From: James Morris <jmorris@namei.org>
To: linux-security-module@vger.kernel.org
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
"Ahmed S. Darwish" <darwish.07@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH 02/12] SELinux: setup new inode/ipc getsecid hooks
Date: Thu, 17 Apr 2008 11:05:59 +0000 [thread overview]
Message-ID: <ea4e30db3aee8ca02a7d46f2104f3718d8a4e2d0.1208428765.git.jmorris@namei.org> (raw)
In-Reply-To: <1208430369-23156-1-git-send-email-jmorris@namei.org>
In-Reply-To: <88d8811229b02f6b14ff1f0682dc5502a1f61b41.1208428765.git.jmorris@namei.org>
From: Ahmed S. Darwish <darwish.07@gmail.com>
Setup the new inode_getsecid and ipc_getsecid() LSM hooks
for SELinux.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
---
security/selinux/hooks.c | 19 +++++++++++++++++--
1 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d39b59c..65bf7f7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2743,6 +2743,12 @@ static int selinux_inode_killpriv(struct dentry *dentry)
return secondary_ops->inode_killpriv(dentry);
}
+static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+ struct inode_security_struct *isec = inode->i_security;
+ *secid = isec->sid;
+}
+
/* file security operations */
static int selinux_revalidate_file_permission(struct file *file, int mask)
@@ -3139,7 +3145,8 @@ static int selinux_task_getsid(struct task_struct *p)
static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
{
- selinux_get_task_sid(p, secid);
+ struct task_security_struct *tsec = p->security;
+ *secid = tsec->sid;
}
static int selinux_task_setgroups(struct group_info *group_info)
@@ -4109,7 +4116,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
goto out;
if (sock && family == PF_UNIX)
- selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
+ selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
else if (skb)
selinux_skb_peerlbl_sid(skb, family, &peer_secid);
@@ -4989,6 +4996,12 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
return ipc_has_perm(ipcp, av);
}
+static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+ struct ipc_security_struct *isec = ipcp->security;
+ *secid = isec->sid;
+}
+
/* module stacking operations */
static int selinux_register_security (const char *name, struct security_operations *ops)
{
@@ -5299,6 +5312,7 @@ static struct security_operations selinux_ops = {
.inode_listsecurity = selinux_inode_listsecurity,
.inode_need_killpriv = selinux_inode_need_killpriv,
.inode_killpriv = selinux_inode_killpriv,
+ .inode_getsecid = selinux_inode_getsecid,
.file_permission = selinux_file_permission,
.file_alloc_security = selinux_file_alloc_security,
@@ -5339,6 +5353,7 @@ static struct security_operations selinux_ops = {
.task_to_inode = selinux_task_to_inode,
.ipc_permission = selinux_ipc_permission,
+ .ipc_getsecid = selinux_ipc_getsecid,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
.msg_msg_free_security = selinux_msg_msg_free_security,
--
1.5.4.2
next prev parent reply other threads:[~2008-04-17 11:08 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-17 11:05 Security testing tree patch review for 2.6.26 James Morris
2008-04-17 11:05 ` [PATCH 01/12] LSM: Introduce inode_getsecid and ipc_getsecid hooks James Morris
2008-04-17 11:05 ` James Morris [this message]
2008-04-17 11:06 ` [PATCH 03/12] Audit: use new LSM hooks instead of SELinux exports James Morris
2008-04-17 11:06 ` [PATCH 04/12] Netlink: Use generic LSM hook James Morris
2008-04-17 11:06 ` [PATCH 05/12] SELinux: remove redundant exports James Morris
2008-04-17 11:06 ` [PATCH 06/12] LSM/Audit: Introduce generic Audit LSM hooks James Morris
2008-04-17 11:06 ` [PATCH 07/12] Audit: internally use the new LSM audit hooks James Morris
2008-04-17 11:06 ` [PATCH 08/12] SELinux: use new audit hooks, remove redundant exports James Morris
2008-04-17 11:06 ` [PATCH 09/12] Audit: Final renamings and cleanup James Morris
2008-04-17 11:06 ` [PATCH 10/12] Tell git about security/selinux/include/audit.h James Morris
2008-04-17 15:44 ` Greg KH
2008-04-17 15:53 ` James Morris
2008-04-17 11:06 ` [PATCH 11/12] Security: Introduce security= boot parameter James Morris
2008-04-17 15:29 ` Casey Schaufler
2008-04-17 11:06 ` [PATCH 12/12] security: fix up documentation for security_module_enable James Morris
2008-04-17 15:30 ` Casey Schaufler
2008-04-17 16:10 ` [PATCH 2.6.26 #repost] Smack: Integrate with Audit Ahmed S. Darwish
2008-04-19 22:19 ` Casey Schaufler
2008-04-18 18:11 ` Security testing tree patch review for 2.6.26 Casey Schaufler
2008-04-28 16:32 ` Alexander Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ea4e30db3aee8ca02a7d46f2104f3718d8a4e2d0.1208428765.git.jmorris@namei.org \
--to=jmorris@namei.org \
--cc=casey@schaufler-ca.com \
--cc=darwish.07@gmail.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox