[PATCH] skb set_owner_w hook

• Previous message: Alan Cox: "Re: Binary only module overview"
• Next in thread: Greg KH: "Re: [PATCH] skb set_owner_w hook"
• Reply: Greg KH: "Re: [PATCH] skb set_owner_w hook"
• Reply: Chris Wright: "Re: [PATCH] skb set_owner_w hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Below is a patch which adds a new hook to skb_ops, which is needed to
propagate security attributes from a sending socket to an skb.

Comments welcome.

- james
-- 
James Morris
<jmorrisat_private>


diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/include/linux/security.h lsm-w1/include/linux/security.h
--- lsm/include/linux/security.h	Fri Sep 28 01:05:17 2001
+++ lsm-w1/include/linux/security.h	Fri Sep 28 01:49:16 2001
@@ -1451,6 +1451,17 @@
 	void (* copy) (struct sk_buff *newskb, const struct sk_buff *oldskb);

 	/**
+	 * set_owner_w - set ownership of sk_buff to sending socket
+	 * @skb: the buffer being owned
+	 * @sk: sock to which ownership is being assigned
+	 *
+	 * This hook is called when the ownership of an &sk_buff is being
+	 * assigned to a sending socket.  Typically, this would be used to
+	 * copy security attributes from the sending socket to the &sk_buff.
+	 */
+	void (* set_owner_w) (struct sk_buff *skb, struct sock *sk);
+
+	/**
 	 * free_security - sk_buff destruction hook
 	 * @skb: the buffer being destroyed
 	 *
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/include/net/sock.h lsm-w1/include/net/sock.h
--- lsm/include/net/sock.h	Mon Sep 24 18:28:50 2001
+++ lsm-w1/include/net/sock.h	Fri Sep 28 01:31:15 2001
@@ -1129,6 +1129,7 @@
 	skb->sk = sk;
 	skb->destructor = sock_wfree;
 	atomic_add(skb->truesize, &sk->wmem_alloc);
+	security_ops->skb_ops->set_owner_w(skb, sk);
 }

 static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/security/capability_plug.c lsm-w1/security/capability_plug.c
--- lsm/security/capability_plug.c	Mon Sep 24 18:28:50 2001
+++ lsm-w1/security/capability_plug.c	Fri Sep 28 01:27:23 2001
@@ -1046,6 +1046,11 @@
 	return;
 }

+static void cap_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
 static void cap_skb_free_security (struct sk_buff *skb)
 {
 	return;
@@ -1167,6 +1172,7 @@
 	alloc_security:	cap_skb_alloc_security,
 	clone:		cap_skb_clone,
 	copy:		cap_skb_copy,
+	set_owner_w:	cap_skb_set_owner_w,
 	free_security:	cap_skb_free_security,
 };

diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/security/dummy.c lsm-w1/security/dummy.c
--- lsm/security/dummy.c	Sat Sep 15 21:08:38 2001
+++ lsm-w1/security/dummy.c	Fri Sep 28 01:11:18 2001
@@ -869,6 +869,11 @@
 	return;
 }

+static void dummy_skb_set_owner_w (struct sk_buff *skb, struct sock *sk)
+{
+	return;
+}
+
 static void dummy_skb_free_security (struct sk_buff *skb)
 {
 	return;
@@ -990,6 +995,7 @@
 	alloc_security:	dummy_skb_alloc_security,
 	clone:		dummy_skb_clone,
 	copy:		dummy_skb_copy,
+	set_owner_w:	dummy_skb_set_owner_w,
 	free_security:	dummy_skb_free_security,
 };



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: Binary only module overview"
• Previous message: Alan Cox: "Re: Binary only module overview"
• Next in thread: Greg KH: "Re: [PATCH] skb set_owner_w hook"
• Reply: Greg KH: "Re: [PATCH] skb set_owner_w hook"
• Reply: Chris Wright: "Re: [PATCH] skb set_owner_w hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 08:54:42 PDT