aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c34
1 files changed, 32 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 34f2d46c7984..f9927f02bc3d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -83,6 +83,7 @@
83#include "netport.h" 83#include "netport.h"
84#include "xfrm.h" 84#include "xfrm.h"
85#include "netlabel.h" 85#include "netlabel.h"
86#include "audit.h"
86 87
87#define XATTR_SELINUX_SUFFIX "selinux" 88#define XATTR_SELINUX_SUFFIX "selinux"
88#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX 89#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
@@ -2792,6 +2793,12 @@ static int selinux_inode_killpriv(struct dentry *dentry)
2792 return secondary_ops->inode_killpriv(dentry); 2793 return secondary_ops->inode_killpriv(dentry);
2793} 2794}
2794 2795
2796static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2797{
2798 struct inode_security_struct *isec = inode->i_security;
2799 *secid = isec->sid;
2800}
2801
2795/* file security operations */ 2802/* file security operations */
2796 2803
2797static int selinux_revalidate_file_permission(struct file *file, int mask) 2804static int selinux_revalidate_file_permission(struct file *file, int mask)
@@ -3183,7 +3190,8 @@ static int selinux_task_getsid(struct task_struct *p)
3183 3190
3184static void selinux_task_getsecid(struct task_struct *p, u32 *secid) 3191static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3185{ 3192{
3186 selinux_get_task_sid(p, secid); 3193 struct task_security_struct *tsec = p->security;
3194 *secid = tsec->sid;
3187} 3195}
3188 3196
3189static int selinux_task_setgroups(struct group_info *group_info) 3197static int selinux_task_setgroups(struct group_info *group_info)
@@ -4149,7 +4157,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
4149 goto out; 4157 goto out;
4150 4158
4151 if (sock && family == PF_UNIX) 4159 if (sock && family == PF_UNIX)
4152 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid); 4160 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4153 else if (skb) 4161 else if (skb)
4154 selinux_skb_peerlbl_sid(skb, family, &peer_secid); 4162 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4155 4163
@@ -5026,6 +5034,12 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5026 return ipc_has_perm(ipcp, av); 5034 return ipc_has_perm(ipcp, av);
5027} 5035}
5028 5036
5037static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5038{
5039 struct ipc_security_struct *isec = ipcp->security;
5040 *secid = isec->sid;
5041}
5042
5029/* module stacking operations */ 5043/* module stacking operations */
5030static int selinux_register_security (const char *name, struct security_operations *ops) 5044static int selinux_register_security (const char *name, struct security_operations *ops)
5031{ 5045{
@@ -5281,6 +5295,8 @@ static int selinux_key_permission(key_ref_t key_ref,
5281#endif 5295#endif
5282 5296
5283static struct security_operations selinux_ops = { 5297static struct security_operations selinux_ops = {
5298 .name = "selinux",
5299
5284 .ptrace = selinux_ptrace, 5300 .ptrace = selinux_ptrace,
5285 .capget = selinux_capget, 5301 .capget = selinux_capget,
5286 .capset_check = selinux_capset_check, 5302 .capset_check = selinux_capset_check,
@@ -5342,6 +5358,7 @@ static struct security_operations selinux_ops = {
5342 .inode_listsecurity = selinux_inode_listsecurity, 5358 .inode_listsecurity = selinux_inode_listsecurity,
5343 .inode_need_killpriv = selinux_inode_need_killpriv, 5359 .inode_need_killpriv = selinux_inode_need_killpriv,
5344 .inode_killpriv = selinux_inode_killpriv, 5360 .inode_killpriv = selinux_inode_killpriv,
5361 .inode_getsecid = selinux_inode_getsecid,
5345 5362
5346 .file_permission = selinux_file_permission, 5363 .file_permission = selinux_file_permission,
5347 .file_alloc_security = selinux_file_alloc_security, 5364 .file_alloc_security = selinux_file_alloc_security,
@@ -5382,6 +5399,7 @@ static struct security_operations selinux_ops = {
5382 .task_to_inode = selinux_task_to_inode, 5399 .task_to_inode = selinux_task_to_inode,
5383 5400
5384 .ipc_permission = selinux_ipc_permission, 5401 .ipc_permission = selinux_ipc_permission,
5402 .ipc_getsecid = selinux_ipc_getsecid,
5385 5403
5386 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 5404 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5387 .msg_msg_free_security = selinux_msg_msg_free_security, 5405 .msg_msg_free_security = selinux_msg_msg_free_security,
@@ -5463,12 +5481,24 @@ static struct security_operations selinux_ops = {
5463 .key_free = selinux_key_free, 5481 .key_free = selinux_key_free,
5464 .key_permission = selinux_key_permission, 5482 .key_permission = selinux_key_permission,
5465#endif 5483#endif
5484
5485#ifdef CONFIG_AUDIT
5486 .audit_rule_init = selinux_audit_rule_init,
5487 .audit_rule_known = selinux_audit_rule_known,
5488 .audit_rule_match = selinux_audit_rule_match,
5489 .audit_rule_free = selinux_audit_rule_free,
5490#endif
5466}; 5491};
5467 5492
5468static __init int selinux_init(void) 5493static __init int selinux_init(void)
5469{ 5494{
5470 struct task_security_struct *tsec; 5495 struct task_security_struct *tsec;
5471 5496
5497 if (!security_module_enable(&selinux_ops)) {
5498 selinux_enabled = 0;
5499 return 0;
5500 }
5501
5472 if (!selinux_enabled) { 5502 if (!selinux_enabled) {
5473 printk(KERN_INFO "SELinux: Disabled at boot.\n"); 5503 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5474 return 0; 5504 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-29 12:32:49 -0500