[PATCH] SELinux/MIPS: Add security hooks to mips-mt {get,set}affinity

[PATCH] SELinux/MIPS: Add security hooks to mips-mt {get,set}affinity

[James Morris]

From: David Quigley <dpquigl@tycho.nsa.gov>

This patch adds LSM hooks into the setaffinity and getaffinity functions 
for the mips architecture to enable security modules to control these 
operations between tasks with different security attributes. This 
implementation uses the existing task_setscheduler and task_getscheduler 
LSM hooks.

Please apply.

Signed-Off-By: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

---

 arch/mips/kernel/mips-mt.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff -uprN -X /home/dpquigl/dontdiff linux-2.6.17-mm3/arch/mips/kernel/mips-mt.c linux-2.6.17-mm3-affiniy/arch/mips/kernel/mips-mt.c
--- linux-2.6.17-mm3/arch/mips/kernel/mips-mt.c	2006-06-17 21:49:35.000000000 -0400
+++ linux-2.6.17-mm3-affiniy/arch/mips/kernel/mips-mt.c	2006-06-27 15:47:46.000000000 -0400
@@ -95,6 +95,10 @@ asmlinkage long mipsmt_sys_sched_setaffi
 		goto out_unlock;
 	}
 
+	retval = security_task_setscheduler(p, 0, NULL);
+	if (retval)
+		goto out_unlock;
+
 	/* Record new user-specified CPU set for future reference */
 	p->thread.user_cpus_allowed = new_mask;
 
@@ -140,8 +144,9 @@ asmlinkage long mipsmt_sys_sched_getaffi
 	p = find_process_by_pid(pid);
 	if (!p)
 		goto out_unlock;
-
-	retval = 0;
+	retval = security_task_getscheduler(p);
+	if (retval)
+		goto out_unlock;
 
 	cpus_and(mask, p->thread.user_cpus_allowed, cpu_possible_map);

Re: [PATCH] SELinux/MIPS: Add security hooks to mips-mt {get,set}affinity

[Ralf Baechle]

On Wed, Jun 28, 2006 at 09:36:46AM -0400, James Morris wrote:

> From: David Quigley <dpquigl@tycho.nsa.gov>
> 
> This patch adds LSM hooks into the setaffinity and getaffinity functions 
> for the mips architecture to enable security modules to control these 
> operations between tasks with different security attributes. This 
> implementation uses the existing task_setscheduler and task_getscheduler 
> LSM hooks.

Thanks, applied.

  Ralf

Re: [PATCH] SELinux/MIPS: Add security hooks to mips-mt {get,set}affinity

[Christoph Hellwig]

On Wed, Jun 28, 2006 at 09:36:46AM -0400, James Morris wrote:
> From: David Quigley <dpquigl@tycho.nsa.gov>
> 
> This patch adds LSM hooks into the setaffinity and getaffinity functions 
> for the mips architecture to enable security modules to control these 
> operations between tasks with different security attributes. This 
> implementation uses the existing task_setscheduler and task_getscheduler 
> LSM hooks.

I'm still watiting for an explanation how those syscalls made it in without
review, and even worse in an arch specific directory..