aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDavid Quigley <dpquigl@tycho.nsa.gov>2006-06-23 05:04:01 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-23 10:42:54 -0400
commit35601547baf92d984b6e59cf3583649da04baea5 (patch)
treea392501e6e004ed33789dbf3f7a9fe43295439e1 /include
parent22fb52dd736a62e24c44c50739007496265dc38c (diff)
[PATCH] SELinux: add task_movememory hook
This patch adds new security hook, task_movememory, to be called when memory owened by a task is to be moved (e.g. when migrating pages to a this hook is identical to the setscheduler implementation, but a separate hook introduced to allow this check to be specialized in the future if necessary. Since the last posting, the hook has been renamed following feedback from Christoph Lameter. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Cc: Christoph Lameter <clameter@sgi.com> Cc: Andi Kleen <ak@muc.de> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h15
1 files changed, 15 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 65b32a0c6207..d2c17bd91a29 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -601,6 +601,10 @@ struct swap_info_struct;
601 * @p. 601 * @p.
602 * @p contains the task_struct for process. 602 * @p contains the task_struct for process.
603 * Return 0 if permission is granted. 603 * Return 0 if permission is granted.
604 * @task_movememory
605 * Check permission before moving memory owned by process @p.
606 * @p contains the task_struct for process.
607 * Return 0 if permission is granted.
604 * @task_kill: 608 * @task_kill:
605 * Check permission before sending signal @sig to @p. @info can be NULL, 609 * Check permission before sending signal @sig to @p. @info can be NULL,
606 * the constant 1, or a pointer to a siginfo structure. If @info is 1 or 610 * the constant 1, or a pointer to a siginfo structure. If @info is 1 or
@@ -1220,6 +1224,7 @@ struct security_operations {
1220 int (*task_setscheduler) (struct task_struct * p, int policy, 1224 int (*task_setscheduler) (struct task_struct * p, int policy,
1221 struct sched_param * lp); 1225 struct sched_param * lp);
1222 int (*task_getscheduler) (struct task_struct * p); 1226 int (*task_getscheduler) (struct task_struct * p);
1227 int (*task_movememory) (struct task_struct * p);
1223 int (*task_kill) (struct task_struct * p, 1228 int (*task_kill) (struct task_struct * p,
1224 struct siginfo * info, int sig); 1229 struct siginfo * info, int sig);
1225 int (*task_wait) (struct task_struct * p); 1230 int (*task_wait) (struct task_struct * p);
@@ -1865,6 +1870,11 @@ static inline int security_task_getscheduler (struct task_struct *p)
1865 return security_ops->task_getscheduler (p); 1870 return security_ops->task_getscheduler (p);
1866} 1871}
1867 1872
1873static inline int security_task_movememory (struct task_struct *p)
1874{
1875 return security_ops->task_movememory (p);
1876}
1877
1868static inline int security_task_kill (struct task_struct *p, 1878static inline int security_task_kill (struct task_struct *p,
1869 struct siginfo *info, int sig) 1879 struct siginfo *info, int sig)
1870{ 1880{
@@ -2512,6 +2522,11 @@ static inline int security_task_getscheduler (struct task_struct *p)
2512 return 0; 2522 return 0;
2513} 2523}
2514 2524
2525static inline int security_task_movememory (struct task_struct *p)
2526{
2527 return 0;
2528}
2529
2515static inline int security_task_kill (struct task_struct *p, 2530static inline int security_task_kill (struct task_struct *p,
2516 struct siginfo *info, int sig) 2531 struct siginfo *info, int sig)
2517{ 2532{