diff -urN -X dontdiff linux-2.5.42.orig/include/linux/netdevice.h linux-2.5.42.w1/include/linux/netdevice.h --- linux-2.5.42.orig/include/linux/netdevice.h Wed Oct 9 22:39:39 2002 +++ linux-2.5.42.w1/include/linux/netdevice.h Tue Oct 15 20:19:42 2002 @@ -437,6 +437,7 @@ /* this will get initialized at each interface type init routine */ struct divert_blk *divert; #endif /* CONFIG_NET_DIVERT */ + void *security; }; diff -urN -X dontdiff linux-2.5.42.orig/include/linux/security.h linux-2.5.42.w1/include/linux/security.h --- linux-2.5.42.orig/include/linux/security.h Sat Oct 12 15:09:43 2002 +++ linux-2.5.42.w1/include/linux/security.h Tue Oct 15 20:19:42 2002 @@ -616,6 +616,20 @@ * deallocate security struct for this semaphore * @sma contains the semaphore structure. * + * Security hooks for network devices. + * @netdev_unregister: + * Update the module's state when a network device is unregistered, + * deallocating the dev->security field if it was previously allocated. + * @dev contains the network device + * + * These are the hooks for network device operations. Since it would be quite + * invasive to provide hooks in every location where a network device might be + * probed or initialized, there are no separate hooks for allocation or + * initialization. Security modules can allocate and initialize the + * dev->security field on the first access to the device, but should be careful + * to use nonblocking allocation. + * + * * @ptrace: * Check permission before allowing the @parent process to trace the * @child process. @@ -830,6 +844,8 @@ void (*task_kmod_set_label) (void); void (*task_reparent_to_init) (struct task_struct * p); + void (*netdev_unregister) (struct net_device * dev); + int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); int (*msg_queue_alloc_security) (struct msg_queue * msq); diff -urN -X dontdiff linux-2.5.42.orig/net/core/dev.c linux-2.5.42.w1/net/core/dev.c --- linux-2.5.42.orig/net/core/dev.c Wed Oct 9 22:39:39 2002 +++ linux-2.5.42.w1/net/core/dev.c Tue Oct 15 20:19:42 2002 @@ -105,6 +105,7 @@ #include <linux/init.h> #include <linux/kmod.h> #include <linux/module.h> +#include <linux/security.h> #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO) #include <linux/wireless.h> /* Note : will define WIRELESS_EXT */ #include <net/iw_handler.h> @@ -2592,6 +2593,8 @@ free_divert_blk(dev); #endif + security_ops->netdev_unregister(dev); + if (dev->features & NETIF_F_DYNALLOC) { #ifdef NET_REFCNT_DEBUG if (atomic_read(&dev->refcnt) != 1) diff -urN -X dontdiff linux-2.5.42.orig/security/capability.c linux-2.5.42.w1/security/capability.c --- linux-2.5.42.orig/security/capability.c Sat Oct 12 15:09:44 2002 +++ linux-2.5.42.w1/security/capability.c Tue Oct 15 20:19:42 2002 @@ -714,6 +714,11 @@ return; } +static void cap_netdev_unregister (struct net_device *dev) +{ + return; +} + static int cap_register (const char *name, struct security_operations *ops) { return -EINVAL; @@ -828,6 +833,8 @@ .sem_alloc_security = cap_sem_alloc_security, .sem_free_security = cap_sem_free_security, + .netdev_unregister = cap_netdev_unregister, + .register_security = cap_register, .unregister_security = cap_unregister, }; diff -urN -X dontdiff linux-2.5.42.orig/security/dummy.c linux-2.5.42.w1/security/dummy.c --- linux-2.5.42.orig/security/dummy.c Sat Oct 12 15:09:44 2002 +++ linux-2.5.42.w1/security/dummy.c Tue Oct 15 20:19:42 2002 @@ -529,6 +529,11 @@ return; } +static void dummy_netdev_unregister (struct net_device *dev) +{ + return; +} + static int dummy_register (const char *name, struct security_operations *ops) { return -EINVAL; @@ -643,6 +648,8 @@ .sem_alloc_security = dummy_sem_alloc_security, .sem_free_security = dummy_sem_free_security, + .netdev_unregister = dummy_netdev_unregister, + .register_security = dummy_register, .unregister_security = dummy_unregister, }; _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 07:37:25 PDT