linux/security/selinux
David P. Quigley ddd29ec659 sysfs: Add labeling support for sysfs
This patch adds a setxattr handler to the file, directory, and symlink
inode_operations structures for sysfs. The patch uses hooks introduced in the
previous patch to handle the getting and setting of security information for
the sysfs inodes. As was suggested by Eric Biederman the struct iattr in the
sysfs_dirent structure has been replaced by a structure which contains the
iattr, secdata and secdata length to allow the changes to persist in the event
that the inode representing the sysfs_dirent is evicted. Because sysfs only
stores this information when a change is made all the optional data is moved
into one dynamically allocated field.

This patch addresses an issue where SELinux was denying virtd access to the PCI
configuration entries in sysfs. The lack of setxattr handlers for sysfs
required that a single label be assigned to all entries in sysfs. Granting virtd
access to every entry in sysfs is not an acceptable solution so fine grained
labeling of sysfs is required such that individual entries can be labeled
appropriately.

[sds:  Fixed compile-time warnings, coding style, and setting of inode security init flags.]

Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2009-09-10 10:11:29 +10:00
..
include selinux: Support for the new TUN LSM hooks 2009-09-01 08:29:52 +10:00
ss Merge branch 'master' into next 2009-06-19 08:20:55 +10:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile SELinux: Add network port SID cache 2008-04-18 20:26:16 +10:00
avc.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00
exports.c CRED: Wrap current->cred and a few other accessors 2008-11-14 10:39:18 +11:00
hooks.c sysfs: Add labeling support for sysfs 2009-09-10 10:11:29 +10:00
netif.c SELinux fixups needed for preemptable RCU from -rt 2008-04-22 15:37:23 +10:00
netlabel.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00
netlink.c SELinux: netlink.c whitespace, syntax, and static declaraction cleanups 2008-04-21 19:05:05 +10:00
netnode.c SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
netport.c SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
nlmsgtab.c SELinux: define audit permissions for audit tree netlink messages 2009-06-03 07:44:53 +10:00
selinuxfs.c selinux: remove obsolete read buffer limit from sel_read_bool 2009-05-19 23:56:11 +10:00
xfrm.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00