diff options
author | Stephen D. Smalley <sds@epoch.ncsc.mil> | 2003-01-09 20:30:59 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@penguin.transmeta.com> | 2003-01-09 20:30:59 -0800 |
commit | 3afa49eb7facd0b5d84152094200a00704c1b5cf (patch) | |
tree | d280dceec5bceb95d07032a56fe9466f9f05e634 /security | |
parent | 60e7fd5ede56305f4f05d24c4ae2b5491767efe6 (diff) | |
download | history-3afa49eb7facd0b5d84152094200a00704c1b5cf.tar.gz |
[PATCH] 2.5.52-lsm-{dummy,ipc}.patch
This patch adds the remaining System V IPC hooks, including the inline
documentation for them in security.h. This includes a restored
sem_semop hook, as it does seem to be necessary to support fine-grained
access.
All of these System V IPC hooks are used by SELinux. The SELinux System
V IPC access controls were originally described in the technical report
available from http://www.nsa.gov/selinux/slinux-abs.html, and the
LSM-based implementation is described in the technical report available
from http://www.nsa.gov/selinux/module-abs.html.
Diffstat (limited to 'security')
-rw-r--r-- | security/dummy.c | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c index 4d037841684fc2..7f2ad59f9d480f 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -501,6 +501,15 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) return 0; } +static int dummy_msg_msg_alloc_security (struct msg_msg *msg) +{ + return 0; +} + +static void dummy_msg_msg_free_security (struct msg_msg *msg) +{ + return; +} static int dummy_msg_queue_alloc_security (struct msg_queue *msq) { @@ -512,6 +521,30 @@ static void dummy_msg_queue_free_security (struct msg_queue *msq) return; } +static int dummy_msg_queue_associate (struct msg_queue *msq, + int msqflg) +{ + return 0; +} + +static int dummy_msg_queue_msgctl (struct msg_queue *msq, int cmd) +{ + return 0; +} + +static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg, + int msgflg) +{ + return 0; +} + +static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg, + struct task_struct *target, long type, + int mode) +{ + return 0; +} + static int dummy_shm_alloc_security (struct shmid_kernel *shp) { return 0; @@ -522,6 +555,22 @@ static void dummy_shm_free_security (struct shmid_kernel *shp) return; } +static int dummy_shm_associate (struct shmid_kernel *shp, int shmflg) +{ + return 0; +} + +static int dummy_shm_shmctl (struct shmid_kernel *shp, int cmd) +{ + return 0; +} + +static int dummy_shm_shmat (struct shmid_kernel *shp, char *shmaddr, + int shmflg) +{ + return 0; +} + static int dummy_sem_alloc_security (struct sem_array *sma) { return 0; @@ -532,6 +581,22 @@ static void dummy_sem_free_security (struct sem_array *sma) return; } +static int dummy_sem_associate (struct sem_array *sma, int semflg) +{ + return 0; +} + +static int dummy_sem_semctl (struct sem_array *sma, int cmd) +{ + return 0; +} + +static int dummy_sem_semop (struct sem_array *sma, + struct sembuf *sops, unsigned nsops, int alter) +{ + return 0; +} + static int dummy_register_security (const char *name, struct security_operations *ops) { return -EINVAL; @@ -640,12 +705,24 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, task_kmod_set_label); set_to_dummy_if_null(ops, task_reparent_to_init); set_to_dummy_if_null(ops, ipc_permission); + set_to_dummy_if_null(ops, msg_msg_alloc_security); + set_to_dummy_if_null(ops, msg_msg_free_security); set_to_dummy_if_null(ops, msg_queue_alloc_security); set_to_dummy_if_null(ops, msg_queue_free_security); + set_to_dummy_if_null(ops, msg_queue_associate); + set_to_dummy_if_null(ops, msg_queue_msgctl); + set_to_dummy_if_null(ops, msg_queue_msgsnd); + set_to_dummy_if_null(ops, msg_queue_msgrcv); set_to_dummy_if_null(ops, shm_alloc_security); set_to_dummy_if_null(ops, shm_free_security); + set_to_dummy_if_null(ops, shm_associate); + set_to_dummy_if_null(ops, shm_shmctl); + set_to_dummy_if_null(ops, shm_shmat); set_to_dummy_if_null(ops, sem_alloc_security); set_to_dummy_if_null(ops, sem_free_security); + set_to_dummy_if_null(ops, sem_associate); + set_to_dummy_if_null(ops, sem_semctl); + set_to_dummy_if_null(ops, sem_semop); set_to_dummy_if_null(ops, register_security); set_to_dummy_if_null(ops, unregister_security); } |