[PATCH][SELINUX] Extend and revise calls to secondary module

From: Stephen Smalley
Date: Tue Jun 22 2004 - 10:21:11 EST

Next message: Chris Friesen: "Re: BUG?: G5 not using all available memory"
Previous message: Paul Fulghum: "Re: 2.6.7-bk5 scheduling while atomic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch extends the set of calls to the secondary security module
by SELinux as well as revising a few existing calls to support other
security modules and to more cleanly stack with the capability module.
Please apply.

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxxx>

security/selinux/hooks.c | 94 ++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 85 insertions(+), 9 deletions(-)

Index: linux-2.6/security/selinux/hooks.c
===================================================================
RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v
retrieving revision 1.112
diff -u -p -r1.112 hooks.c
--- linux-2.6/security/selinux/hooks.c 16 Jun 2004 14:49:42 -0000 1.112
+++ linux-2.6/security/selinux/hooks.c 22 Jun 2004 14:14:59 -0000
@@ -1389,11 +1389,11 @@ static int selinux_capset_check(struct t
{
int error;

- error = task_has_perm(current, target, PROCESS__SETCAP);
+ error = secondary_ops->capset_check(target, effective, inheritable, permitted);
if (error)
return error;

- return secondary_ops->capset_check(target, effective, inheritable, permitted);
+ return task_has_perm(current, target, PROCESS__SETCAP);
}

static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
@@ -1427,6 +1427,10 @@ static int selinux_sysctl(ctl_table *tab
u32 tsid;
int rc;

+ rc = secondary_ops->sysctl(table, op);
+ if (rc)
+ return rc;
+
tsec = current->security;

rc = selinux_proc_get_sid(table->de, (op == 001) ?
@@ -1690,7 +1694,7 @@ static int selinux_bprm_set_security(str

static int selinux_bprm_check_security (struct linux_binprm *bprm)
{
- return 0;
+ return secondary_ops->bprm_check_security(bprm);
}

@@ -1708,12 +1712,7 @@ static int selinux_bprm_secureexec (stru
PROCESS__NOATSECURE, NULL, NULL);
}

- /* Note that we must include the legacy uid/gid test below
- to retain it, as the new userland will simply use the
- value passed by AT_SECURE to decide whether to enable
- secure mode. */
- return ( atsecure || current->euid != current->uid ||
- current->egid != current->gid);
+ return (atsecure || secondary_ops->bprm_secureexec(bprm));
}

static void selinux_bprm_free_security(struct linux_binprm *bprm)
@@ -2058,6 +2057,12 @@ static int selinux_mount(char * dev_name
unsigned long flags,
void * data)
{
+ int rc;
+
+ rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
+ if (rc)
+ return rc;
+
if (flags & MS_REMOUNT)
return superblock_has_perm(current, nd->mnt->mnt_sb,
FILESYSTEM__REMOUNT, NULL);
@@ -2068,6 +2073,12 @@ static int selinux_mount(char * dev_name

static int selinux_umount(struct vfsmount *mnt, int flags)
{
+ int rc;
+
+ rc = secondary_ops->sb_umount(mnt, flags);
+ if (rc)
+ return rc;
+
return superblock_has_perm(current,mnt->mnt_sb,
FILESYSTEM__UNMOUNT,NULL);
}
@@ -2111,6 +2122,11 @@ static void selinux_inode_post_link(stru

static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
{
+ int rc;
+
+ rc = secondary_ops->inode_unlink(dir, dentry);
+ if (rc)
+ return rc;
return may_link(dir, dentry, MAY_UNLINK);
}

@@ -2141,6 +2157,12 @@ static int selinux_inode_rmdir(struct in

static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
{
+ int rc;
+
+ rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
+ if (rc)
+ return rc;
+
return may_create(dir, dentry, inode_mode_to_security_class(mode));
}

@@ -2179,6 +2201,12 @@ static int selinux_inode_follow_link(str
static int selinux_inode_permission(struct inode *inode, int mask,
struct nameidata *nd)
{
+ int rc;
+
+ rc = secondary_ops->inode_permission(inode, mask, nd);
+ if (rc)
+ return rc;
+
if (!mask) {
/* No permission to check. Existence test. */
return 0;
@@ -2190,6 +2218,12 @@ static int selinux_inode_permission(stru

static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
{
+ int rc;
+
+ rc = secondary_ops->inode_setattr(dentry, iattr);
+ if (rc)
+ return rc;
+
if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
ATTR_ATIME_SET | ATTR_MTIME_SET))
return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
@@ -2456,6 +2490,11 @@ static int selinux_file_ioctl(struct fil
static int selinux_file_mmap(struct file *file, unsigned long prot, unsigned long flags)
{
u32 av;
+ int rc;
+
+ rc = secondary_ops->file_mmap(file, prot, flags);
+ if (rc)
+ return rc;

if (file) {
/* read access is always possible with a mapping */
@@ -2476,6 +2515,12 @@ static int selinux_file_mmap(struct file
static int selinux_file_mprotect(struct vm_area_struct *vma,
unsigned long prot)
{
+ int rc;
+
+ rc = secondary_ops->file_mprotect(vma, prot);
+ if (rc)
+ return rc;
+
return selinux_file_mmap(vma->vm_file, prot, vma->vm_flags);
}

@@ -2573,6 +2618,12 @@ static int selinux_file_receive(struct f

static int selinux_task_create(unsigned long clone_flags)
{
+ int rc;
+
+ rc = secondary_ops->task_create(clone_flags);
+ if (rc)
+ return rc;
+
return task_has_perm(current, current, PROCESS__FORK);
}

@@ -2648,13 +2699,24 @@ static int selinux_task_setgroups(struct

static int selinux_task_setnice(struct task_struct *p, int nice)
{
+ int rc;
+
+ rc = secondary_ops->task_setnice(p, nice);
+ if (rc)
+ return rc;
+
return task_has_perm(current,p, PROCESS__SETSCHED);
}

static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
{
struct rlimit *old_rlim = current->rlim + resource;
+ int rc;

+ rc = secondary_ops->task_setrlimit(resource, new_rlim);
+ if (rc)
+ return rc;
+
/* Control the ability to change the hard limit (whether
lowering or raising it), so that the hard limit can
later be used as a safe reset point for the soft limit
@@ -2688,6 +2750,11 @@ static int selinux_task_getscheduler(str
static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
{
u32 perm;
+ int rc;
+
+ rc = secondary_ops->task_kill(p, info, sig);
+ if (rc)
+ return rc;

if (info && ((unsigned long)info == 1 ||
(unsigned long)info == 2 || SI_FROMKERNEL(info)))
@@ -3129,6 +3196,10 @@ static int selinux_socket_unix_stream_co
struct avc_audit_data ad;
int err;

+ err = secondary_ops->unix_stream_connect(sock, other, newsk);
+ if (err)
+ return err;
+
isec = SOCK_INODE(sock)->i_security;
other_isec = SOCK_INODE(other)->i_security;

@@ -3847,6 +3918,11 @@ static int selinux_shm_shmat(struct shmi
char __user *shmaddr, int shmflg)
{
u32 perms;
+ int rc;
+
+ rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
+ if (rc)
+ return rc;

if (shmflg & SHM_RDONLY)
perms = SHM__READ;

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Friesen: "Re: BUG?: G5 not using all available memory"
Previous message: Paul Fulghum: "Re: 2.6.7-bk5 scheduling while atomic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]