Re: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks

From: Paul Moore
Date: Mon Mar 03 2008 - 18:27:45 EST

Next message: Paul Moore: "Re: [PATCH 1/9] LSM: Introduce inode_getsecid and ipc_getsecid hooks"
Previous message: Andi Kleen: "Re: Performance versus FreeBSD 7.0"
In reply to: James Morris: "Re: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks"
Next in thread: Ahmed S. Darwish: "[PATCH 3/9] Audit: use new LSM hooks instead of SELinux exports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Saturday 01 March 2008 2:52:30 pm Ahmed S. Darwish wrote:
> Setup the new inode_getsecid and ipc_getsecid() LSM hooks
> for SELinux.
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> Signed-off-by: Ahmed S. Darwish <darwish.07@xxxxxxxxx>

Reviewed-by: Paul Moore <paul.moore@xxxxxx>

> ---
>
> hooks.c | 19 +++++++++++++++++--
> 1 file changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index f42ebfc..06597d7 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2724,6 +2724,12 @@ static int selinux_inode_killpriv(struct
> dentry *dentry) return secondary_ops->inode_killpriv(dentry);
> }
>
> +static void selinux_inode_getsecid(const struct inode *inode, u32
> *secid) +{
> + struct inode_security_struct *isec = inode->i_security;
> + *secid = isec->sid;
> +}
> +
> /* file security operations */
>
> static int selinux_revalidate_file_permission(struct file *file, int
> mask) @@ -3120,7 +3126,8 @@ static int selinux_task_getsid(struct
> task_struct *p)
>
> static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
> {
> - selinux_get_task_sid(p, secid);
> + struct task_security_struct *tsec = p->security;
> + *secid = tsec->sid;
> }
>
> static int selinux_task_setgroups(struct group_info *group_info)
> @@ -4090,7 +4097,7 @@ static int
> selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
> goto out;
>
> if (sock && family == PF_UNIX)
> - selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
> + selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
> else if (skb)
> selinux_skb_peerlbl_sid(skb, family, &peer_secid);
>
> @@ -4970,6 +4977,12 @@ static int selinux_ipc_permission(struct
> kern_ipc_perm *ipcp, short flag) return ipc_has_perm(ipcp, av);
> }
>
> +static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32
> *secid) +{
> + struct ipc_security_struct *isec = ipcp->security;
> + *secid = isec->sid;
> +}
> +
> /* module stacking operations */
> static int selinux_register_security (const char *name, struct
> security_operations *ops) {
> @@ -5292,6 +5305,7 @@ static struct security_operations selinux_ops =
> { .inode_listsecurity = selinux_inode_listsecurity,
> .inode_need_killpriv = selinux_inode_need_killpriv,
> .inode_killpriv = selinux_inode_killpriv,
> + .inode_getsecid = selinux_inode_getsecid,
>
> .file_permission = selinux_file_permission,
> .file_alloc_security = selinux_file_alloc_security,
> @@ -5332,6 +5346,7 @@ static struct security_operations selinux_ops =
> { .task_to_inode = selinux_task_to_inode,
>
> .ipc_permission = selinux_ipc_permission,
> + .ipc_getsecid = selinux_ipc_getsecid,
>
> .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
> .msg_msg_free_security = selinux_msg_msg_free_security,

--
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Moore: "Re: [PATCH 1/9] LSM: Introduce inode_getsecid and ipc_getsecid hooks"
Previous message: Andi Kleen: "Re: Performance versus FreeBSD 7.0"
In reply to: James Morris: "Re: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks"
Next in thread: Ahmed S. Darwish: "[PATCH 3/9] Audit: use new LSM hooks instead of SELinux exports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]