next up previous contents
Next: API Extensions Up: Implementation Previous: Implementation   Contents

Labeling


Table 6: Changes to process management data structures for labeling.
STRUCT FIELD
task sid
  osid
  avc_ref
linux_binprm sid
fown_struct sid


Only minimal modifications to Linux data structures are required to support the process management labeling requirements, as shown in table 6. New fields for the SID of a process and its SID prior to the last call to exec were added to the task structure. To allow the system to function properly, the INIT_TASK, defined in include/linux/sched.h had to be modified to initialize these new fields to the initial SID defined in flask/initial_sids. A pointer into the access vector cache, avc_ref, was also added to the task structure to be used as a performance enhancing hint to the access vector cache entry likely to contain the results of permission checking for that process. A SID field was required in the linux_binprm structure which is used during exec processing to prepare the transformed binary image of the process. Lastly, a SID field was also required in the fown_struct to allow proper permission checking on signals generated by asynchronous I/O.


next up previous contents
Next: API Extensions Up: Implementation Previous: Implementation   Contents