From a1836a42daf5ddfe9a891973734bd9a7d62eb504 Mon Sep 17 00:00:00 2001
From: David Quigley <dpquigl@tycho.nsa.gov>
Date: Fri, 30 Jun 2006 01:55:49 -0700
Subject: [PATCH] SELinux: Add security hook definition for getioprio and
 insert hooks

Add a new security hook definition for the sys_ioprio_get operation.  At
present, the SELinux hook function implementation for this hook is
identical to the getscheduler implementation but a separate hook is
introduced to allow this check to be specialized in the future if
necessary.

This patch also creates a helper function get_task_ioprio which handles the
access check in addition to retrieving the ioprio value for the task.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Jens Axboe <axboe@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---
 include/linux/security.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'include')

diff --git a/include/linux/security.h b/include/linux/security.h
index d4b13d617f6..f75303831d0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -585,6 +585,10 @@ struct swap_info_struct;
  *	@p contains the task_struct of process.
  *	@ioprio contains the new ioprio value
  *	Return 0 if permission is granted.
+ * @task_getioprio
+ *	Check permission before getting the ioprio value of @p.
+ *	@p contains the task_struct of process.
+ *	Return 0 if permission is granted.
  * @task_setrlimit:
  *	Check permission before setting the resource limits of the current
  *	process for @resource to @new_rlim.  The old resource limit values can
@@ -1227,6 +1231,7 @@ struct security_operations {
 	int (*task_setgroups) (struct group_info *group_info);
 	int (*task_setnice) (struct task_struct * p, int nice);
 	int (*task_setioprio) (struct task_struct * p, int ioprio);
+	int (*task_getioprio) (struct task_struct * p);
 	int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim);
 	int (*task_setscheduler) (struct task_struct * p, int policy,
 				  struct sched_param * lp);
@@ -1864,6 +1869,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio)
 	return security_ops->task_setioprio (p, ioprio);
 }
 
+static inline int security_task_getioprio (struct task_struct *p)
+{
+	return security_ops->task_getioprio (p);
+}
+
 static inline int security_task_setrlimit (unsigned int resource,
 					   struct rlimit *new_rlim)
 {
@@ -2520,6 +2530,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio)
 	return 0;
 }
 
+static inline int security_task_getioprio (struct task_struct *p)
+{
+	return 0;
+}
+
 static inline int security_task_setrlimit (unsigned int resource,
 					   struct rlimit *new_rlim)
 {
-- 
cgit v1.2.3