This allow S.A.R.A. to use the procattr interface without interfering
with other LSMs.
This part should be reimplemented as soon as upstream procattr stacking
support is available.
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@xxxxxxxxx>
---
fs/proc/base.c | 38 ++++++++++++++++++++++++++++++++++++++
security/security.c | 20 ++++++++++++++++++--
2 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9d357b2..a8a4164 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2560,6 +2560,40 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
.llseek = generic_file_llseek,
};
+#ifdef CONFIG_SECURITY_SARA
+static const struct pid_entry sara_attr_dir_stuff[] = {
+ REG("wxprot", 0666, proc_pid_attr_operations),
+};
+
+static int proc_sara_attr_dir_readdir(struct file *file,
+ struct dir_context *ctx)
+{
+ return proc_pident_readdir(file, ctx,
+ sara_attr_dir_stuff,
+ ARRAY_SIZE(sara_attr_dir_stuff));
+}
+
+static const struct file_operations proc_sara_attr_dir_ops = {
+ .read = generic_read_dir,
+ .iterate_shared = proc_sara_attr_dir_readdir,
+ .llseek = generic_file_llseek,
+};
+
+static struct dentry *proc_sara_attr_dir_lookup(struct inode *dir,
+ struct dentry *dentry, unsigned int flags)
+{
+ return proc_pident_lookup(dir, dentry,
+ sara_attr_dir_stuff,
+ ARRAY_SIZE(sara_attr_dir_stuff));
+};
+
+static const struct inode_operations proc_sara_attr_dir_inode_ops = {
+ .lookup = proc_sara_attr_dir_lookup,
+ .getattr = pid_getattr,
+ .setattr = proc_setattr,
+};
+#endif /* CONFIG_SECURITY_SARA */
+
static const struct pid_entry attr_dir_stuff[] = {
REG("current", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
REG("prev", S_IRUGO, proc_pid_attr_operations),
@@ -2567,6 +2601,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
REG("fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
REG("keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+#ifdef CONFIG_SECURITY_SARA
+ DIR("sara", 0555, proc_sara_attr_dir_inode_ops,
+ proc_sara_attr_dir_ops),
+#endif
};
static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)
diff --git a/security/security.c b/security/security.c
index 21cd07e..2d00c5e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1273,12 +1273,28 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode)
int security_getprocattr(struct task_struct *p, char *name, char **value)
{
- return call_int_hook(getprocattr, -EINVAL, p, name, value);
+ struct security_hook_list *hp;
+ int rc;
+
+ list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
+ rc = hp->hook.getprocattr(p, name, value);
+ if (rc != -EINVAL)
+ return rc;
+ }
+ return -EINVAL;
}
int security_setprocattr(const char *name, void *value, size_t size)
{
- return call_int_hook(setprocattr, -EINVAL, name, value, size);
+ struct security_hook_list *hp;
+ int rc;
+
+ list_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
+ rc = hp->hook.setprocattr(name, value, size);
+ if (rc != -EINVAL)
+ return rc;
+ }
+ return -EINVAL;
}
int security_netlink_send(struct sock *sk, struct sk_buff *skb)
--
1.9.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
