On Fri, Jul 15, 2016 at 10:51 AM, Nick Kralevich <n...@google.com> wrote: > On Fri, Jul 15, 2016 at 10:24 AM, John Stultz <john.stu...@linaro.org> wrote: >> As requested, this patch implements a task_settimerslack LSM hook >> so that the /proc/<tid>/timerslack_ns interface can have finer >> grained security policies applied to it. >> >> Don't really know what I'm doing here, so close review would be >> appreciated! >> >> Cc: Kees Cook <keesc...@chromium.org> >> Cc: "Serge E. Hallyn" <se...@hallyn.com> >> Cc: Andrew Morton <a...@linux-foundation.org> >> Cc: Thomas Gleixner <t...@linutronix.de> >> CC: Arjan van de Ven <ar...@linux.intel.com> >> Cc: Oren Laadan <or...@cellrox.com> >> Cc: Ruchi Kandoi <kandoiru...@google.com> >> Cc: Rom Lemarchand <rom...@android.com> >> Cc: Todd Kjos <tk...@google.com> >> Cc: Colin Cross <ccr...@android.com> >> Cc: Nick Kralevich <n...@google.com> >> Cc: Dmitry Shmidt <dimitr...@google.com> >> Cc: Elliott Hughes <e...@google.com> >> Cc: Android Kernel Team <kernel-t...@android.com> >> Signed-off-by: John Stultz <john.stu...@linaro.org> >> --- >> v2: Initial swing at adding LSM hook >> >> fs/proc/base.c | 7 +++++++ >> include/linux/lsm_hooks.h | 7 +++++++ >> include/linux/security.h | 6 ++++++ >> security/security.c | 7 +++++++ >> security/selinux/hooks.c | 6 ++++++ >> 5 files changed, 33 insertions(+) >> >> diff --git a/fs/proc/base.c b/fs/proc/base.c >> index 8f4f8d7..7f10b37 100644 >> --- a/fs/proc/base.c >> +++ b/fs/proc/base.c >> @@ -2284,6 +2284,12 @@ static ssize_t timerslack_ns_write(struct file *file, >> const char __user *buf, >> if (!p) >> return -ESRCH; >> >> + err = security_task_settimerslack(current, slack_ns); > > The first argument should be "p", not "current". "p" is the target > process you're trying to adjust.
Ah, yes. Thanks. Clearly I don't know what I'm doing here. :) -john
