[PATCH 1/2] SELinux: Add security hooks to {get,set}affinity

[PATCH 1/2] SELinux: Add security hooks to {get,set}affinity

[James Morris]

From: David Quigley <dpquigl@tycho.nsa.gov>

This patch adds LSM hooks into the setaffinity and getaffinity functions 
to enable security modules to control these operations between tasks with 
different security attributes. This implementation uses the existing 
task_setscheduler and task_getscheduler LSM hooks.

This is aimed at 2.6.18 inclusion to cover new code currently unmediated 
by SELinux.

Please apply.

Signed-Off-By: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morrisj <jmorris@namei.org>

---

kernel/sched.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff -uprN -X /home/dpquigl/dontdiff linux-2.6.17-rc6-mm2/kernel/sched.c linux-2.6.17-rc6-mm2-affinity/kernel/sched.c
--- linux-2.6.17-rc6-mm2/kernel/sched.c	2006-06-15 09:46:28.000000000 -0400
+++ linux-2.6.17-rc6-mm2-affinity/kernel/sched.c	2006-06-15 09:51:55.000000000 -0400
@@ -4266,6 +4266,10 @@ long sched_setaffinity(pid_t pid, cpumas
 			!capable(CAP_SYS_NICE))
 		goto out_unlock;
 
+	retval = security_task_setscheduler(p, 0, NULL);
+	if (retval)
+		goto out_unlock;
+
 	cpus_allowed = cpuset_cpus_allowed(p);
 	cpus_and(new_mask, new_mask, cpus_allowed);
 	retval = set_cpus_allowed(p, new_mask);
@@ -4334,7 +4338,10 @@ long sched_getaffinity(pid_t pid, cpumas
 	if (!p)
 		goto out_unlock;
 
-	retval = 0;
+	retval = security_task_getscheduler(p);
+	if (retval)
+		goto out_unlock;
+
 	cpus_and(*mask, p->cpus_allowed, cpu_online_map);
 
 out_unlock:

[PATCH 2/2] SELinux: Add security hook call to mediate attach_task (kernel/cpuset.c)

[James Morris]

From: David Quigley <dpquigl@tycho.nsa.gov>

This patch adds a security hook call to enable security modules to control 
the ability to attach a task to a cpuset.  While limited control over this 
operation is possible via permission checks on the pseudo fs interface, 
those checks are not sufficient to control access to the target task, 
which is looked up in this function.  The existing task_setscheduler hook 
is re-used for this operation since this falls under the same class of 
operations.

This is aimed at 2.6.18 inclusion to cover new code currently unmediated
by SELinux.

Please apply.

Signed-Off-By: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

---

 kernel/cpuset.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff -uprN -X /home/dpquigl/dontdiff linux-2.6.17-rc6-mm2/kernel/cpuset.c linux-2.6.17-rc6-mm2-attach/kernel/cpuset.c
--- linux-2.6.17-rc6-mm2/kernel/cpuset.c	2006-06-15 09:46:28.000000000 -0400
+++ linux-2.6.17-rc6-mm2-attach/kernel/cpuset.c	2006-06-15 09:52:43.000000000 -0400
@@ -41,6 +41,7 @@
 #include <linux/rcupdate.h>
 #include <linux/sched.h>
 #include <linux/seq_file.h>
+#include <linux/security.h>
 #include <linux/slab.h>
 #include <linux/smp_lock.h>
 #include <linux/spinlock.h>
@@ -1177,6 +1178,7 @@ static int attach_task(struct cpuset *cs
 	cpumask_t cpus;
 	nodemask_t from, to;
 	struct mm_struct *mm;
+	int retval;
 
 	if (sscanf(pidbuf, "%d", &pid) != 1)
 		return -EIO;
@@ -1205,6 +1207,12 @@ static int attach_task(struct cpuset *cs
 		get_task_struct(tsk);
 	}
 
+	retval = security_task_setscheduler(tsk, 0, NULL);
+	if (retval) {
+		put_task_struct(tsk);
+		return retval;
+	}
+
 	mutex_lock(&callback_mutex);
 
 	task_lock(tsk);

Re: [PATCH 2/2] SELinux: Add security hook call to mediate attach_task (kernel/cpuset.c)

[Paul Jackson]

James wrote:
> This patch adds a security hook call to enable security modules to control 
> the ability to attach a task to a cpuset. 

Looks reasonable to me.  Thanks.

Acked-by: Paul Jackson <pj@sgi.com>

-- 
                  I won't rest till it's the best ...
                  Programmer, Linux Scalability
                  Paul Jackson <pj@sgi.com> 1.925.600.0401