diff options
author | David Quigley <dpquigl@tycho.nsa.gov> | 2006-06-30 04:55:49 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-30 14:25:37 -0400 |
commit | a1836a42daf5ddfe9a891973734bd9a7d62eb504 (patch) | |
tree | e8819aec40aff3fa0eecd2ef9d92df8213bce58b /include/linux | |
parent | 7a01955f99b65622a00ba5c8b39202ddc6fa65f8 (diff) |
[PATCH] SELinux: Add security hook definition for getioprio and insert hooks
Add a new security hook definition for the sys_ioprio_get operation. At
present, the SELinux hook function implementation for this hook is
identical to the getscheduler implementation but a separate hook is
introduced to allow this check to be specialized in the future if
necessary.
This patch also creates a helper function get_task_ioprio which handles the
access check in addition to retrieving the ioprio value for the task.
Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Jens Axboe <axboe@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/security.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index d4b13d617f63..f75303831d09 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -585,6 +585,10 @@ struct swap_info_struct; | |||
585 | * @p contains the task_struct of process. | 585 | * @p contains the task_struct of process. |
586 | * @ioprio contains the new ioprio value | 586 | * @ioprio contains the new ioprio value |
587 | * Return 0 if permission is granted. | 587 | * Return 0 if permission is granted. |
588 | * @task_getioprio | ||
589 | * Check permission before getting the ioprio value of @p. | ||
590 | * @p contains the task_struct of process. | ||
591 | * Return 0 if permission is granted. | ||
588 | * @task_setrlimit: | 592 | * @task_setrlimit: |
589 | * Check permission before setting the resource limits of the current | 593 | * Check permission before setting the resource limits of the current |
590 | * process for @resource to @new_rlim. The old resource limit values can | 594 | * process for @resource to @new_rlim. The old resource limit values can |
@@ -1227,6 +1231,7 @@ struct security_operations { | |||
1227 | int (*task_setgroups) (struct group_info *group_info); | 1231 | int (*task_setgroups) (struct group_info *group_info); |
1228 | int (*task_setnice) (struct task_struct * p, int nice); | 1232 | int (*task_setnice) (struct task_struct * p, int nice); |
1229 | int (*task_setioprio) (struct task_struct * p, int ioprio); | 1233 | int (*task_setioprio) (struct task_struct * p, int ioprio); |
1234 | int (*task_getioprio) (struct task_struct * p); | ||
1230 | int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); | 1235 | int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); |
1231 | int (*task_setscheduler) (struct task_struct * p, int policy, | 1236 | int (*task_setscheduler) (struct task_struct * p, int policy, |
1232 | struct sched_param * lp); | 1237 | struct sched_param * lp); |
@@ -1864,6 +1869,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio) | |||
1864 | return security_ops->task_setioprio (p, ioprio); | 1869 | return security_ops->task_setioprio (p, ioprio); |
1865 | } | 1870 | } |
1866 | 1871 | ||
1872 | static inline int security_task_getioprio (struct task_struct *p) | ||
1873 | { | ||
1874 | return security_ops->task_getioprio (p); | ||
1875 | } | ||
1876 | |||
1867 | static inline int security_task_setrlimit (unsigned int resource, | 1877 | static inline int security_task_setrlimit (unsigned int resource, |
1868 | struct rlimit *new_rlim) | 1878 | struct rlimit *new_rlim) |
1869 | { | 1879 | { |
@@ -2520,6 +2530,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio) | |||
2520 | return 0; | 2530 | return 0; |
2521 | } | 2531 | } |
2522 | 2532 | ||
2533 | static inline int security_task_getioprio (struct task_struct *p) | ||
2534 | { | ||
2535 | return 0; | ||
2536 | } | ||
2537 | |||
2523 | static inline int security_task_setrlimit (unsigned int resource, | 2538 | static inline int security_task_setrlimit (unsigned int resource, |
2524 | struct rlimit *new_rlim) | 2539 | struct rlimit *new_rlim) |
2525 | { | 2540 | { |