[PATCH] net device hooks (v.2)

• Previous message: Crispin Cowan: "Re: [PATCH] net device hooks"
• Next in thread: Seth Arnold: "Re: [PATCH] net device hooks (v.2)"
• Reply: Seth Arnold: "Re: [PATCH] net device hooks (v.2)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Attached below is an updated patch against the current lsm bk repository.

Following feedback and discussion on the list, the alloc_security() call
has been removed, and the free_security() call has been renamed to
unregsiter() (which maps better to the unregister_netdevice() context in
which it is called anyway).

Any comments appreciated.


- James
-- 
James Morris
<jmorrisat_private>

diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/include/linux/netdevice.h lsm-w1/include/linux/netdevice.h
--- lsm/include/linux/netdevice.h	Wed Jul 25 11:34:53 2001
+++ lsm-w1/include/linux/netdevice.h	Wed Jul 25 22:51:40 2001
@@ -408,6 +408,7 @@
 	/* this will get initialized at each interface type init routine */
 	struct divert_blk	*divert;
 #endif /* CONFIG_NET_DIVERT */
+	void			*security;
 };


diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/include/linux/security.h lsm-w1/include/linux/security.h
--- lsm/include/linux/security.h	Wed Jul 25 11:34:53 2001
+++ lsm-w1/include/linux/security.h	Wed Jul 25 22:42:52 2001
@@ -125,6 +125,12 @@
 struct socket_security_ops {
 };

+struct net_device;
+struct netdev_security_ops {
+	int (*ioctl)			(struct net_device *dev, int cmd, void *arg);
+	void (*unregister)		(struct net_device *dev);
+};
+
 struct module_security_ops {
  	int  (* create_module)		(const char *name_user, size_t size);
  	int  (* init_module)		(const char *name_user, struct module *mod_user);
@@ -198,6 +204,7 @@
 	struct file_security_ops	* file_ops;
 	struct task_security_ops	* task_ops;
 	struct socket_security_ops	* socket_ops;
+	struct netdev_security_ops	* netdev_ops;
 	struct module_security_ops 	* module_ops;
 	struct ipc_security_ops		* ipc_ops;
 	struct msg_msg_security_ops	* msg_msg_ops;
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/kernel/capability_plug.c lsm-w1/kernel/capability_plug.c
--- lsm/kernel/capability_plug.c	Wed Jul 25 11:34:54 2001
+++ lsm-w1/kernel/capability_plug.c	Wed Jul 25 23:03:31 2001
@@ -19,6 +19,7 @@
 #include <linux/slab.h>
 #include <linux/smp_lock.h>
 #include <asm/uaccess.h>
+#include <linux/netdevice.h>

 /* flag to keep track of how we were registered */
 static int secondary;
@@ -296,6 +297,9 @@
 	return;
 }

+static int cap_netdev_ioctl		(struct net_device *dev, int cmd, void *arg) {return 0;}
+static void cap_netdev_unregister	(struct net_device *dev) {return;}
+
 static int cap_module_create_module	(const char *name_user, size_t size)			{return 0;}
 static int cap_module_init_module	(const char *name_user, struct module *mod_user)	{return 0;}
 static int cap_module_delete_module	(const char *name_user)					{return 0;}
@@ -406,6 +410,11 @@

 static struct socket_security_ops cap_socket_ops = {};

+static struct netdev_security_ops cap_netdev_ops = {
+	ioctl:		cap_netdev_ioctl,
+	unregister:	cap_netdev_unregister,
+};
+
 static struct module_security_ops cap_module_ops = {
 	create_module:	cap_module_create_module,
 	init_module:	cap_module_init_module,
@@ -477,6 +486,7 @@
 	file_ops:		&cap_file_ops,
 	task_ops:		&cap_task_ops,
 	socket_ops:		&cap_socket_ops,
+	netdev_ops:		&cap_netdev_ops,
 	module_ops:		&cap_module_ops,
 	ipc_ops:		&cap_ipc_ops,
 	msg_msg_ops:		&cap_msg_ops,
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/kernel/security.c lsm-w1/kernel/security.c
--- lsm/kernel/security.c	Wed Jul 25 11:34:54 2001
+++ lsm-w1/kernel/security.c	Wed Jul 25 23:03:46 2001
@@ -30,7 +30,7 @@

 #include <linux/module.h>
 #include <linux/sysctl.h>
-
+#include <linux/netdevice.h>



@@ -133,6 +133,9 @@

 static void dummy_task_kmod_set_label	(void)	                {return;}

+static int dummy_netdev_ioctl		(struct net_device *dev, int cmd, void *arg) {return 0;}
+static void dummy_netdev_unregister	(struct net_device *dev) {return;}
+
 static int dummy_module_create_module	(const char *name_user, size_t size)			{return 0;}
 static int dummy_module_init_module	(const char *name_user, struct module *mod_user)	{return 0;}
 static int dummy_module_delete_module	(const char *name_user)					{return 0;}
@@ -241,6 +244,11 @@

 static struct socket_security_ops dummy_socket_ops = {};

+static struct netdev_security_ops dummy_netdev_ops = {
+	ioctl:		dummy_netdev_ioctl,
+	unregister:	dummy_netdev_unregister,
+};
+
 static struct module_security_ops dummy_module_ops = {
 	create_module:	dummy_module_create_module,
 	init_module:	dummy_module_init_module,
@@ -312,6 +320,7 @@
 	file_ops:		&dummy_file_ops,
 	task_ops:		&dummy_task_ops,
 	socket_ops:		&dummy_socket_ops,
+	netdev_ops:		&dummy_netdev_ops,
 	ipc_ops:		&dummy_ipc_ops,
 	module_ops:		&dummy_module_ops,
 	msg_msg_ops:		&dummy_msg_msg_ops,
@@ -382,6 +391,7 @@
 	    !ops->file_ops ||
 	    !ops->task_ops ||
 	    !ops->socket_ops ||
+	    !ops->netdev_ops ||
 	    !ops->module_ops ||
 	    !ops->ipc_ops ||
 	    !ops->msg_msg_ops ||
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/net/core/dev.c lsm-w1/net/core/dev.c
--- lsm/net/core/dev.c	Wed Jul 25 11:35:03 2001
+++ lsm-w1/net/core/dev.c	Wed Jul 25 23:04:01 2001
@@ -100,6 +100,7 @@
 #include <linux/init.h>
 #include <linux/kmod.h>
 #include <linux/module.h>
+#include <linux/security.h>
 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
 #include <linux/wireless.h>		/* Note : will define WIRELESS_EXT */
 #endif	/* CONFIG_NET_RADIO || CONFIG_NET_PCMCIA_RADIO */
@@ -2395,9 +2396,7 @@
 int register_netdevice(struct net_device *dev)
 {
 	struct net_device *d, **dp;
-#ifdef CONFIG_NET_DIVERT
 	int ret;
-#endif

 	spin_lock_init(&dev->queue_lock);
 	spin_lock_init(&dev->xmit_lock);
@@ -2564,6 +2563,8 @@
 #ifdef CONFIG_NET_DIVERT
 	free_divert_blk(dev);
 #endif
+
+	security_ops->netdev_ops->unregister(dev);

 	if (dev->features & NETIF_F_DYNALLOC) {
 #ifdef NET_REFCNT_DEBUG
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/net/ipv4/devinet.c lsm-w1/net/ipv4/devinet.c
--- lsm/net/ipv4/devinet.c	Thu Jun 28 04:02:01 2001
+++ lsm-w1/net/ipv4/devinet.c	Wed Jul 25 23:03:55 2001
@@ -51,6 +51,7 @@
 #include <linux/sysctl.h>
 #endif
 #include <linux/kmod.h>
+#include <linux/security.h>

 #include <net/ip.h>
 #include <net/route.h>
@@ -524,6 +525,10 @@
 		ret = -ENODEV;
 		goto done;
 	}
+
+	ret = security_ops->netdev_ops->ioctl(dev, cmd, &ifr);
+	if (ret)
+		goto done;

 	if (colon)
 		*colon = ':';



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: KRAMER,STEVEN (HP-USA,ex1): "RE: File descriptors: LSM should support them in phase 1."
• Previous message: Crispin Cowan: "Re: [PATCH] net device hooks"
• Next in thread: Seth Arnold: "Re: [PATCH] net device hooks (v.2)"
• Reply: Seth Arnold: "Re: [PATCH] net device hooks (v.2)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 06:15:49 PDT