[PATCH] SELinux: add security hooks to {get,set}affinity This patch adds LSM hooks into the setaffinity and getaffinity functions to enable security modules to control these operations between tasks with task_setscheduler and task_getscheduler LSM hooks. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: e7834f8fccd791225a1cf91c2c3e740ad8e2e145 [log] [tgz]
author: David Quigley <dpquigl@tycho.nsa.gov> Fri Jun 23 02:03:59 2006 -0700
committer: Linus Torvalds <torvalds@g5.osdl.org> Fri Jun 23 07:42:53 2006 -0700
tree: 8f48d03d7b1dc32d326825fef1d1c54117a06ac8
parent: 03e68060636e05989ea94bcb671ab633948f328c [diff] [blame]
diff --git a/kernel/sched.c b/kernel/sched.c
index c13f1bd..8766513 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c

@@ -3886,6 +3886,10 @@
 			!capable(CAP_SYS_NICE))
 		goto out_unlock;
 
+	retval = security_task_setscheduler(p, 0, NULL);
+	if (retval)
+		goto out_unlock;
+
 	cpus_allowed = cpuset_cpus_allowed(p);
 	cpus_and(new_mask, new_mask, cpus_allowed);
 	retval = set_cpus_allowed(p, new_mask);
@@ -3954,7 +3958,10 @@
 	if (!p)
 		goto out_unlock;
 
-	retval = 0;
+	retval = security_task_getscheduler(p);
+	if (retval)
+		goto out_unlock;
+
 	cpus_and(*mask, p->cpus_allowed, cpu_online_map);
 
 out_unlock:
commit	e7834f8fccd791225a1cf91c2c3e740ad8e2e145	[log] [tgz]
author	David Quigley <dpquigl@tycho.nsa.gov>	Fri Jun 23 02:03:59 2006 -0700
committer	Linus Torvalds <torvalds@g5.osdl.org>	Fri Jun 23 07:42:53 2006 -0700
tree	8f48d03d7b1dc32d326825fef1d1c54117a06ac8
parent	03e68060636e05989ea94bcb671ab633948f328c [diff] [blame]