From d5a9256003294d65d6cd9d162cf29fb852f6569a Mon Sep 17 00:00:00 2001 From: James Morris Date: Thu, 6 Feb 2003 09:51:56 -0800 Subject: [LSM]: Networking netlink socket capability hooks. --- security/capability.c | 2 ++ security/dummy.c | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) (limited to 'security') diff --git a/security/capability.c b/security/capability.c index cf6d2440a21d..221f185ca380 100644 --- a/security/capability.c +++ b/security/capability.c @@ -282,6 +282,8 @@ static struct security_operations capability_ops = { .capset_check = cap_capset_check, .capset_set = cap_capset_set, .capable = cap_capable, + .netlink_send = cap_netlink_send, + .netlink_recv = cap_netlink_recv, .bprm_compute_creds = cap_bprm_compute_creds, .bprm_set_security = cap_bprm_set_security, diff --git a/security/dummy.c b/security/dummy.c index 46cfb0d00aa6..9b450c740bfa 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -597,6 +597,22 @@ static int dummy_sem_semop (struct sem_array *sma, return 0; } +static int dummy_netlink_send (struct sk_buff *skb) +{ + if (current->euid == 0) + cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN); + else + NETLINK_CB (skb).eff_cap = 0; + return 0; +} + +static int dummy_netlink_recv (struct sk_buff *skb) +{ + if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN)) + return -EPERM; + return 0; +} + #ifdef CONFIG_SECURITY_NETWORK static int dummy_unix_stream_connect (struct socket *sock, struct socket *other, @@ -819,6 +835,8 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, sem_associate); set_to_dummy_if_null(ops, sem_semctl); set_to_dummy_if_null(ops, sem_semop); + set_to_dummy_if_null(ops, netlink_send); + set_to_dummy_if_null(ops, netlink_recv); set_to_dummy_if_null(ops, register_security); set_to_dummy_if_null(ops, unregister_security); #ifdef CONFIG_SECURITY_NETWORK -- cgit v1.2.3