diff options
author | David Quigley <dpquigl@tycho.nsa.gov> | 2006-06-30 04:55:49 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-30 14:25:37 -0400 |
commit | a1836a42daf5ddfe9a891973734bd9a7d62eb504 (patch) | |
tree | e8819aec40aff3fa0eecd2ef9d92df8213bce58b /fs | |
parent | 7a01955f99b65622a00ba5c8b39202ddc6fa65f8 (diff) |
[PATCH] SELinux: Add security hook definition for getioprio and insert hooks
Add a new security hook definition for the sys_ioprio_get operation. At
present, the SELinux hook function implementation for this hook is
identical to the getscheduler implementation but a separate hook is
introduced to allow this check to be specialized in the future if
necessary.
This patch also creates a helper function get_task_ioprio which handles the
access check in addition to retrieving the ioprio value for the task.
Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Jens Axboe <axboe@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ioprio.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/fs/ioprio.c b/fs/ioprio.c index 7fa76ed53c10..93aa5715f224 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
@@ -125,11 +125,24 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
125 | return ret; | 125 | return ret; |
126 | } | 126 | } |
127 | 127 | ||
128 | static int get_task_ioprio(struct task_struct *p) | ||
129 | { | ||
130 | int ret; | ||
131 | |||
132 | ret = security_task_getioprio(p); | ||
133 | if (ret) | ||
134 | goto out; | ||
135 | ret = p->ioprio; | ||
136 | out: | ||
137 | return ret; | ||
138 | } | ||
139 | |||
128 | asmlinkage long sys_ioprio_get(int which, int who) | 140 | asmlinkage long sys_ioprio_get(int which, int who) |
129 | { | 141 | { |
130 | struct task_struct *g, *p; | 142 | struct task_struct *g, *p; |
131 | struct user_struct *user; | 143 | struct user_struct *user; |
132 | int ret = -ESRCH; | 144 | int ret = -ESRCH; |
145 | int tmpio; | ||
133 | 146 | ||
134 | read_lock_irq(&tasklist_lock); | 147 | read_lock_irq(&tasklist_lock); |
135 | switch (which) { | 148 | switch (which) { |
@@ -139,16 +152,19 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
139 | else | 152 | else |
140 | p = find_task_by_pid(who); | 153 | p = find_task_by_pid(who); |
141 | if (p) | 154 | if (p) |
142 | ret = p->ioprio; | 155 | ret = get_task_ioprio(p); |
143 | break; | 156 | break; |
144 | case IOPRIO_WHO_PGRP: | 157 | case IOPRIO_WHO_PGRP: |
145 | if (!who) | 158 | if (!who) |
146 | who = process_group(current); | 159 | who = process_group(current); |
147 | do_each_task_pid(who, PIDTYPE_PGID, p) { | 160 | do_each_task_pid(who, PIDTYPE_PGID, p) { |
161 | tmpio = get_task_ioprio(p); | ||
162 | if (tmpio < 0) | ||
163 | continue; | ||
148 | if (ret == -ESRCH) | 164 | if (ret == -ESRCH) |
149 | ret = p->ioprio; | 165 | ret = tmpio; |
150 | else | 166 | else |
151 | ret = ioprio_best(ret, p->ioprio); | 167 | ret = ioprio_best(ret, tmpio); |
152 | } while_each_task_pid(who, PIDTYPE_PGID, p); | 168 | } while_each_task_pid(who, PIDTYPE_PGID, p); |
153 | break; | 169 | break; |
154 | case IOPRIO_WHO_USER: | 170 | case IOPRIO_WHO_USER: |
@@ -163,10 +179,13 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
163 | do_each_thread(g, p) { | 179 | do_each_thread(g, p) { |
164 | if (p->uid != user->uid) | 180 | if (p->uid != user->uid) |
165 | continue; | 181 | continue; |
182 | tmpio = get_task_ioprio(p); | ||
183 | if (tmpio < 0) | ||
184 | continue; | ||
166 | if (ret == -ESRCH) | 185 | if (ret == -ESRCH) |
167 | ret = p->ioprio; | 186 | ret = tmpio; |
168 | else | 187 | else |
169 | ret = ioprio_best(ret, p->ioprio); | 188 | ret = ioprio_best(ret, tmpio); |
170 | } while_each_thread(g, p); | 189 | } while_each_thread(g, p); |
171 | 190 | ||
172 | if (who) | 191 | if (who) |