hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (ddb4a144..)new (62874c3a..)

hooks.c (ddb4a1442def2a78b91a85b4251fb712ef23662b)	hooks.c (62874c3adf709b884ceb0c61c35ab3794b3b0e95)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 2428 unchanged lines hidden (view full) --- 2437 PROCESS__PTRACE, NULL); 2438 if (rc) 2439 return -EPERM; 2440 } 2441 } 2442 2443 /* Clear any possibly unsafe personality bits on exec: */ 2444 bprm->per_clear \|= PER_CLEAR_ON_SETID;	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 2428 unchanged lines hidden (view full) --- 2437 PROCESS__PTRACE, NULL); 2438 if (rc) 2439 return -EPERM; 2440 } 2441 } 2442 2443 /* Clear any possibly unsafe personality bits on exec: */ 2444 bprm->per_clear \|= PER_CLEAR_ON_SETID;
2445 }
2446	2445
2447 return 0; 2448} 2449 2450static int selinux_bprm_secureexec(struct linux_binprm bprm) 2451{ 2452 const struct task_security_struct tsec = current_security(); 2453 u32 sid, osid; 2454 int atsecure = 0; 2455 2456 sid = tsec->sid; 2457 osid = tsec->osid; 2458 2459 if (osid != sid) {
2460 /* Enable secure mode for SIDs transitions unless 2461 the noatsecure permission is granted between 2462 the two SIDs, i.e. ahp returns 0. */	2446 /* Enable secure mode for SIDs transitions unless 2447 the noatsecure permission is granted between 2448 the two SIDs, i.e. ahp returns 0. */
2463 atsecure = avc_has_perm(osid, sid, 2464 SECCLASS_PROCESS, 2465 PROCESS__NOATSECURE, NULL);	2449 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2450 SECCLASS_PROCESS, PROCESS__NOATSECURE, 2451 NULL); 2452 bprm->secureexec \|= !!rc;
2466 } 2467	2453 } 2454
2468 return !!atsecure;	2455 return 0;
2469} 2470 2471static int match_file(const void p, struct file file, unsigned fd) 2472{ 2473 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0; 2474} 2475 2476/* Derived from fs/exec.c:flush_old_files. / --- 3784 unchanged lines hidden* (view full) --- 6261 LSM_HOOK_INIT(syslog, selinux_syslog), 6262 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory), 6263 6264 LSM_HOOK_INIT(netlink_send, selinux_netlink_send), 6265 6266 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), 6267 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), 6268 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),	2456} 2457 2458static int match_file(const void p, struct file file, unsigned fd) 2459{ 2460 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0; 2461} 2462 2463/* Derived from fs/exec.c:flush_old_files. / --- 3784 unchanged lines hidden* (view full) --- 6248 LSM_HOOK_INIT(syslog, selinux_syslog), 6249 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory), 6250 6251 LSM_HOOK_INIT(netlink_send, selinux_netlink_send), 6252 6253 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), 6254 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), 6255 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6269 LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
6270 6271 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), 6272 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), 6273 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data), 6274 LSM_HOOK_INIT(sb_remount, selinux_sb_remount), 6275 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount), 6276 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options), 6277 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs), --- 381 unchanged lines hidden ---	6256 6257 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), 6258 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), 6259 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data), 6260 LSM_HOOK_INIT(sb_remount, selinux_sb_remount), 6261 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount), 6262 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options), 6263 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs), --- 381 unchanged lines hidden ---