summaryrefslogtreecommitdiffstats
path: root/security/smack/smack.h
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2010-12-02 06:43:39 -0800
committerCasey Schaufler <casey@schaufler-ca.com>2010-12-02 06:43:39 -0800
commit676dac4b1bee0469d6932f698aeb77e8489f5861 (patch)
tree196b4cb35cf8dfdff0698dc4368cfd00acc7391a /security/smack/smack.h
parent93ae86e759299718c611bc543b9b1633bf32905a (diff)
downloadlinux-676dac4b1bee0469d6932f698aeb77e8489f5861.tar.gz
linux-676dac4b1bee0469d6932f698aeb77e8489f5861.tar.bz2
linux-676dac4b1bee0469d6932f698aeb77e8489f5861.zip
This patch adds a new security attribute to Smack called
SMACK64EXEC. It defines label that is used while task is running. Exception: in smack_task_wait() child task is checked for write access to parent task using label inherited from the task that forked it. Fixed issues from previous submit: - SMACK64EXEC was not read when SMACK64 was not set. - inode security blob was not updated after setting SMACK64EXEC - inode security blob was not updated when removing SMACK64EXEC
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r--security/smack/smack.h30
1 files changed, 30 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 43ae747a5aa4..a2e2cdfab4ef 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -51,10 +51,16 @@ struct socket_smack {
*/
struct inode_smack {
char *smk_inode; /* label of the fso */
+ char *smk_task; /* label of the task */
struct mutex smk_lock; /* initialization lock */
int smk_flags; /* smack inode flags */
};
+struct task_smack {
+ char *smk_task; /* label used for access control */
+ char *smk_forked; /* label when forked */
+};
+
#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
/*
@@ -243,6 +249,30 @@ static inline char *smk_of_inode(const struct inode *isp)
}
/*
+ * Present a pointer to the smack label in an task blob.
+ */
+static inline char *smk_of_task(const struct task_smack *tsp)
+{
+ return tsp->smk_task;
+}
+
+/*
+ * Present a pointer to the forked smack label in an task blob.
+ */
+static inline char *smk_of_forked(const struct task_smack *tsp)
+{
+ return tsp->smk_forked;
+}
+
+/*
+ * Present a pointer to the smack label in the curren task blob.
+ */
+static inline char *smk_of_current(void)
+{
+ return smk_of_task(current_security());
+}
+
+/*
* logging functions
*/
#define SMACK_AUDIT_DENIED 0x1