aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-03-31 15:22:49 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-05-01 06:09:56 -0400
commit9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d (patch)
tree1e1489ed5080ea4aff6206bfa904f549de8e56ca /include
parent1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (diff)
[PATCH] change lspp ipc auditing
Hi, The patch below converts IPC auditing to collect sid's and convert to context string only if it needs to output an audit record. This patch depends on the inode audit change patch already being applied. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h16
-rw-r--r--include/linux/selinux.h15
2 files changed, 15 insertions, 16 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index aaa0a5cdbf75..1bab48f6aeac 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -869,11 +869,6 @@ struct swap_info_struct;
869 * @ipcp contains the kernel IPC permission structure 869 * @ipcp contains the kernel IPC permission structure
870 * @flag contains the desired (requested) permission set 870 * @flag contains the desired (requested) permission set
871 * Return 0 if permission is granted. 871 * Return 0 if permission is granted.
872 * @ipc_getsecurity:
873 * Copy the security label associated with the ipc object into
874 * @buffer. @buffer may be NULL to request the size of the buffer
875 * required. @size indicates the size of @buffer in bytes. Return
876 * number of bytes used/required on success.
877 * 872 *
878 * Security hooks for individual messages held in System V IPC message queues 873 * Security hooks for individual messages held in System V IPC message queues
879 * @msg_msg_alloc_security: 874 * @msg_msg_alloc_security:
@@ -1223,7 +1218,6 @@ struct security_operations {
1223 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1218 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
1224 1219
1225 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1220 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
1226 int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
1227 1221
1228 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1222 int (*msg_msg_alloc_security) (struct msg_msg * msg);
1229 void (*msg_msg_free_security) (struct msg_msg * msg); 1223 void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1887,11 +1881,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
1887 return security_ops->ipc_permission (ipcp, flag); 1881 return security_ops->ipc_permission (ipcp, flag);
1888} 1882}
1889 1883
1890static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
1891{
1892 return security_ops->ipc_getsecurity(ipcp, buffer, size);
1893}
1894
1895static inline int security_msg_msg_alloc (struct msg_msg * msg) 1884static inline int security_msg_msg_alloc (struct msg_msg * msg)
1896{ 1885{
1897 return security_ops->msg_msg_alloc_security (msg); 1886 return security_ops->msg_msg_alloc_security (msg);
@@ -2532,11 +2521,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2532 return 0; 2521 return 0;
2533} 2522}
2534 2523
2535static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
2536{
2537 return -EOPNOTSUPP;
2538}
2539
2540static inline int security_msg_msg_alloc (struct msg_msg * msg) 2524static inline int security_msg_msg_alloc (struct msg_msg * msg)
2541{ 2525{
2542 return 0; 2526 return 0;
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 84a6c7404687..413d66773b91 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -16,6 +16,7 @@
16struct selinux_audit_rule; 16struct selinux_audit_rule;
17struct audit_context; 17struct audit_context;
18struct inode; 18struct inode;
19struct kern_ipc_perm;
19 20
20#ifdef CONFIG_SECURITY_SELINUX 21#ifdef CONFIG_SECURITY_SELINUX
21 22
@@ -98,6 +99,15 @@ int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
98 */ 99 */
99void selinux_get_inode_sid(const struct inode *inode, u32 *sid); 100void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
100 101
102/**
103 * selinux_get_ipc_sid - get the ipc security context ID
104 * @ipcp: ipc structure to get the sid from.
105 * @sid: pointer to security context ID to be filled in.
106 *
107 * Returns nothing
108 */
109void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
110
101#else 111#else
102 112
103static inline int selinux_audit_rule_init(u32 field, u32 op, 113static inline int selinux_audit_rule_init(u32 field, u32 op,
@@ -141,6 +151,11 @@ static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
141 *sid = 0; 151 *sid = 0;
142} 152}
143 153
154static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
155{
156 *sid = 0;
157}
158
144#endif /* CONFIG_SECURITY_SELINUX */ 159#endif /* CONFIG_SECURITY_SELINUX */
145 160
146#endif /* _LINUX_SELINUX_H */ 161#endif /* _LINUX_SELINUX_H */