diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 14:52:30 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-18 19:52:33 -0400 |
commit | 713a04aeaba35bb95d442cdeb52055498519be25 (patch) | |
tree | a9d995cdc850d159189886e29f44d4ee88516eba | |
parent | 8a076191f373abaeb4aa5f6755d22e49db98940f (diff) |
SELinux: setup new inode/ipc getsecid hooks
Setup the new inode_getsecid and ipc_getsecid() LSM hooks
for SELinux.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
-rw-r--r-- | security/selinux/hooks.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 34f2d46c7984..bfffaa52e0cb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2792,6 +2792,12 @@ static int selinux_inode_killpriv(struct dentry *dentry) | |||
2792 | return secondary_ops->inode_killpriv(dentry); | 2792 | return secondary_ops->inode_killpriv(dentry); |
2793 | } | 2793 | } |
2794 | 2794 | ||
2795 | static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) | ||
2796 | { | ||
2797 | struct inode_security_struct *isec = inode->i_security; | ||
2798 | *secid = isec->sid; | ||
2799 | } | ||
2800 | |||
2795 | /* file security operations */ | 2801 | /* file security operations */ |
2796 | 2802 | ||
2797 | static int selinux_revalidate_file_permission(struct file *file, int mask) | 2803 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
@@ -3183,7 +3189,8 @@ static int selinux_task_getsid(struct task_struct *p) | |||
3183 | 3189 | ||
3184 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) | 3190 | static void selinux_task_getsecid(struct task_struct *p, u32 *secid) |
3185 | { | 3191 | { |
3186 | selinux_get_task_sid(p, secid); | 3192 | struct task_security_struct *tsec = p->security; |
3193 | *secid = tsec->sid; | ||
3187 | } | 3194 | } |
3188 | 3195 | ||
3189 | static int selinux_task_setgroups(struct group_info *group_info) | 3196 | static int selinux_task_setgroups(struct group_info *group_info) |
@@ -4149,7 +4156,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * | |||
4149 | goto out; | 4156 | goto out; |
4150 | 4157 | ||
4151 | if (sock && family == PF_UNIX) | 4158 | if (sock && family == PF_UNIX) |
4152 | selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid); | 4159 | selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); |
4153 | else if (skb) | 4160 | else if (skb) |
4154 | selinux_skb_peerlbl_sid(skb, family, &peer_secid); | 4161 | selinux_skb_peerlbl_sid(skb, family, &peer_secid); |
4155 | 4162 | ||
@@ -5026,6 +5033,12 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | |||
5026 | return ipc_has_perm(ipcp, av); | 5033 | return ipc_has_perm(ipcp, av); |
5027 | } | 5034 | } |
5028 | 5035 | ||
5036 | static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | ||
5037 | { | ||
5038 | struct ipc_security_struct *isec = ipcp->security; | ||
5039 | *secid = isec->sid; | ||
5040 | } | ||
5041 | |||
5029 | /* module stacking operations */ | 5042 | /* module stacking operations */ |
5030 | static int selinux_register_security (const char *name, struct security_operations *ops) | 5043 | static int selinux_register_security (const char *name, struct security_operations *ops) |
5031 | { | 5044 | { |
@@ -5342,6 +5355,7 @@ static struct security_operations selinux_ops = { | |||
5342 | .inode_listsecurity = selinux_inode_listsecurity, | 5355 | .inode_listsecurity = selinux_inode_listsecurity, |
5343 | .inode_need_killpriv = selinux_inode_need_killpriv, | 5356 | .inode_need_killpriv = selinux_inode_need_killpriv, |
5344 | .inode_killpriv = selinux_inode_killpriv, | 5357 | .inode_killpriv = selinux_inode_killpriv, |
5358 | .inode_getsecid = selinux_inode_getsecid, | ||
5345 | 5359 | ||
5346 | .file_permission = selinux_file_permission, | 5360 | .file_permission = selinux_file_permission, |
5347 | .file_alloc_security = selinux_file_alloc_security, | 5361 | .file_alloc_security = selinux_file_alloc_security, |
@@ -5382,6 +5396,7 @@ static struct security_operations selinux_ops = { | |||
5382 | .task_to_inode = selinux_task_to_inode, | 5396 | .task_to_inode = selinux_task_to_inode, |
5383 | 5397 | ||
5384 | .ipc_permission = selinux_ipc_permission, | 5398 | .ipc_permission = selinux_ipc_permission, |
5399 | .ipc_getsecid = selinux_ipc_getsecid, | ||
5385 | 5400 | ||
5386 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, | 5401 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, |
5387 | .msg_msg_free_security = selinux_msg_msg_free_security, | 5402 | .msg_msg_free_security = selinux_msg_msg_free_security, |