aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-03-31 15:22:49 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-05-01 06:09:56 -0400
commit9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d (patch)
tree1e1489ed5080ea4aff6206bfa904f549de8e56ca /security
parent1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (diff)
[PATCH] change lspp ipc auditing
Hi, The patch below converts IPC auditing to collect sid's and convert to context string only if it needs to output an audit record. This patch depends on the inode audit change patch already being applied. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/dummy.c6
-rw-r--r--security/selinux/exports.c11
-rw-r--r--security/selinux/hooks.c8
3 files changed, 11 insertions, 14 deletions
diff --git a/security/dummy.c b/security/dummy.c
index fd99429278e..8ccccccc12a 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -563,11 +563,6 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
563 return 0; 563 return 0;
564} 564}
565 565
566static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
567{
568 return -EOPNOTSUPP;
569}
570
571static int dummy_msg_msg_alloc_security (struct msg_msg *msg) 566static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
572{ 567{
573 return 0; 568 return 0;
@@ -976,7 +971,6 @@ void security_fixup_ops (struct security_operations *ops)
976 set_to_dummy_if_null(ops, task_reparent_to_init); 971 set_to_dummy_if_null(ops, task_reparent_to_init);
977 set_to_dummy_if_null(ops, task_to_inode); 972 set_to_dummy_if_null(ops, task_to_inode);
978 set_to_dummy_if_null(ops, ipc_permission); 973 set_to_dummy_if_null(ops, ipc_permission);
979 set_to_dummy_if_null(ops, ipc_getsecurity);
980 set_to_dummy_if_null(ops, msg_msg_alloc_security); 974 set_to_dummy_if_null(ops, msg_msg_alloc_security);
981 set_to_dummy_if_null(ops, msg_msg_free_security); 975 set_to_dummy_if_null(ops, msg_msg_free_security);
982 set_to_dummy_if_null(ops, msg_queue_alloc_security); 976 set_to_dummy_if_null(ops, msg_queue_alloc_security);
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index 07ddce7bf37..7357cf247f6 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -15,6 +15,7 @@
15#include <linux/module.h> 15#include <linux/module.h>
16#include <linux/selinux.h> 16#include <linux/selinux.h>
17#include <linux/fs.h> 17#include <linux/fs.h>
18#include <linux/ipc.h>
18 19
19#include "security.h" 20#include "security.h"
20#include "objsec.h" 21#include "objsec.h"
@@ -50,3 +51,13 @@ void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
50 *sid = 0; 51 *sid = 0;
51} 52}
52 53
54void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
55{
56 if (selinux_enabled) {
57 struct ipc_security_struct *isec = ipcp->security;
58 *sid = isec->sid;
59 return;
60 }
61 *sid = 0;
62}
63
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b61b9554bc2..3cf368a1644 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4052,13 +4052,6 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4052 return ipc_has_perm(ipcp, av); 4052 return ipc_has_perm(ipcp, av);
4053} 4053}
4054 4054
4055static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
4056{
4057 struct ipc_security_struct *isec = ipcp->security;
4058
4059 return selinux_getsecurity(isec->sid, buffer, size);
4060}
4061
4062/* module stacking operations */ 4055/* module stacking operations */
4063static int selinux_register_security (const char *name, struct security_operations *ops) 4056static int selinux_register_security (const char *name, struct security_operations *ops)
4064{ 4057{
@@ -4321,7 +4314,6 @@ static struct security_operations selinux_ops = {
4321 .task_to_inode = selinux_task_to_inode, 4314 .task_to_inode = selinux_task_to_inode,
4322 4315
4323 .ipc_permission = selinux_ipc_permission, 4316 .ipc_permission = selinux_ipc_permission,
4324 .ipc_getsecurity = selinux_ipc_getsecurity,
4325 4317
4326 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 4318 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4327 .msg_msg_free_security = selinux_msg_msg_free_security, 4319 .msg_msg_free_security = selinux_msg_msg_free_security,