diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-05 08:15:34 -0500 |
|---|---|---|
| committer | Brett Rogers <brettrogers11@gmail.com> | 2015-11-07 23:25:20 -0800 |
| commit | 361003a3fcdb7bf1dfdf9a009cedbe5eb80ac173 (patch) | |
| tree | 7d803557c5445469cceb387573186bb991a08114 /security/capability.c | |
| parent | 8c52c9569370f53294a17d25352cdfa01083af5a (diff) | |
| download | kernel_samsung_smdk4412-361003a3fcdb7bf1dfdf9a009cedbe5eb80ac173.zip kernel_samsung_smdk4412-361003a3fcdb7bf1dfdf9a009cedbe5eb80ac173.tar.gz kernel_samsung_smdk4412-361003a3fcdb7bf1dfdf9a009cedbe5eb80ac173.tar.bz2 | |
Add security hooks to binder and implement the hooks for SELinux.
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC. The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).
This support is used by SE Android, http://selinuxproject.org/page/SEAndroid.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Change-Id: I9a64a87825df2e60b9c51400377af4a9cd1c4049
Diffstat (limited to 'security/capability.c')
| -rw-r--r-- | security/capability.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c index bbb5115..ac5793c 100644 --- a/security/capability.c +++ b/security/capability.c @@ -12,6 +12,26 @@ #include <linux/security.h> +static int cap_binder_set_context_mgr(struct task_struct *mgr) +{ + return 0; +} + +static int cap_binder_transaction(struct task_struct *from, struct task_struct *to) +{ + return 0; +} + +static int cap_binder_transfer_binder(struct task_struct *from, struct task_struct *to) +{ + return 0; +} + +static int cap_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file) +{ + return 0; +} + static int cap_syslog(int type) { return 0; @@ -874,6 +894,10 @@ static void cap_audit_rule_free(void *lsmrule) void __init security_fixup_ops(struct security_operations *ops) { + set_to_cap_if_null(ops, binder_set_context_mgr); + set_to_cap_if_null(ops, binder_transaction); + set_to_cap_if_null(ops, binder_transfer_binder); + set_to_cap_if_null(ops, binder_transfer_file); set_to_cap_if_null(ops, ptrace_access_check); set_to_cap_if_null(ops, ptrace_traceme); set_to_cap_if_null(ops, capget); |