Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / f9008e4c5c525941967b67777945aa6266ab6326^! / . / security / selinux / hooks.c
commitf9008e4c5c525941967b67777945aa6266ab6326[log] [tgz]
authorDavid Quigley <dpquigl@tycho.nsa.gov>Fri Jun 30 01:55:46 2006 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>Fri Jun 30 11:25:36 2006 -0700
treea0c9436485b80d548ef74d5f1aec0f6d0309af6e
parented11d9eb2228acc483c819ab353e3c41bcb158fa [diff] [blame]
[PATCH] SELinux: extend task_kill hook to handle signals sent by AIO completion

This patch extends the security_task_kill hook to handle signals sent by AIO
completion.  In this case, the secid of the task responsible for the signal
needs to be obtained and saved earlier, so a security_task_getsecid() hook is
added, and then this saved value is passed subsequently to the extended
task_kill hook for use in checking.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b85afcf..a5189a3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -2644,6 +2644,11 @@
 	return task_has_perm(current, p, PROCESS__GETSESSION);
 }
 
+static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
+{
+	selinux_get_task_sid(p, secid);
+}
+
 static int selinux_task_setgroups(struct group_info *group_info)
 {
 	/* See the comment for setuid above. */
@@ -2700,12 +2705,14 @@
 	return task_has_perm(current, p, PROCESS__SETSCHED);
 }
 
-static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
+static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
+				int sig, u32 secid)
 {
 	u32 perm;
 	int rc;
+	struct task_security_struct *tsec;
 
-	rc = secondary_ops->task_kill(p, info, sig);
+	rc = secondary_ops->task_kill(p, info, sig, secid);
 	if (rc)
 		return rc;
 
@@ -2716,8 +2723,12 @@
 		perm = PROCESS__SIGNULL; /* null signal; existence test */
 	else
 		perm = signal_to_av(sig);
-
-	return task_has_perm(current, p, perm);
+	tsec = p->security;
+	if (secid)
+		rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
+	else
+		rc = task_has_perm(current, p, perm);
+	return rc;
 }
 
 static int selinux_task_prctl(int option,
@@ -4434,6 +4445,7 @@
 	.task_setpgid =			selinux_task_setpgid,
 	.task_getpgid =			selinux_task_getpgid,
 	.task_getsid =		        selinux_task_getsid,
+	.task_getsecid =		selinux_task_getsecid,
 	.task_setgroups =		selinux_task_setgroups,
 	.task_setnice =			selinux_task_setnice,
 	.task_setioprio =		selinux_task_setioprio,