Re: [PATCH] security.h updates

From: Seth Arnold (sarnoldat_private)
Date: Wed Sep 12 2001 - 18:19:26 PDT

  • Next message: Stephen Smalley: "Re: [PATCH] security.h documentation"

    On Wed, Sep 12, 2001 at 03:08:54PM -0400, Chris Vance wrote:
    > 
    > Another patch, adding additional documentation to the security.h file.
    > This patch includes documentation for sockets and the rest of the IPC
    > hooks.
    > 
    > If there are no issues, Stephen can commit this patch.
    > 
    > chris.
    
    Chris, this is mostly very good, but there are some issues, mostly of
    the cut-n-paste variety. :)
    
    Thanks! :)
    
    > +	/**
    > +	 * recvmsg - check permission when receiving messages from this socket
    > +	 * @sock: socket structure
    > +	 * @msg: message structure
    > +	 * @size: size of message structure
    XXX needs also @flags
    > +	 *
    > +	 * called: sock_recvmsg <net/socket.c>
    > +	 *
    > +	 * Check permission before receiving a message from a socket.
    > +	 * Return 0 if permission is granted.  
    > +	 */
    > +	int (*recvmsg) (struct socket * sock, struct msghdr * msg, int size,
    > +			int flags);
    [...]
    > +	/**
    > +	 * setsockname - check permission when setting socket options
    XXX should read "setsockopt"
    > +	 * @sock: socket structure
    > +	 * @level: protocol level to set options for
    > +	 * @optname: name of the option to retrieve
    > +	 *
    > +	 * called: sys_setsockopt <net/socket.c>
    > +	 *
    > +	 * Check permissions before retrieving the options associated
    > +	 * with socket @sock. Return 0 if permission is granted.  
    > +	 */
    > +	int (*setsockopt) (struct socket * sock, int level, int optname);
    [...]
    > +	/**
    > +	 * sock_rcv_skb - check permissions on incoming network packets
    > +	 * @sk: sock (not socket) associated with the incoming sk_buff
    > +	 * @sk_buff: incoming network data
    XXX should read "skb"
    > +	 *
    > +	 * called: tcp_v4_rcv <net/ipv4/tcp_ipv4.c>
    > +	 * called: sock_queue_rcv_skb <include/net/sock.h>
    > +	 *
    > +	 * Check permissions on incoming network packets.  This hook is
    > +	 * distinct from the network input hooks of ip_security_ops since
    > +	 * it is the first time that the incoming sk_buff @skb has been 
    > +	 * associated with a particular socket, @sk.  Security modules
    > +	 * should not try to dereference @sk->socket if the socket is
    > +	 * in a time wait state (@sk->state == TCP_TIME_WAIT), since
    > +	 * the @sk refers to a tcp_tw_bucket structure in that case.
    > +	 * Also, even if the socket is not in this state, @sk->socket
    > +	 * may be NULL, e.g. a newly created server socket for a connection 
    > +	 * that has not yet been accepted by a process.
    XXX does this need a note of "return 0 if permission is granted."?
    > +	 */
    > +	int (*sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
    [...]
    > +	/**
    > +	 * unix_stream_connect - check permissions for Unix domain stream IPC
    > +	 * @sock: socket structure
    > +	 * @other: peer socket structure
    > +	 *
    > +	 * called: unix_stream_connect <net/unix/af_unix.c>
    > +	 *
    > +	 * Check permissions before establishing a Unix domain stream 
    > +	 * connection between @sock and @other. 
    XXX does this need a note of "return 0 if permission is granted."?
    > +	 */
    > +	int (*unix_stream_connect) (struct socket * sock,
    > +				    struct socket * other);
    > +
    > +	/**
    > +	 * unix_may_send - check permissions for Unix domain datagram IPC
    > +	 * @sock: socket structure
    > +	 * @sock: peer socket structure
    > +	 *
    > +	 * called: unix_dgram_connect <net/unix/af_unix.>
    > +	 * called: unix_dgram_sendmsg <net/unix/af_unix.>
    > +	 *
    > +	 * Check permissions before connecting or sending datagrams 
    > +	 * from @sock to @other.
    XXX does this need a note of "return 0 if permission is granted."?
    > +	 */
    > +	int (*unix_may_send) (struct socket * sock, struct socket * other);
    >  };
    [...]
    > +	/**
    > +	 * msgctl - check permission for shared memory control operations
    XXX this should read "shmctl"
    > +	 * @shp: shared memory structure to be modified
    > +	 * @shmid: resource identifier
    > +	 * @cmd: operation to be performed
    > +	 *
    > +	 * called: sys_shmctl <ipc/shm.c>
    > +	 * called: sys_shmctl <ipc/shm.c>
    > +	 * called: sys_shmctl <ipc/shm.c>
    > +	 * called: sys_shmctl <ipc/shm.c>
    > +	 *
    > +	 * lock: depending on @cmd, shm_lock() may have been called,
    > +	 * so there may be a spin_lock held on 'struct shmid_kernel
    > +	 * shm_ids'
    > +	 *
    > +	 * Check permission when a shared memory control operation
    > +	 * specified by @cmd is to be performed on the shared memory
    > +	 * region @shp, with identifier @shmid.  Return 0 if
    > +	 * permission is granted.
    > +	 */
    > +	int (* shmctl) (struct shmid_kernel *shp, int shmid, int cmd);
    [...]
    > +	/**
    > +	 * free_security - deallocate security struct for this semaphore
    > +	 * @shp: semaphore structure
    XXX this should read "sma"
    > +	 *
    > +	 * called: freeary <ipc/sem.c>
    > +	 */
    > +	void (* free_security) (struct sem_array *sma);
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Sep 12 2001 - 18:22:58 PDT