[PATCH] SELinux: update USB code with new kill_proc_info_as_uid
authorDavid Quigley <dpquigl@tycho.nsa.gov>
Fri, 30 Jun 2006 08:55:48 +0000 (01:55 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Fri, 30 Jun 2006 18:25:37 +0000 (11:25 -0700)
This patch updates the USB core to save and pass the sending task secid when
sending signals upon AIO completion so that proper security checking can be
applied by security modules.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/usb/core/devio.c
drivers/usb/core/inode.c
drivers/usb/core/usb.h

index bcbeaf7101d16c5549c097c564eb26d5855c43bf..f7bdd94b3aa89b26cb704bf9c202a1f84432bf1b 100644 (file)
@@ -47,6 +47,7 @@
 #include <linux/usbdevice_fs.h>
 #include <linux/cdev.h>
 #include <linux/notifier.h>
+#include <linux/security.h>
 #include <asm/uaccess.h>
 #include <asm/byteorder.h>
 #include <linux/moduleparam.h>
@@ -68,6 +69,7 @@ struct async {
        void __user *userbuffer;
        void __user *userurb;
        struct urb *urb;
+       u32 secid;
 };
 
 static int usbfs_snoop = 0;
@@ -312,7 +314,7 @@ static void async_completed(struct urb *urb, struct pt_regs *regs)
                sinfo.si_code = SI_ASYNCIO;
                sinfo.si_addr = as->userurb;
                kill_proc_info_as_uid(as->signr, &sinfo, as->pid, as->uid, 
-                                     as->euid);
+                                     as->euid, as->secid);
        }
        snoop(&urb->dev->dev, "urb complete\n");
        snoop_urb(urb, as->userurb);
@@ -572,6 +574,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
        ps->disc_euid = current->euid;
        ps->disccontext = NULL;
        ps->ifclaimed = 0;
+       security_task_getsecid(current, &ps->secid);
        wmb();
        list_add_tail(&ps->list, &dev->filelist);
        file->private_data = ps;
@@ -1053,6 +1056,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
        as->pid = current->pid;
        as->uid = current->uid;
        as->euid = current->euid;
+       security_task_getsecid(current, &as->secid);
        if (!(uurb->endpoint & USB_DIR_IN)) {
                if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) {
                        free_async(as);
index bfc9b28a7242e5df48e62e188fbf405ce72f3a18..d0a208de32cf1be8dbf8bd0d83d7c91a6fd6c3fe 100644 (file)
@@ -700,7 +700,7 @@ static void usbfs_remove_device(struct usb_device *dev)
                        sinfo.si_errno = EPIPE;
                        sinfo.si_code = SI_ASYNCIO;
                        sinfo.si_addr = ds->disccontext;
-                       kill_proc_info_as_uid(ds->discsignr, &sinfo, ds->disc_pid, ds->disc_uid, ds->disc_euid);
+                       kill_proc_info_as_uid(ds->discsignr, &sinfo, ds->disc_pid, ds->disc_uid, ds->disc_euid, ds->secid);
                }
        }
 }
index 7a650c763a627a2992f0133f662f104fba94f572..49f69236b4201614b5a8329f7d7d12ec0309d5d5 100644 (file)
@@ -80,6 +80,7 @@ struct dev_state {
        uid_t disc_uid, disc_euid;
        void __user *disccontext;
        unsigned long ifclaimed;
+       u32 secid;
 };
 
 /* internal notify stuff */