@@ -2284,6 +2284,12 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf,
if (!p)
return -ESRCH;
+ err = security_task_settimerslack(current, slack_ns);
+ if (err) {
+ count = err;
+ goto out;
+ }
+
task_lock(p);
if (slack_ns == 0)
p->timer_slack_ns = p->default_timer_slack_ns;
@@ -2291,6 +2297,7 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf,
p->timer_slack_ns = slack_ns;
task_unlock(p);
+out:
put_task_struct(p);
return count;
@@ -627,6 +627,11 @@
* Check permission before moving memory owned by process @p.
* @p contains the task_struct for process.
* Return 0 if permission is granted.
+ * @task_settimerslack:
+ * Check permission before setting timerslack value of @p to @slack.
+ * @p contains the task_struct of a process.
+ * @slack contains the new slack value.
+ * Return 0 if permission is granted.
* @task_kill:
* Check permission before sending signal @sig to @p. @info can be NULL,
* the constant 1, or a pointer to a siginfo structure. If @info is 1 or
@@ -1473,6 +1478,7 @@ union security_list_options {
int (*task_setscheduler)(struct task_struct *p);
int (*task_getscheduler)(struct task_struct *p);
int (*task_movememory)(struct task_struct *p);
+ int (*task_settimerslack)(struct task_struct *p, u64 slack);
int (*task_kill)(struct task_struct *p, struct siginfo *info,
int sig, u32 secid);
int (*task_wait)(struct task_struct *p);
@@ -1732,6 +1738,7 @@ struct security_hook_heads {
struct list_head task_setscheduler;
struct list_head task_getscheduler;
struct list_head task_movememory;
+ struct list_head task_settimerslack;
struct list_head task_kill;
struct list_head task_wait;
struct list_head task_prctl;
@@ -325,6 +325,7 @@ int security_task_setrlimit(struct task_struct *p, unsigned int resource,
int security_task_setscheduler(struct task_struct *p);
int security_task_getscheduler(struct task_struct *p);
int security_task_movememory(struct task_struct *p);
+int security_task_settimerslack(struct task_struct *p, u64 slack);
int security_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid);
int security_task_wait(struct task_struct *p);
@@ -950,6 +951,11 @@ static inline int security_task_movememory(struct task_struct *p)
return 0;
}
+static inline int security_task_settimerslack(struct task_struct *p, u64 slack)
+{
+ return 0;
+}
+
static inline int security_task_kill(struct task_struct *p,
struct siginfo *info, int sig,
u32 secid)
@@ -977,6 +977,11 @@ int security_task_movememory(struct task_struct *p)
return call_int_hook(task_movememory, 0, p);
}
+int security_task_settimerslack(struct task_struct *p, u64 slack)
+{
+ return call_int_hook(task_settimerslack, 0, p, slack);
+}
+
int security_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
@@ -1720,6 +1725,8 @@ struct security_hook_heads security_hook_heads = {
LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
.task_movememory =
LIST_HEAD_INIT(security_hook_heads.task_movememory),
+ .task_settimerslack =
+ LIST_HEAD_INIT(security_hook_heads.task_settimerslack),
.task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill),
.task_wait = LIST_HEAD_INIT(security_hook_heads.task_wait),
.task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
@@ -3849,6 +3849,11 @@ static int selinux_task_movememory(struct task_struct *p)
return current_has_perm(p, PROCESS__SETSCHED);
}
+static int selinux_task_settimerslack(struct task_struct *p, u64 slack)
+{
+ return current_has_perm(p, PROCESS__SETSCHED);
+}
+
static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
@@ -6092,6 +6097,7 @@ static struct security_hook_list selinux_hooks[] = {
LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
+ LSM_HOOK_INIT(task_settimerslack, selinux_task_settimerslack),
LSM_HOOK_INIT(task_kill, selinux_task_kill),
LSM_HOOK_INIT(task_wait, selinux_task_wait),
LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
As requested, this patch implements a task_settimerslack LSM hook so that the /proc/<tid>/timerslack_ns interface can have finer grained security policies applied to it. Don't really know what I'm doing here, so close review would be appreciated! Cc: Kees Cook <keescook@chromium.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Thomas Gleixner <tglx@linutronix.de> CC: Arjan van de Ven <arjan@linux.intel.com> Cc: Oren Laadan <orenl@cellrox.com> Cc: Ruchi Kandoi <kandoiruchi@google.com> Cc: Rom Lemarchand <romlem@android.com> Cc: Todd Kjos <tkjos@google.com> Cc: Colin Cross <ccross@android.com> Cc: Nick Kralevich <nnk@google.com> Cc: Dmitry Shmidt <dimitrysh@google.com> Cc: Elliott Hughes <enh@google.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by: John Stultz <john.stultz@linaro.org> --- v2: Initial swing at adding LSM hook fs/proc/base.c | 7 +++++++ include/linux/lsm_hooks.h | 7 +++++++ include/linux/security.h | 6 ++++++ security/security.c | 7 +++++++ security/selinux/hooks.c | 6 ++++++ 5 files changed, 33 insertions(+) -- 1.9.1