diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/dummy.c | 12 | ||||
-rw-r--r-- | security/selinux/hooks.c | 26 |
2 files changed, 33 insertions, 5 deletions
diff --git a/security/dummy.c b/security/dummy.c index eddedf7c61b..bbbfda70e13 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -505,6 +505,9 @@ static int dummy_task_getsid (struct task_struct *p) return 0; } +static void dummy_task_getsecid (struct task_struct *p, u32 *secid) +{ } + static int dummy_task_setgroups (struct group_info *group_info) { return 0; @@ -520,6 +523,11 @@ static int dummy_task_setioprio (struct task_struct *p, int ioprio) return 0; } +static int dummy_task_getioprio (struct task_struct *p) +{ + return 0; +} + static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) { return 0; @@ -547,7 +555,7 @@ static int dummy_task_wait (struct task_struct *p) } static int dummy_task_kill (struct task_struct *p, struct siginfo *info, - int sig) + int sig, u32 secid) { return 0; } @@ -980,9 +988,11 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, task_setpgid); set_to_dummy_if_null(ops, task_getpgid); set_to_dummy_if_null(ops, task_getsid); + set_to_dummy_if_null(ops, task_getsecid); set_to_dummy_if_null(ops, task_setgroups); set_to_dummy_if_null(ops, task_setnice); set_to_dummy_if_null(ops, task_setioprio); + set_to_dummy_if_null(ops, task_getioprio); set_to_dummy_if_null(ops, task_setrlimit); set_to_dummy_if_null(ops, task_setscheduler); set_to_dummy_if_null(ops, task_getscheduler); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3e593587651..24caaeec889 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2643,6 +2643,11 @@ static int selinux_task_getsid(struct task_struct *p) return task_has_perm(current, p, PROCESS__GETSESSION); } +static void selinux_task_getsecid(struct task_struct *p, u32 *secid) +{ + selinux_get_task_sid(p, secid); +} + static int selinux_task_setgroups(struct group_info *group_info) { /* See the comment for setuid above. */ @@ -2665,6 +2670,11 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio) return task_has_perm(current, p, PROCESS__SETSCHED); } +static int selinux_task_getioprio(struct task_struct *p) +{ + return task_has_perm(current, p, PROCESS__GETSCHED); +} + static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) { struct rlimit *old_rlim = current->signal->rlim + resource; @@ -2699,12 +2709,14 @@ static int selinux_task_movememory(struct task_struct *p) return task_has_perm(current, p, PROCESS__SETSCHED); } -static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig) +static int selinux_task_kill(struct task_struct *p, struct siginfo *info, + int sig, u32 secid) { u32 perm; int rc; + struct task_security_struct *tsec; - rc = secondary_ops->task_kill(p, info, sig); + rc = secondary_ops->task_kill(p, info, sig, secid); if (rc) return rc; @@ -2715,8 +2727,12 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int si perm = PROCESS__SIGNULL; /* null signal; existence test */ else perm = signal_to_av(sig); - - return task_has_perm(current, p, perm); + tsec = p->security; + if (secid) + rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL); + else + rc = task_has_perm(current, p, perm); + return rc; } static int selinux_task_prctl(int option, @@ -4433,9 +4449,11 @@ static struct security_operations selinux_ops = { .task_setpgid = selinux_task_setpgid, .task_getpgid = selinux_task_getpgid, .task_getsid = selinux_task_getsid, + .task_getsecid = selinux_task_getsecid, .task_setgroups = selinux_task_setgroups, .task_setnice = selinux_task_setnice, .task_setioprio = selinux_task_setioprio, + .task_getioprio = selinux_task_getioprio, .task_setrlimit = selinux_task_setrlimit, .task_setscheduler = selinux_task_setscheduler, .task_getscheduler = selinux_task_getscheduler, |