Weekly Edition
Return to the Kernel page
| |||||||||||||
|
| |||||||||||||
[sg]etaffinity hooks
The attached patch adds hooks to the setaffinity and getaffinity calls in
the 2.5 kernel, which were introduced in Linux 2.5.8. Any objections to
committing this patch to the lsm-2.5 BitKeeper tree? This patch should
also be submitted to lkml for inclusion in 2.5.
--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com
Index: lsm-2.5/include/linux/security.h
===================================================================
RCS file: /cvs/lsm/lsm-2.5/include/linux/security.h,v
retrieving revision 1.22
diff -u -r1.22 security.h
--- lsm-2.5/include/linux/security.h 2002/09/29 20:45:06 1.22
+++ lsm-2.5/include/linux/security.h 2002/10/07 16:08:18
@@ -539,6 +539,16 @@
* @p.
* @p contains the task_struct for process.
* Return 0 if permission is granted.
+ * @task_setaffinity:
+ * Check permission before setting CPU affinity of process @p
+ * to new mask @mask.
+ * @p contains the task_struct for process.
+ * @mask contains the new mask.
+ * Return 0 if permission is granted.
+ * @task_getaffinity:
+ * Check permission before getting CPU affinity of process @p.
+ * @p contains the task_struct for process.
+ * Return 0 if permission is granted.
* @task_kill:
* Check permission before sending signal @sig to @p. @info can be NULL,
* the constant 1, or a pointer to a siginfo structure. If @info is 1 or
@@ -1280,6 +1290,8 @@
int (*task_setscheduler) (struct task_struct * p, int policy,
struct sched_param * lp);
int (*task_getscheduler) (struct task_struct * p);
+ int (*task_setaffinity) (struct task_struct * p, unsigned long mask);
+ int (*task_getaffinity) (struct task_struct * p);
int (*task_kill) (struct task_struct * p,
struct siginfo * info, int sig);
int (*task_wait) (struct task_struct * p);
Index: lsm-2.5/kernel/sched.c
===================================================================
RCS file: /cvs/lsm/lsm-2.5/kernel/sched.c,v
retrieving revision 1.31
diff -u -r1.31 sched.c
--- lsm-2.5/kernel/sched.c 2002/10/03 16:38:33 1.31
+++ lsm-2.5/kernel/sched.c 2002/10/07 16:08:19
@@ -1597,6 +1597,10 @@
!capable(CAP_SYS_NICE))
goto out_unlock;
+ retval = security_ops->task_setaffinity(p, new_mask);
+ if (retval)
+ goto out_unlock;
+
retval = 0;
set_cpus_allowed(p, new_mask);
@@ -1628,6 +1632,10 @@
retval = -ESRCH;
p = find_process_by_pid(pid);
if (!p)
+ goto out_unlock;
+
+ retval = security_ops->task_getaffinity(p);
+ if (retval)
goto out_unlock;
retval = 0;
Index: lsm-2.5/security/capability.c
===================================================================
RCS file: /cvs/lsm/lsm-2.5/security/capability.c,v
retrieving revision 1.20
diff -u -r1.20 capability.c
--- lsm-2.5/security/capability.c 2002/09/29 20:45:06 1.20
+++ lsm-2.5/security/capability.c 2002/10/07 16:08:21
@@ -716,6 +716,16 @@
return 0;
}
+static int cap_task_setaffinity (struct task_struct *p, unsigned long mask)
+{
+ return 0;
+}
+
+static int cap_task_getaffinity (struct task_struct *p)
+{
+ return 0;
+}
+
static int cap_task_wait (struct task_struct *p)
{
return 0;
@@ -1143,6 +1153,8 @@
.task_setrlimit = cap_task_setrlimit,
.task_setscheduler = cap_task_setscheduler,
.task_getscheduler = cap_task_getscheduler,
+ .task_setaffinity = cap_task_setaffinity,
+ .task_getaffinity = cap_task_getaffinity,
.task_wait = cap_task_wait,
.task_kill = cap_task_kill,
.task_prctl = cap_task_prctl,
Index: lsm-2.5/security/dummy.c
===================================================================
RCS file: /cvs/lsm/lsm-2.5/security/dummy.c,v
retrieving revision 1.19
diff -u -r1.19 dummy.c
--- lsm-2.5/security/dummy.c 2002/09/29 20:45:06 1.19
+++ lsm-2.5/security/dummy.c 2002/10/07 16:08:21
@@ -536,6 +536,16 @@
return 0;
}
+static int dummy_task_setaffinity (struct task_struct *p, unsigned long mask)
+{
+ return 0;
+}
+
+static int dummy_task_getaffinity (struct task_struct *p)
+{
+ return 0;
+}
+
static int dummy_task_wait (struct task_struct *p)
{
return 0;
@@ -963,6 +973,8 @@
.task_setrlimit = dummy_task_setrlimit,
.task_setscheduler = dummy_task_setscheduler,
.task_getscheduler = dummy_task_getscheduler,
+ .task_setaffinity = dummy_task_setaffinity,
+ .task_getaffinity = dummy_task_getaffinity,
.task_wait = dummy_task_wait,
.task_kill = dummy_task_kill,
.task_prctl = dummy_task_prctl,
Index: lsm-2.5/security/selinux/hooks.c
===================================================================
RCS file: /cvs/lsm/lsm-2.5/security/selinux/hooks.c,v
retrieving revision 1.113
diff -u -r1.113 hooks.c
--- lsm-2.5/security/selinux/hooks.c 2002/10/04 18:22:28 1.113
+++ lsm-2.5/security/selinux/hooks.c 2002/10/07 16:08:22
@@ -2373,6 +2373,16 @@
return task_has_perm(current, p, PROCESS__GETSCHED);
}
+static int selinux_task_setaffinity(struct task_struct *p, unsigned long mask)
+{
+ return task_has_perm(current, p, PROCESS__SETSCHED);
+}
+
+static int selinux_task_getaffinity(struct task_struct *p)
+{
+ return task_has_perm(current, p, PROCESS__GETSCHED);
+}
+
static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
{
access_vector_t perm;
@@ -4029,6 +4039,8 @@
task_setrlimit: selinux_task_setrlimit,
task_setscheduler: selinux_task_setscheduler,
task_getscheduler: selinux_task_getscheduler,
+ task_setaffinity: selinux_task_setaffinity,
+ task_getaffinity: selinux_task_getaffinity,
task_kill: selinux_task_kill,
task_wait: selinux_task_wait,
task_prctl: selinux_task_prctl,
|
|
||||||||||||