aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-01 14:52:30 -0500
committerJames Morris <jmorris@namei.org>2008-04-18 19:52:33 -0400
commit713a04aeaba35bb95d442cdeb52055498519be25 (patch)
treea9d995cdc850d159189886e29f44d4ee88516eba
parent8a076191f373abaeb4aa5f6755d22e49db98940f (diff)
SELinux: setup new inode/ipc getsecid hooks
Setup the new inode_getsecid and ipc_getsecid() LSM hooks for SELinux. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
-rw-r--r--security/selinux/hooks.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 34f2d46c7984..bfffaa52e0cb 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2792,6 +2792,12 @@ static int selinux_inode_killpriv(struct dentry *dentry)
2792 return secondary_ops->inode_killpriv(dentry); 2792 return secondary_ops->inode_killpriv(dentry);
2793} 2793}
2794 2794
2795static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2796{
2797 struct inode_security_struct *isec = inode->i_security;
2798 *secid = isec->sid;
2799}
2800
2795/* file security operations */ 2801/* file security operations */
2796 2802
2797static int selinux_revalidate_file_permission(struct file *file, int mask) 2803static int selinux_revalidate_file_permission(struct file *file, int mask)
@@ -3183,7 +3189,8 @@ static int selinux_task_getsid(struct task_struct *p)
3183 3189
3184static void selinux_task_getsecid(struct task_struct *p, u32 *secid) 3190static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3185{ 3191{
3186 selinux_get_task_sid(p, secid); 3192 struct task_security_struct *tsec = p->security;
3193 *secid = tsec->sid;
3187} 3194}
3188 3195
3189static int selinux_task_setgroups(struct group_info *group_info) 3196static int selinux_task_setgroups(struct group_info *group_info)
@@ -4149,7 +4156,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
4149 goto out; 4156 goto out;
4150 4157
4151 if (sock && family == PF_UNIX) 4158 if (sock && family == PF_UNIX)
4152 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid); 4159 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4153 else if (skb) 4160 else if (skb)
4154 selinux_skb_peerlbl_sid(skb, family, &peer_secid); 4161 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4155 4162
@@ -5026,6 +5033,12 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5026 return ipc_has_perm(ipcp, av); 5033 return ipc_has_perm(ipcp, av);
5027} 5034}
5028 5035
5036static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5037{
5038 struct ipc_security_struct *isec = ipcp->security;
5039 *secid = isec->sid;
5040}
5041
5029/* module stacking operations */ 5042/* module stacking operations */
5030static int selinux_register_security (const char *name, struct security_operations *ops) 5043static int selinux_register_security (const char *name, struct security_operations *ops)
5031{ 5044{
@@ -5342,6 +5355,7 @@ static struct security_operations selinux_ops = {
5342 .inode_listsecurity = selinux_inode_listsecurity, 5355 .inode_listsecurity = selinux_inode_listsecurity,
5343 .inode_need_killpriv = selinux_inode_need_killpriv, 5356 .inode_need_killpriv = selinux_inode_need_killpriv,
5344 .inode_killpriv = selinux_inode_killpriv, 5357 .inode_killpriv = selinux_inode_killpriv,
5358 .inode_getsecid = selinux_inode_getsecid,
5345 5359
5346 .file_permission = selinux_file_permission, 5360 .file_permission = selinux_file_permission,
5347 .file_alloc_security = selinux_file_alloc_security, 5361 .file_alloc_security = selinux_file_alloc_security,
@@ -5382,6 +5396,7 @@ static struct security_operations selinux_ops = {
5382 .task_to_inode = selinux_task_to_inode, 5396 .task_to_inode = selinux_task_to_inode,
5383 5397
5384 .ipc_permission = selinux_ipc_permission, 5398 .ipc_permission = selinux_ipc_permission,
5399 .ipc_getsecid = selinux_ipc_getsecid,
5385 5400
5386 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 5401 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5387 .msg_msg_free_security = selinux_msg_msg_free_security, 5402 .msg_msg_free_security = selinux_msg_msg_free_security,