[PATCH] SELinux: add task_movememory hook

This patch adds new security hook, task_movememory, to be called when memory owened by a task is to be moved (e.g. when migrating pages to a this hook is identical to the setscheduler implementation, but a separate hook introduced to allow this check to be specialized in the future if necessary. Since the last posting, the hook has been renamed following feedback from Christoph Lameter. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Cc: Christoph Lameter <clameter@sgi.com> Cc: Andi Kleen <ak@muc.de> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: David Quigley <dpquigl@tycho.nsa.gov> 2006-06-23 05:04:01 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-06-23 10:42:54 -0400
commit: 35601547baf92d984b6e59cf3583649da04baea5 (patch)
tree: a392501e6e004ed33789dbf3f7a9fe43295439e1 /include/linux/security.h
parent: 22fb52dd736a62e24c44c50739007496265dc38c (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 65b32a0c620..d2c17bd91a2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -601,6 +601,10 @@ struct swap_info_struct;
 *      @p.
 *      @p contains the task_struct for process.
 *      Return 0 if permission is granted.
+ * @task_movememory
+ *      Check permission before moving memory owned by process @p.
+ *      @p contains the task_struct for process.
+ *      Return 0 if permission is granted.
 * @task_kill:
 *      Check permission before sending signal @sig to @p.  @info can be NULL,
 *      the constant 1, or a pointer to a siginfo structure.  If @info is 1 or
@@ -1220,6 +1224,7 @@ struct security_operations {
        int (*task_setscheduler) (struct task_struct * p, int policy,
                                  struct sched_param * lp);
        int (*task_getscheduler) (struct task_struct * p);
+        int (*task_movememory) (struct task_struct * p);
        int (*task_kill) (struct task_struct * p,
                          struct siginfo * info, int sig);
        int (*task_wait) (struct task_struct * p);
@@ -1865,6 +1870,11 @@ static inline int security_task_getscheduler (struct task_struct *p)
        return security_ops->task_getscheduler (p);
 }
+static inline int security_task_movememory (struct task_struct *p)
+{
+        return security_ops->task_movememory (p);
+}
 static inline int security_task_kill (struct task_struct *p,
                                      struct siginfo *info, int sig)
 {
@@ -2512,6 +2522,11 @@ static inline int security_task_getscheduler (struct task_struct *p)
        return 0;
 }
+static inline int security_task_movememory (struct task_struct *p)
+{
+        return 0;
+}
 static inline int security_task_kill (struct task_struct *p,
                                      struct siginfo *info, int sig)
 {
author	David Quigley <dpquigl@tycho.nsa.gov>	2006-06-23 05:04:01 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-06-23 10:42:54 -0400
commit	35601547baf92d984b6e59cf3583649da04baea5 (patch)
tree	a392501e6e004ed33789dbf3f7a9fe43295439e1 /include/linux/security.h
parent	22fb52dd736a62e24c44c50739007496265dc38c (diff)