From 73880d9f50dd54d301c95d8d793404f5bf3e08c6 Mon Sep 17 00:00:00 2001 From: James Morris Date: Thu, 6 Feb 2003 09:50:47 -0800 Subject: [LSM]: Networking AF_UNIX hooks. --- include/linux/security.h | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'include/linux') diff --git a/include/linux/security.h b/include/linux/security.h index 95962488a089..c04fc8ceec06 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -588,6 +588,31 @@ struct swap_info_struct; * is being reparented to the init task. * @p contains the task_struct for the kernel thread. * + * Security hooks for Unix domain networking. + * + * @unix_stream_connect: + * Check permissions before establishing a Unix domain stream connection + * between @sock and @other. + * @sock contains the socket structure. + * @other contains the peer socket structure. + * Return 0 if permission is granted. + * @unix_may_send: + * Check permissions before connecting or sending datagrams from @sock to + * @other. + * @sock contains the socket structure. + * @sock contains the peer socket structure. + * Return 0 if permission is granted. + * + * The @unix_stream_connect and @unix_may_send hooks were necessary because + * Linux provides an alternative to the conventional file name space for Unix + * domain sockets. Whereas binding and connecting to sockets in the file name + * space is mediated by the typical file permissions (and caught by the mknod + * and permission hooks in inode_security_ops), binding and connecting to + * sockets in the abstract name space is completely unmediated. Sufficient + * control of Unix domain sockets in the abstract name space isn't possible + * using only the socket layer hooks, since we need to know the actual target + * socket, which is not looked up until we are inside the af_unix code. + * * Security hooks for socket operations. * * @socket_create: @@ -1059,6 +1084,10 @@ struct security_operations { struct security_operations *ops); #ifdef CONFIG_SECURITY_NETWORK + int (*unix_stream_connect) (struct socket * sock, + struct socket * other, struct sock * newsk); + int (*unix_may_send) (struct socket * sock, struct socket * other); + int (*socket_create) (int family, int type, int protocol); void (*socket_post_create) (struct socket * sock, int family, int type, int protocol); @@ -2236,6 +2265,20 @@ static inline int security_sem_semop (struct sem_array * sma, #endif /* CONFIG_SECURITY */ #ifdef CONFIG_SECURITY_NETWORK +static inline int security_unix_stream_connect(struct socket * sock, + struct socket * other, + struct sock * newsk) +{ + return security_ops->unix_stream_connect(sock, other, newsk); +} + + +static inline int security_unix_may_send(struct socket * sock, + struct socket * other) +{ + return security_ops->unix_may_send(sock, other); +} + static inline int security_socket_create (int family, int type, int protocol) { return security_ops->socket_create(family, type, protocol); @@ -2326,6 +2369,19 @@ static inline int security_sock_rcv_skb (struct sock * sk, return security_ops->socket_sock_rcv_skb (sk, skb); } #else /* CONFIG_SECURITY_NETWORK */ +static inline int security_unix_stream_connect(struct socket * sock, + struct socket * other, + struct sock * newsk) +{ + return 0; +} + +static inline int security_unix_may_send(struct socket * sock, + struct socket * other) +{ + return 0; +} + static inline int security_socket_create (int family, int type, int protocol) { return 0; -- cgit v1.2.3