Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_msm8996 / 9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d^! / . / security
commit9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d[log] [tgz]
authorSteve Grubb <sgrubb@redhat.com>Fri Mar 31 15:22:49 2006 -0500
committerAl Viro <viro@zeniv.linux.org.uk>Mon May 01 06:09:56 2006 -0400
tree1e1489ed5080ea4aff6206bfa904f549de8e56ca
parent1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb [diff]
[PATCH] change lspp ipc auditing

Hi,

The patch below converts IPC auditing to collect sid's and convert to context
string only if it needs to output an audit record. This patch depends on the
inode audit change patch already being applied.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/security/dummy.c b/security/dummy.c
index fd99429..8cccccc 100644
--- a/security/dummy.c
+++ b/security/dummy.c

@@ -563,11 +563,6 @@
 	return 0;
 }
 
-static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
-	return -EOPNOTSUPP;
-}
-
 static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
 {
 	return 0;
@@ -976,7 +971,6 @@
 	set_to_dummy_if_null(ops, task_reparent_to_init);
  	set_to_dummy_if_null(ops, task_to_inode);
 	set_to_dummy_if_null(ops, ipc_permission);
-	set_to_dummy_if_null(ops, ipc_getsecurity);
 	set_to_dummy_if_null(ops, msg_msg_alloc_security);
 	set_to_dummy_if_null(ops, msg_msg_free_security);
 	set_to_dummy_if_null(ops, msg_queue_alloc_security);

diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index 07ddce7..7357cf2 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c

@@ -15,6 +15,7 @@
 #include <linux/module.h>
 #include <linux/selinux.h>
 #include <linux/fs.h>
+#include <linux/ipc.h>
 
 #include "security.h"
 #include "objsec.h"
@@ -50,3 +51,13 @@
 	*sid = 0;
 }
 
+void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
+{
+	if (selinux_enabled) {
+		struct ipc_security_struct *isec = ipcp->security;
+		*sid = isec->sid;
+		return;
+	}
+	*sid = 0;
+}
+

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b61b9554..3cf368a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -4052,13 +4052,6 @@
 	return ipc_has_perm(ipcp, av);
 }
 
-static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
-	struct ipc_security_struct *isec = ipcp->security;
-
-	return selinux_getsecurity(isec->sid, buffer, size);
-}
-
 /* module stacking operations */
 static int selinux_register_security (const char *name, struct security_operations *ops)
 {
@@ -4321,7 +4314,6 @@
 	.task_to_inode =                selinux_task_to_inode,
 
 	.ipc_permission =		selinux_ipc_permission,
-	.ipc_getsecurity =		selinux_ipc_getsecurity,
 
 	.msg_msg_alloc_security =	selinux_msg_msg_alloc_security,
 	.msg_msg_free_security =	selinux_msg_msg_free_security,