From 03e68060636e05989ea94bcb671ab633948f328c Mon Sep 17 00:00:00 2001 From: James Morris Date: Fri, 23 Jun 2006 02:03:58 -0700 Subject: [PATCH] lsm: add task_setioprio hook Implement an LSM hook for setting a task's IO priority, similar to the hook for setting a tasks's nice value. A previous version of this LSM hook was included in an older version of multiadm by Jan Engelhardt, although I don't recall it being submitted upstream. Also included is the corresponding SELinux hook, which re-uses the setsched permission in the proccess class. Signed-off-by: James Morris Acked-by: Stephen Smalley Cc: Jan Engelhardt Cc: Chris Wright Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/ioprio.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'fs/ioprio.c') diff --git a/fs/ioprio.c b/fs/ioprio.c index ca77008146c..7fa76ed53c1 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c @@ -24,15 +24,21 @@ #include #include #include +#include static int set_task_ioprio(struct task_struct *task, int ioprio) { + int err; struct io_context *ioc; if (task->uid != current->euid && task->uid != current->uid && !capable(CAP_SYS_NICE)) return -EPERM; + err = security_task_setioprio(task, ioprio); + if (err) + return err; + task_lock(task); task->ioprio = ioprio; -- cgit v1.2.3-18-g5258 From a1836a42daf5ddfe9a891973734bd9a7d62eb504 Mon Sep 17 00:00:00 2001 From: David Quigley Date: Fri, 30 Jun 2006 01:55:49 -0700 Subject: [PATCH] SELinux: Add security hook definition for getioprio and insert hooks Add a new security hook definition for the sys_ioprio_get operation. At present, the SELinux hook function implementation for this hook is identical to the getscheduler implementation but a separate hook is introduced to allow this check to be specialized in the future if necessary. This patch also creates a helper function get_task_ioprio which handles the access check in addition to retrieving the ioprio value for the task. Signed-off-by: David Quigley Acked-by: Stephen Smalley Signed-off-by: James Morris Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/ioprio.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'fs/ioprio.c') diff --git a/fs/ioprio.c b/fs/ioprio.c index 7fa76ed53c1..93aa5715f22 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c @@ -125,11 +125,24 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) return ret; } +static int get_task_ioprio(struct task_struct *p) +{ + int ret; + + ret = security_task_getioprio(p); + if (ret) + goto out; + ret = p->ioprio; +out: + return ret; +} + asmlinkage long sys_ioprio_get(int which, int who) { struct task_struct *g, *p; struct user_struct *user; int ret = -ESRCH; + int tmpio; read_lock_irq(&tasklist_lock); switch (which) { @@ -139,16 +152,19 @@ asmlinkage long sys_ioprio_get(int which, int who) else p = find_task_by_pid(who); if (p) - ret = p->ioprio; + ret = get_task_ioprio(p); break; case IOPRIO_WHO_PGRP: if (!who) who = process_group(current); do_each_task_pid(who, PIDTYPE_PGID, p) { + tmpio = get_task_ioprio(p); + if (tmpio < 0) + continue; if (ret == -ESRCH) - ret = p->ioprio; + ret = tmpio; else - ret = ioprio_best(ret, p->ioprio); + ret = ioprio_best(ret, tmpio); } while_each_task_pid(who, PIDTYPE_PGID, p); break; case IOPRIO_WHO_USER: @@ -163,10 +179,13 @@ asmlinkage long sys_ioprio_get(int which, int who) do_each_thread(g, p) { if (p->uid != user->uid) continue; + tmpio = get_task_ioprio(p); + if (tmpio < 0) + continue; if (ret == -ESRCH) - ret = p->ioprio; + ret = tmpio; else - ret = ioprio_best(ret, p->ioprio); + ret = ioprio_best(ret, tmpio); } while_each_thread(g, p); if (who) -- cgit v1.2.3-18-g5258