[PATCH] BSD Secure Levels LSM: add time hooks

I have received positive feedback from various individuals who have applied my
BSD Secure Levels LSM patch, and so at this point I am submitting it to you
with a request to merge it in.  Nothing has changed in this patch since when I
last posted it to the LKML, so I am not re-sending it there.

This first patch adds hooks to catch attempts to set the system clock back.

Signed-off-by: Michael A. Halcrow <mahalcro@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 13 insertions, 5 deletions

diff --git a/kernel/time.c b/kernel/time.c
index 0b4797fa3d306f..52b273c7ccac67 100644
--- a/kernel/time.c
+++ b/kernel/time.c
@@ -32,6 +32,8 @@
 #include <linux/errno.h>
 #include <linux/smp_lock.h>
 #include <linux/syscalls.h>
+#include <linux/security.h>
+
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
 
@@ -78,13 +80,17 @@ asmlinkage long sys_time(int __user * tloc)
 asmlinkage long sys_stime(time_t __user *tptr)
 {
 	struct timespec tv;
+	int err;
 
-	if (!capable(CAP_SYS_TIME))
-		return -EPERM;
 	if (get_user(tv.tv_sec, tptr))
 		return -EFAULT;
 
 	tv.tv_nsec = 0;
+
+	err = security_settime(&tv, NULL);
+	if (err)
+		return err;
+
 	do_settimeofday(&tv);
 	return 0;
 }
@@ -146,10 +152,12 @@ inline static void warp_clock(void)
 int do_sys_settimeofday(struct timespec *tv, struct timezone *tz)
 {
 	static int firsttime = 1;
+	int error = 0;
+
+	error = security_settime(tv, tz);
+	if (error)
+		return error;
 
-	if (!capable(CAP_SYS_TIME))
-		return -EPERM;
-		
 	if (tz) {
 		/* SMP safe, global irq locking makes it work. */
 		sys_tz = *tz;