diff options
| author | Javier Martinez Canillas <javier.martinez@collabora.co.uk> | 2012-06-20 14:29:14 +0200 |
|---|---|---|
| committer | Rob Kendrick (humdrum) <rob.kendrick@codethink.co.uk> | 2013-06-11 11:02:48 +0100 |
| commit | 89ce233982ad5b8713dedeec00a69a36796f60e2 (patch) | |
| tree | d7e1b7801e808db6ee7543d9b4060255661511f2 | |
| parent | 8c8b2044ce0c3928b271b8a3603f81aaafd6f8b4 (diff) | |
| download | linux-89ce233982ad5b8713dedeec00a69a36796f60e2.tar.gz | |
security: Add Linux Security Modules hook for AF_BUS sockets
AF_BUS implements a security hook bus_connect() to be used by LSM
to enforce connectivity security policies.
Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
| -rw-r--r-- | include/linux/security.h | 11 | ||||
| -rw-r--r-- | security/capability.c | 7 | ||||
| -rw-r--r-- | security/security.c | 7 |
3 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 673afbb8238a..fa26c6d07002 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1578,6 +1578,8 @@ struct security_operations { #ifdef CONFIG_SECURITY_NETWORK int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk); + int (*bus_connect) (struct sock *sock, struct sock *other, + struct sock *newsk); int (*unix_may_send) (struct socket *sock, struct socket *other); int (*socket_create) (int family, int type, int protocol, int kern); @@ -2517,6 +2519,8 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 #ifdef CONFIG_SECURITY_NETWORK int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); +int security_bus_connect(struct sock *sock, struct sock *other, + struct sock *newsk); int security_unix_may_send(struct socket *sock, struct socket *other); int security_socket_create(int family, int type, int protocol, int kern); int security_socket_post_create(struct socket *sock, int family, @@ -2564,6 +2568,13 @@ static inline int security_unix_stream_connect(struct sock *sock, return 0; } +static inline int security_bus_connect(struct socket *sock, + struct sock *other, + struct sock *newsk) +{ + return 0; +} + static inline int security_unix_may_send(struct socket *sock, struct socket *other) { diff --git a/security/capability.c b/security/capability.c index 5bb21b1c448c..5b966a60a4c0 100644 --- a/security/capability.c +++ b/security/capability.c @@ -563,6 +563,12 @@ static int cap_unix_may_send(struct socket *sock, struct socket *other) return 0; } +static int cap_bus_connect(struct sock *sock, struct sock *other, + struct sock *newsk) +{ + return 0; +} + static int cap_socket_create(int family, int type, int protocol, int kern) { return 0; @@ -1015,6 +1021,7 @@ void __init security_fixup_ops(struct security_operations *ops) #ifdef CONFIG_SECURITY_NETWORK set_to_cap_if_null(ops, unix_stream_connect); set_to_cap_if_null(ops, unix_may_send); + set_to_cap_if_null(ops, bus_connect); set_to_cap_if_null(ops, socket_create); set_to_cap_if_null(ops, socket_post_create); set_to_cap_if_null(ops, socket_bind); diff --git a/security/security.c b/security/security.c index bf619ffc9a4d..54582ea2f70d 100644 --- a/security/security.c +++ b/security/security.c @@ -1018,6 +1018,13 @@ int security_unix_may_send(struct socket *sock, struct socket *other) } EXPORT_SYMBOL(security_unix_may_send); +int security_bus_connect(struct sock *sock, struct sock *other, + struct sock *newsk) +{ + return security_ops->bus_connect(sock, other, newsk); +} +EXPORT_SYMBOL(security_bus_connect); + int security_socket_create(int family, int type, int protocol, int kern) { return security_ops->socket_create(family, type, protocol, kern); |