Commit 03e68060636e05989ea94bcb671ab633948f328c
Committed by
Linus Torvalds
Linus Torvalds
1 parent
9216dfad4f
Exists in
master
and in
4 other branches
[PATCH] lsm: add task_setioprio hook
Implement an LSM hook for setting a task's IO priority, similar to the hook for setting a tasks's nice value. A previous version of this LSM hook was included in an older version of multiadm by Jan Engelhardt, although I don't recall it being submitted upstream. Also included is the corresponding SELinux hook, which re-uses the setsched permission in the proccess class. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Cc: Jan Engelhardt <jengelh@linux01.gwdg.de> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing 4 changed files with 34 additions and 0 deletions Side-by-side Diff
fs/ioprio.c
| ... | ... | @@ -24,14 +24,20 @@ |
| 24 | 24 | #include <linux/blkdev.h> |
| 25 | 25 | #include <linux/capability.h> |
| 26 | 26 | #include <linux/syscalls.h> |
| 27 | +#include <linux/security.h> | |
| 27 | 28 | |
| 28 | 29 | static int set_task_ioprio(struct task_struct *task, int ioprio) |
| 29 | 30 | { |
| 31 | + int err; | |
| 30 | 32 | struct io_context *ioc; |
| 31 | 33 | |
| 32 | 34 | if (task->uid != current->euid && |
| 33 | 35 | task->uid != current->uid && !capable(CAP_SYS_NICE)) |
| 34 | 36 | return -EPERM; |
| 37 | + | |
| 38 | + err = security_task_setioprio(task, ioprio); | |
| 39 | + if (err) | |
| 40 | + return err; | |
| 35 | 41 | |
| 36 | 42 | task_lock(task); |
| 37 | 43 |
include/linux/security.h
| ... | ... | @@ -577,6 +577,11 @@ |
| 577 | 577 | * @p contains the task_struct of process. |
| 578 | 578 | * @nice contains the new nice value. |
| 579 | 579 | * Return 0 if permission is granted. |
| 580 | + * @task_setioprio | |
| 581 | + * Check permission before setting the ioprio value of @p to @ioprio. | |
| 582 | + * @p contains the task_struct of process. | |
| 583 | + * @ioprio contains the new ioprio value | |
| 584 | + * Return 0 if permission is granted. | |
| 580 | 585 | * @task_setrlimit: |
| 581 | 586 | * Check permission before setting the resource limits of the current |
| 582 | 587 | * process for @resource to @new_rlim. The old resource limit values can |
| ... | ... | @@ -1210,6 +1215,7 @@ |
| 1210 | 1215 | int (*task_getsid) (struct task_struct * p); |
| 1211 | 1216 | int (*task_setgroups) (struct group_info *group_info); |
| 1212 | 1217 | int (*task_setnice) (struct task_struct * p, int nice); |
| 1218 | + int (*task_setioprio) (struct task_struct * p, int ioprio); | |
| 1213 | 1219 | int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); |
| 1214 | 1220 | int (*task_setscheduler) (struct task_struct * p, int policy, |
| 1215 | 1221 | struct sched_param * lp); |
| ... | ... | @@ -1836,6 +1842,11 @@ |
| 1836 | 1842 | return security_ops->task_setnice (p, nice); |
| 1837 | 1843 | } |
| 1838 | 1844 | |
| 1845 | +static inline int security_task_setioprio (struct task_struct *p, int ioprio) | |
| 1846 | +{ | |
| 1847 | + return security_ops->task_setioprio (p, ioprio); | |
| 1848 | +} | |
| 1849 | + | |
| 1839 | 1850 | static inline int security_task_setrlimit (unsigned int resource, |
| 1840 | 1851 | struct rlimit *new_rlim) |
| 1841 | 1852 | { |
| ... | ... | @@ -2474,6 +2485,11 @@ |
| 2474 | 2485 | } |
| 2475 | 2486 | |
| 2476 | 2487 | static inline int security_task_setnice (struct task_struct *p, int nice) |
| 2488 | +{ | |
| 2489 | + return 0; | |
| 2490 | +} | |
| 2491 | + | |
| 2492 | +static inline int security_task_setioprio (struct task_struct *p, int ioprio) | |
| 2477 | 2493 | { |
| 2478 | 2494 | return 0; |
| 2479 | 2495 | } |
security/dummy.c
| ... | ... | @@ -516,6 +516,11 @@ |
| 516 | 516 | return 0; |
| 517 | 517 | } |
| 518 | 518 | |
| 519 | +static int dummy_task_setioprio (struct task_struct *p, int ioprio) | |
| 520 | +{ | |
| 521 | + return 0; | |
| 522 | +} | |
| 523 | + | |
| 519 | 524 | static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) |
| 520 | 525 | { |
| 521 | 526 | return 0; |
| ... | ... | @@ -972,6 +977,7 @@ |
| 972 | 977 | set_to_dummy_if_null(ops, task_getsid); |
| 973 | 978 | set_to_dummy_if_null(ops, task_setgroups); |
| 974 | 979 | set_to_dummy_if_null(ops, task_setnice); |
| 980 | + set_to_dummy_if_null(ops, task_setioprio); | |
| 975 | 981 | set_to_dummy_if_null(ops, task_setrlimit); |
| 976 | 982 | set_to_dummy_if_null(ops, task_setscheduler); |
| 977 | 983 | set_to_dummy_if_null(ops, task_getscheduler); |
security/selinux/hooks.c
| ... | ... | @@ -2645,6 +2645,11 @@ |
| 2645 | 2645 | return task_has_perm(current,p, PROCESS__SETSCHED); |
| 2646 | 2646 | } |
| 2647 | 2647 | |
| 2648 | +static int selinux_task_setioprio(struct task_struct *p, int ioprio) | |
| 2649 | +{ | |
| 2650 | + return task_has_perm(current, p, PROCESS__SETSCHED); | |
| 2651 | +} | |
| 2652 | + | |
| 2648 | 2653 | static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) |
| 2649 | 2654 | { |
| 2650 | 2655 | struct rlimit *old_rlim = current->signal->rlim + resource; |
| ... | ... | @@ -4383,6 +4388,7 @@ |
| 4383 | 4388 | .task_getsid = selinux_task_getsid, |
| 4384 | 4389 | .task_setgroups = selinux_task_setgroups, |
| 4385 | 4390 | .task_setnice = selinux_task_setnice, |
| 4391 | + .task_setioprio = selinux_task_setioprio, | |
| 4386 | 4392 | .task_setrlimit = selinux_task_setrlimit, |
| 4387 | 4393 | .task_setscheduler = selinux_task_setscheduler, |
| 4388 | 4394 | .task_getscheduler = selinux_task_getscheduler, |