[PATCH] SELinux: add security hook call to kill_proc_info_as_uid

This patch adds a call to the extended security_task_kill hook introduced by
the prior patch to the kill_proc_info_as_uid function so that these signals
can be properly mediated by security modules.  It also updates the existing
hook call in check_kill_permission.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
David Quigley 2006-06-30 01:55:47 -07:00 committed by Linus Torvalds
parent f9008e4c5c
commit 8f95dc58d0
2 changed files with 6 additions and 3 deletions

View file

@ -1153,7 +1153,7 @@ extern int force_sig_info(int, struct siginfo *, struct task_struct *);
extern int __kill_pg_info(int sig, struct siginfo *info, pid_t pgrp); extern int __kill_pg_info(int sig, struct siginfo *info, pid_t pgrp);
extern int kill_pg_info(int, struct siginfo *, pid_t); extern int kill_pg_info(int, struct siginfo *, pid_t);
extern int kill_proc_info(int, struct siginfo *, pid_t); extern int kill_proc_info(int, struct siginfo *, pid_t);
extern int kill_proc_info_as_uid(int, struct siginfo *, pid_t, uid_t, uid_t); extern int kill_proc_info_as_uid(int, struct siginfo *, pid_t, uid_t, uid_t, u32);
extern void do_notify_parent(struct task_struct *, int); extern void do_notify_parent(struct task_struct *, int);
extern void force_sig(int, struct task_struct *); extern void force_sig(int, struct task_struct *);
extern void force_sig_specific(int, struct task_struct *); extern void force_sig_specific(int, struct task_struct *);

View file

@ -584,7 +584,7 @@ static int check_kill_permission(int sig, struct siginfo *info,
&& !capable(CAP_KILL)) && !capable(CAP_KILL))
return error; return error;
error = security_task_kill(t, info, sig); error = security_task_kill(t, info, sig, 0);
if (!error) if (!error)
audit_signal_info(sig, t); /* Let audit system see the signal */ audit_signal_info(sig, t); /* Let audit system see the signal */
return error; return error;
@ -1107,7 +1107,7 @@ kill_proc_info(int sig, struct siginfo *info, pid_t pid)
/* like kill_proc_info(), but doesn't use uid/euid of "current" */ /* like kill_proc_info(), but doesn't use uid/euid of "current" */
int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid, int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid,
uid_t uid, uid_t euid) uid_t uid, uid_t euid, u32 secid)
{ {
int ret = -EINVAL; int ret = -EINVAL;
struct task_struct *p; struct task_struct *p;
@ -1127,6 +1127,9 @@ int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid,
ret = -EPERM; ret = -EPERM;
goto out_unlock; goto out_unlock;
} }
ret = security_task_kill(p, info, sig, secid);
if (ret)
goto out_unlock;
if (sig && p->sighand) { if (sig && p->sighand) {
unsigned long flags; unsigned long flags;
spin_lock_irqsave(&p->sighand->siglock, flags); spin_lock_irqsave(&p->sighand->siglock, flags);