forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
selinux: Allocate and free infiniband security hooks
Implement and attach hooks to allocate and free Infiniband object security structures. Signed-off-by: Daniel Jurgens <[email protected]> Reviewed-by: James Morris <[email protected]> Acked-by: Doug Ledford <[email protected]> Signed-off-by: Paul Moore <[email protected]>
- Loading branch information
1 parent
a806f7a
commit 3a976fa
Showing
2 changed files
with
29 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,6 +17,7 @@ | |
| * Paul Moore <[email protected]> | ||
| * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. | ||
| * Yuichi Nakamura <[email protected]> | ||
| * Copyright (C) 2016 Mellanox Technologies | ||
| * | ||
| * This program is free software; you can redistribute it and/or modify | ||
| * it under the terms of the GNU General Public License version 2, | ||
|
|
@@ -6144,7 +6145,26 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) | |
| *_buffer = context; | ||
| return rc; | ||
| } | ||
| #endif | ||
|
|
||
| #ifdef CONFIG_SECURITY_INFINIBAND | ||
| static int selinux_ib_alloc_security(void **ib_sec) | ||
| { | ||
| struct ib_security_struct *sec; | ||
|
|
||
| sec = kzalloc(sizeof(*sec), GFP_KERNEL); | ||
| if (!sec) | ||
| return -ENOMEM; | ||
| sec->sid = current_sid(); | ||
|
|
||
| *ib_sec = sec; | ||
| return 0; | ||
| } | ||
|
|
||
| static void selinux_ib_free_security(void *ib_sec) | ||
| { | ||
| kfree(ib_sec); | ||
| } | ||
| #endif | ||
|
|
||
| static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | ||
|
|
@@ -6331,7 +6351,10 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |
| LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue), | ||
| LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach), | ||
| LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open), | ||
|
|
||
| #ifdef CONFIG_SECURITY_INFINIBAND | ||
| LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security), | ||
| LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security), | ||
| #endif | ||
| #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
| LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc), | ||
| LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone), | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,6 +10,7 @@ | |
| * | ||
| * Copyright (C) 2001,2002 Networks Associates Technology, Inc. | ||
| * Copyright (C) 2003 Red Hat, Inc., James Morris <[email protected]> | ||
| * Copyright (C) 2016 Mellanox Technologies | ||
| * | ||
| * This program is free software; you can redistribute it and/or modify | ||
| * it under the terms of the GNU General Public License version 2, | ||
|
|
@@ -139,6 +140,10 @@ struct key_security_struct { | |
| u32 sid; /* SID of key */ | ||
| }; | ||
|
|
||
| struct ib_security_struct { | ||
| u32 sid; /* SID of the queue pair or MAD agent */ | ||
| }; | ||
|
|
||
| extern unsigned int selinux_checkreqprot; | ||
|
|
||
| #endif /* _SELINUX_OBJSEC_H_ */ | ||