC auditing to collect sid's and convert to context
string only if it needs to output an audit record. This patch depends on the
inode audit change patch already being applied.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r-- | security/dummy.c | 6 | ||||
-rw-r--r-- | security/selinux/exports.c | 11 | ||||
-rw-r--r-- | security/selinux/hooks.c | 8 |
3 files changed, 11 insertions, 14 deletions
diff --git a/security/dummy.c b/security/dummy.c index fd99429278e..8ccccccc12a 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -563,11 +563,6 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) | |||
563 | return 0; | 563 | return 0; |
564 | } | 564 | } |
565 | 565 | ||
566 | static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
567 | { | ||
568 | return -EOPNOTSUPP; | ||
569 | } | ||
570 | |||
571 | static int dummy_msg_msg_alloc_security (struct msg_msg *msg) | 566 | static int dummy_msg_msg_alloc_security (struct msg_msg *msg) |
572 | { | 567 | { |
573 | return 0; | 568 | return 0; |
@@ -976,7 +971,6 @@ void security_fixup_ops (struct security_operations *ops) | |||
976 | set_to_dummy_if_null(ops, task_reparent_to_init); | 971 | set_to_dummy_if_null(ops, task_reparent_to_init); |
977 | set_to_dummy_if_null(ops, task_to_inode); | 972 | set_to_dummy_if_null(ops, task_to_inode); |
978 | set_to_dummy_if_null(ops, ipc_permission); | 973 | set_to_dummy_if_null(ops, ipc_permission); |
979 | set_to_dummy_if_null(ops, ipc_getsecurity); | ||
980 | set_to_dummy_if_null(ops, msg_msg_alloc_security); | 974 | set_to_dummy_if_null(ops, msg_msg_alloc_security); |
981 | set_to_dummy_if_null(ops, msg_msg_free_security); | 975 | set_to_dummy_if_null(ops, msg_msg_free_security); |
982 | set_to_dummy_if_null(ops, msg_queue_alloc_security); | 976 | set_to_dummy_if_null(ops, msg_queue_alloc_security); |
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index 07ddce7bf37..7357cf247f6 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/module.h> | 15 | #include <linux/module.h> |
16 | #include <linux/selinux.h> | 16 | #include <linux/selinux.h> |
17 | #include <linux/fs.h> | 17 | #include <linux/fs.h> |
18 | #include <linux/ipc.h> | ||
18 | 19 | ||
19 | #include "security.h" | 20 | #include "security.h" |
20 | #include "objsec.h" | 21 | #include "objsec.h" |
@@ -50,3 +51,13 @@ void selinux_get_inode_sid(const struct inode *inode, u32 *sid) | |||
50 | *sid = 0; | 51 | *sid = 0; |
51 | } | 52 | } |
52 | 53 | ||
54 | void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid) | ||
55 | { | ||
56 | if (selinux_enabled) { | ||
57 | struct ipc_security_struct *isec = ipcp->security; | ||
58 | *sid = isec->sid; | ||
59 | return; | ||
60 | } | ||
61 | *sid = 0; | ||
62 | } | ||
63 | |||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b61b9554bc2..3cf368a1644 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -4052,13 +4052,6 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | |||
4052 | return ipc_has_perm(ipcp, av); | 4052 | return ipc_has_perm(ipcp, av); |
4053 | } | 4053 | } |
4054 | 4054 | ||
4055 | static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
4056 | { | ||
4057 | struct ipc_security_struct *isec = ipcp->security; | ||
4058 | |||
4059 | return selinux_getsecurity(isec->sid, buffer, size); | ||
4060 | } | ||
4061 | |||
4062 | /* module stacking operations */ | 4055 | /* module stacking operations */ |
4063 | static int selinux_register_security (const char *name, struct security_operations *ops) | 4056 | static int selinux_register_security (const char *name, struct security_operations *ops) |
4064 | { | 4057 | { |
@@ -4321,7 +4314,6 @@ static struct security_operations selinux_ops = { | |||
4321 | .task_to_inode = selinux_task_to_inode, | 4314 | .task_to_inode = selinux_task_to_inode, |
4322 | 4315 | ||
4323 | .ipc_permission = selinux_ipc_permission, | 4316 | .ipc_permission = selinux_ipc_permission, |
4324 | .ipc_getsecurity = selinux_ipc_getsecurity, | ||
4325 | 4317 | ||
4326 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, | 4318 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, |
4327 | .msg_msg_free_security = selinux_msg_msg_free_security, | 4319 | .msg_msg_free_security = selinux_msg_msg_free_security, |