| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Mar 2008 18:25:14 -0500
From: Paul Moore <paul.moore@...com>
To: "Ahmed S. Darwish" <darwish.07@...il.com>
Cc: Chris Wright <chrisw@...s-sol.org>,
Stephen Smalley <sds@...ho.nsa.gov>,
James Morris <jmorris@...ei.org>,
Eric Paris <eparis@...isplace.org>,
Casey Schaufler <casey@...aufler-ca.com>,
David Woodhouse <dwmw2@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Audit-ML <linux-audit@...hat.com>,
LSM-ML <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks
On Saturday 01 March 2008 2:52:30 pm Ahmed S. Darwish wrote:
> Setup the new inode_getsecid and ipc_getsecid() LSM hooks
> for SELinux.
>
> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
> Signed-off-by: Ahmed S. Darwish <darwish.07@...il.com>
Reviewed-by: Paul Moore <paul.moore@...com>
> ---
>
> hooks.c | 19 +++++++++++++++++--
> 1 file changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index f42ebfc..06597d7 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2724,6 +2724,12 @@ static int selinux_inode_killpriv(struct
> dentry *dentry) return secondary_ops->inode_killpriv(dentry);
> }
>
> +static void selinux_inode_getsecid(const struct inode *inode, u32
> *secid) +{
> + struct inode_security_struct *isec = inode->i_security;
> + *secid = isec->sid;
> +}
> +
> /* file security operations */
>
> static int selinux_revalidate_file_permission(struct file *file, int
> mask) @@ -3120,7 +3126,8 @@ static int selinux_task_getsid(struct
> task_struct *p)
>
> static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
> {
> - selinux_get_task_sid(p, secid);
> + struct task_security_struct *tsec = p->security;
> + *secid = tsec->sid;
> }
>
> static int selinux_task_setgroups(struct group_info *group_info)
> @@ -4090,7 +4097,7 @@ static int
> selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
> goto out;
>
> if (sock && family == PF_UNIX)
> - selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
> + selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
> else if (skb)
> selinux_skb_peerlbl_sid(skb, family, &peer_secid);
>
> @@ -4970,6 +4977,12 @@ static int selinux_ipc_permission(struct
> kern_ipc_perm *ipcp, short flag) return ipc_has_perm(ipcp, av);
> }
>
> +static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32
> *secid) +{
> + struct ipc_security_struct *isec = ipcp->security;
> + *secid = isec->sid;
> +}
> +
> /* module stacking operations */
> static int selinux_register_security (const char *name, struct
> security_operations *ops) {
> @@ -5292,6 +5305,7 @@ static struct security_operations selinux_ops =
> { .inode_listsecurity = selinux_inode_listsecurity,
> .inode_need_killpriv = selinux_inode_need_killpriv,
> .inode_killpriv = selinux_inode_killpriv,
> + .inode_getsecid = selinux_inode_getsecid,
>
> .file_permission = selinux_file_permission,
> .file_alloc_security = selinux_file_alloc_security,
> @@ -5332,6 +5346,7 @@ static struct security_operations selinux_ops =
> { .task_to_inode = selinux_task_to_inode,
>
> .ipc_permission = selinux_ipc_permission,
> + .ipc_getsecid = selinux_ipc_getsecid,
>
> .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
> .msg_msg_free_security = selinux_msg_msg_free_security,
--
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists