From a1836a42daf5ddfe9a891973734bd9a7d62eb504 Mon Sep 17 00:00:00 2001 From: David Quigley Date: Fri, 30 Jun 2006 01:55:49 -0700 Subject: [PATCH] SELinux: Add security hook definition for getioprio and insert hooks Add a new security hook definition for the sys_ioprio_get operation. At present, the SELinux hook function implementation for this hook is identical to the getscheduler implementation but a separate hook is introduced to allow this check to be specialized in the future if necessary. This patch also creates a helper function get_task_ioprio which handles the access check in addition to retrieving the ioprio value for the task. Signed-off-by: David Quigley Acked-by: Stephen Smalley Signed-off-by: James Morris Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/ioprio.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'fs') diff --git a/fs/ioprio.c b/fs/ioprio.c index 7fa76ed53c1..93aa5715f22 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c @@ -125,11 +125,24 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) return ret; } +static int get_task_ioprio(struct task_struct *p) +{ + int ret; + + ret = security_task_getioprio(p); + if (ret) + goto out; + ret = p->ioprio; +out: + return ret; +} + asmlinkage long sys_ioprio_get(int which, int who) { struct task_struct *g, *p; struct user_struct *user; int ret = -ESRCH; + int tmpio; read_lock_irq(&tasklist_lock); switch (which) { @@ -139,16 +152,19 @@ asmlinkage long sys_ioprio_get(int which, int who) else p = find_task_by_pid(who); if (p) - ret = p->ioprio; + ret = get_task_ioprio(p); break; case IOPRIO_WHO_PGRP: if (!who) who = process_group(current); do_each_task_pid(who, PIDTYPE_PGID, p) { + tmpio = get_task_ioprio(p); + if (tmpio < 0) + continue; if (ret == -ESRCH) - ret = p->ioprio; + ret = tmpio; else - ret = ioprio_best(ret, p->ioprio); + ret = ioprio_best(ret, tmpio); } while_each_task_pid(who, PIDTYPE_PGID, p); break; case IOPRIO_WHO_USER: @@ -163,10 +179,13 @@ asmlinkage long sys_ioprio_get(int which, int who) do_each_thread(g, p) { if (p->uid != user->uid) continue; + tmpio = get_task_ioprio(p); + if (tmpio < 0) + continue; if (ret == -ESRCH) - ret = p->ioprio; + ret = tmpio; else - ret = ioprio_best(ret, p->ioprio); + ret = ioprio_best(ret, tmpio); } while_each_thread(g, p); if (who) -- cgit