aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2008-08-27 20:47:34 -0400
committerJames Morris <jmorris@namei.org>2008-08-27 20:47:34 -0400
commit86d688984deefa3ae5a802880c11f2b408b5d6cf (patch)
tree7ea5e8189b0a774626d3ed7c3c87df2495a4c4a0 /security/selinux
parent93c06cbbf9fea5d5be1778febb7fa9ab1a74e5f5 (diff)
parent4c246edd2550304df5b766cc841584b2bb058843 (diff)
Merge branch 'master' into next
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3eae30609702..6b5790bba8f9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1739,24 +1739,34 @@ static inline u32 file_to_av(struct file *file)
1739 1739
1740/* Hook functions begin here. */ 1740/* Hook functions begin here. */
1741 1741
1742static int selinux_ptrace(struct task_struct *parent, 1742static int selinux_ptrace_may_access(struct task_struct *child,
1743 struct task_struct *child, 1743 unsigned int mode)
1744 unsigned int mode)
1745{ 1744{
1746 int rc; 1745 int rc;
1747 1746
1748 rc = secondary_ops->ptrace(parent, child, mode); 1747 rc = secondary_ops->ptrace_may_access(child, mode);
1749 if (rc) 1748 if (rc)
1750 return rc; 1749 return rc;
1751 1750
1752 if (mode == PTRACE_MODE_READ) { 1751 if (mode == PTRACE_MODE_READ) {
1753 struct task_security_struct *tsec = parent->security; 1752 struct task_security_struct *tsec = current->security;
1754 struct task_security_struct *csec = child->security; 1753 struct task_security_struct *csec = child->security;
1755 return avc_has_perm(tsec->sid, csec->sid, 1754 return avc_has_perm(tsec->sid, csec->sid,
1756 SECCLASS_FILE, FILE__READ, NULL); 1755 SECCLASS_FILE, FILE__READ, NULL);
1757 } 1756 }
1758 1757
1759 return task_has_perm(parent, child, PROCESS__PTRACE); 1758 return task_has_perm(current, child, PROCESS__PTRACE);
1759}
1760
1761static int selinux_ptrace_traceme(struct task_struct *parent)
1762{
1763 int rc;
1764
1765 rc = secondary_ops->ptrace_traceme(parent);
1766 if (rc)
1767 return rc;
1768
1769 return task_has_perm(parent, current, PROCESS__PTRACE);
1760} 1770}
1761 1771
1762static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, 1772static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
@@ -5353,7 +5363,8 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
5353static struct security_operations selinux_ops = { 5363static struct security_operations selinux_ops = {
5354 .name = "selinux", 5364 .name = "selinux",
5355 5365
5356 .ptrace = selinux_ptrace, 5366 .ptrace_may_access = selinux_ptrace_may_access,
5367 .ptrace_traceme = selinux_ptrace_traceme,
5357 .capget = selinux_capget, 5368 .capget = selinux_capget,
5358 .capset_check = selinux_capset_check, 5369 .capset_check = selinux_capset_check,
5359 .capset_set = selinux_capset_set, 5370 .capset_set = selinux_capset_set,
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-25 17:30:30 -0500