[PATCH] LSM networking: netdev hooks for 2.5.59 (2/8)

• Previous message: James Morris: "[PATCH] LSM networking: kconfig (1/8)"
• In reply to: James Morris: "[PATCH] LSM networking: kconfig (1/8)"
• Next in thread: James Morris: "[PATCH] LSM networking: skb hooks for 2.5.59 (3/8)"
• Reply: James Morris: "[PATCH] LSM networking: skb hooks for 2.5.59 (3/8)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 include/linux/netdevice.h |    4 ++++
 include/linux/security.h  |   38 +++++++++++++++++++++++++++++++++++---
 net/core/dev.c            |    3 +++
 security/dummy.c          |   12 ++++++++++++
 4 files changed, 54 insertions(+), 3 deletions(-)


diff -urN -X dontdiff linux-2.5.59.w0/include/linux/netdevice.h linux-2.5.59.w1/include/linux/netdevice.h
--- linux-2.5.59.w0/include/linux/netdevice.h	Fri Jan 17 19:46:08 2003
+++ linux-2.5.59.w1/include/linux/netdevice.h	Thu Jan 30 21:23:47 2003
@@ -442,6 +442,10 @@
 
 	/* generic object representation */
 	struct kobject kobj;
+
+#ifdef CONFIG_SECURITY_NETWORK
+	void                    *security;
+#endif
 };
 
 
diff -urN -X dontdiff linux-2.5.59.w0/include/linux/security.h linux-2.5.59.w1/include/linux/security.h
--- linux-2.5.59.w0/include/linux/security.h	Thu Jan 16 22:51:34 2003
+++ linux-2.5.59.w1/include/linux/security.h	Thu Jan 30 21:26:28 2003
@@ -63,9 +63,6 @@
 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
 #define LSM_SETID_FS	8
 
-
-#ifdef CONFIG_SECURITY
-
 /* forward declares to avoid warnings */
 struct sk_buff;
 struct net_device;
@@ -73,6 +70,9 @@
 struct sched_param;
 struct swap_info_struct;
 
+
+#ifdef CONFIG_SECURITY
+
 /**
  * struct security_operations - main security structure
  *
@@ -586,6 +586,19 @@
  * 	is being reparented to the init task.
  *	@p contains the task_struct for the kernel thread.
  *
+ * Security hooks for network devices.
+ * @netdev_unregister:
+ *	Update the module's state when a network device is unregistered,
+ *	deallocating the dev->security field if it was previously allocated.
+ *	@dev contains the network device
+ *
+ * These are the hooks for network device operations.  Since it would be quite
+ * invasive to provide hooks in every location where a network device might be
+ * probed or initialized, there are no separate hooks for allocation or
+ * initialization.  Security modules can allocate and initialize the
+ * dev->security field on the first access to the device, but should be careful
+ * to use nonblocking allocation.
+ *
  * Security hooks affecting all System V IPC operations.
  *
  * @ipc_permission:
@@ -952,6 +965,10 @@
 	                          struct security_operations *ops);
 	int (*unregister_security) (const char *name,
 	                            struct security_operations *ops);
+
+#ifdef CONFIG_SECURITY_NETWORK
+	void (*netdev_unregister) (struct net_device * dev);
+#endif	/* CONFIG_SECURITY_NETWORK */
 };
 
 /* global variables */
@@ -2106,5 +2123,20 @@
 
 #endif	/* CONFIG_SECURITY */
 
+#ifdef CONFIG_SECURITY_NETWORK
+
+static inline void security_netdev_unregister(struct net_device * dev)
+{
+	security_ops->netdev_unregister(dev);
+}
+
+#else	/* CONFIG_SECURITY_NETWORK */
+
+static inline void security_netdev_unregister(struct net_device * dev)
+{
+}
+
+#endif	/* CONFIG_SECURITY_NETWORK */
+
 #endif /* ! __LINUX_SECURITY_H */
 
diff -urN -X dontdiff linux-2.5.59.w0/net/core/dev.c linux-2.5.59.w1/net/core/dev.c
--- linux-2.5.59.w0/net/core/dev.c	Fri Jan 17 19:46:08 2003
+++ linux-2.5.59.w1/net/core/dev.c	Thu Jan 30 21:23:47 2003
@@ -107,6 +107,7 @@
 #include <linux/kmod.h>
 #include <linux/module.h>
 #include <linux/kallsyms.h>
+#include <linux/security.h>
 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
 #include <linux/wireless.h>		/* Note : will define WIRELESS_EXT */
 #include <net/iw_handler.h>
@@ -2680,6 +2681,8 @@
 	free_divert_blk(dev);
 #endif
 
+	security_netdev_unregister(dev);
+
 	if (dev->features & NETIF_F_DYNALLOC) {
 #ifdef NET_REFCNT_DEBUG
 		if (atomic_read(&dev->refcnt) != 1)
diff -urN -X dontdiff linux-2.5.59.w0/security/dummy.c linux-2.5.59.w1/security/dummy.c
--- linux-2.5.59.w0/security/dummy.c	Thu Jan 16 22:51:35 2003
+++ linux-2.5.59.w1/security/dummy.c	Thu Jan 30 21:23:47 2003
@@ -597,6 +597,15 @@
 	return 0;
 }
 
+#ifdef CONFIG_SECURITY_NETWORK
+
+static void dummy_netdev_unregister (struct net_device *dev)
+{
+	return;
+}
+
+#endif	/* CONFIG_SECURITY_NETWORK */
+
 static int dummy_register_security (const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
@@ -725,5 +734,8 @@
 	set_to_dummy_if_null(ops, sem_semop);
 	set_to_dummy_if_null(ops, register_security);
 	set_to_dummy_if_null(ops, unregister_security);
+#ifdef CONFIG_SECURITY_NETWORK
+	set_to_dummy_if_null(ops, netdev_unregister);
+#endif	/* CONFIG_SECURITY_NETWORK */
 }
 


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: James Morris: "[PATCH] LSM networking: skb hooks for 2.5.59 (3/8)"
• Previous message: James Morris: "[PATCH] LSM networking: kconfig (1/8)"
• In reply to: James Morris: "[PATCH] LSM networking: kconfig (1/8)"
• Next in thread: James Morris: "[PATCH] LSM networking: skb hooks for 2.5.59 (3/8)"
• Reply: James Morris: "[PATCH] LSM networking: skb hooks for 2.5.59 (3/8)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 14:56:41 PST