selinux: Implement Infiniband PKey "Access" access vector
authorDaniel Jurgens <danielj@mellanox.com>
Fri, 19 May 2017 12:48:57 +0000 (15:48 +0300)
committerPaul Moore <paul@paul-moore.com>
Tue, 23 May 2017 16:27:50 +0000 (12:27 -0400)
commitcfc4d882d41780d93471066d57d4630995427b29
tree5dc7f313dc5caec1492c812529d83b8ae3e37dc5
parent3a976fa6767f3edebbf43839b686efaf71b8dee1
selinux: Implement Infiniband PKey "Access" access vector

Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given subnet prefix and pkey.

Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
include/linux/lsm_audit.h
security/lsm_audit.c
security/selinux/hooks.c
security/selinux/include/classmap.h
security/selinux/include/security.h
security/selinux/ss/services.c