[PATCH 12/14] CacheFiles: Get the SID under which the CacheFiles module should operate

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Howells <dhowells@redhat.com>
To: torvalds@osdl.org, akpm@osdl.org, steved@redhat.com,
	trond.myklebust@fys.uio.no
Cc: linux-fsdevel@vger.kernel.org, linux-cachefs@redhat.com,
	nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org
Subject: [PATCH 12/14] CacheFiles: Get the SID under which the CacheFiles module should operate
Date: Tue, 31 Jul 2007 21:25:56 +0100	[thread overview]
Message-ID: <20070731202556.6412.93016.stgit@warthog.cambridge.redhat.com> (raw)
In-Reply-To: <20070731202454.6412.88646.stgit@warthog.cambridge.redhat.com>

Get the SID under which the CacheFiles module should operate so that the
SELinux security system can control the accesses it makes.

Signed-Off-By: David Howells <dhowells@redhat.com>
---

 include/linux/security.h |   20 ++++++++++++++++++++
 security/dummy.c         |    7 +++++++
 security/selinux/hooks.c |    7 +++++++
 3 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index 21cadea..9cb417e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1164,6 +1164,14 @@ struct request_sock;
  *      owning security ID, and return the security ID as which the process was
  *      previously acting.
  *
+ * @cachefiles_get_secid:
+ *	Determine the security ID for the CacheFiles module to use when
+ *	accessing the filesystem containing the cache.
+ *	@secid contains the security ID under which cachefiles daemon is
+ *      running.
+ *	@modsecid contains the pointer to where the security ID for the module
+ *	is to be stored.
+ *
  * This is the main security structure.
  */
 struct security_operations {
@@ -1352,6 +1360,7 @@ struct security_operations {
 	u32 (*set_fscreate_secid)(u32 secid);
 	u32 (*act_as_secid)(u32 secid);
 	u32 (*act_as_self)(void);
+	int (*cachefiles_get_secid)(u32 secid, u32 *modsecid);
 
 #ifdef CONFIG_SECURITY_NETWORK
 	int (*unix_stream_connect) (struct socket * sock,
@@ -2176,6 +2185,11 @@ static inline u32 security_act_as_self(void)
 	return security_ops->act_as_self();
 }
 
+static inline int security_cachefiles_get_secid(u32 secid, u32 *modsecid)
+{
+	return security_ops->cachefiles_get_secid(secid, modsecid);
+}
+
 /* prototypes */
 extern int security_init	(void);
 extern int register_security	(struct security_operations *ops);
@@ -2883,6 +2897,12 @@ static inline u32 security_act_as_self(void)
 	return 0;
 }
 
+static inline int security_cachefiles_get_secid(u32 secid, u32 *modsecid)
+{
+	*modsecid = 0;
+	return 0;
+}
+
 #endif	/* CONFIG_SECURITY */
 
 #ifdef CONFIG_SECURITY_NETWORK
diff --git a/security/dummy.c b/security/dummy.c
index 6a7a317..2c1fd16 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -955,6 +955,12 @@ static u32 dummy_act_as_self(void)
 	return 0;
 }
 
+static int dummy_cachefiles_get_secid(u32 secid, u32 *modsecid)
+{
+	*modsecid = 0;
+	return 0;
+}
+
 #ifdef CONFIG_KEYS
 static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
 				  unsigned long flags)
@@ -1114,6 +1120,7 @@ void security_fixup_ops (struct security_operations *ops)
  	set_to_dummy_if_null(ops, set_fscreate_secid);
  	set_to_dummy_if_null(ops, act_as_secid);
  	set_to_dummy_if_null(ops, act_as_self);
+ 	set_to_dummy_if_null(ops, cachefiles_get_secid);
 #ifdef CONFIG_SECURITY_NETWORK
 	set_to_dummy_if_null(ops, unix_stream_connect);
 	set_to_dummy_if_null(ops, unix_may_send);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ffe5c02..76650cb 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4719,6 +4719,12 @@ static u32 selinux_act_as_self(void)
 	return oldactor_sid;
 }
 
+static int selinux_cachefiles_get_secid(u32 secid, u32 *modsecid)
+{
+	return security_transition_sid(secid, SECINITSID_KERNEL,
+				       SECCLASS_PROCESS, modsecid);
+}
+
 #ifdef CONFIG_KEYS
 
 static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
@@ -4906,6 +4912,7 @@ static struct security_operations selinux_ops = {
 	.set_fscreate_secid =		selinux_set_fscreate_secid,
 	.act_as_secid =			selinux_act_as_secid,
 	.act_as_self =			selinux_act_as_self,
+	.cachefiles_get_secid =		selinux_cachefiles_get_secid,
 
         .unix_stream_connect =		selinux_socket_unix_stream_connect,
 	.unix_may_send =		selinux_socket_unix_may_send,

next prev parent reply	other threads:[~2007-07-31 20:25 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-31 20:24 [PATCH 00/14] Permit filesystem local caching David Howells
2007-07-31 20:25 ` [PATCH 01/14] FS-Cache: Release page->private after failed readahead David Howells
2007-07-31 20:25 ` [PATCH 02/14] FS-Cache: Recruit a couple of page flags for cache management David Howells
2007-08-01  6:17   ` Peter Zijlstra
2007-08-01  8:27   ` David Howells
2007-07-31 20:25 ` [PATCH 03/14] FS-Cache: Provide an add_wait_queue_tail() function David Howells
2007-07-31 20:25 ` [PATCH 04/14] FS-Cache: Generic filesystem caching facility David Howells
2007-07-31 20:25 ` [PATCH 05/14] CacheFiles: Add missing copy_page export for ia64 David Howells
2007-07-31 20:25 ` [PATCH 06/14] CacheFiles: Add a hook to write a single page of data to an inode David Howells
2007-07-31 20:25 ` [PATCH 07/14] CacheFiles: Permit the page lock state to be monitored David Howells
2007-07-31 20:25 ` [PATCH 08/14] CacheFiles: Export things for CacheFiles David Howells
2007-07-31 20:25 ` [PATCH 09/14] CacheFiles: Permit a process's create SID to be overridden David Howells
2007-07-31 20:25 ` [PATCH 10/14] CacheFiles: Add an act-as SID override in task_security_struct David Howells
2007-07-31 20:25 ` [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained David Howells
2007-07-31 20:25 ` David Howells [this message]
2007-07-31 20:26 ` [PATCH 13/14] CacheFiles: A cache that backs onto a mounted filesystem David Howells
2007-07-31 20:26 ` [PATCH 14/14] NFS: Use local caching David Howells

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:21cadea dfblob:9cb417e dfblob:6a7a317 dfblob:2c1fd16
dfblob:ffe5c02 dfblob:76650cb )
 OR (
bs:"[PATCH 12/14] CacheFiles: Get the SID under which the CacheFiles module should operate" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070731202556.6412.93016.stgit@warthog.cambridge.redhat.com \
    --to=dhowells@redhat.com \
    --cc=akpm@osdl.org \
    --cc=linux-cachefs@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nfsv4@linux-nfs.org \
    --cc=steved@redhat.com \
    --cc=torvalds@osdl.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).