On Thu, Apr 07, 2016 at 02:33:55AM +0300, Dan Jurgens wrote: > From: Daniel Jurgens <danielj@xxxxxxxxxxxx> > > Allocate and free a security context when creating and destroying a MAD > agent. This context is used for controlling access to PKeys. > > When sending or receiving a MAD check that the agent has permission to > access the PKey for the Subnet Prefix of the port. > > Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx> > Reviewed-by: Eli Cohen <eli@xxxxxxxxxxxx> > --- > drivers/infiniband/core/core_priv.h | 14 +++++++ > drivers/infiniband/core/core_security.c | 17 ++++++++ > drivers/infiniband/core/mad.c | 65 +++++++++++++++++++++++++++--- > 3 files changed, 89 insertions(+), 7 deletions(-) > > diff --git a/drivers/infiniband/core/core_priv.h b/drivers/infiniband/core/core_priv.h > index 27f2fa8..2759a18 100644 > --- a/drivers/infiniband/core/core_priv.h > +++ b/drivers/infiniband/core/core_priv.h > @@ -142,6 +142,11 @@ int ib_get_cached_subnet_prefix(struct ib_device *device, > u64 *sn_pfx); > > #ifdef CONFIG_SECURITY_INFINIBAND > +int ib_security_enforce_mad_agent_pkey_access(struct ib_device *dev, We need to find a way to shorten the name. It is insane to use such long name. > + u8 port_num, > + u16 pkey_index, > + struct ib_mad_agent *mad_agent); > +
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
