[PATCH] SELinux: Extend and revise calls to secondary module

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch extends the set of calls to the secondary security module by SELinux as well as revising a few existing calls to support other security modules and to more cleanly stack with the capability module. Please apply. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] SELinux: Extend and revise calls to secondary module
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch extends the set of calls to the secondary security module by SELinux as well as revising a few existing calls to support other security modules and to more cleanly stack with the capability module. Please apply. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
75c4f219 · Andrew Morton · Linus Torvalds · d2c40dc0 · 75c4f219
Commit 75c4f219 authored Jun 23, 2004 by Andrew Morton Committed by Linus Torvalds Jun 23, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 85 additions and 9 deletions

security/selinux/hooks.c security/selinux/hooks.c +85 -9

No files found.
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1389,11 +1389,11 @@ static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effect
 {
 	int error;

-	error = task_has_perm(current, target, PROCESS__SETCAP);
+	error = secondary_ops->capset_check(target, effective, inheritable, permitted);
 	if (error)
 		return error;

-	return secondary_ops->capset_check(target, effective, inheritable, permitted);
+	return task_has_perm(current, target, PROCESS__SETCAP);
 }

 static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
@@ -1427,6 +1427,10 @@ static int selinux_sysctl(ctl_table *table, int op)
 	u32 tsid;
 	int rc;

+	rc = secondary_ops->sysctl(table, op);
+	if (rc)
+		return rc;
+
 	tsec = current->security;

 	rc = selinux_proc_get_sid(table->de, (op == 001) ?
@@ -1690,7 +1694,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)

 static int selinux_bprm_check_security (struct linux_binprm *bprm)
 {
-	return 0;
+	return secondary_ops->bprm_check_security(bprm);
 }


@@ -1708,12 +1712,7 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm)
 					 PROCESS__NOATSECURE, NULL, NULL);
 	}

-	/* Note that we must include the legacy uid/gid test below
-	   to retain it, as the new userland will simply use the
-	   value passed by AT_SECURE to decide whether to enable
-	   secure mode. */
-	return ( atsecure || current->euid != current->uid ||
-		current->egid != current->gid);
+	return (atsecure || secondary_ops->bprm_secureexec(bprm));
 }

 static void selinux_bprm_free_security(struct linux_binprm *bprm)
@@ -2058,6 +2057,12 @@ static int selinux_mount(char * dev_name,
                         unsigned long flags,
                         void * data)
 {
+	int rc;
+
+	rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
+	if (rc)
+		return rc;
+
 	if (flags & MS_REMOUNT)
 		return superblock_has_perm(current, nd->mnt->mnt_sb,
 		                           FILESYSTEM__REMOUNT, NULL);
@@ -2068,6 +2073,12 @@ static int selinux_mount(char * dev_name,

 static int selinux_umount(struct vfsmount *mnt, int flags)
 {
+	int rc;
+
+	rc = secondary_ops->sb_umount(mnt, flags);
+	if (rc)
+		return rc;
+
 	return superblock_has_perm(current,mnt->mnt_sb,
 	                           FILESYSTEM__UNMOUNT,NULL);
 }
@@ -2111,6 +2122,11 @@ static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *ino

 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
 {
+	int rc;
+
+	rc = secondary_ops->inode_unlink(dir, dentry);
+	if (rc)
+		return rc;
 	return may_link(dir, dentry, MAY_UNLINK);
 }

@@ -2141,6 +2157,12 @@ static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)

 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 {
+	int rc;
+
+	rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
+	if (rc)
+		return rc;
+
 	return may_create(dir, dentry, inode_mode_to_security_class(mode));
 }

@@ -2179,6 +2201,12 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
 static int selinux_inode_permission(struct inode *inode, int mask,
 				    struct nameidata *nd)
 {
+	int rc;
+
+	rc = secondary_ops->inode_permission(inode, mask, nd);
+	if (rc)
+		return rc;
+
 	if (!mask) {
 		/* No permission to check.  Existence test. */
 		return 0;
@@ -2190,6 +2218,12 @@ static int selinux_inode_permission(struct inode *inode, int mask,

 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 {
+	int rc;
+
+	rc = secondary_ops->inode_setattr(dentry, iattr);
+	if (rc)
+		return rc;
+
 	if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
 			       ATTR_ATIME_SET | ATTR_MTIME_SET))
 		return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
@@ -2456,6 +2490,11 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
 static int selinux_file_mmap(struct file *file, unsigned long prot, unsigned long flags)
 {
 	u32 av;
+	int rc;
+
+	rc = secondary_ops->file_mmap(file, prot, flags);
+	if (rc)
+		return rc;

 	if (file) {
 		/* read access is always possible with a mapping */
@@ -2476,6 +2515,12 @@ static int selinux_file_mmap(struct file *file, unsigned long prot, unsigned lon
 static int selinux_file_mprotect(struct vm_area_struct *vma,
 				 unsigned long prot)
 {
+	int rc;
+
+	rc = secondary_ops->file_mprotect(vma, prot);
+	if (rc)
+		return rc;
+
 	return selinux_file_mmap(vma->vm_file, prot, vma->vm_flags);
 }

@@ -2573,6 +2618,12 @@ static int selinux_file_receive(struct file *file)

 static int selinux_task_create(unsigned long clone_flags)
 {
+	int rc;
+
+	rc = secondary_ops->task_create(clone_flags);
+	if (rc)
+		return rc;
+
 	return task_has_perm(current, current, PROCESS__FORK);
 }

@@ -2648,12 +2699,23 @@ static int selinux_task_setgroups(struct group_info *group_info)

 static int selinux_task_setnice(struct task_struct *p, int nice)
 {
+	int rc;
+
+	rc = secondary_ops->task_setnice(p, nice);
+	if (rc)
+		return rc;
+
 	return task_has_perm(current,p, PROCESS__SETSCHED);
 }

 static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
 {
 	struct rlimit *old_rlim = current->rlim + resource;
+	int rc;
+
+	rc = secondary_ops->task_setrlimit(resource, new_rlim);
+	if (rc)
+		return rc;

 	/* Control the ability to change the hard limit (whether
 	   lowering or raising it), so that the hard limit can
@@ -2688,6 +2750,11 @@ static int selinux_task_getscheduler(struct task_struct *p)
 static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
 {
 	u32 perm;
+	int rc;
+
+	rc = secondary_ops->task_kill(p, info, sig);
+	if (rc)
+		return rc;

 	if (info && ((unsigned long)info == 1 ||
 	             (unsigned long)info == 2 || SI_FROMKERNEL(info)))
@@ -3129,6 +3196,10 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
 	struct avc_audit_data ad;
 	int err;

+	err = secondary_ops->unix_stream_connect(sock, other, newsk);
+	if (err)
+		return err;
+
 	isec = SOCK_INODE(sock)->i_security;
 	other_isec = SOCK_INODE(other)->i_security;

@@ -3847,6 +3918,11 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
 			     char __user *shmaddr, int shmflg)
 {
 	u32 perms;
+	int rc;
+
+	rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
+	if (rc)
+		return rc;

 	if (shmflg & SHM_RDONLY)
 		perms = SHM__READ;