| From 714516658e81f2342fe5fd2b8f5493d19f3731b4 Mon Sep 17 00:00:00 2001 |
| From: Javier Martinez Canillas <javier.martinez@collabora.co.uk> |
| Date: Wed, 20 Jun 2012 14:32:26 +0200 |
| Subject: [PATCH 05/15] security: selinux: Add AF_BUS socket SELinux hooks |
| |
| Add Security-Enhanced Linux (SELinux) hook for AF_BUS socket address family. |
| |
| Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk> |
| --- |
| security/selinux/hooks.c | 35 +++++++++++++++++++++++++++++++++++ |
| 1 file changed, 35 insertions(+) |
| |
| --- a/security/selinux/hooks.c |
| +++ b/security/selinux/hooks.c |
| @@ -68,6 +68,7 @@ |
| #include <linux/quota.h> |
| #include <linux/un.h> /* for Unix socket types */ |
| #include <net/af_unix.h> /* for Unix socket types */ |
| +#include <net/af_bus.h> /* for Bus socket types */ |
| #include <linux/parser.h> |
| #include <linux/nfs_mount.h> |
| #include <net/ipv6.h> |
| @@ -4143,6 +4144,39 @@ static int selinux_socket_unix_may_send( |
| &ad); |
| } |
| |
| +static int selinux_socket_bus_connect(struct sock *sock, struct sock *other, |
| + struct sock *newsk) |
| +{ |
| + struct sk_security_struct *sksec_sock = sock->sk_security; |
| + struct sk_security_struct *sksec_other = other->sk_security; |
| + struct sk_security_struct *sksec_new = newsk->sk_security; |
| + struct common_audit_data ad; |
| + struct lsm_network_audit net = {0,}; |
| + int err; |
| + |
| + ad.type = LSM_AUDIT_DATA_NET; |
| + ad.u.net = &net; |
| + ad.u.net->sk = other; |
| + |
| + err = avc_has_perm(sksec_sock->sid, sksec_other->sid, |
| + sksec_other->sclass, |
| + UNIX_STREAM_SOCKET__CONNECTTO, &ad); |
| + if (err) |
| + return err; |
| + |
| + /* server child socket */ |
| + sksec_new->peer_sid = sksec_sock->sid; |
| + err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, |
| + &sksec_new->sid); |
| + if (err) |
| + return err; |
| + |
| + /* connecting socket */ |
| + sksec_sock->peer_sid = sksec_new->sid; |
| + |
| + return 0; |
| +} |
| + |
| static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, |
| u32 peer_sid, |
| struct common_audit_data *ad) |
| @@ -5762,6 +5796,7 @@ static struct security_operations selinu |
| |
| .unix_stream_connect = selinux_socket_unix_stream_connect, |
| .unix_may_send = selinux_socket_unix_may_send, |
| + .bus_connect = selinux_socket_bus_connect, |
| |
| .socket_create = selinux_socket_create, |
| .socket_post_create = selinux_socket_post_create, |