[PATCH] LSM networking: netdevice hooks for 2.5.42 (1/7)

From: James Morris (jmorrisat_private)
Date: Tue Oct 15 2002 - 07:34:31 PDT

  • Next message: James Morris: "[PATCH] LSM networking: skb hooks for 2.5.42 (2/7)"

    diff -urN -X dontdiff linux-2.5.42.orig/include/linux/netdevice.h linux-2.5.42.w1/include/linux/netdevice.h
    --- linux-2.5.42.orig/include/linux/netdevice.h	Wed Oct  9 22:39:39 2002
    +++ linux-2.5.42.w1/include/linux/netdevice.h	Tue Oct 15 20:19:42 2002
    @@ -437,6 +437,7 @@
     	/* this will get initialized at each interface type init routine */
     	struct divert_blk	*divert;
     #endif /* CONFIG_NET_DIVERT */
    +	void			*security;
     };
     
     
    diff -urN -X dontdiff linux-2.5.42.orig/include/linux/security.h linux-2.5.42.w1/include/linux/security.h
    --- linux-2.5.42.orig/include/linux/security.h	Sat Oct 12 15:09:43 2002
    +++ linux-2.5.42.w1/include/linux/security.h	Tue Oct 15 20:19:42 2002
    @@ -616,6 +616,20 @@
      *	deallocate security struct for this semaphore
      *	@sma contains the semaphore structure.
      *
    + * Security hooks for network devices.
    + * @netdev_unregister:
    + *	Update the module's state when a network device is unregistered,
    + *	deallocating the dev->security field if it was previously allocated.
    + *	@dev contains the network device
    + *
    + * These are the hooks for network device operations.  Since it would be quite
    + * invasive to provide hooks in every location where a network device might be
    + * probed or initialized, there are no separate hooks for allocation or
    + * initialization.  Security modules can allocate and initialize the
    + * dev->security field on the first access to the device, but should be careful
    + * to use nonblocking allocation.
    + * 
    + *
      * @ptrace:
      *	Check permission before allowing the @parent process to trace the
      *	@child process.
    @@ -830,6 +844,8 @@
     	void (*task_kmod_set_label) (void);
     	void (*task_reparent_to_init) (struct task_struct * p);
     
    +	void (*netdev_unregister) (struct net_device * dev);
    +	
     	int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
     
     	int (*msg_queue_alloc_security) (struct msg_queue * msq);
    diff -urN -X dontdiff linux-2.5.42.orig/net/core/dev.c linux-2.5.42.w1/net/core/dev.c
    --- linux-2.5.42.orig/net/core/dev.c	Wed Oct  9 22:39:39 2002
    +++ linux-2.5.42.w1/net/core/dev.c	Tue Oct 15 20:19:42 2002
    @@ -105,6 +105,7 @@
     #include <linux/init.h>
     #include <linux/kmod.h>
     #include <linux/module.h>
    +#include <linux/security.h>
     #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
     #include <linux/wireless.h>		/* Note : will define WIRELESS_EXT */
     #include <net/iw_handler.h>
    @@ -2592,6 +2593,8 @@
     	free_divert_blk(dev);
     #endif
     
    +	security_ops->netdev_unregister(dev);
    +
     	if (dev->features & NETIF_F_DYNALLOC) {
     #ifdef NET_REFCNT_DEBUG
     		if (atomic_read(&dev->refcnt) != 1)
    diff -urN -X dontdiff linux-2.5.42.orig/security/capability.c linux-2.5.42.w1/security/capability.c
    --- linux-2.5.42.orig/security/capability.c	Sat Oct 12 15:09:44 2002
    +++ linux-2.5.42.w1/security/capability.c	Tue Oct 15 20:19:42 2002
    @@ -714,6 +714,11 @@
     	return;
     }
     
    +static void cap_netdev_unregister (struct net_device *dev)
    +{
    +	return;
    +}
    +
     static int cap_register (const char *name, struct security_operations *ops)
     {
     	return -EINVAL;
    @@ -828,6 +833,8 @@
     	.sem_alloc_security =		cap_sem_alloc_security,
     	.sem_free_security =		cap_sem_free_security,
     
    +	.netdev_unregister =		cap_netdev_unregister,
    +	
     	.register_security =		cap_register,
     	.unregister_security =		cap_unregister,
     };
    diff -urN -X dontdiff linux-2.5.42.orig/security/dummy.c linux-2.5.42.w1/security/dummy.c
    --- linux-2.5.42.orig/security/dummy.c	Sat Oct 12 15:09:44 2002
    +++ linux-2.5.42.w1/security/dummy.c	Tue Oct 15 20:19:42 2002
    @@ -529,6 +529,11 @@
     	return;
     }
     
    +static void dummy_netdev_unregister (struct net_device *dev)
    +{
    +	return;
    +}
    +
     static int dummy_register (const char *name, struct security_operations *ops)
     {
     	return -EINVAL;
    @@ -643,6 +648,8 @@
     	.sem_alloc_security =		dummy_sem_alloc_security,
     	.sem_free_security =		dummy_sem_free_security,
     
    +	.netdev_unregister =		dummy_netdev_unregister,
    +	
     	.register_security =		dummy_register,
     	.unregister_security =		dummy_unregister,
     };
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 07:37:25 PDT