Serge E. Hallyn wrote:
> file->f_cred is the cred of the task which opened it. file->f_security
> can be separately set by the LSM. Checkpoint the file->f_security,
> and at restart ask the LSM, using security_file_restore, based on the current
> task's context and the checkpointed f_security, which f_security to apply (or
> whether to refuse the restart altogether).
>
> For Smack, accept the checkpointed label if the restarting task has
> CAP_MAC_ADMIN.
>
> For SELinux, I currently ignore the checkpointed label and call
> file_alloc_security(). Do we want to have 'restore' permission for
> class file?
>
> Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
> ---
> checkpoint/files.c | 33 +++++++++++++++++++++++++++++++++
> include/linux/checkpoint_hdr.h | 1 +
> include/linux/security.h | 13 +++++++++++++
> security/capability.c | 6 ++++++
> security/security.c | 5 +++++
> security/selinux/hooks.c | 11 +++++++++++
> security/smack/smack_lsm.c | 26 +++++++++++++++++++++++++-
> 7 files changed, 94 insertions(+), 1 deletions(-)
>
>
> ...
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index dfc0f7a..7bcdfde 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -831,6 +831,30 @@ static int smack_file_alloc_security(struct file *file)
> }
>
> /**
> + * smack_file_restore_security - assign a file security blob
> + * @file: the object
> + * @stored: the label stored in the checkpoint file
> + *
> + * Returns 0
>
Or -EINVAL if the label is not acceptable
> + */
> +static int smack_file_restore_security(struct file *file, void *stored)
> +{
> + char *str = smk_import(stored, 0);
> +
> + if (str == NULL)
> + return -EINVAL;
> +
> + file->f_security = current_security();
> + if (current_security() != str) {
> + if (!capable(CAP_MAC_ADMIN))
> + return -EPERM;
> + file->f_security = str;
> + }
> +
> + return 0;
> +}
> +
> +/**
> * smack_file_free_security - clear a file security blob
> * @file: the object
> *
> @@ -1630,7 +1654,6 @@ static int smack_msg_msg_restore_security(struct msg_msg *msg,
> msg->security = str;
> }
> return 0;
> - return 0;
>
Looks like you caught that. Thank you
> }
>
> /**
> @@ -2996,6 +3019,7 @@ struct security_operations smack_ops = {
>
> .file_permission = smack_file_permission,
> .file_alloc_security = smack_file_alloc_security,
> + .file_restore_security = smack_file_restore_security,
> .file_free_security = smack_file_free_security,
> .file_ioctl = smack_file_ioctl,
> .file_lock = smack_file_lock,
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
