xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selinux lsm IB/core: Implement LSM notification system

Browse Source 
Add a generic notificaiton mechanism in the LSM. Interested consumers
can register a callback with the LSM and security modules can produce
events.

Because access to Infiniband QPs are enforced in the setup phase of a
connection security should be enforced again if the policy changes.
Register infiniband devices for policy change notification and check all
QPs on that device when the notification is received.

Add a call to the notification mechanism from SELinux when the AVC
cache changes or setenforce is cleared.

Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Daniel Jurgens
2017-05-19 15:48:53 +03:00
committed by Paul Moore
parent d291f1a652
commit 8f408ab64b
5 changed files with 109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/selinux/selinuxfs.c
View File

@@ -154,6 +154,8 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
avc_ss_reset(0);
selnl_notify_setenforce(selinux_enforcing);
selinux_status_update_setenforce(selinux_enforcing);
if (!selinux_enforcing)
call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
}
length = count;
out: