From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Chris Wright <chrisw@sous-sol.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
Casey Schaufler <casey@schaufler-ca.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Audit-ML <linux-audit@redhat.com>,
LSM-ML <linux-security-module@vger.kernel.org>
Subject: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks
Date: Sat, 1 Mar 2008 21:52:30 +0200 [thread overview]
Message-ID: <20080301195230.GC19636@ubuntu> (raw)
In-Reply-To: <20080301194752.GA19636@ubuntu>
Setup the new inode_getsecid and ipc_getsecid() LSM hooks
for SELinux.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
---
hooks.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f42ebfc..06597d7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2724,6 +2724,12 @@ static int selinux_inode_killpriv(struct dentry *dentry)
return secondary_ops->inode_killpriv(dentry);
}
+static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+ struct inode_security_struct *isec = inode->i_security;
+ *secid = isec->sid;
+}
+
/* file security operations */
static int selinux_revalidate_file_permission(struct file *file, int mask)
@@ -3120,7 +3126,8 @@ static int selinux_task_getsid(struct task_struct *p)
static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
{
- selinux_get_task_sid(p, secid);
+ struct task_security_struct *tsec = p->security;
+ *secid = tsec->sid;
}
static int selinux_task_setgroups(struct group_info *group_info)
@@ -4090,7 +4097,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
goto out;
if (sock && family == PF_UNIX)
- selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
+ selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
else if (skb)
selinux_skb_peerlbl_sid(skb, family, &peer_secid);
@@ -4970,6 +4977,12 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
return ipc_has_perm(ipcp, av);
}
+static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+ struct ipc_security_struct *isec = ipcp->security;
+ *secid = isec->sid;
+}
+
/* module stacking operations */
static int selinux_register_security (const char *name, struct security_operations *ops)
{
@@ -5292,6 +5305,7 @@ static struct security_operations selinux_ops = {
.inode_listsecurity = selinux_inode_listsecurity,
.inode_need_killpriv = selinux_inode_need_killpriv,
.inode_killpriv = selinux_inode_killpriv,
+ .inode_getsecid = selinux_inode_getsecid,
.file_permission = selinux_file_permission,
.file_alloc_security = selinux_file_alloc_security,
@@ -5332,6 +5346,7 @@ static struct security_operations selinux_ops = {
.task_to_inode = selinux_task_to_inode,
.ipc_permission = selinux_ipc_permission,
+ .ipc_getsecid = selinux_ipc_getsecid,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
.msg_msg_free_security = selinux_msg_msg_free_security,
--
"Better to light a candle, than curse the darkness"
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
WARNING: multiple messages have this Message-ID (diff)
From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Chris Wright <chrisw@sous-sol.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
Casey Schaufler <casey@schaufler-ca.com>,
David Woodhouse <dwmw2@infradead.org>,
Paul Moore <paul.moore@hp.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Audit-ML <linux-audit@redhat.com>,
LSM-ML <linux-security-module@vger.kernel.org>
Subject: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks
Date: Sat, 1 Mar 2008 21:52:30 +0200 [thread overview]
Message-ID: <20080301195230.GC19636@ubuntu> (raw)
In-Reply-To: <20080301194752.GA19636@ubuntu>
Setup the new inode_getsecid and ipc_getsecid() LSM hooks
for SELinux.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
---
hooks.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f42ebfc..06597d7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2724,6 +2724,12 @@ static int selinux_inode_killpriv(struct dentry *dentry)
return secondary_ops->inode_killpriv(dentry);
}
+static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+ struct inode_security_struct *isec = inode->i_security;
+ *secid = isec->sid;
+}
+
/* file security operations */
static int selinux_revalidate_file_permission(struct file *file, int mask)
@@ -3120,7 +3126,8 @@ static int selinux_task_getsid(struct task_struct *p)
static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
{
- selinux_get_task_sid(p, secid);
+ struct task_security_struct *tsec = p->security;
+ *secid = tsec->sid;
}
static int selinux_task_setgroups(struct group_info *group_info)
@@ -4090,7 +4097,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
goto out;
if (sock && family == PF_UNIX)
- selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
+ selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
else if (skb)
selinux_skb_peerlbl_sid(skb, family, &peer_secid);
@@ -4970,6 +4977,12 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
return ipc_has_perm(ipcp, av);
}
+static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+ struct ipc_security_struct *isec = ipcp->security;
+ *secid = isec->sid;
+}
+
/* module stacking operations */
static int selinux_register_security (const char *name, struct security_operations *ops)
{
@@ -5292,6 +5305,7 @@ static struct security_operations selinux_ops = {
.inode_listsecurity = selinux_inode_listsecurity,
.inode_need_killpriv = selinux_inode_need_killpriv,
.inode_killpriv = selinux_inode_killpriv,
+ .inode_getsecid = selinux_inode_getsecid,
.file_permission = selinux_file_permission,
.file_alloc_security = selinux_file_alloc_security,
@@ -5332,6 +5346,7 @@ static struct security_operations selinux_ops = {
.task_to_inode = selinux_task_to_inode,
.ipc_permission = selinux_ipc_permission,
+ .ipc_getsecid = selinux_ipc_getsecid,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
.msg_msg_free_security = selinux_msg_msg_free_security,
--
"Better to light a candle, than curse the darkness"
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
next prev parent reply other threads:[~2008-03-01 19:52 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-01 19:47 [PATCH-v2 -mm 0/9] LSM-neutral Audit (SELinux audit separation) Ahmed S. Darwish
2008-03-01 19:47 ` Ahmed S. Darwish
2008-03-01 19:51 ` [PATCH 1/9] LSM: Introduce inode_getsecid and ipc_getsecid hooks Ahmed S. Darwish
2008-03-01 19:51 ` Ahmed S. Darwish
2008-03-03 21:18 ` James Morris
2008-03-03 23:26 ` Paul Moore
2008-03-01 19:52 ` Ahmed S. Darwish [this message]
2008-03-01 19:52 ` [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks Ahmed S. Darwish
2008-03-03 21:19 ` James Morris
2008-03-03 23:25 ` Paul Moore
2008-03-01 19:54 ` [PATCH 3/9] Audit: use new LSM hooks instead of SELinux exports Ahmed S. Darwish
2008-03-01 19:54 ` Ahmed S. Darwish
2008-03-03 21:19 ` James Morris
2008-03-03 23:31 ` Paul Moore
2008-03-01 19:56 ` [PATCH 4/9] Netlink: Use generic LSM hook Ahmed S. Darwish
2008-03-01 19:56 ` Ahmed S. Darwish
2008-03-03 21:19 ` James Morris
2008-03-03 21:30 ` David Miller
2008-03-03 23:33 ` Paul Moore
2008-03-01 19:58 ` [PATCH 5/9] SELinux: remove redundant exports Ahmed S. Darwish
2008-03-01 19:58 ` Ahmed S. Darwish
2008-03-03 21:20 ` James Morris
2008-03-03 23:41 ` Paul Moore
2008-03-01 20:00 ` [PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks Ahmed S. Darwish
2008-03-01 20:00 ` Ahmed S. Darwish
2008-03-03 21:20 ` James Morris
2008-03-03 23:36 ` Paul Moore
2008-03-01 20:01 ` [PATCH 7/9] Audit: internally use the new LSM audit hooks Ahmed S. Darwish
2008-03-01 20:01 ` Ahmed S. Darwish
2008-03-03 21:20 ` James Morris
2008-03-03 23:51 ` Paul Moore
2008-03-04 3:31 ` Ahmed S. Darwish
2008-03-04 4:09 ` James Morris
2008-03-04 4:15 ` James Morris
2008-03-01 20:03 ` [PATCH 8/9] SELinux: use new audit hooks, remove redundant exports Ahmed S. Darwish
2008-03-01 20:03 ` Ahmed S. Darwish
2008-03-03 21:20 ` James Morris
2008-03-01 20:05 ` [PATCH 9/9] Audit: Final renamings and cleanup Ahmed S. Darwish
2008-03-01 20:05 ` Ahmed S. Darwish
2008-03-03 21:21 ` James Morris
2008-03-05 5:29 ` [PATCH-v2 -mm 0/9] LSM-neutral Audit (SELinux audit separation) James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080301195230.GC19636@ubuntu \
--to=darwish.07@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=chrisw@sous-sol.org \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.