diff options
| author | Chris Wright <chrisw@osdl.org> | 2004-10-25 04:06:00 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-10-25 04:06:00 -0700 |
| commit | 6f62d84064de8ff7c514ab5e3cba536973edb3ce (patch) | |
| tree | 74b585755839657d803ea4fae9a2b951ff5b9381 /include | |
| parent | 0f4b6dfa98586bf0b3e11513319595ce82dc371c (diff) | |
[PATCH] lsm: fix send_sigurg mediation
Stephen Smalley notes that send_sigurg isn't mediated by LSM in the same
manner as send_sigio. Patch below is a slight modification of Stephen's
original patch. It moves the security_file_send_sigiotask() hook into the
sigio_perm(). The hook's fd and reason arguments are replaced with the
signum. sigio_perm() and it's callers are updated to pass the signum
through to the hook. In send_sigio case, the signum is simply fown->signum
or SIGIO when signum is 0, however in send_sigurg the kernel doesn't use
fown->signum, it always sends SIGURG.
From: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/security.h | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 80ba6b8295a0..bf7bb29c9719 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -488,16 +488,15 @@ struct swap_info_struct; * @file contains the file structure to update. * Return 0 on success. * @file_send_sigiotask: - * Check permission for the file owner @fown to send SIGIO to the process - * @tsk. Note that this hook is always called from interrupt. Note that - * the fown_struct, @fown, is never outside the context of a struct file, - * so the file structure (and associated security information) can always - * be obtained: + * Check permission for the file owner @fown to send SIGIO or SIGURG to the + * process @tsk. Note that this hook is sometimes called from interrupt. + * Note that the fown_struct, @fown, is never outside the context of a + * struct file, so the file structure (and associated security information) + * can always be obtained: * (struct file *)((long)fown - offsetof(struct file,f_owner)); * @tsk contains the structure of task receiving signal. * @fown contains the file owner information. - * @fd contains the file descriptor. - * @reason contains the operational flags. + * @sig is the signal that will be sent. When 0, kernel sends SIGIO. * Return 0 if permission is granted. * @file_receive: * This hook allows security modules to control the ability of a process @@ -1135,8 +1134,7 @@ struct security_operations { unsigned long arg); int (*file_set_fowner) (struct file * file); int (*file_send_sigiotask) (struct task_struct * tsk, - struct fown_struct * fown, - int fd, int reason); + struct fown_struct * fown, int sig); int (*file_receive) (struct file * file); int (*task_create) (unsigned long clone_flags); @@ -1657,9 +1655,9 @@ static inline int security_file_set_fowner (struct file *file) static inline int security_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, - int fd, int reason) + int sig) { - return security_ops->file_send_sigiotask (tsk, fown, fd, reason); + return security_ops->file_send_sigiotask (tsk, fown, sig); } static inline int security_file_receive (struct file *file) @@ -2299,7 +2297,7 @@ static inline int security_file_set_fowner (struct file *file) static inline int security_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, - int fd, int reason) + int sig) { return 0; } |