diff options
author | Paul Mackerras <paulus@samba.org> | 2006-08-08 17:09:11 +1000 |
---|---|---|
committer | Paul Mackerras <paulus@samba.org> | 2006-08-08 17:09:11 +1000 |
commit | 32bc6e095d75233e7c87cc6fa0e07942b124d194 (patch) | |
tree | 8f83ef9a23d52d1305878b65dd98fc22b09b7f3e /security/selinux | |
parent | 5cf13911b1e72707b6f0eb39b2d819ec6e343d76 (diff) | |
parent | 81b73dd92b97423b8f5324a59044da478c04f4c4 (diff) | |
download | talos-obmc-linux-32bc6e095d75233e7c87cc6fa0e07942b124d194.tar.gz talos-obmc-linux-32bc6e095d75233e7c87cc6fa0e07942b124d194.zip |
Merge branch 'merge'
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a91c961ba38b..5d1b8c733199 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3524,25 +3524,21 @@ out: return err; } -static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) +static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { + u32 peer_secid = SECSID_NULL; int err = 0; - u32 peer_sid; - if (skb->sk->sk_family == PF_UNIX) - selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket), - &peer_sid); - else - peer_sid = selinux_socket_getpeer_dgram(skb); - - if (peer_sid == SECSID_NULL) - return -EINVAL; + if (sock && (sock->sk->sk_family == PF_UNIX)) + selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid); + else if (skb) + peer_secid = selinux_socket_getpeer_dgram(skb); - err = security_sid_to_context(peer_sid, secdata, seclen); - if (err) - return err; + if (peer_secid == SECSID_NULL) + err = -EINVAL; + *secid = peer_secid; - return 0; + return err; } static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) @@ -4407,6 +4403,17 @@ static int selinux_setprocattr(struct task_struct *p, return size; } +static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +{ + return security_sid_to_context(secid, secdata, seclen); +} + +static void selinux_release_secctx(char *secdata, u32 seclen) +{ + if (secdata) + kfree(secdata); +} + #ifdef CONFIG_KEYS static int selinux_key_alloc(struct key *k, struct task_struct *tsk, @@ -4587,6 +4594,9 @@ static struct security_operations selinux_ops = { .getprocattr = selinux_getprocattr, .setprocattr = selinux_setprocattr, + .secid_to_secctx = selinux_secid_to_secctx, + .release_secctx = selinux_release_secctx, + .unix_stream_connect = selinux_socket_unix_stream_connect, .unix_may_send = selinux_socket_unix_may_send, |