[PATCH] SELinux: Add security hook definition for getioprio and insert hooks

Add a new security hook definition for the sys_ioprio_get operation. At present, the SELinux hook function implementation for this hook is identical to the getscheduler implementation but a separate hook is introduced to allow this check to be specialized in the future if necessary. This patch also creates a helper function get_task_ioprio which handles the access check in addition to retrieving the ioprio value for the task. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: David Quigley <dpquigl@tycho.nsa.gov> 2006-06-30 04:55:49 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-06-30 14:25:37 -0400
commit: a1836a42daf5ddfe9a891973734bd9a7d62eb504 (patch)
tree: e8819aec40aff3fa0eecd2ef9d92df8213bce58b
parent: 7a01955f99b65622a00ba5c8b39202ddc6fa65f8 (diff)
4 files changed, 51 insertions, 5 deletions
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 7fa76ed53c10..93aa5715f224 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -125,11 +125,24 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
        return ret;
 }
+static int get_task_ioprio(struct task_struct *p)
+{
+        int ret;
+        ret = security_task_getioprio(p);
+        if (ret)
+                goto out;
+        ret = p->ioprio;
+out:
+        return ret;
+}
 asmlinkage long sys_ioprio_get(int which, int who)
 {
        struct task_struct *g, *p;
        struct user_struct *user;
        int ret = -ESRCH;
+        int tmpio;
        read_lock_irq(&tasklist_lock);
        switch (which) {
@@ -139,16 +152,19 @@ asmlinkage long sys_ioprio_get(int which, int who)
                        else
                                p = find_task_by_pid(who);
                        if (p)
-                                ret = p->ioprio;
+                                ret = get_task_ioprio(p);
                        break;
                case IOPRIO_WHO_PGRP:
                        if (!who)
                                who = process_group(current);
                        do_each_task_pid(who, PIDTYPE_PGID, p) {
+                                tmpio = get_task_ioprio(p);
+                                if (tmpio < 0)
+                                        continue;
                                if (ret == -ESRCH)
-                                        ret = p->ioprio;
+                                        ret = tmpio;
                                else
-                                        ret = ioprio_best(ret, p->ioprio);
+                                        ret = ioprio_best(ret, tmpio);
                        } while_each_task_pid(who, PIDTYPE_PGID, p);
                        break;
                case IOPRIO_WHO_USER:
@@ -163,10 +179,13 @@ asmlinkage long sys_ioprio_get(int which, int who)
                        do_each_thread(g, p) {
                                if (p->uid != user->uid)
                                        continue;
+                                tmpio = get_task_ioprio(p);
+                                if (tmpio < 0)
+                                        continue;
                                if (ret == -ESRCH)
-                                        ret = p->ioprio;
+                                        ret = tmpio;
                                else
-                                        ret = ioprio_best(ret, p->ioprio);
+                                        ret = ioprio_best(ret, tmpio);
                        } while_each_thread(g, p);
                        if (who)
diff --git a/include/linux/security.h b/include/linux/security.h
index d4b13d617f63..f75303831d09 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -585,6 +585,10 @@ struct swap_info_struct;
 *      @p contains the task_struct of process.
 *      @ioprio contains the new ioprio value
 *      Return 0 if permission is granted.
+ * @task_getioprio
+ *      Check permission before getting the ioprio value of @p.
+ *      @p contains the task_struct of process.
+ *      Return 0 if permission is granted.
 * @task_setrlimit:
 *      Check permission before setting the resource limits of the current
 *      process for @resource to @new_rlim.  The old resource limit values can
@@ -1227,6 +1231,7 @@ struct security_operations {
        int (*task_setgroups) (struct group_info *group_info);
        int (*task_setnice) (struct task_struct * p, int nice);
        int (*task_setioprio) (struct task_struct * p, int ioprio);
+        int (*task_getioprio) (struct task_struct * p);
        int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim);
        int (*task_setscheduler) (struct task_struct * p, int policy,
                                  struct sched_param * lp);
@@ -1864,6 +1869,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio)
        return security_ops->task_setioprio (p, ioprio);
 }
+static inline int security_task_getioprio (struct task_struct *p)
+{
+        return security_ops->task_getioprio (p);
+}
 static inline int security_task_setrlimit (unsigned int resource,
                                           struct rlimit *new_rlim)
 {
@@ -2520,6 +2530,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio)
        return 0;
 }
+static inline int security_task_getioprio (struct task_struct *p)
+{
+        return 0;
+}
 static inline int security_task_setrlimit (unsigned int resource,
                                           struct rlimit *new_rlim)
 {
diff --git a/security/dummy.c b/security/dummy.c
index de53f6eb0c08..d417936562db 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -524,6 +524,11 @@ static int dummy_task_setioprio (struct task_struct *p, int ioprio)
        return 0;
 }
+static int dummy_task_getioprio (struct task_struct *p)
+{
+        return 0;
+}
 static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
 {
        return 0;
@@ -988,6 +993,7 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, task_setgroups);
        set_to_dummy_if_null(ops, task_setnice);
        set_to_dummy_if_null(ops, task_setioprio);
+        set_to_dummy_if_null(ops, task_getioprio);
        set_to_dummy_if_null(ops, task_setrlimit);
        set_to_dummy_if_null(ops, task_setscheduler);
        set_to_dummy_if_null(ops, task_getscheduler);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a5189a347354..51bec4c88f19 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2671,6 +2671,11 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio)
        return task_has_perm(current, p, PROCESS__SETSCHED);
 }
+static int selinux_task_getioprio(struct task_struct *p)
+{
+        return task_has_perm(current, p, PROCESS__GETSCHED);
+}
 static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
 {
        struct rlimit *old_rlim = current->signal->rlim + resource;
@@ -4449,6 +4454,7 @@ static struct security_operations selinux_ops = {
        .task_setgroups =               selinux_task_setgroups,
        .task_setnice =                 selinux_task_setnice,
        .task_setioprio =               selinux_task_setioprio,
+        .task_getioprio =               selinux_task_getioprio,
        .task_setrlimit =               selinux_task_setrlimit,
        .task_setscheduler =            selinux_task_setscheduler,
        .task_getscheduler =            selinux_task_getscheduler,
author	David Quigley <dpquigl@tycho.nsa.gov>	2006-06-30 04:55:49 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-06-30 14:25:37 -0400
commit	a1836a42daf5ddfe9a891973734bd9a7d62eb504 (patch)
tree	e8819aec40aff3fa0eecd2ef9d92df8213bce58b
parent	7a01955f99b65622a00ba5c8b39202ddc6fa65f8 (diff)