[PATCH] SELinux: add security_task_movememory calls to mm code

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch inserts security_task_movememory hook calls into memory management
code to enable security modules to mediate this operation between tasks.

Since the last posting, the hook has been renamed following feedback from
Christoph Lameter.

Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Andi Kleen <ak@muc.de>
Acked-by: Christoph Lameter <clameter@sgi.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

David Quigley and committed by

Linus Torvalds 20 years ago 86c3a764 35601547

+11

2 changed files

expand all

mempolicy.c

migrate.c

mm/mempolicy.c

··· 88 88 #include <linux/proc_fs.h> 89 89 #include <linux/migrate.h> 90 90 #include <linux/rmap.h> 91 + #include <linux/security.h> 91 92 92 93 #include <asm/tlbflush.h> 93 94 #include <asm/uaccess.h> ··· 942 941 err = -EPERM; 943 942 goto out; 944 943 } 944 + 945 + err = security_task_movememory(task); 946 + if (err) 947 + goto out; 945 948 946 949 err = do_migrate_pages(mm, &old, &new, 947 950 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);

mm/migrate.c

··· 27 27 #include <linux/writeback.h> 28 28 #include <linux/mempolicy.h> 29 29 #include <linux/vmalloc.h> 30 + #include <linux/security.h> 30 31 31 32 #include "internal.h" 32 33 ··· 905 904 err = -EPERM; 906 905 goto out2; 907 906 } 907 + 908 + err = security_task_movememory(task); 909 + if (err) 910 + goto out2; 911 + 908 912 909 913 task_nodes = cpuset_mems_allowed(task); 910 914